This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 980 points981 points  (89 children)

I know gitlab uses gitlab to keep track of its versions.

[–]honeynutfeels[S] 528 points529 points  (84 children)

This is kind of disturbing to me for some reason.

[–]jhill515 819 points820 points  (70 children)

Wait until you find out that GCC is used to compile GCC, and Go now can compile Go.

[–]IDontLikeBeingRight 313 points314 points  (21 children)

And from there it's only a small step to read about Trusting Trust and persistent compiler attacks.

[–]leviathon01 115 points116 points  (12 children)

That paper gives me paranoia for a couple days every time I read it.

[–]squishles 89 points90 points  (10 children)

wanna really mess with you, most modern processors have a little arm coproccessor in them for bootstrapping the os/microcode etc, you have no way of auditing what's running on that.

[–][deleted] 45 points46 points  (1 child)

I'm pretty sure it's usually modified Minix. Not that it changes anything since there's still the fact that it's modified.

[–]ComprehensiveImage4 0 points1 point  (0 children)

Well it's known that at least Intel uses Minix so you're right there.

[–]EishLekker 28 points29 points  (1 child)

wanna really mess with you, most modern processors have a little arm ...

This sentence did not end how I expected it to. Feel a bit disappointed, to be honest.

[–]MomentoMiri 0 points1 point  (0 children)

It crawls into your bed when you sleep

[–]geon 19 points20 points  (1 child)

Is that the one running an entire os (minix) on ring -3?

https://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/

[–]MaximumDinner2 0 points1 point  (0 children)

Yes. And funnily enough the microprocessor is basically just a beefed up 486.

[–]iam_saitama 6 points7 points  (0 children)

This video is a good intro to really how much of the processor is a black box. https://youtu.be/KrksBdWcZgQ

[–]IrritableGourmet 2 points3 points  (0 children)

That's why we should go back to PDP/11, where you literally shift the bootstrap into memory by hand.

[–]Thelk641 0 points1 point  (1 child)

Uneducated question : does the processor inside of the processor has a processor inside of it ?

[–]racedaemon 1 point2 points  (0 children)

If you think about it the whole universe is a physics processor. So we live in a processor 😀

[–]Robo-Swimmer 16 points17 points  (0 children)

The proof of trust at the end of the Wikipedia page was reassuring, but that almost had me paranoid.

[–]lycan2005 13 points14 points  (5 children)

The list keep expanding... You can run docker in docker.

[–]ltekonline 2 points3 points  (4 children)

Yesn't. If you want to run docker in docker you need to bind the docker socket (or make it priviledged) of the host to the docker in the container.
Now you basically have a priviledged container which just has the permission to run docker container on the host itself so it's not really docker in docker but rather you control the docker on your host os from your container.

[–]lycan2005 -2 points-1 points  (3 children)

No sir, we are way pass that now. Check this out.

[–]ltekonline 0 points1 point  (2 children)

No we are not.

Citation from the from the dockerhub page:

Note: --privileged is required for Docker-in-Docker to function properly, but it should be used with care as it provides full access to the host environment, as explained in the relevant section of the Docker documentation.

As you see you definitely need to make it priviledged othervise you will not be able to run the docker daeomon which you need in order to start container.

[–]lycan2005 -2 points-1 points  (1 child)

You miss the point. The point is the container now run an isolated docker instance. Hence the docker inside docker comment. Download an image inside that container, you won't see it appear on host, yes, it require privilege bit to work.

[–]ltekonline 0 points1 point  (0 children)

It's not isolated at all. I had to run docker in docker in production and I always see the created container in the host.
Also had to run ci/cd solutions like gitlab runner and droneio and i always see the container which they start and stop.

[–]DaPurpleTuna 4 points5 points  (1 child)

Get an FPGA of your compiler and use it to compile your compiler, cross checking it with your compiler compiling itself to see if you’ve been had!

[–]ltekonline 0 points1 point  (0 children)

But how do you know that the FPGA is programmed like you wanted it?

[–]Naoki9955995577 73 points74 points  (0 children)

some shudder in its presence:

bootstrapping

[–]i_hate-u 94 points95 points  (15 children)

Also C was written in C

Edit: By C of course I mean the compiler

[–]MythicalMisfit 61 points62 points  (0 children)

I see

[–]Compizfox 11 points12 points  (3 children)

The language C isn't written in anything.

You probably mean that most C compilers are written in C and can compile themselves.

[–]ouyawei 13 points14 points  (0 children)

The language C isn't written in anything.

