Re: TBTF for 1999-10-05: Offlist

Eugene Leitl (eugene.leitl@lrz.uni-muenchen.de)
Wed, 6 Oct 1999 09:26:34 -0700 (PDT)


Dave Long writes:
>
> > Think Open Source guarantees you can know what a program does?
> > Think again
>
> At the compiler/source level, this is actually a good argument for
> building all your software (including os and tools) from source.
> Note that unless tool vendors collude, the cycle of infection breaks:

The trojan in source is pretty obvious, and there are enough primitive
C compilers out there available in source, some of them in languages
other than C.

Another way to solve the problem is going way back, to the days of VMS
and CP/M, and crosscompile your system with old tools.

The whole issue illustrates once again that one cannot trust complex
tools. Forth tools are small enough that you can read them in source,
compilers included. You need to be very smart to hide anything in
there.

> Not much to be done about it, anyway. I may be willing to build
> kernels and applications, but it's unlikely I'd tape out and fab my
> own hardware. (reprogrammable gate arrays? anything interesting
> been done with those recently?)

You can fit a MISC Forth CPU into a FPGA quite nicely. Some people on
the MISC mailing list have been playing with that.