site banner

Culture War Roundup for the week of March 18, 2024

This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.

Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.

We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:

  • Shaming.

  • Attempting to 'build consensus' or enforce ideological conformity.

  • Making sweeping generalizations to vilify a group you dislike.

  • Recruiting for a cause.

  • Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.

In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:

  • Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.

  • Be as precise and charitable as you can. Don't paraphrase unflatteringly.

  • Don't imply that someone said something they did not say, even if you think it follows from what they said.

  • Write like everyone is reading and you want them to be included in the discussion.

On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.

7
Jump in the discussion.

No email address required.

A Map for the Regulation and Destruction of Free Software.

A buddy of mine shared an article about The White House warning people against programming in C or C++ and it teed me off about a conspiracy theory I've been harboring for going on 10 years now.

My baseline assumption is that whatever you choose to call this weird woke, centralized, authoritarian, elite/bureaucratic corporatist conglomerate, they want control. All of it. Over things that you would think have nothing to do with them. They want your wood ovens, your gas stoves, your gamer PCs, they really don't view anything as beyond their purview to "regulate" and make your life infinitely worse by slow degrees.

If you assume these are pathologically controlling busy bodies, which I think you are right to assume, the fact that anybody can program anything probably terrifies them. They barely understand technology to begin with. Just look at any time they haul a tech CEO before congress and attempt to get sound bites for their constituents. It's horrible. But the cat is more or less already out of the bag when it comes to open and free software. How would you put it back in?

By degrees the process is already underway, in the name of security. Most PC's sold today will only boot authorized operation systems, with an option in the BIOS (for now) to turn off that safety feature. Windows warns you every time you try to run an "unrecognized" executable, with the option (for now) of ignoring it's warning. People are far more habituated than ever to closed software ecosystems thanks to Apple and Google and the fact that most people spend more time on phones these days than computers. All it would take is to slowly shave away by degrees until the process of running free and open software is so frustrating that most people don't do it, and the powers that be can "deprecate the feature" under the rationale that it's not used anymore.

Maybe it starts with the big sellers of PCs like Dell, where they just don't have a BIOS that lets you boot unauthorized OSes. And for a while, that's fine, because what self respecting enthusiast buys a Dell? That's probably a perfectly fine security compromise for institutions that don't want to run the risk at all of some unauthorized code hijacking the boot process. Then maybe the feature gets cut from lower end motherboards. But that's fine, if it's still a feature that matters to you, you can always get a high end motherboard. Lots of features are only available on higher end motherboards. And then one day, with little fanfare at all, the feature vanishes.

So now you are stuck running increasingly enshittified versions of Windows and a few select Linux distros. So what?

Well, at the same time, imagine how Windows slowly chips away at the ability to run "unrecognized" code. Right now it's an annoying popup, same as it has been since Vista. Maybe one day the default behavior is switched to not letting you run it at all. But it's ok, there is a toggle to turn on the old behavior burried deep in the system settings somewhere. Maybe a security submenu. Then a while later they get rid of that, but if you know what you are doing, there is still a registry setting you can change. Then a while later they only support the feature on Windows Pro instead of Home. Then one day, it just vanishes.

So now you are stuck running enshittified versions of Windows that refuses to run "unrecognized" code. But it's cool, you can probably still do something to get your code "recognized" right?

Anyone who has had to do any web development probably knows about using self signed certs. Often good enough for local use, generally insufficient if you plan on letting anyone outside of your org attempt to use your system. You have to get a signed cert. And often pieces of software just expect a signed cert, and may not have any option at all to override it's refusal to work with a self signed one. I expect much the same will occur with "unrecognized" code.

All code will need to be signed. Maybe you can self sign code you've written on your local system, but nobody else will be able to run it. Unless they go through the added hoops of adding your key to some sort of key store for "recognized" code. But eventually the self signed qualities of the code will catch up to you, and Windows may just refuse to accept self signed code certs anymore. But no fear! Maybe Github or other organization will offer to sign your code for you. Assuming it meets their TOS, nobody on social media has cancelled you, and their AI hasn't rejected your project for hallucinated reasons. But eventually, however well relying on a 3rd party like Github to allow your code to run on your locked down operating system and your locked down hardware starts off, it will become a barely viable solution. And then free and open software is over.

I hope I'm just being overly pessimistic. But I honestly see this happening in my lifetime.

You're overly pessimistic. This is definitely the trend in the last 15 years of consumer computing, but to within a margin of error, every server on the internet is running Linux, and so are most people who are serious about software freedom.

Another perspective: There are, sitting on the drives of various intelligence agencies, security researchers, and assorted "hackers", relatively small sequences of bytes. Some of these sequences, if you navigated to a webpage and received them in response, would rapidly compromise your computer, giving the attacker access to your social media accounts, private messages, bank accounts, work accounts, etc. Other sequences, if sent as messages to your phone, would do the same. This is very bad. This allows governments and intelligence agencies, the "pathologically controlling busy bodies", to see all of your stuff without a warrant. This is what NSO group sold to nation-states to target dissidents and other nation states, what they sold to the Saudis to help them kill Jamal Kashoggi, etc.

A large part of the reason for this is that the way C and C++ allow programmers to make mistakes. Many, many mistakes. Mistakes that are incredibly difficult to find manually, and mistakes that have resisted general mitigations by the smartest engineers at top tech companies for years despite heroic effort, and mistakes that are found by the dozens every month (and, implicitly, dozens are created every month). Most of these are only theoretical parts of exploits, or would be one part of many needed for a successful exploit chain, but still.

I think it's notable that your one direct link, the example of the government taking action, doesn't actually align with your proposed plan. Using Rust doesn't help the government control you more. It does the opposite.

Most PC's sold today will only boot authorized operation systems, with an option in the BIOS (for now) to turn off that safety feature.

This prevents one of the above programs from permanently replacing your operating system with itself, which they did do.

Windows warns you every time you try to run an "unrecognized" executable, with the option (for now) of ignoring it's warning.

People constantly download malware. Don't think '120iq smart teenager' here, think '100iq 14 year old' or 'grandpa'. The warning helps protect these people from having their social media or bank accounts stolen.

All it would take is to slowly shave away by degrees until the process of running free and open software is so frustrating that most people don't do it, and the powers that be can "deprecate the feature" under the rationale that it's not used anymore.

Software developers rely on huge piles of open source software to create all this stuff. This probably isn't going to happen.

I agree with you mostly. I am not convinced that most exploits in mobiles are due to C/C++, though. I remember when TPM came around. I did not like it back then and I still do not like it, but for the most part, I don't care. Probably some of my PCs have such a chip, but then again they have plenty of features I don't use. Having a PC which refuses to boot stuff which is not signed by Microsoft until you change BIOS settings is fine for the kind of person who is happy with Windows, I am perfectly willing to go through these steps as a price to profit from the economy of scale provided by clueless PC users. (I am less than certain that this is effective, given that (1) malware might install a signed Windows kernel (or signed kernel drivers?) with known exploits and (2) taking over the kernel is not really required to fuck over the user, but that is their problem, not mine.)

What I really hate is unlocking Android. Either you buy Google Nexus products, which are on the expensive side, or you navigate a jungle of different OEMs with their own unlock procedures. (Again, I can see the appeal: OEMs profit from preloading the mobiles with their crapware, so they don't want a reseller to switch it out for some different crapware in bulk, but fuck is it annoying.)

For the PC platform, I think commercial incentives are very in the direction of PCs being able to run C/C++ as well as FORTRAN, COBOL and whatever else people might want to run on them. There is a lot of old software lying around, most of it probably in-house developments, and it is not really viable to rewrite it in another language in most cases.

Also, I do not think that Free Software is under threat that much because most of the world is clearly aware that Microsoft is a US company, and if push comes to shove, the NSA can likely ship malware signed as a Windows update. So outside the US, there is some strategic incentive to be able to run different OS (e.g. GNU/Linux) where inserting exploits might take a bit more work for the spooks.

Allow me to present a more parsimonious explanation of everything we're seeing:

Rust is clearly the systems language of the future. It can be just as fast as C++ and has a much nicer syntax/doesn't have weird idiosyncracies (ok, the last point is debatable). However there are lots and lots of C++/C "dinosaurs" whose livelihoods are going to be threatened were it to lose out in favour of Rust. Thus they need a way to protect themselves (as is only natural) and are trying to at the least slow down the adoption of Rust.

In a bid to do this they've found a feature of rust, namely the fact that it forces you to write good code, presented it as "undesirable" and created a narrative of how rust takes away your "freedoms", thereby aligning themselves to one side of the culture war in a bid to leverage the power of that side to protect their income stream. Nevermind that you can very easily write memory unsafe code in rust by just declaring an unsafe{} block around everything.

It's all the usual ploy of people hating technological progress and advancement because it's coming for their daily bread so they put up spurious blocks and fearmonger to ensure that coin keeps flowing to them.

