Turing Complete
Thanks to the ForcedEntry exploit, your company's entire tech stack can now be hosted out of a PDF you texted to someone.
Thanks to the ForcedEntry exploit, your company's entire tech stack can now be hosted out of a PDF you texted to someone.
A Turing machine is a theoretical computer that has an infinite tape of symbols. It can read and change the symbols on the tape as it moves up and down this tape according to a set of instructions (program).
This very simple machine can be shown to do every computational task that what we think of as a "computer" can do, given the right program and enough time. Something that is Turing complete is able to act as a Turing machine, though generally physical examples are limited to having a finite tape,[citation needed] and this means it is also able to do basically every computational task.
Many pieces of hardware and software are supposed to be Turing complete (even Excel, as previously pointed out in 2453: Excel Lambda). Some other things turn out to be Turing complete, even if they weren't designed for it (for instance, the tabletop game Magic: The Gathering or, at least within xkcd meta-reality, rocks in a desert). Whatever Ponytail has been referring to is not shown, but it seems to be an anecdote about how something seemingly too simple and/or specialized to exhibit such a computational equivalence has been discovered to actually be that capable. Ponytail may refer to the recent articles about the background of the NSO zero click exploit for iPhones, e.g. this.
Mario is the lead character in a long running series of video games including Donkey Kong, Super Mario Bros and Mario Kart. Running video games, such as Doom, is one common way of demonstrating the ability to run arbitrary programs on devices that were not intended as general purpose computers. With complex processors being installed in more and more devices, it's plausible that someone could get a dishwasher to play Mario.
However, another reason to make a device run arbitrary code is to breach security. If the owner of a system assumes that it can only do one specific thing, like operate a dishwasher, they may not take precautions against hacking. But if the system is actually Turing-complete, a hacker could potentially make it do something else, like become part of a botnet. Therefore, "this is actually Turing-complete" could be the prelude to a complicated hacking attempt. Sophisticated hacking attacks are often the work of hackers that have the support of a government, or nation-state.
The ForcedEntry exploit is a way that was developed to allow PDF files to force malware onto various devices. PDF files are normally used to present documents. The exploit uses a PDF's ability to do logic operations on pixels to implement a simple virtual CPU within one of the PDF renderer's decompression functions. Constructing a CPU in this way is similar to how a hardware CPU is made of individual logic gates. ForcedEntry was publicized a few days before this comic came out.
In the title-text it is suggested that this mechanism can be used for what might be more legal and practical purposes, although this might be up to some interpretation depending upon who has the right (and permission) to do what.
A tech stack is one shorthand way of describing the way an integrated grouping of communicating software packages provides everything from the deepest data handling (even as low-level as an operating system itself) to the user interface. All of these will normally be on a computer (or possibly many of them, whether locally or distributed worldwide) and if a sufficiently functional surrogate system is capable of emulating this (computing what the original computer(s) would do) then it can be considered to effectively be the same stack of technology and duplicate or replace the originals.