Nice story. When I was at uni, we submitted our feeble Fortran projects
on punch cards for the nightly run on a PDP-11. Little did we know that
there were gods like Ken and Dennis at work on similar platforms
creating the future.
Heh ~ when I hit send, I knew I should rather have said "imaginative
ideas" rather than "ideas/code".
--
Peter van Houten
On the 04/08/2009 09:08, Angus Scott-Fleming wrote the following:
On 3 Aug 2009 at 19:52, Peter van Houten wrote:
Considering that the list is a bit slow today; for those that missed it
the first time it passed through the list, this is still up there with
the better ideas/pieces of code ever written. Any other offers?
http://ge.ecomagination.com/smartgrid/#/augmented_reality
One of the best pieces of code ever written IMHO is the original C compiler for
Unix. The author, Ken Thompson, added code to the compiler to recognize when
it was compiling the "login" command, and to insert the binary code for a back
door in "login" that would let him in even if the back door was not in the
source code being compiled. He then rewrote the compiler to recognize that it
was compiling itself, and to add back the binary code to add the back door to
the login command. He then changed the source code to the C compiler to remove
evidence that he had done this, and then recompiled the compiler binary. The
compiler source had no evidence this had been done, but this gave him a back
door into every Unix system that was built based on this C compiler.
Documented here:
------- Included Stuff Follows -------
ACM Classic: Reflections on Trusting Trust
The moral is obvious. You can't trust code that you did not totally create
yourself. (Especially code from companies that employ people like me.) No
amount of source-level verification or scrutiny will protect you from
using untrusted code. In demonstrating the possibility of this kind of
attack, I picked on the C compiler. I could have picked on any program-
handling program such as an assembler, a loader, or even hardware
microcode. As the level of program gets lower, these bugs will be harder
and harder to detect. A well installed microcode bug will be almost
impossible to detect.
--------- Included Stuff Ends ---------
More here with links:
http://cm.bell-labs.com/who/ken/trust.html
--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+-----------------------------------+
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