Rust is clearly the systems language of the future. It can be just as fast as C++ and has a much nicer syntax/doesn't have weird idiosyncracies (ok, the last point is debatable).

I'm not completely sure I buy this vision of the future. Rust has some very good ideas, but there is so much quantity behind legacy C/C++ systems that it has a quality all of its own. And it's not the first time claims like this have been made: I'm old enough to remember Java being sold as "just as fast as C++" and safer (debatably true for some workloads today, less true at the time), but it hasn't displaced C or C++ despite major efforts. And despite the supposed memory safety, I have actually encountered java.lang.NullPointerException in the wild (production code) plenty of times. C# also promised a brave new garbage-collected world. If I were older, I'd probably point to Ada, which was originally developed for the DoD to write safe, modular programs in the late 1970s (IMO an underappreciated language, to be honest) and still gets some use today.

Rust has some good ideas, but fundamentally it seems to be pretty similar to C++ in terms of what the languages want to be. My loose prognostication is that the sheer Borg mass of the C++ ecosystem will learn to interoperate with, embrace, and extend. The C++ committee is clearly steering this direction, and it seems only a matter of time until the base version of the language offers, say, a borrow checker. There has already been plenty of (slow, but steady) motion towards that sort of thing since C++11 (shared_ptr, more recently span). It seems to me only a matter of time before someone posts a patchset for GCC or Clang that adds -Wborrow-checker.

There's something to be said that the current backwards-compatible syntax for modern C++ will get unwieldy, but there has already been public discussion of attempts to make breaking revisions to it: see Sutter's proposal for cppfront. This sort of thing isn't unheard of: early C++ was implemented as a generator for C code. Javascript has all sorts of code compatibility tools, including CoffeeScript, which seems to have fallen out of favor since the JavaScript ECMAScript standards committee decided to start publishing again and making real updates. I just can't see full rewrites in Rust of major application code, but I could find it plausible that the backend object models of the languages will converge until they interoperate fairly seamlessly. Or that C++ absorbs all the good ideas and Rust remains around in a vestigial, nostalgic fashion like Perl or PHP in 2024.

"just as fast as C++" and safer (debatably true for some workloads today, less true at the time), but it hasn't displaced C or C++ despite major efforts

Well, this was a lie, it's not possible to match speed with dynamic compilation and garbage collection. Sun corp. did benchmark cheating. Rust tried to be a better C

And despite the supposed memory safety, I have actually encountered java.lang.NullPointerException

Well, in this part they didn't lie, it's possible to have exception, but unlike C/C++ it is guaranteed to be caught and safely processed. Some C implementations (at least for MS-DOS0 reversed some space to check for null ptr dereferences, the program at exit checked it and if changed, printed error message.

"Within C++, there is a much smaller and cleaner language struggling to get out"

One problem with C++ is that it inherited most of C, which means that the syntax for doing stuff the (unsafe) C way is usually short. Compare a C array declaration to a std::array declaration, for example.

With regard to the borrow checker, I don't think it will be that easy to port to C++. (If it was that easy, people probably would not have invented Rust in the first place.) I am not a Rust programmer, but I think that Rust's system of allowing explicit lifetime annotations might not be that easy to reproduce in C++ (at least without horrible template syntax).

(If it was that easy, people probably would not have invented Rust in the first place.)

C++ is bad not only in memory safety, but also has ugly grammar, no modules, slow compilation speed (and ugly binary operator priority).

There's something to be said that the current backwards-compatible syntax for modern C++ will get unwieldy, but there has already been public discussion of attempts to make breaking revisions to it: see Sutter's proposal for cppfront.

And I think the other main one currently would be google's Carbon, which is an experiment from the google LLVM/clang crowd, from their frustration with the c++ committee's hesitance to do breaking changes. They're trying to use good ideas from Rust and others, in a way that's interoperable with c++ files & libraries. Although I haven't heard much about it lately.

The concept of the unsafe{} block reminds me of the debate around content warnings, ironically.

If you have a system level language, you want the ability to take shortcuts even if the compiler can not verify that they are safe.

C++ has some of these which are explicit (static_cast, reinterpret_cast) and plenty which are implicit (C-style casts, pointer arithmetic, etc).

I suppose that they are kind of similar to content warnings. If you clone a Rust project, you could do a git grep unsafe and will see the ugly underbelly of the project laid bare (or at least the unsafe part of it).

Content warnings are unironically a good thing. They're no different to allergy warnings on food you get from a supermarket.

They often hamstring a good sucker punch twist by foreshadowing what's going to happen before you start the story. If they come packaged with a tagging system like on Archive of Our Own though, where you can search by the most granular of details to find the story you want, I can get behind that.

Or if they're inside a spoiler block, so you can look at them if you want and ignore them otherwise.

I have never written a line of C for pay in my life - but my instinct is to align myself strongly with C, as I would predict based on knowledge of my political commitments and my psychological profile.

In the last instance there is nothing that can extricate itself from that web of shadows and dreams which has long since been assumed to belong exclusively to "an earlier age" - aesthetic considerations, religious sentiments and mythological archetypes, networks of vague and half-realized associations. To ignore this fact is to make the same mistake as the historians, sociologists, and economists who ruthlessly excise the idiosyncratic and biographical in favor of the structural. Their affirmative defense is that they are required to obey the methodology of their field. But it is also plain that it offends their conscience to think that the "irrational" might intrude on the domain of rational inquiry, and that it might require a correspondingly irrational mode of investigation.

I…do not understand where you’re going with this.

That’s not a criticism. I just experienced a physical double-take as I tried to parse your mystical experience.

A shorter version is: people develop emotional attachments to unexpected things, like programming languages. There is no guarantee that these attachments are rooted in economic concerns. Understanding these emotional attachments is important for understanding their behavior.

In my Triessentialism, I identify four sources of value, attributes about things which give them worth to humans and other mammals:

  1. Utility - can it bring me closer to a goal?
  2. Experiences - can it make me feel something I want to feel?
  3. Status - can it improve my esteem among those I want to impress?
  4. Agency - can it make me feel like I can make a choice that matters?

C++ had all four for me when I was in high school, and I don’t see that changing.

Oh. Well said, then.

Rust may or may not be the language of the future. Most industries are still firmly in the past. How could they be otherwise? When your engineers each have 30+ years of experience with a language, they’d stick to it even if every new posting demanded Rust. It was hard enough to wean them off Fortran.

Trend-chasing is for the startups. Do you know how many man-hours my coworkers wasted on a bid to start using Docker? I don’t, because at some ambiguous point they pivoted to Kubernetes. I can’t even tell if that panned out, because the whole R+D program got slashed next time a government budget was delayed.

I’m sure there are lean, hungry teams who started a project with Rust in mind. They’ll all put it on their resumes. As it bubbles up into the general consciousness, chief engineers will start floating it as a process improvement. Then PMs will decide to bid stuff with Rust in there. If the customer doesn’t shoot them down, maybe then you get some products depending on Rust. But that takes time.

I was under the impression that Rust was a language that plenty of programmers liked, but that there are few projects using it, leaving the coders stuck with java or whatever.

Of course, java programmers are probably more plentiful for the foreseeable future than rust programmers, so for projects where the dev costs dominate the runtime costs, sticking to java might actually be correct from a management point of view.

The problem with this theory is that literally no one here has anything against Rust itself.

Also, and I've mentioned this before, while I spent some amount of time dreading the time I become a dinosaur, I am now filled with dread at the distinct lack of young wolves nipping at my heels. I know every older generation complains about the younger one, but surely "what's wrong with the kids today, they seem to be completely unable to replace me" is a new one?

The problem with this theory is that literally no one here has anything against Rust itself.

I have Complaints. In addition to the governance drama, the language has Made Some Tradeoffs.

Compile time remains a pain in the ass, especially on lighter-weight machines. It's strict enough to be obnoxious when writing casual code or projects small enough to hold a coherent mental model around, but not strict enough to avoid unintentional side effects or for crate-internal multithreading to be truly safe. Struct auto-management is one of those things that's really clever and also a giant footgun for portability, consistency, reliability, and just understanding wtf is going on with your data: any time you leave your own application (even to local disk!), any default (non-#[repr(C)]) struct should be treated like a dumb tuple.

((I'm also annoyed that match doesn't support case fallthrough, but I'm probably one of a handful of people on the planet that thinks that's a good idea. For other nitpicks, they missed a perfectly good opportunity to have different symbols for integer and floating-point division.))

Embedded Rust is getting better, but it's still sketchy, even on well-known and well-supported architectures and chips. To be fair, that's one of the hardest environments and the most important for all that no-mutable-shared-state safety that Rust is really trying to enforce; to be less fair, you end up with tutorials for the microcontroller equivalent of hello world that look like this and this.

It's better than Go, and I've dabbled with it; these might not even be things that can be solved (uh, except compile time; it has gotten better). But the treatment of the language as an end-all be-all overlooks a lot of the real-world experience of working with it outside of data centers.

Huh, I have complaints about rust but they're very different.

I haven't used a 'lighter-weight machine' in at least half a decade, and if I had to I'd just compile in the cloud. I just use serde any time a struct leaves memory and that's fine, and when I need threads I just use a very limited and safe abstraction - rust gives you a lot of power but you don't have to use it.

The thing I don't like about rust is ... Rust has a lot of great features, so I end up using it a lot. And for 80% of the code I write, I'm not writing tokio internals or something that needs to get the last 15% of possible performance, so I really do not care about the difference between String and &str, lifetimes, cloning, lambda mutability and capturing, not being able to pass an immutable reference to a state object around while i have a mutable reference to a child of it, there being &s everywhere because half of the methods on containers take references and half take values, ... It just takes mental effort that should be spent elsewhere. I think for people with lower g these are bigger problems, but I have a good grasp of all of them. But I'd still much rather not.

These are just a bunch of papercuts - they're pretty annoying, but all of the good parts of rust more than compensate for it. I often wish I were using a smaller rust, though. Recently some of the early rust contributors started trying to make a language like that, although the base rates on success are very low and I have some problems with the initial approach.

That's your feeling? Maybe I'm a mediocritie but I can name quite a few folks under me who, with a button up and some experience presenting (ExECuTiVe PrEsEnCe), are great substitutes.

I'm sure there's plenty of talented young guys that would beat my ass in the grand scheme of things, but the supply / demand seems to result in remarkably little fire under my ass for the time being. I might regret those words at some point, but that's how it feels like so far.

Nah, that’s common enough among boomer engineers.

Speaking of software conspiracy theories, My favorite conspiracy theory is the whole Woke Rust thing. There is an attempt to replace C/C++ with Rust as THE programming language, while at the same time Rust's council is full of the wokes. That whitehouse statement doesn't alleviate my paranoia in the slightest.

I like going to Rust events and trying to guess if someone is a very ugly woman or a tranny. Usually the second

Avoid this kind of low-effort sneering.

I genuinely go to many Rust events and this is something I really experienced at every single one of them. But sure

How does the fact that Rust has a 'woke' council credibly threaten ... anything to do with the programming language (end user experience, developer experience writing in it, etc)? What does the council even do I guess is my question.

There's some casual drama, but a lot of the concern as an outsider depends on exactly how paranoid you are.

Rust's governance is complex, but it can be roughly understood under a hierarchy where the the Leadership Council determines what consists of membership of each Leader's content-specific teams, and each Team's membership controls what RFCs will be accepted by their respective areas of focus: in practice, the members on the Leadership Council generally at least have eyes-on for any serious RFC. (This structure is post-2022; there was some weird drama with the moderation vs core leaders in 2021 that afaik has never been aired publicly).

In theory, this should just mean that material goals, changes, or fixes to compilers or core libraries are likely to reflect the material goals of the Rust Foundation, which is pretty standard, even if not always so explicit.

In practice, there is a very distinct philosophy about community interaction, in the sense that it has a direction. So far, most of this tends to just be intracommunity drama stuff that doesn't impact casual devs and maybe even non-turbo-Red-Tribers who did seek an RFC, but the classical lodestones for principled behavior have been the presence of Palantir devs inside the governance structure. There is definitely a segment that believes that needs to change. (and tbf).

At the moderately paranoid level, Rust is Apache-MIT minus a bunch of copyright cruft (and some other licensing for LVVM), and rust-lang has been aggressive about copyright enforcement in the past. On top of the ugly questions about how much these licenses can really limit the management from changing them in the future, or even bind seriously, if Rust does something like an ethical use license or a common crate requires all users to have a Rust Trans Flag displayed in UI-presenting code. (edit: as an example, a proposed trademark policy (cw: gdocs link) last year required Rust-trademark-bearing conferences to "prohibit the carrying of firearms, comply with local health regulations, and have a robust Code of Conduct." and Rust-trademark-bearing free swag to be "in good taste and compatible with the values of the Project." -- it largely got dropped for other reasons.)

At the aggressively paranoid level, you start to think about changes you might not notice.

Wait, what’s so bad about palantir?

To steelman (and this is something I've seen in the wild, albeit sometimes buried in other arguments), Palantir is a barely-private-sector defense industry asset, and very close to just being an unofficial part of the US government's intelligence agencies due to its funding sources. A Palantir-employed dev has a lot of motivation to insert esoteric vulnerabilities and less than ideally secure settings tracking opportunities; a Palantir-employed governance council member and especially leader has a lot of motivation to recognize RFCs that would include those. This sorta attack is known to have happened to RSA during Operation Orchestra, and remains popular (though denied) for Heartbleed.

To... be less than perfectly charitable, Palantir's use by ICE is controversial: Actual Rust Programmers consider the organization somewhere along "proven to act out genocide against immigrants", and the business's relationship with domestic policing falls into similar lines.

There's been other lower-profile efforts aimed at other development-related businesses -- there's similar drama everywhere from colleges to FIRST to FOSS stuff about Raytheon RTX funding, for one that's moved things at margins -- but for Rust Palantir's funding is one of the big obvious lodestones that both the pro- and anti- side pretty clearly see as the culture war point.

It doesn't help that Rust is actually a good language (though I won't pretend it's perfect) while still enabling C/C++ levels of performance. Wokes got in on the ground floor of what is likely the future of systems programming. I mean it's possible something like Zig could win in the long run but given the Linux kernel adopting Rust and Microsoft beginning to use it for important parts of Windows it's hard to see it losing with that kind of momentum.

But even alternatives like Zig are going to attract plenty of weirdos. Interest in low level computing and being a weirdo seem to go hand in hand, just look at how 90% or more of prominent emulator developers seem to be trans and/or furries. Even the more normal ones are still massive weebs.

Zig died to me when the lead developer came out with a declaration of intent to ban (full-fledged) recursion or at least discourage it using cumbersome syntax (the proposal appears to have been shelved, but only with a "we'll come for you eventually when the time and Overton Window are ripe" note). Every modern language seems to have at least some domain in which the programmer is deliberately hobbled in the name of "safety"/his betters' strongly-held opinions about what he should and shouldn't do.

It's a double-edged sword. Is a system more free if users can chose to do whatever they want or is a system more free if my non-technical aunt need not fear that every link or app or whatever is going to pwn her system or be some unremovable crap. She has no idea how to read or evaluate their privacy policy written in pages of legalize but would like something like "this company uses my data within the bounds of normal reason". And even if she could, half the time the whole thing is a complete and wholesale fraud by some random overseas firm in Kerbleckistan where all their policies and promises amount to nothing at all. And when you explain to her "hey, there's counterparty risk -- you need to actually attribute content you read online to a real legal entity and then decide if you trust that entity to make the representations therein, especially when executing their software on your device", she says great where to they print their true legal identity on the page and I have to again explain they don't do that either.

So yeah, unfortunately, it's both. Walled gardens are a cage to the tinkerers, openness is a cage of fear for the non-technical where slight missteps can occasionally have (seemingly randomly to the non-educated) huge consequences. That's not very free for them either.

What's worse, technical measures like code signing aren't really "what auntie needs" in any real sense. A code signature is only as useful as the CA that decides what code to sign and the CA is only as useful as the actual policy and governance that it employs in deciding what to sign. That in turn is subject to the usual caveat that governance is hard. And saying "well, we'll have a choice of CAs" is just recursing the problem a level without actually solving much at all.

Ultimately, I don't really have a good answer, but I have a good sense that it can't be "fuck the non-technical, let them be eaten by leopards". Not only because I think it's unworkable (they will find a new Steve Jobs) but because it's an abdication of the duty of those that understand technology.

I mean the trouble with walled gardens is similar to the problem of moderation. In both cases, my right to decide is outsourced to a keeper. There are sometimes good reasons to do this — letting just anyone mess with critical software in the OS is a very bad idea. Other times, it’s less about protecting the end user than enforcing ideas about what is good for that user, as when a mod to remove gay pride flags was banned. A policy that won’t let me or any program I use do things to my OS or access things like contact lists, social media accounts, or other critical data without at least making sure that I intend to do that is generally good. Likewise I think a moderation policy of keep on topic and be respectful is perfectly fine where a policy dictating the topics and allowed opinions isn’t.

In both cases, my right to decide is outsourced to a keeper.

What about my right to decide to outsource my right to decide to a keeper?

I tend to think that it's more important that people have a right to decide which platforms to take than they have a right to modify the internal rules of each platform to their liking.

Similarly, I think it's better for freedom of religion if people can decide where/how to pray but don't have a "right to decide" on the internal rules and content of each house of worship.

Likewise I think a moderation policy of keep on topic and be respectful is perfectly fine where a policy dictating the topics and allowed opinions isn’t.

This is baffling. A golf forum cannot exist without a policy dictating the topics (related to golf) and the allowed opinions (you can't just flame bait with 'golf sux').

