
Ask HN: Please help me recall a certain programmer horror story - kuba-orlik
I remember having read a story about a programmer that encountered a weird error - his program was spitting out racial slurs in its output. The issue turned out to be a malicious version of the compiler, but somehow after removing it it got back to the system, and what should take only a few minutes turned into days and days of trying to find the culprit.<p>I&#x27;ve been searching long and hard but cannot seem to find it. I hope that what little I remember from it is enough and some kind soul will help me find the original article online... :)
======
pliny
[https://www.quora.com/What-is-a-coders-worst-
nightmare/answe...](https://www.quora.com/What-is-a-coders-worst-
nightmare/answer/Mick-Stute)

~~~
TheArcane
> Because the compiler was poisoned with other source code that we didn't
> have. And that source code, that now existed only in the executable
> compiler, put those changes back into the compiler source before it compiled
> it.

I don't quite understand this part. How would this work?

~~~
ChristianBundy
You need a compiler to compile anything, including a compiler, so if your
compiler was tampered with then anything you compile can be tampered with as
well.

The only solution is be to download a binary compiler from someone you trust.

~~~
stefs
yes, but ken thompsons evil compiler theory states, that a trusted compiler is
technically impossible (in the paranoid world of theoretical security where
all compiler binaries are possibly tainted already) except if you write your
own bootstrap compiler chain in machine code. still, all other running
software (OS/drivers/the intel management engine) might be able to modify the
binary in memory on the fly. the rabbit hole goes down to the hardware level.

~~~
emilfihlman
It doesn't even stop at hardware exactly (mcu/cpu), it only stops when you
assemble the mcu/cpu yourself.

~~~
antsar
What if one of your transistors has a tiny logic board inside?

~~~
TheArcane
Logic boards can't be smaller than a modern transistor. Logic boards contain
transistors.

~~~
antsar
"modern transistors" are available in differently-sized packages. I assumed
someone building their own CPU would be using larger transistors than those
normally used inside a production CPU. You _sure_ one of these[0] couldn't
contain a tiny processor inside?

[0] [https://images-na.ssl-images-
amazon.com/images/I/41bBdtuYF0L...](https://images-na.ssl-images-
amazon.com/images/I/41bBdtuYF0L._SX342_.jpg)

------
dzdt
This story strikes me as likely to be exaggerated or invented. It is exactly
the scenario described in Ken Thomson's Reflections on Trusting Trust. But
unlike Thomson, who was developing the compiper, there is no reason a random
grad student would have access to recompile the compiler. And if the student
gained root access to replace system binaries, why would they bother making
the compiler reinfect itself on recompilation?

~~~
microtherion
The hardware mentioned was an AT&T 3B2, so this probably would have taken
place in the early 1980s. Access policies for such things could be quite
different, back then.

Even when I was a graduate student a decade later, in a lab with professional
administrators, grad students routinely had pretty much all the permissions
they would ask for, because we worked odd hours and performed exotic
experiments. Policing was done after the fact.

To have a grad student in _Psychology_ with that level of programming skill
would be rather unusual, though.

~~~
TomVDB
In the eighties, all engineering students at my university had access to an
IBM 3090 mainframe. There were some CS kids who were way better than the
admins at exploiting the system. (I don't remember the details, but the
student newspaper once wrote about an exploit that required a coordinated
attack with the mainframe of a different university.)

The admins were smart enough to befriend those kids and let them help manage
the system. Better to have them to your side than to have them as an
adversary.

------
marcodave
Related to the question, another nice short story posted some time ago on HN
about hacked compiler code [https://www.teamten.com/lawrence/writings/coding-
machines/](https://www.teamten.com/lawrence/writings/coding-machines/)

------
dwheeler
I mentioned this "malicious version of compiler" on my web page about my
approach for _countering_ the trusting trust attack. See:
[https://www.dwheeler.com/trusting-trust/](https://www.dwheeler.com/trusting-
trust/)

------
swarnie_
I didn't recognize the story from your description but after the first
paragraph its unmistakable.

A good, fun read. Thank you!

------
jlebrech
that would be a pretty evil way to enforce payment, aka a DRM that turns
racist if you don't pay up.

~~~
jackhack
It's an equally effective way to end a career (perhaps before it's even begun,
as this is a graduate student's work we're talking of). Regardless, it's a
stunningly bold lack of judgement. But then, bad decisions often make for
interesting stories.

~~~
rexpop
Is it "bad judgement"? Aren't there, perhaps, better words for this
phenomenon? Is all hate speech mere "bad judgement"? Is KKK membership, cross-
burning, lynching, etc. all circumscribed by the label "bad judgement"?

~~~
turc1656
That's an extraordinarily disingenuous take on that comment. They were clearly
referring to the decision to mess with the code in this way at all, not the
actual content of what was being displayed on screen. The point was obviously
that deciding to use this method to cause this amount of effort/trouble and
mess with the computer system belonging to someone else is the act of bad
judgment. The fact they chose to do it with white supremacist messages is
irrelevant to the original comment.

~~~
jackhack
You summarized my thoughts pretty well. I would have thought it obvious but I
forget sometimes what a hypersensitive world we live in, and how quickly some
want to rush to judgement.