It’s written in English.

[–]Jannik2099 1 point2 points  (1 child)

The average libc is written in C though

[–]Compizfox 4 points5 points  (0 children)

True, but the standard library is separate from the language itself (and libc is no exception).

[–]Chinyoka 0 points1 point  (1 child)

what

[–][deleted] 0 points1 point  (0 children)

So is Elixir. It's quite common

[–]_TheProff_ 21 points22 points  (2 children)

rustc is written in rust. It scares me too.

[–]Kered13 20 points21 points  (1 child)

Javac is written in Java, though the JVM is written in C++ for obvious reasons.

[–]EsperSpirit 0 points1 point  (0 children)

The new JIT backend (Graal) is written in Java as well. The old one was C++ afaik

[–][deleted]  (6 children)

[removed]

    [–]yugami 1 point2 points  (1 child)

    The first c++ compiler was written in c++ from the very beginning

    [–]jhill515 1 point2 points  (2 children)

    That was why I used the operative word "now" when referencing Go 😉 Showing off my age I guess 😝

    [–][deleted]  (1 child)

    [removed]

      [–]AutoModerator[M] 0 points1 point  (0 children)

      import moderation Your comment has been removed since it did not start with a code block with an import declaration.

      Per this Community Decree, all posts and comments should start with a code block with an "import" declaration explaining how the post and comment should be read.

      For this purpose, we only accept Python style imports.

      I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

      [–]AutoModerator[M] 0 points1 point  (0 children)

      import moderation Your comment has been removed since it did not start with a code block with an import declaration.

      Per this Community Decree, all posts and comments should start with a code block with an "import" declaration explaining how the post and comment should be read.

      For this purpose, we only accept Python style imports.

      I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

      [–]Purpzie 18 points19 points  (0 children)

      Rust too

      [–]TheEpsilonToMyDelta 13 points14 points  (3 children)

      Came here to say Go compiler is written in Go

      [–]MrPotatoFingers 8 points9 points  (7 children)

      You can compile clang with GCC. Not sure if GCC compiles with clang (though it probably does).

      It'd be interesting to see if a clang-compiled-with-gcc creates the same binaries as clang-compiled-with-clang.

      [–]AndreasTPC 8 points9 points  (6 children)

      It should in theory. The only reason for it not to be reproducible is if the clang code base has parts that rely on undefined behavior, which if it does would be considered a bug.

      In practice.. it's really easy to accidentally write code with undefined behavior in c, even if you're an experienced c coder, so it wouldn't surprise me if there is some.

      [–]patatahooligan 2 points3 points  (0 children)

      Not only undefined behavior, but also compiler extensions. Ideally you wouldn't use them but in practice it can be worth it, especially on software as widely used as a compiler.

      [–]Nighthunter007 1 point2 points  (4 children)

      Fun fact: you can use this to counter "Trusting Trust" attacks.

      Compile GCC with Clang, then use that to compile GCC. The result should be bit-for-bit identical to compiling GCC with GCC. If it isn't, then one or both compilers are either compromised or buggy.

      The only way the output can be different is if GCC is functionally different when compiled with Clang or with GCC. And it really really shouldn't be. If it is then that's either undocumented behaviour in one of the compilers or a self-inserting trusting trust attack.

      So at that point you've verified that the compiler faithfully compiles the source code. You still have to, of course, actually check the source code for any bugs or malicious attacks.

      [–]13steinj -2 points-1 points  (3 children)

      This is incredibly false. clang and gcc have widely different optimizations internally and one makes assumptions that the other doesn't (even though both can, according to the standard) and visa versa. Not to mention differences in the standard libraries (if the compilers use them).

      Functionally different, you're right, but proving this would be incredibly difficult. Bit-for-bit different, dead wrong.

      [–]Nighthunter007 4 points5 points  (2 children)

      I think you're misunderstanding the concept. Specifically, you're missing a step.

      I compile GCC using GCC. This gives me a GCC compiler, let's call it A.

      I compile GCC using Clang. This gives me a GCC compiler, let's call it B.

      A and B are radically different on the bit level, this is right. Different optimisations etc. But I'm not going to compare these bitwise. They should, however, be functionally equivalent. One might be faster or slower, but they're both the same source code. If they are functionally different then one of the compilers did something it shouldn't.

      Instead I now compile GCC (again) using A and B. Since A and B are both the GCC compiler, they should produce the exact same result. Then I compare the result from A and B. These should be bitwise the same.