But given the near monopoly on cellular phones (only 3-4 major players) it’s not hard to create a situation in which unless you’re willing to void the warranty and risk an update bricking your jailbreak phone, you have no effective choice in whether you end up in a walled garden. The only question if all player in the game build a walled garden is “whose walled garden do I like the best. I suppose you technically have the choice to forgo cellphones entirely, though it would make communication difficult as land lines are down to about 30% of all homes.

whose walled garden do I like the best

Yeah, similarly you have to choose "which basketball league do I want to play in" rather than having a choice to join them and demand they change their rules to suit your preferences.

I sympathize in the sense that it is unfortunate that not everyone can get their way. But I don't think that justifies the right to demand you get yours.

In the words of our prophet Terry A. Davis (PBUH):

The [sic] got rid of CD/DVD. they are coming for our guns.

[...]

The IRA is like the NRA, but for computers. The CIA wants all code in the cloud under their lock and key. They want to ban compilers and make people think HTML is computer programming.

Relevant context

I guess that this is meant to poke fun at the OP by likening their concerns to the paranoid delusions of Mr. Davis.

I meant every word. If any man is now resting in heaven doing systems programming for God himself, it is probably him. He was a prophet in any sense that someone can be a prophet.

I should explain to the uninitiated.

Terry was ostensibly insane, but had the sort of insanity that is paired with genius. If you go try out TempleOS you will be struck by two things. First that it has extremely questionable design choices (such as divinely ordained 640x480) and second that these weird choices seemingly allow it to do insanely powerful things that you may not even have suspected were possible, even if you are OS nerd enough to have used Plan9.

TempleOS is a huge undertaking in its own right, writing a complete operating system is pretty difficult as a team already (take it from someone who has done it), it's a tour de force as a single man. But Terry didn't stop there and made his own optimizing compiler for a C like language that has full reflection support. This alone makes him a pretty competent software engineer and is an impressive feat for someone that debilitated, but writing toy OSes is something smart sane people do too.

What brings him to genius level in my opinion is how he ingeniously solved a lot of the baggage of modern software in his rewrite of everything, making things that seem impossible possible: 3D model editor right in your source code, system wide autocomplete of any function of any program, the list goes on of things that would be dizzingly hard to do under normal assumptions but are here done effortlessly.

He created a fully integrated C64 analogue that blurs the lines between code and data even more than the most radical of Unixes and exploited that property to build unconventional but extremely powerful UI (that looks like absolute garbage at a glance). Good problem solving skills aren't enough to do this, he had a vision, skill and powerful dedication.

Have a look at this review if you want a quick tour of the thing.

In general his philosophy of how computers should be finds the same frustration as OP, myself and many others (such as RMS) in the observed trend that machines have been slowly turned from tools of the users into tools of control. A betrayal of the ideals of the 1980s and hacker culture that we are all the inheritors of. Terry wanted computers to be motorcycles where "everything is open because it's fun", not locked in modern cars.

In my moments of doubt about software architecture I do ask myself "the greatest question in programming", and it isn't out of mockery, but out of respect. So I'll leave you with another of his legendary quotes:

What’s reality? I don’t know. When my bird was looking at my computer monitor I thought, ‘That bird has no idea what he’s looking at.’ And yet what does the bird do? Does he panic? No, he can’t really panic, he just does the best he can. Is he able to live in a world where he’s so ignorant? Well, he doesn’t really have a choice. The bird is okay even though he doesn’t understand the world. You’re that bird looking at the monitor, and you’re thinking to yourself, ‘I can figure this out.’ Maybe you have some bird ideas. Maybe that’s the best you can do.

My baseline assumption is that whatever you choose to call this weird woke, centralized, authoritarian, elite/bureaucratic corporatist conglomerate, they want control. All of it. Over things that you would think have nothing to do with them. They want your wood ovens, your gas stoves, your gamer PCs, they really don't view anything as beyond their purview to "regulate" and make your life infinitely worse by slow degrees.

Something people have a hard time getting is that power only exists out of the ephemeral when it is expressed, particularly soft power but this also applies to hard power.

If you've ever lived under an authoritarian, you've experienced the arbitrary expression of power that happens just to prove that they can order you to mop the rain and you'd do it.

I'd never call it a conspiracy that people exercise power for the sake of exercising power, either to ensure it is still present or just to get their jollies.

Jouvenel talks about this at length in On Power, the thing wants more of itself, and it wants with so much greed as to cloud the judgement of the noblest of men. It is a demon in that way.

Power can't abide rival castles, it can only be maintained at the cost of more of itself and all those who wish to not maintain it are replaced by those who who will.

Therefore, its necessary and sole destination is total control. And with it, collapse.

There is no other outcome to any politics than the total state, even liberal politics.

Freedom is just what we call the cracks that haven't been totalized yet. And which, God willing, spring eternal from the ultimate incompetence that is married to ultimate power.

If you want a picture of the future, imagine a tower of babel getting built and collapsing. Forever.

You’ve just given me another thing to keep in mind next time I reread Cerebus The Aardvark.

Ironically, the end result "power users" would be complaining about is likely to be something akin to Linux, where if you want software that isn't included in the approved repository you're condemning yourself to a complicated install process (that's totally easy provided you ignore every online tutorial telling you how complicated it is and instead follow these 23 simple steps [assuming you are using one of three distros]).

I download the .deb file, I click it twice, it opens in the deb installer, it installs.

If it is an appimage i just click it.

It gets a bit more complicated if you want autoupdates. The process to install a non-Snap version of Firefox on Ubuntu is ... very feasible, but it involves manually rejiggering the priority of package selection. That's not end-user viable.

Of course, to be fair, you can just download a binary build still.

It gets a bit more complicated if you want autoupdates.

Put pacman -Syu in a cron job?

By my count it's only 6 simple steps and one is optional but nice to have.

See also: Lockdown: The Coming War on General Purpose Computing, a 2012 speech/blog post by Cory Doctorow. It's outdated by now, but this has been going on for a long time.

I had a dream once which was inspired by the writings of Corey Doctorow.

I dreamed that every city block in Albuquerque had a uniformly built apartment complex ten stories tall, each with an open but narrow courtyard. Their names were just the dictionary because 1) there were so many and 2) they were built by China: The An Apartments, The And Apartments, The Any Apartments, and so on. The ground floor of each had businesses and schoolrooms, and a power plant, like a bargain basement Archology.

My family was being forced by economics to move into one instead of our house. We each got a 3-ring binder with a cheap plastic cell phone. My dad warned me not to use it because they’d be listening. We ate our first meal there in pensive silence, aware of the growing dystopia.

Reading the OP reminded me of that dream.

99.99% of people running unrecognized code are the technologically clueless about to install malware, not tech whizzes building direct from source.

Especially on Windows. If you're actually serious about code and computers, you're almost certainly on Linux/BSD anyway.

When I tried to install Telegram and Whatsapp on android, they wanted to get access to SMS to "help" me with entering 4-digit code, thus allowing them to read all SMS from banks and also steal any account which could be reset via SMS. How does it fit here?

I would suspect that >0.01% of people running unrecognized code can be accounted for just in people messing about with minecraft mods.

aren't minecraft mods in java/python/etc?

Java Edition mods are in Java. Bedrock Edition is in C++ and I'm not as familiar with their modding scene but it appears to be much more difficult, so the vast majority of Minecraft mods are Java. Even still, that doesn't mean they can't be malicious. There was an incident last year where a Fediverse instance got compromised because the owner ran a malicious Minecraft mod on her computer.

If you assume these are pathologically controlling busy bodies, which I think you are right to assume, the fact that anybody can program anything probably terrifies them. They barely understand technology to begin with.

It's worse than that. "SJW's can't code" is a dead meme from 2014 or so. The existence of the Rust community proves that there's now a technical community of true believers, not just entryists writing Codes of Conduct.

not just entryists writing Codes of Conduct.

Has there ever been an attempt to write a "conservative" or "anti-woke" code of conduct? If Rust becomes the "woke" programming language, is it possible to turn C++ into the "anti-woke" language?

The corporate overlords of SQLite forced them to adopt a CoC, but the guy managing thought the whole thing is silly, and copy-pasted the rule of St. Benedict, if that counts. They were forced to drop it, and adopt something woke, though.

I hate to oppose a good blackpill, but as far as I can tell, the Rule of St. Benefict remains the entirety of SQLite's Code of Ethics. https://sqlite.org/codeofethics.html

Hate? I love it, you made my day!

Silly of me to go by memory, and not check the current state. Originally they renamed the Rule of st. Benedict as the "code of ethics" and adopted Mozilla's CoC as their CoC. It looks like they ended up removing the Mozilla one by the end of 2020.

Was kinda hoping there would be a more, um... "successful" example, instead of one guy making a brief show of resistance before getting his ass kicked. I guess GPL sorta counts, in that it's (a) not explicitly woke, (b) focused on the software itself and (c) can't easily be gotten rid of.

