Charming Nightmares (Computerphile episode on "Trusting Trust")

This is as good an excercise in emotional dissonance as you’ll get it in computing related things: Who is probably the most pleasant and charming presenter on what is probably the most concerning nightmare in non-baremetal computing. In other words, Prof. Brailsford of the Computerphile channel on Ken Thompson’s 1984 ACM Turing Award Lecture, also known as “On Trusting Trust” or the “Ken Thompson Hack”.

4 Likes

Yip…
An old nightmare that seems to get forgotten over the decades again and again.
And meanwhile we have trojans in our BIOSes and CPUs too.

We really should go for less complexity!

1 Like

This is Kernighan’s memoir that gets a mention at the beginning of the video:
Unix: A History and a Memoir

One of the interesting things about the Reflections attack is that it’s not founded on the insecurity of some language, or on the complexity of some system - both of which are prolific causes of untrustworthy computing - but is founded on a fundamental practical fact, that we rely on our tools, and we use our tools to build our tools, or to run our tools, and it just so happens that having the apparent sources and even being able to reproduce a build still isn’t enough to be sure. It’s not about trust, it’s about trusting trust. A very deep result, deceptively simple to illustrate.

4 Likes