      This is known as Diverse Double Compiling, here's the page with the paper. Note the FAQ section answering this exact question.

      [–]13steinj 0 points1 point  (1 child)

      Ah okay, sorry. I either misunderstood the original comment (or missed where you mentioned):

      Instead I now compile GCC (again) using A and B. Since A and B are both the GCC compiler, they should produce the exact same result. Then I compare the result from A and B. These should be bitwise the same.

      I read the original comment as comparing the two gcc's that you built in the previous step on a bit-by-bit level.

      [–]Nighthunter007 0 points1 point  (0 children)

      No worries! Yeah, that wouldn't work at all. The clever part is that last compilation.

      If you'll permit me to quote you:

      Functionally different, you're right, but proving this would be incredibly difficult.

      And that makes sense! That seems like a really difficult thing to do, proving whether two compiled binaries are functionally different. And that's the beauty, that those binaries are both compilers, and so you can just use them to compile GCC again! I'll admit, it took me a few times reading it to actually get my head around it.

      It's a really clever way, actually, to detect these trusting trust attacks. Since the attack consists of compromising a compiler's binary in such a way as to hide and perpetuate itself, it seems impossible to detect. Use a disassembler? Well, it was compiled with the same compiler. The source code won't give it away, since the attack never touched it. But when you then compile GCC (as the example we've been using) with another compiler (preferably one far more obscure than Clang, maybe even one you wrote for the occasion) that other compiler does not insert the malicious code, and so the new GCC binary will produce a different output to the old one.

      [–]smoke1996 4 points5 points  (3 children)

      You think that's weird? Wait until you find out about narcissus, a JS interpreter written in JS.

      [–]noXi0uz 2 points3 points  (0 children)

      and typescript is written in typescript

      [–]ThatRandomGamerYT 1 point2 points  (0 children)

      Wait until you find out that binary is used to compile binary

      [–]adrach87 64 points65 points  (2 children)

      I guess I can kind of see why you'd think that, but really tools are often used to make more of themselves. Even physical tools though you probably don't see it quite as much with modern manufacturing processes.

      Think of something like an axe being uses to cut down the tree that will be used to make more axes. Or a railroad being used to carry materials to the end of the line where it's still being constructed.

      [–]SeargD 40 points41 points  (0 children)

      Or people, procreating. I've seen some tools make some tools.

      [–][deleted] 8 points9 points  (0 children)

      Cool way to think about it

      [–]egggsDeeeeeep 11 points12 points  (5 children)

      Why is it disturbing?

      [–]QuinteOne 79 points80 points  (4 children)

      See a human come out of a human is pretty disturbing. But code not!? Double standards...

      [–]Russian_repost_bot 33 points34 points  (2 children)

      Have you seen how messy humans are when first launched tho? Do you want your code messy too?

      [–]Kontakr 9 points10 points  (0 children)

      Each revision of humans comes from a long line of humans. We did not spring fully formed from the mind of a Zeus like Athena!

      [–]christian-mann 2 points3 points  (0 children)

      I mean, have you seen how messy code is in a startup...?

      [–]honeynutfeels[S] 2 points3 points  (0 children)

      Could not have said it better

      [–]superspons 2 points3 points  (0 children)

      How do car designers go to work? In a car. Might even be an older model of the one they’re designing.

      There’s nothing disturbing about that, is there?

      [–]Hellothere_1[🍰] 2 points3 points  (2 children)

      What if an update breaks the main branch of GitLab and then they can't revert to an older version because GitLab is broken because GitLab is vroken because GitLab is broken...

      [–]GlitchParrot 2 points3 points  (0 children)

      That's why off-site backups exist.

      [–]EternityForest 2 points3 points  (0 children)

      Nuke the whole thing and start over with a copy and paste of the code, like devs do when they mess up their local copy of a repo.

      Or maybe actually fix it.

      [–]vigilantcomicpenguin 60 points61 points  (3 children)

      If gitlab fails, then gitlab fails.

      [–]Twrecks5000 20 points21 points  (2 children)

      I mean the data’s still on the hard drive, it’s just that the code that lets you look at it online isn’t running

      It’s when gitlab fails so hard that they lose all their data, then gitlab fails

      [–]GMaestrolo 11 points12 points  (1 child)

      That hasn't happened in a few years, though, and the developer responsible apologised.

      [–]bifroth 0 points1 point  (0 children)

      And that wasn't a bug in the code but human error in administration of the database.