"successful"

That parameter was not specified in the original query ;)

True. How about like, a sincere attempt at doing it, rather than just a sarcastic joke or dragging their feet? Like, James Damore was unsuccessful, but he did sincerely try to counter wokeness at Google where he worked. He was openly taking a stand. It seems like most everyone on the anti-woke side just dodges the issue or goes for "non-violent resistance," when they're not shitposting anonymously.

Like, James Damore was unsuccessful, but he did sincerely try to counter wokeness at Google where he worked.

I don't think this is an accurate description of what he did when he wrote and distributed his infamous memo. I'd characterize it more as him sincerely trying to help wokeness, under the belief that the woke (or rather, the equivalents at the time, since I don't think "woke" was nearly as commonly used back then) genuinely wanted to accomplish the things they said they did.

You know, I'd never actually sat down to read it. Reading it now... oof. You're right, he did seem to be sincerely trying to help Google accomplish their woke goals, like giving some very practical suggestions on how to attract more women into tech. The whole thing comes across as very apologetic, not a rebellion at all.

More comments

I'd characterize it more as him sincerely trying to help wokeness

Back then that was the sincere anti-woke position, though. I'm only speaking for myself, but 7 more years of black pills made me reconsider all that talk about "equality", but at the time I was all on board for closing gender gaps (I suppose even now, I'm not against "women in tech", but I'd say just do what we did in sports, and have some degree of sex segregation).

More comments

Well... even if this example was sarcastic, I think it would be a good one, if it was successful. CoCs don't really do much, except plant a flag and provide an excuse to purge political opponents from a project, which the rule of St. Benedict would do just fine - which is precisely why it was not allowed to stand by the top brass.

He was openly taking a stand. It seems like most everyone on the anti-woke side just dodges the issue or goes for "non-violent resistance," when they're not shitposting anonymously.

We definitely need to organize, but we're in a bit of a bind. Non-woke techies might be good at building things, but we aren't much good at organizing, in stark contrast to our woke opponents, who have the opposite advantage / disadvantage. It was good for a laugh back when they had very little political power, and we could point and laugh at their attempt to build something, but the joke is on us, since it turns out you don't need to be a builder, when you can just bully the builders. Back on our end, it tuns out that once you have no political backing, and no organizational talent, all those building skills don't amount to anything, and you're stuck with anonymous shitposting as the height of your resistance. There was an old comment back on Reddit outlining similar dynamics among Soviet dissidents (Wooo mama! Look at what I can do, now that functional search is back on the menu!).

For my part, if you happen to have these sort of political / managerial talents, you have my sword, and I'm happy to follow you wherever the road may take us. Hell, I even took a stab at it myself, but I'm mostly fumbling around.

Yeah... I wish I could help, but I'm also terrible at the organizational/political stuff. Good on you for at least starting a project, though.

Well, that explains Bruce Schneier's most recent blog post "Improving C++". I'm generally a fan of Rust, but acknowledge there's a lot of existing code in C/C++ and rewriting code that works is asking for trouble; we should be making sure we have the tooling to retrofit the appropriate checks into existing code. That is, updating to C++29 or whatever is almost certainly going to be easier and less error-prone than porting to Rust.


Tivoization is the term for the problem you're talking about. And free software advocates have been raging against it since, uh, you could actually find someone who could remember the last time they saw a TiVo. With the recent EU fight with Apple and the Right to Repair movement in the US, it looks like there's a small push in the other direction at the moment. But that's not very reassuring.

It is weird to see an anti-government anti-Tivoization rant given that I've always seen it as an anti-corporate position.

It is weird to see an anti-government anti-Tivoization rant given that I've always seen it as an anti-corporate position.

From some perspectives, there is little separation of business and state, so maybe this shouldn't be so surprising.

There is a nice culture war troll angle with some parts of the Rust programming language community being associated with leftist political drama. Rust is a popular safe language that solves most memory safety issues and some thread safety issues. I can see someone authoring a bait piece about taking my 'freedumb' to use C++ from my cold dead hands and forcing me to use communist Rust.

You will own no memory, and you will be happy.

No need for bait at all. Rust being associated with leftist political drama is sufficient reason to reject it.

Man.

It’s like you’re asking partisans to stake a claim on more of your stuff.

That's easy for people who don't write on bare metal for a living to say.

Alas, every single part of modern computing is involved with such characters, including every single alternative. C++ is no exception.

C++ is no exception

Actually it’s C which is no exceptions, necessitating the use of return codes to indicate success or error

That's easy for people who don't write on bare metal for a living to say.

I'm a C++ programmer. Not quite as "bare metal" as when I was doing embedded C (sprinkled with assembler) on machines too small for an OS, or occasionally writing microcode, but not one of those airy-fairy interpreted languages either.

C++ is no exception.

The C++ standards committee is not telling anyone that black lives are more important than whatever corner case DR is in play today. I'm sure its members are plenty pozzed and there's DEI initiatives in its general direction, but Rust is just worse. (With Go somewhere in the middle)

Apologies, fellow bit twiddler.

I don't know though, my latest trip to cppcon didn't exactly give me a different vibe from Rust conferences. And the latest Rust drama revolves around the core team telling community managers to fuck off with their coup attempts.

I would have agreed with you a few years ago when Rust had a bunch of literal tankies on staff, but a lot of those didn't go the distance (even Klabnik himself went away).

Nowadays it's a big managerial blob that is only different from the C++ one because it's staffed by younger people. That must have some moderating effects but in practice that whole side of the industry is converged to the max.

The rust subreddit is all californian ideology shitlibs all the time and much more ideologically moderated than most cpp forums though, I'll give you that. It is Reddit after all.

That said there's another side of it these days, lots of crypto projects use Rust and they are the ones hiring for actual jobs. Much to the chagrin of the aforementioned redditors. And the culture there ranges from standard lolberts to software-as-holy-war gigabased.

Right now it's an annoying popup, same as it has been since Vista. Maybe one day the default behavior is switched to not letting you run it at all. But it's ok, there is a toggle to turn on the old behavior burried deep in the system settings somewhere. Maybe a security submenu.

This is where Mac OS already is. If you find the setting and turn it off, it will automatically turn back on after 30 days. So every month you have to go in and put it back. That wasn't even the government, just plain old fashioned greed. Gotta pay Apple for a developer's license to get a key to sign your executables. And if you're paying for the license anyway, you may as well put it on the App Store too, which means Apple gets 30% of the sales.

The impact on random users has been zero, because they just get their apps from the App Store, so nobody cares.

And iPhones have famously been entirely locked down since the beginning, they started putting it in the desktop OS too when they figured out people would put up with it.

I believe what you're describing could happen. The closest analogy I can think of is companies black boxing equipment to prevent you from working on it yourself:

LESTER GRAHAM, BYLINE: About an hour south of Detroit, Mark Metz and his father farm 1,800 acres of corn, soybeans and wheat. He says a computer error showed up on his dashboard in his tractor. With no access to information about the tractor software, he had no choice but to ask the dealership to send someone out to look at it.

MARK METZ: We deal with a dealer that's a little over an hour away. And, of course, you're paying for their road times. So, I mean, we pay a good two to 2 1/2 hours of just time just to get them here.

GRAHAM: The dealership's guy found it was just a wire that had come unplugged. He plugged it in. The initial bill for that repair was $800. Metz says had it been his truck, he could have taken it to a nearby auto parts store.

Or someone posted the crazy story about the trains in Poland. I'm too lazy to find their writeup on TheMotte, but hopefully this reddit post will point you in the right direction if you missed it.

That being said, you're conflating congress and private industry under the umbrella of busybodies:

If you assume these are pathologically controlling busy bodies, which I think you are right to assume, the fact that anybody can program anything probably terrifies them. They barely understand technology to begin with. Just look at any time they haul a tech CEO before congress and attempt to get sound bites for their constituents. It's horrible.

Tech companies have a clear profit motive to force you to buy their software, same way that John Deere has a clear profit motive to stop you from repairing their tractors when they can charge you 800$ to plug in a wire themselves. They're not afraid of you shitposting about your waifu LLMs on reddit, they want you to buy the latest and shittier version of Windows, Now With More Advertisements And Less Functionality. It's the Suits, not the HR and DEI consultants.

Or someone posted the crazy story about the trains in Poland

Here.

Tech companies have a clear profit motive to force you to buy their software, same way that John Deere has a clear profit motive to stop you from repairing their tractors when they can charge you 800$ to plug in a wire themselves. They're not afraid of you shitposting about your waifu LLMs on reddit, they want you to buy the latest and shittier version of Windows, Now With More Advertisements And Less Functionality. It's the Suits, not the HR and DEI consultants.

I think it's worse in the sense that there's a million different excuses. There are legitimate security issues. iOS has, as a philosophical position that it has held for over a decade and through the death of its leader, against porn on the iOS store.

((Of course, the same people allow web browsers to submit OS-level notifications or can't stop the simplest malware, so fuck em.))

Interest in freedom is fundamentally the interest of a minority of one.

I prescribe you blackpills until you stop believing that a person who shared certain views about the female gender will be allowed to even think about owning any kind of possessions in the future, let alone general purpose computers.

Could you speak more plainly? Are you saying in the future incels won't be allowed to own possessions (because of incarceration, for example)? Or that in general people will own nothing and be happy?

I'm sure the OP knows which views I meant, and I'm saying that those would drop a person's social credit to the gulag level as soon as the other side understands there's no downside to implementing those.

If you don't intend Mottizens to be able to understand a post, I'd suggest sending it as a PM instead.

I believe OP view's will become further solidified if you give him more blackpills, not less

I think GP is claiming that OP is insufficiently blackpilled, and that rejection of current "sacred truths" like the current party line on trans will be grounds for total disenfranchisement.

Indeed. I want to cure the OP of his unwarranted optimism.

Dude, you need to take off the tinfoil. There's no effort to take control of computers away from you. What you're seeing is the government making efforts to get it so that software for the government is written in memory safe languages. They don't give a shit what individuals do.

  • -17

This is antagonistic, don't.

What you're seeing is the government making efforts to get it so that software for the government is written in memory safe languages.

This is definitely not true. Have you read the report (pdf) or even just the abstract? From the introduction:

This report speaks directly to the technical community, including technology manufacturers and academic researchers, illustrating two ways their actions can make significant improvements to the Nation’s cybersecurity posture.

Nowhere is the scope limited to purveyors of software to the US government.

The problem being that the government buys and uses so many computers and so much software that it often sets a standard for the industry. A standard that is a requirement for a group that can spend billions at a go when most other groups might spend a couple of million and individual users might spend a couple hundred dollars. For most companies it simply would not be worth spending the money to create a version that isn’t to government standards because of the economy of scale. Unless the entire rest of the customer base is willing to pay extra to not have that security, it simply makes sense to have your business make everything to government standards.

I would not care too much about this.

Personally I worry about effective ban on open source projects. EU also has made something, though worst parts were defanged thanks to reaction of free software community.

It’s a back door ban though. If I can get companies to create a government friendly environment that doesn’t allow unapproved programs, it is a ban because very few people have the technical skills to get around the blockages.

The reality that someone who has self-selected into this group of open-minded free-thinkers could have lived through the corona-times and tell anyone to 'take off the tinfoil' about anything is a huge blackpill. No broader point, just intensely pessimistic about the future of the 'national conversation.'

group of open-minded free-thinkers

Don't self-aggrandize, you might actually believe your own hype.

Good point in retrospect, the average dissident thread on X is now better than most here

My baseline assumption is that whatever you choose to call this weird woke, centralized, authoritarian, elite/bureaucratic corporatist conglomerate, they want control. All of it. Over things that you would think have nothing to do with them. They want your wood ovens, your gas stoves, your gamer PCs, they really don't view anything as beyond their purview to "regulate" and make your life infinitely worse by slow degrees.

I don't think they're particularly evil. But I do believe in two things: The Iron Law of Bureaucracy:

In any bureaucracy, the people devoted to the benefit of the bureaucracy itself always get in control and those dedicated to the goals that the bureaucracy is supposed to accomplish have less and less influence, and sometimes are eliminated entirely.

And Upton Sinclair's law:

It is difficult to get a man to understand something, when his salary depends on his not understanding it.

So when you take anyone and put them in a bureaucracy, they will naturally start to believe that it is right and proper to expand the scope and power of the bureaucracy.

This happened to me years ago. A work computer refused to run executables that I made on that machine. Corporate security policies one ratchet click tighter than the Windows standard will cripple your ability to make your own programs as standalone executables.

Windows Defender Smartscreen shall decide when and if executables may run on your machine.

Buddy, a work computer is paradigmatically not yours. If your normal job function requires you to run executables on your machine, then the policy is just misconfigured.

I've listened to at least six hours of ranting on how a certain bank's security policies prevent their devs from working.

And how it's easier to actually develop software than to configure the system to build said software. Everything is MITM'd by security, mangled by weird proxies and getting something to even work requires 20x the effort of doing it at home..

I get that. And I'm a tech worker so this policy was indeed misconfigured for me. But IT was trained to ignore engineers saying they make their own scripts and obviously need to run and test them on local hardware. Which just resulted in a culture of engineers bypassing the controls in an extremely insecure manner in order to perform basic job functions. The computers in the hardware lab lacked the controls for instance.

It was anarchotyranny for IT security.

I mean, this is frankly just a breakdown in culture and management.

If you can't do your job function, your manager or their manager needs to talk with IT until an understanding is reached that harmonizes things.

I understand lots of firms are poorly run with shit policy, but that's not a reason to say "policy controls are bad". Policy is hard, it's still worth doing.

This is sensible. Given the nature of IQ 100-115 normies, allowing them to run arbitrary code on a machine is equivalent to allowing the GRU or Lockbit to run arbitrary code on that machine.

God did not intend every individual to have access to a universal Turing machine. On the other hand, Richard Stallman and Linus Torvalds did, and the GNU/Linux ecosystem isn't going anywhere because the internet backbone runs on it. In addition, a huge part of the value proposition of the Microsoft ecosystem (particularly relative to Apple) is that it supports organisations doing their own computing without needing to ask Microsoft's permission. Satya Nadella may not want every worker drone to have a universal Turing machine in their pocket, but he wants every enterprise customer's IT guy to have easy access to one. And in practice that means building machines which offer universal functionality to anyone who knows what they are doing.

God did not intend every individual to have access to a universal Turing machine. On the other hand, Richard Stallman and Linus Torvalds did

“God created men, Richard Stallman made them equal” —new motto of the Free Software Foundation, probably

“God created men, Richard Stallman made them equal” —new motto of the Free Software Foundation, probably

And Eric Raymond merges the Coltian and Stallmanian concepts of equality. Which is more dangerous to the irresponsible user is left as an exercise to the reader.

Eric Raymond merges the Coltian and Stallmanian concepts of equality.

Coltian? I got nothing searching for 'Eric Raymond Colt'. Help!

Eric Raymond (ESR) is an open source pioneer and also a libertarian activist and gun nut. The original version of the quote (which appears to have originally been a Colt Corp marketing slogan) is “God created man, Sam Colt made them equal.” Sam Colt invented the revolver, which was the first gun to be a practical sidearm.

Samuel Colt, the gunmaker, referred to in the older aphorism "God made man; Sam Colt made them equal".

The "God created men ..." quote is attributed to Samuel Colt (or John Moses Browning?)

I think it was just Colt's marketing department.

You're not going find anything, they're just speaking in metaphors. All he said was that Stallman is a utopian lefty hippie who thinks Free Software won't tend to be used for anything dangerous, while Raymond is the software equivalent of a libertarian gun nut, working hard to bestow firepower upon the masses.

That's about the most sane take possible, to be quite honest.

The reason 'tech' has gotten so far without being regulated is simply because Gov't doesn't understand it, and it moves/changes so fast that they can't get out ahead of it to put down serious roadblocks before its already jumped to the next big thing. They've only JUST NOW sort of caught up with Social Media tech with this recent TikTok bill.

Also the general gridlock and incompetence that's accumulated lately.

Now that the tech sector is becoming more centralized, it is more legible to government actors since they can identify the chokepoints to control to bring the industry and customers to heel.

So expect it to keep getting worse, but slowly, and in fits and starts, even if there is no grand central conspiracy.


Perhaps the even more blackpilling perspective is that this is just how things naturally trend when there's a 'commons' resource that manages to elude being exploited and enclosed by existing entrenched players. Free Software is a somewhat nonclassical example of a 'commons' that throws off tons of benefits as externalities. Lord knows I've used dozens upon dozens of free, open source, and other non-commercialized programs over the years. I hate hate hate the idea of subscribing to a piece of software I'd only use intermittently and, even after paying, could lose use of at any time.

VLC, Windirstat, 7zip, GIMP, LibreOffice and Coretemp, just off the top of my head are some of my favorites that each have a very specific role and do it very well (or well enough) so I can thumb my nose at commercial alternatives.

But unlike a 'classic' commons, the software well can never 'run dry' since as long as someone, somewhere is willing to eat the (trivial!) cost of hosting the software download, then copies can be distributed endlessly without ever depleting the supply, and the marginal cost of each additional copy rounds to zero.

But every other player in this system aside from the cooperative users sees this commons as an opportunity. And what they always want to do is enclose the commons, exclude free-riders, parcel it up, and then sell access to it. If you can make people pay even $1/copy for something they were previously getting for 'free,' you've diverted part of that that huge 'surplus' into your pocket.

You already see the low-grade version of this with sites that will re-host free software but bundle it with something else that they can use to make money, or at least have ads on the download site.

So whether it's governments cracking down, OSes limiting the code that can be run to an approved list you have to pay to get on, or Software companies buying up the licenses to open-source software and shutting down the free distribution of same (apparently the VLC guy has turned down sizable offers), eventually this commons WILL be enclosed, and you WILL be made to pay to acquire and use it on your own machine. For now, at least, you're allowed to fork projects before they sell out.

