If you need a compiled compiler to compile compilers, how do you know that there's no spyware secretly propagating itself?
hex0 is "a hex assembler written in hex" -- basically several bytes of raw machine code "with a shitload of comments" which translates text to bytes
hex0 translates hex1
which translates M0
which assembles M1/hex2
which assembles M2-Planet
which assembles mes
🆕 which compiles tinycc
which compiles gcc
which compiles the OS!
@onf 🤔 yeah i can think of a few ways to defeat it on one system, but now that we have everything needed to bootstrap a compiler from "nothing," we can get a load of people all doing it on different machines and comparing notes (and cryptographic hashes). Check out http://bootstrappable.org/benefits.html !
@pho4cexa Well, that's certainly a good idea, but this "nothing," if I'm not mistaken, looks a lot like an ELF binary containing x64 code, which would limit it at least to running on 64-bit (somewhat recent) Intel and AMD and similar CPUs, and on modern 64-bit operating systems like Linux distros. And how much can these systems be trusted not to all have a backdoor somewhere deep?
@onf @pho4cexa 64bit is just the start. I'm not fully up-to-date on all things bootstrappable.org, but one of the real-life applications is to make GNU Guix and GuixSD build completely from source, ridding it of the bootstrap binaries. We have some intersections of people between bootstrappable, reproducible-builds, and Guix.
More architectures are planned, and being not OS/distro specific iirc.
@pho4cexa This was vaguely mentioned by @rrix, but something like this actually happened in the early days of UNIX, described in Ken Thompson's turing award speech. https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf