that assumes the other compilers aren't compromised.
lets say gcc is compromised.
if it detects its compiling a compiler it inserts a back door routine, if it detects it's compiling an os, it inserts a backdoor, if it detects its compiling a file system it inserts code to hide that back door and prevent it being shown to the user, when a user accesses those files.
if you compile tinycc with gcc, youve lost. if you compile tinycc with anything thats been compiled by gcc youve lost.
you arent going to detect it by looking at the source code, you arent going to detect it looking at the binary, you would have to look at the running executable, and hope that the attackers didn't take my example one step further.
you basically need to make your own trusted stack. but then anyone else that uses that stack has to trust you.
You can't fully mitigate it, all you can do is trust that all the people building their own trusted stacks aren't in on it, and are competent. But then we're back to trust again.
> if it detects its compiling a compiler it inserts a back door routine,
That's going to be hard.
If you're compiling yourself, sure, you know how the compiler is structured and what the source code looks like, so it's easy to spot the point to add the hidden backdoors to.
But inserting the backdoors into an arbitrary compiler? That may be structured differently, or use a completely different set of intermediate representations? Or even just uses `camelCase()` instead of `lower_underscores()` for function naming?
I'm not sure a generic backdoored compiler would be an option. I think you'd need separate payloads for, say, gcc and tinycc. But then the problem becomes, how do you add a new backdoor for a compiler that was released after yours, without anyone noticing? If you do a 3-stage bootstrap of GCC, the end result will be noticeably different if someone started with a pre-new-backdoor binary compiler than with a post-new-backdoor binary compiler.
I assume you’ve skimmed the paper, because it addresses and mitigates exactly the scenario you’re describing. I can understand if you assume that it’s impossible to achieve an uncompromised system from a totally compromised one, I did the same mistake at first. The solution really seems like a magic trick.
> The rapid pace of artificial intelligence has led to hastily drafted government regulation. Foreseeing this inevitability, Del Complex has engineered a solution ready to set sail.
Hmm, interesting…
> The BlueSea Frontier Compute Cluster (BSFCC)—a groundbreaking venture in international waters, melding cutting-edge technology with unparalleled autonomy.
Automony? Surely this can’t be what I’m thinking about…
> Not just a compute cluster, each BSFCC is a sovereign nation state
…slowly starting to hysterically laugh, anxiety about future dials up to 11…
> Kinetic risk mitigation with dedicated security forces.
I lost control at this point. Laughing because of the desire to not believe it, anxiety knowing it has already come.
The cyberpunk dystopia.
I know I know, current world is mostly a dystopia by the standards of the old, but this is another level in cyberpunk. Tech companies operating as sovereign states, armed with mercenaries? I’d watch/play that film/game. Only issue is it’s real life.
> and offer additional benefits as tax shelter opportunities.
They’re openly saying it, no shame anymore.
What boggles my mind is that someone must have thought about all this AI regulatory capture etc. stuff a long, long time ago, for such a thing to exist by now.
Whoever is behind this is a true evil genius. I understand the benefits and all, but at this point I can no longer believe technology itself as a whole is beneficial to humankind.