Of course, I also worry that they're going to remove consumer access to hardware altogether, allowing you to only purchase gimped, centrally controlled machines and most of the programs you run will be on an Amazon Web Server somewhere such that if they DID decide to lock out certain software, you wouldn't even be able to futz with the machine itself to hack it into compliance.

Because whenever the market sees some kind of consumer surplus, the incentives ultimately push it to attack it from every possible angle until it wiggles in and can consume said surplus, returning us to the 'efficient' equilibrium it really wants to maintain. And since you can't really get rich by advocating for open-source software, few are likely going to man the wall to defend the surplus against these attacks.

The reason 'tech' has gotten so far without being regulated is simply because Gov't doesn't understand it, and it moves/changes so fast that they can't get out ahead of it to put down serious roadblocks before its already jumped to the next big thing. They've only JUST NOW sort of caught up with Social Media tech with this recent TikTok bill.

I'm not 100% certain this is true. I think tech was never regulated because nobody understood it. When the TRS-80 came out, the idea that putting generalized compute in the hands of everyday people could, at any point in the future, be "harmful" or adverse to the interest of the ruling class probably wasn't even conceivable.

After home computers are out of the bag, even if they wanted to, the technology to put it back in didn't exist. It's only been in the last 10 years you see machines of all sorts able to phone home and have a central authority regulate your usage of them. I'm sure all the monarchies that vilified the printing press would have jizzed their pants over such power to automatically regulate their use.

The reason 'tech' has gotten so far without being regulated is simply because Gov't doesn't understand it

I hear this a lot, but is it actually true?

Relatively few people in government have actual professional-level expertise when it comes to finance, manufacturing, workplace safety, international trade, or nuclear energy, but the government seems to regulate those things just fine. (Arguably what we call "tech" is easier to understand than those things, at least the parts of it that are salient for regulation.)

y, but the government seems to regulate those things just fine.

If by 'just fine' you mean shut down and prevent their use from delivering benefits, sure.

Reminder that if we had a halfway sane authoritarian government anywhere in the west, nobody in that country would be burning hydrocarbons for heating or cooking unless they were out camping.

I don't understand this example. Are you implying that a sane authoritarian government would exert their power to ban the burning of hydrocarbons for heating or cooking?

How is that in any way sane, especially if they don't have the power to stop other countries from doing it? Unless you are advocating for this sane authoritarian government invading all the others and maintaining this ban through force of arms, in which case it makes more sense, but still a fair ways away from 'sane'. Doing so would require the development and manufacture of weapons at scale, which unfortunately requires large amounts of hydrocarbons.

No, I'm implying that a western country that nuclearised very heavily would have cheap power and wouldn't require even having gas lines going anywhere but into chemical plants.

Reminder that if we had a halfway sane authoritarian government anywhere in the west, nobody in that country would be burning hydrocarbons for heating or cooking unless they were out camping.

But if they had real winters, everyone would all be out camping because it would be warmer than sitting in their cold homes "heated" by inadequate electric heat pumps erratically supplied by an overloaded grid.

That's likely a contributing factor to why tech is seeing far more innovation, far faster, than finance, manufacturing, international trade and nuclear energy. Everything before it is already stuck under a pile of stupid regulation.

You know, for clarity's sake, I'll specify that those endowed with legislative authority in Gov't don't really understand it.

Plenty of agencies snap up tech-savvy employees, especially in the intelligence branches, and they presumably get regular briefings on new tech developments.

Finance is a funny bird because of the revolving-door between the regulatory agencies and the financial institutions. Gov't "understands" finance because the industries are heavily tied together, which is not (currently) the case with the tech industry.

It's really amusing to see claims that when the government says C is dangerous it's a conspiracy to take away your freedoms. "C is dangerous" is perhaps the coldest take in software engineering. Does it really make sense to tie it into a bunch of other phenomena, both real and imagined?

Because when power users on StackExchange tee off about C being dangerous, what are they gonna do? When the government doesn't stay in it's fucking lane and condescends to "advise" me about what languages I can or cannot use, the question of "What are they gonna do?" is a lot more open ended.

My point isn't that the government had an opinion and now I can't use C. It's point out a convergence of motive, and possible, as yet not fully revealed, means.

The government has not told you that you can or cannot use any languages. It has simply pointed out that using C is related to vulnerabilities.

Memory safety vulnerabilities are a class of vulnerability affecting how memory can be accessed, written, allocated, or deallocated in unintended ways.iii Experts have identified a few programming languages that both lack traits associated with memory safety and also have high proliferation across critical systems, such as C and C++.iv Choosing to use memory safe programming languages at the outset, as recommended by the Cybersecurity and Infrastructure Security Agency’s (CISA) Open-Source Software Security Roadmap is one example of developing software in a secure-by- design manner.v

It's possible that the government has been taken over by the rust evangelism strike force, but it's unlikely. Hence, the path and motivation from "C is unsafe" to taking your freedoms continues to elude me.

The government has not told you that you can or cannot use any languages.

Yes, I know.

My point isn't that the government had an opinion and now I can't use C.

Either you don't know, or you want to equivocate.

[The government] condescends to "advise" me about what languages I can or cannot use

There has been no advising on what languages you can or cannot use. This event has not taken place.

I'm pointing out that the Eye of Sauron has seen us. And what starts off as advice rarely stays just advice. After the era of covid over reach, I can never go back to viewing "advice" as just such ever again.

After the era of covid over reach, I can never go back to viewing "advice" as just such ever again.

My goodness, don't look at the label of your chicken advising you to cook it to 160.

Because obviously next thing you know the government chicken done-ness inspector will be breaking into your kitchen with instant-read-thermometers.

And this of course has something to do with COVID.

  • -10

This is too antagonistic.

The Eye of Sauron has certainly seen the bajillion CVEs due to unsafe programming.

I hear you. I hate this kind of stuff as well. I also have a lot of older relatives and younger ones too that just have no idea how to safely operate a computer. If left to their own devices they will be up to their asses in malware and taskbars and god knows what kind of scams in no time, not to mention those fun old tricks where you could get someone to delete their whole operating system with a few keystrokes.

There is a very narrow segment of the population; educated, tech savvy - gen X and millennials, that can safely navigate an open system. Your whole theory is typical minding to the max. Which I am guilty of as well. Just keep in mind that probably 80% of the population needs these safeguards, so it isn't necessarily coming from a bad place.

On the one hand I am inclined to be sympathetic to this genre of complaints. I think the proliferation of Trusted Platform Modules and Intel's AMT are real problems with user control of the software running on their computer. On the other hand, I don't really see how these complaints relate to the White House advice on using memory safe languages. Rust is licensed under the MIT license. Python's license is GPL-Compatible. What is un-free about those? C and C++ do give you lower level control over memory but lots of developers mess that part up and write insecure code. Unless you need to be managing that lower level memory for some compelling reason you probably should use a language that provides more memory safety.

All code will need to be signed. Maybe you can self sign code you've written on your local system, but nobody else will be able to run it. Unless they go through the added hoops of adding your key to some sort of key store for "recognized" code. But eventually the self signed qualities of the code will catch up to you, and Windows may just refuse to accept self signed code certs anymore. But no fear! Maybe Github or other organization will offer to sign your code for you. Assuming it meets their TOS, nobody on social media has cancelled you, and their AI hasn't rejected your project for hallucinated reasons. But eventually, however well relying on a 3rd party like Github to allow your code to run on your locked down operating system and your locked down hardware starts off, it will become a barely viable solution. And then free and open software is over.

Maybe once upon a time "it's hard to get a cert" was a valid complaint but today there exist fully automated services like Let's Encrypt. Their root certificate even comes default as trusted on my new windows installation. They even issue certificates to websites that may be phishing or malware. There is not really any excuse for your site to be lacking some kind of cert for auth and signing in 2024.

LetsEncrypt only issues domain validation certs. They do not issue code signing certs, and they are not interchangeable.

If valid certs are routinely issued to malicious actors, then they are useless and the requirement to get one is cost without benefit. If they are not, the vetting process is both costly and easily abusable and the cost is too high for the benefit.

I mean, that's the invisible context shift though. Certs, by and large, aren't used to deny people access to modern secure web architecture. They are part of a set of technologies to verify the data you receive is from the person you think is sending it. They aren't supposed to stop you from giving your credit card information to a scam site directly. They are supposed to stop that scammer from manipulating your communications with Amazon.

But they could be used to deny people access to modern secure internet architecture. Just the same as DNS, hosting, banking, etc have been weaponized.

By this logic nobody should ever get a cert. I guess we should just transmit everything over the internet unencrypted for anyone to hoover up.

We could also use other methods of id than trusted third parties.

In many cases my threat model excludes the sort of attack that would be thwarted by a cert that could be issued to anyone. A cert makes sense if I'm talking to some known party -- a cert that proves that Bank of America is Bank of America, or Amazon is Amazon, and which won't be issued by some trusted cert issuer to just anyone. If I'm just publishing stuff, who cares that I bought a cert saying "This Really Is The Nybbler"?

