Trusting trust

So how likely is it that there are hidden trojan horse-like vulnerabilities in common open source software that we haven't noticed? How valuable is the idea that we should start over and build our systems the right way to prevent that possibility at every step?

vulnerabilities in common open source software that we haven't noticed

??
There are thousands autists drowning in FOSS code, lots of them are weaponised autists but lots are also whiteknight community friends, they would honestly make any shady codes publix.

>>2
Yeah but if it was built into the binary to replicate itself without tainted source, e.g. through a compiler, it would be much harder to notice.

This is probably not the only solution, but I think you'd have to compile one compiler with two different compilers, then use each different compiled compiler to detect differences between compiled binaries in their outputs.

e.g.
Compiler A 2.0 (compiled by Compiler A 1.9) is tained
to verify this, you'd have to compile a second version of Compiler A 2.0 (call it Compiler AB 2.0, with Compiler B (which has either no vulnerabilities, or sufficiently different ones).

Then you'd compile Compiler A 2.0 again with both Compiler A 2.0, and Compiler AB 2.0. If the binaries are different, you could be reasonably sure that Compiler A isn't tainted, or that A and B are tainted in the same way.

not likely

>>4
prove it

JACKSON FIVE CNSATNT

>>3
Write your own bootstrapping compiler to compile a full featured compiler that you can trust. Problem solved.

>>6
1. write bootstrapping compiler
2. write full featured compiler
3. implement diff

>>7
1.skip the bullshit & compile GCC with TCC

i dont run any apps that have not been handcompiled by me myself in GHC

>>9
GHC is compromised.

>>7
lets see

>>6
But I'd have to write it in machine code, because my assembler might be compromised.

In fact, my editor might also be compromised, and detect that I'm trying to bootstrap a compiler. I'd have to flip bits on the machine itself (with switches?) to program a basic hex editor first

>>12
Better scrap all that and start from raw silicon.

better write your own universe

>>12
I hope you're not using x86, because it's been compromised for years.

>>15
that's what i was worrying about tbh

>>12

he can't even write an x86 assembler
he's worried about trusting trust compilers

laughinggirls.tiff

how write aseembler?

>>18
Make a bunch of regex to substitute machine code for mnemonics.

>>19
oh like this
http://lists.gnu.org/archive/html/bug-bash/2001-02/msg00054.html

>>17
x86 is bloat

🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸
I claim these dubz in the name of the United States of America
🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸

>>22
Racist Trump supporter!

>>17
I can write assembly, but if the assembler is compromised it doesn't help

>>24

he can write assembly
he cannot write an assembler
2017

ishygddt

How do we write an uncompromised assembler

>>26
Hex editor, opcode table and calculator.

>>26
First u need to build an uncompromised CPU

GOTO >>1

Any progress on this, guys?

>>30
It's closed because you're a fucking cuck

>>31
but im writing code in binary right now

🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸
I claim these dubz in the name of the United States of America
🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸

>>31
e/pol/in cuck meme, /pol/ro!

>>34

/pol/

It's a /tv/ meme, cocknigger.