Charming Nightmares (Computerphile episode on "Trusting Trust")

This is as good an excercise in emotional dissonance as you’ll get it in computing related things: Who is probably the most pleasant and charming presenter on what is probably the most concerning nightmare in non-baremetal computing. In other words, Prof. Brailsford of the Computerphile channel on Ken Thompson’s 1984 ACM Turing Award Lecture, also known as “On Trusting Trust” or the “Ken Thompson Hack”.


An old nightmare that seems to get forgotten over the decades again and again.
And meanwhile we have trojans in our BIOSes and CPUs too.

We really should go for less complexity!

1 Like

This is Kernighan’s memoir that gets a mention at the beginning of the video:
Unix: A History and a Memoir

One of the interesting things about the Reflections attack is that it’s not founded on the insecurity of some language, or on the complexity of some system - both of which are prolific causes of untrustworthy computing - but is founded on a fundamental practical fact, that we rely on our tools, and we use our tools to build our tools, or to run our tools, and it just so happens that having the apparent sources and even being able to reproduce a build still isn’t enough to be sure. It’s not about trust, it’s about trusting trust. A very deep result, deceptively simple to illustrate.


Not sure if this is new information, but:
Ken Thompson Really Did Launch His “Trusting Trust” Trojan Attack in Real Life

Whether Ken Thompson actually performed this attack in real life is a common subject of controversy in computer folklore. If one reads the original paper, one only finds a description of this attack as a thought experiment, leading one to conclude that any claim of a real-world attack by Thompson was an urban myth due to exaggeration.

Evidence in the form of quoted private communication:

) fyi: the self reproducing cpp was
) installed on OUR machine and we
) enticed the “unix support group”
) (precursor to usl) to pick it up
) from us by advertising some
) non-backward compatible feature.
) that meant they had to get the
) binary and source since the source
) would not compile on their binaries.
) they installed it and in a month or
) so, the login command got the trojan
) hourse. later someone there noticed
) something funny in the symbol table
) of cpp and were digging into the
) object to find out what it was. at
) some point, they compiled -S and
) assembled the output. that broke
) the self-reproducer since it was
) disabled on -S. some months later
) the login trojan hourse also went
) away.
) the compiler was never released
) outside.
) ken

1 Like

I’ve heard a version where it’s about the Multics login. The message may be that this is wrong and this was actually about Unix and some nifty social engineering.

I don’t trust the hardware. like intel.