Shamar @Shamar@qoto.org
Joined May 2019
Shamar
boosted
article idea: pluralistic ignorance & diffusion of responsibility vs 'a million eyes makes all bugs disappear' in centrally-organized / corporate-sponsored open source projects
Shamar
boosted
"The Cobra Effect"
The British government was concerned about the number of venomous cobra snakes in Delhi.
The government therefore offered a bounty for every dead cobra. Initially this was a successful strategy as large numbers of snakes were killed for the reward.
Eventually, however, enterprising people began to breed cobras for the income.
#OSI board.
Photo shared by http://techrights.org/2020/01/07/monster-packages/
Apparently nobody really knows why it's called this way.
A "Canadian cross" compilation is simply the cross compilation of a cross compiler.
Indeed, during #GCC configuration you can specify 3 different systems:
1) the `build` system, where the compilation is going to run
2) the `host` system, where the produced compiler is going to run
3) the `target` system that will run the binaries produced by the produced compiler.
Shamar
boosted
SHA-1 is a Shambles
> We have computed the very first chosen-prefix collision for SHA-1. In a nutshell, this means a complete and practical break of the SHA-1 hash function, with dangerous practical implications if you are still using this hash function. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1.
Shamar
boosted
Beware: if #Dijkstra had seen what #JavaScript is doing to all of us, he would have been a #COBOL evangelist.
Shamar
boosted
@alexcleac not sure what the "there" is, and I am surely missing a bunch of context, but my answer (as a software developer, sysadmin, infosec person, and a user of technology in 2020) is: software engineering is still largely missing the "engineering" part.
By that I mean the ethos and the risk aversion, and the personal responsibility in case of catastrophic failure.
Because we are having way too many catastrophic failures in IT still. This needs to be fixed.
define "everyone", please 😉
I'd almost say the opposite: there are simple concepts, simple algorithms and so on, but their structure is insane.
You can build GCC on an x86 Linux (glibc) so that it will builds statically linked binaries for Windows x86_64 (newlib-cygwin) on a AArch32 running NetBSD (for several languages).
The simple fact that Canadian crossing is possible and supported should give an insight about the internal #complexity of #GCC.
With GCC you also build `libgcc` a library against which each GCC built binary is linked to ease some optimizations. This is another hint: compilers are not as simple and modular as one might think from an high level description of them.
Finally it's not entirely true that you can disable every optimization: not only because there is no real difference between optimizations and other transformations during the compilation process but also because most of the combinations of optimizations have never been really tested.
So I'd argue that for a tester, modern compilers are the one of the worst possible nightmares of today computing.
Yes, they are functional, but I'd guess nobody would live enough to seriously test each possible combinations of options of a single GCC release to ensure it maps each possible input to the correct output.
@Xipiryon @ekaitz_zarraga @suetanvil@mastodon.technology
Actually, I think that this is the real answer to the @ekaitz_zarraga's question.
I don't know about #clang, but GCC's (huge, overwhelming) complexity is mostly due to the supported combinations of
- languages
- architectures
- operating systems
- optimizations
- diagnostics / debug
- internationalization
Reading this from top to bottom might give you an insight: https://gcc.gnu.org/install/configure.html
#GCC is not just a #C compiler but the #GNU Compilers Collection.
It tries to maximize the possible use cases, including several niches and corner case that are simply not considered by simpler C compilers.
Why?
Well, there is obviously an ideological aim: providing #Software #Freedom through an high quality compilers suite to everybody, no matter how peculiar are their needs (to reduce the attack surface from proprietary software).
But there is also a reasonable architectural goal: maximize the reuse of a large high quality code base that is common among the various combinations of need.
The price of this is a huge complexity, due to the tensions between different perspective on how computing should work.
I don't like such complexity (really, I hate it), but it's very short-sighted to blame it without understanding the overall vision that GCC pursuits.
@suetanvil@mastodon.technology @codewiz
I'm not.
As long as the implemented behaviors are properly documented, undefined behaviours can be useful hooks: don't forget that C is a language designed to be used in a wide variety of use cases: portability is valuable in many of them, but sometimes is not relevant at all.
Shamar
boosted
In an early version of the C compiler gcc, when the pragma directive was introduced, it took the "implementation-defined" effect literally and tried to launch computer games.
C'è una profonda differenza fra andare dove ci sono persone in catene per liberarle e mandare persone a farsi incatenare o sponsorizzare/normalizzare i carcerieri.
Essere su #Facebook e #Twitter per raggiungere le persone che vi sono intellettualmente recluse è necessario. Ma bisogna spingerle fuori.
Non si può linkare (ovvero alimentare con i dati di tutti i visitatori che non usano uMatrix) un sistema di sorveglianza e poi non condividerne "il modo di comunicare".
L'unico modo per usare questi sistemi senza esserne usati è postare link a contenuti esterni.
@filippodb @madbob@mastodon.technology
On January/February 2020 I'm going to give #GNUnet a new try with some italian friends (after a decade or so...).
May we ask you some questions if in throuble? Do you have any specific reading to suggest?
I mean beyond https://gnunet.org/en/use.html and https://docs.gnunet.org/handbook/gnunet.html
Joined May 2019
