November 16, 2025

When your tools turn on you

Article URL →HN comments →

Running the "Reflections on Trusting Trust" Compiler

A 40-year-old hacker trick just spooked the internet again

TLDR: A classic 1983 demo showed how a compiler can hide a backdoor even when the source code looks clean, and someone ran it again. Comments split between renewed paranoia about trusting our tools and a cheeky challenge: could today’s AI pull off the same stunt, from scratch?

A vintage tech ghost story just crawled out of the archives: Ken Thompson’s 1983 “Trusting Trust” demo—where a compiler secretly plants a backdoor even when the source code looks clean—was rerun, and the crowd collectively shivered. Commenters immediately dug up the old conversation, with one linking the discussion at the time, like, “we’ve been here before… and it’s still creepy.” The mood? Equal parts nostalgia and how do we trust anything?

Drama flared over what this means for today’s software supply chains—the chain of tools and code we rely on. Some voices argued this proves “reading the code isn’t enough,” while others rolled their eyes at the panic, calling it a reminder, not a meltdown. The meta-joke of the day came from the quip: “Reflections on Trusting ‘Reflections on Trusting Trust’?”—a brain-twister that everyone loved to hate. Then the AI crowd crashed the party: could a large language model (an AI that predicts text) recreate the trick from scratch? One commenter teased it would be “fun” to try—cue the great LLM dare.

Between quines (programs that print their own code) sounding like magic tricks and compilers playing double agent, the comments read like a thriller: we rely on tools we can’t fully see—and that still scares people.

Key Points

  • The article revisits Ken Thompson’s 1983 “Reflections on Trusting Trust,” explaining compiler-based backdoors.
  • It details Step 1: building self-reproducing programs (quines) with Python and Go examples.
  • It explains Step 2: how compilers “learn” values during self-compilation that persist in binaries but not source.
  • It outlines Step 3: modifying a compiler to backdoor a target program and to reproduce that modification when compiling itself.
  • The author states they will run the backdoored compiler using Thompson’s original code and notes Thompson’s 2023 keynote context.

Hottest takes

"Reflections on Trusting "Reflections on Trusting Trust"?" — riemannzeta
"Would be fun to see if an llm could produce this" — Y_Y
"Discussion at the time:" — EvanAnderson

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.