pho4cexa is a user on tiny.tilde.website. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
pho4cexa @pho4cexa

If you need a compiled compiler to compile compilers, how do you know that there's no spyware secretly propagating itself?

hex0 is "a hex assembler written in hex" -- basically several bytes of raw machine code "with a shitload of comments" which translates text to bytes

hex0 translates hex1
which translates M0
which assembles M1/hex2
which assembles M2-Planet
which assembles mes
🆕 which compiles tinycc
which compiles gcc
which compiles the OS!

github.com/oriansj/mescc-tools

gitlab.com/janneke/mes/blob/ma

@pho4cexa Wait. What? I was aware of mes and the further stages. But not these earlier ones. I need to sit down and look at this. [scratches head dumbfoundedly]

@pho4cexa ken thompson feelin' real called out right now

@pho4cexa >tcc compiles gcc

hot, i can barely get gcc to compile itself due to my musl system

@pho4cexa Back in the GOOD OL DAYS people would sit down and assemble a Pascal compiler by hand, or so I hear tell.

Back when beards had men attached, women kept nanoseconds in their purses, and we had rooms filled with computer instead of a room filled with computers.

@pho4cexa Though that's frankly for machines and this is a pretty awesome bootstrap setup.

@pho4cexa What if they're ahead of you and put a backdoor somewhere else (the kernel? The CPU?) That detects when GCC or something else is running and inserts the backdoor there?

@onf 🤔 yeah i can think of a few ways to defeat it on one system, but now that we have everything needed to bootstrap a compiler from "nothing," we can get a load of people all doing it on different machines and comparing notes (and cryptographic hashes). Check out bootstrappable.org/benefits.ht !

@pho4cexa Well, that's certainly a good idea, but this "nothing," if I'm not mistaken, looks a lot like an ELF binary containing x64 code, which would limit it at least to running on 64-bit (somewhat recent) Intel and AMD and similar CPUs, and on modern 64-bit operating systems like Linux distros. And how much can these systems be trusted not to all have a backdoor somewhere deep?

@onf @pho4cexa 64bit is just the start. I'm not fully up-to-date on all things bootstrappable.org, but one of the real-life applications is to make GNU Guix and GuixSD build completely from source, ridding it of the bootstrap binaries. We have some intersections of people between bootstrappable, reproducible-builds, and Guix.
More architectures are planned, and being not OS/distro specific iirc.

@onf @pho4cexa there's a mailinglist, as well as an IRC channel for more questions/answers - all should be listed somewhere on bootstrappable.org

@ng0 @pho4cexa Yes, well, best of luck to y'all. Perhaps we shall have interesting results once there's builds bootstrapped on exotic or really old systems.

(Can't imagine how long the Linux kernel would take to build on a commodore 64 though...)

@pho4cexa This was vaguely mentioned by @rrix, but something like this actually happened in the early days of UNIX, described in Ken Thompson's turing award speech. ece.cmu.edu/~ganger/712.fall02

@pho4cexa @er1n Fascinating, last time I tried compiling gcc w/ tinycc I got a segfault in the resulting stage 2 xgcc. I wonder if things changed...

@pho4cexa wow, that's hallucinating. 8 compilers, wherein 3 of them are complex and POSIX-only, just to bootstrap a free software system, is bad imho

I mean, even bootstrappable.org says there must be as few layers as possible