The people who want to be sure they are talking to TheNybbler? Or that no third parties are listening to their traffic? I think it is good that browsers (at least mine, Firefox) allow people to click through invalid SSL cert prompts if people don't care, but I think the ubiquity of cert issuance is good for computer security and privacy generally.

MITM attacks aren't much of a threat except from actors who already have sufficient power to carry them out regardless of cert (e.g. your employer on your work machine, state actors).

As for those who wish to be sure they're talking to The Nybbler, why do they care? And if they do care, why should I care that they care?

To be honest the insistence on everything being TLS is completely unwarranted. Most sites don't need, and should not have, TLS encryption.

If you or the other party doesn't own every inch of infra between the two of you, it's necessary. The switch to ubiquitous encryption happened right around the time Comcast was starting to MITM most connections with tracking scripts, and it was only a matter of time until they started injecting ads. (Which is one reason existing players were so gung ho on encryption--can't have someone else cutting into that income stream.)

ubiquitous TLS + ESNI/ECH does make it harder to perform some forms of censorship. for example if someone controlling the network wants to ban you from a particular site hosted on cloudflare or another CDN then they will need to ban ESNI/ECH connections to the whole of the CDN. more people using TLS/etc increases the collateral damage from certain blocking technologies.

I don't agree. Knowing who you are talking to and that no third party is listening to your content is good.

I get the argument, I just disagree with it. I don't think most content is worthy of that level of protection.

Maybe once upon a time "it's hard to get a cert" was a valid complaint but today there exist fully automated services like Let's Encrypt. Their root certificate even comes default as trusted on my new windows installation. They even issue certificates to websites that may be phishing or malware. There is not really any excuse for your site to be lacking some kind of cert for auth and signing in 2024.

It also used to be easy to get domains, or hosting. Fully automated services exist!

Except, oh wait, turns out those easy automated services occasionally go all "We're not an impartial service you can rely on, we're a private company and we can do whatever the fuck we want."

And for a while, that's fine, because what self respecting enthusiast buys a Dell?

I suppose I'm not really an enthusiast, but I bought an Alienware because the whole computer was $1700 at a time when the RTX 2080 Super in it was going for like $800 or more.

And here I am hoping my GTX 1660 SUPER never quits on me because there's no way in hell I can afford a new card.

RTX 2070 Super here for the win!

I finally ditched mine for an RTX 4070 Super. Blows my damned mind a mid tier card can now run a fully path traced game like Cyberpunk 2077 in Overdrive mode at 60-100 fps.

I always buy Alienware for this reason. Dell also seems like one of the last big companies where you can really haggle with their sales guys on the phone. Most of the time the cost of an Alienware with discount codes and haggling is the same price or cheaper than the parts, plus you can usually get 2 years of their premium warranty (where they come to your house within 24 hours and swap out literally any part in the computer) thrown in too. Sure beats a 2 month RMA turnaround with EVGA or whatever. I don’t think I’d ever even buy a non-Dell Windows PC unless they stop the above policy.

Where would you go to find the sales number?

Google ‘Dell sales advisor call’ + the country you’re in. In the USA, it seems to be 1-877-275-3355 now. They will try to funnel you into the chat (which you can still haggle on, but it’s harder) but if you scroll down enough you’ll see the number.

And for a while, that's fine, because what self respecting enthusiast buys a Dell?

Hey! Some of us stuck with Dell for years because it was the nearest thing to a halfway decent home computer at a price they could afford with an admittedly limited level of customisation, but still some.

wanders off to grumble about tanjdammit, try being an ordinary person on this place, flip's sake not all of us were born with a soldering iron in our hands

While that's almost certainly a joke I sincerely hope that nobody thinks that building a PC usually involves the use of a soldering iron.

It's not as simple as Lego as some would claim, and will claim a blood sacrifice on occasion, but I've built my fair share.

But then again I'm poor and my current PC has only finally Ship of Theseused itself free of components from the original build I was gifted in 2011. That PSU caused me a great deal of sorrow I'll tell you, at this point I would go pre-built if only for the sake of my sanity, especially now that GPU prices have stabilized (if at at stupid levels).

Are PCs or PC parts expensive in India? I would have thought it would be quite a bigger statement to get a PC in India rather than America.

Also do you get regional pricing from Steam? Probably not from GOG?

PC parts (and most electronics not manufactured here or at least packaged) are ridiculously expensive.

My RTX 3070, bought at the height of GPU prices globally, was twice my monthly income.

The iPhone 15 Pro Max my brother bought would have cost him about $1700 here as opposed to the $1200 or so it took because he a relative in the States bring it over.

This is largely due to tariffs of about 50% on global MSRP, and when the average Indian professional makes about about 5 to 10 times less than their Western counterparts. Yeah, we're screwed.

So PC gaming has been largely dead in India barring entry level games like CS, Valorant, LOL and DOTA that runs on most iGPUs. Younger Indians don't want to play shitty mobile games, but it's the best they can afford. Even consoles are price prohibitive.

Steam usually does do regional pricing, but many AAA games opt out, so you can imagine a $70 (and added tax!) game is ridiculously expensive, leaving aside the costs of a pc or console to run it.

Thankfully, these days I actually make money as opposed to being a broke teen, even if it's a paltry sum. So a GPU or CPU every 3 or 4 years? No biggie. The odd decent game at launch? I can swallow it. PC gaming is my biggest hobby and timesink after all, but it still stings.

On the other hand, some of us grew up with shitty OEMs (eMachine…) and needed to learn to solder to keep the thing running.

I am seeing a positive trend, open source software is thriving. Java was a programming language owned by a company. Today it is unthinkable that a Java or Matlab like language with terrible license agreements would gain mainstream adoption. With the rise of geopolitical tensions more governments and large corporations are motivated to move toward open source. Unless your country is on superb terms with the US and you don't mind the NSA getting all your data American software is a risk. Developing a completely independent tech stack is hard. More governments and companies will move to linux as it is easier than developing a windows alternative.

The services which can be locked down sit ontop on lower layers of abstraction that are free. Censoring the internet or banning people from running code won't work because Facebook and windows may be blocked but TCP and linux are alternatives.

There was a reddit post on some sub for moderators that outlines how to increase censorship of wrongthink, while minimizing the chances of a user revolt resulting in them starting and migrating to an alternative sub, which mirrors your thoughts more or less 1:1, except it's applied to moderation. As such, I think your theory is very plausible, and I'm only hoping this level of control would outright break something in the software ecosystem, and therefore won't be fully implemented.

To extend on your thoughts, when I go full-tinfoil, I'm inclined to believe the whole culture war thing is a CIA psyop tailor-made for the specific purpose of making things like this possible. Just like Free Speech went from the foundation of western liberalism to mark of the deplorable, so is slowly happening to Free Software.

Can you please find that post? It might be a key culture war corpus artifact.

I'm highly interested in (a copy of) that reddit post, if you can recall any further details about it.

Does pushshift still work, at least for old posts, or is it officially dead? I might be able to find it with it, but none of the sites I used to use seem to work. Otherwise we can only pray that @gattsuru knows what I'm talking about, and has a note saved somewhere.

I am 100% sure @ArjinFerman has "interpreted" that post to the point where they don't want to point you to the original.

  • -12

Nope. Like I said, give me a working search tool that lets me look up posts by username, and I'll find it.

Yup, MartianNight already posted it. Scroll down for the link, if you're interested.

Edit: If you give me the username I would be happy to find it for you, I have good luck with that sort of thing most of the time.

  • -17

Still waiting.

Cool it.

You don't get to act offended because someone didn't bend over backwards for you.

You can find most reddit posts by searching for the username in google tagged with reddit. I've never had an issue doing that to find someone's posts, hardly bending over backwards. I'm just asking for a bit of proof for Arjin's "just so", booo outgroup story. I think that is in line with this site's guidelines.

You're right though, I did not go about it in a good way, I have edited my comment into an offer for help.

The only thing I remembered about the post was a long-deleted conversation about it on another sub. I was sure I could find it through a few keywords, a username, and the sub's name, and trace the conversation back to the comment that had the link, which is exactly what I did, once I had the right tool for it. It would be fun to watch you attempt that with Google.

More comments

You didn’t ask. Someone else asked, and you jumped on board to claim that Arjin was lying. Fine. Equal lack of evidence.

Meanwhile, he was polite enough to respond with an excuse. In fact, he did find the source. I think he has a much better claim to acting in good faith.

More comments

I'm sorry, I missed the part where you gave me a working search tool, where I can look up old posts by username.

Does this work? https://search.pullpush.io/

More comments

It works for me.

Thank you, citizen. You've done a great service today.

Edit: I am happy to find it for you if you give me the username. Sorry for being rude before.

  • -14

If you don't copy and archive everything some of the things you remember reading will succumb to link rot.

If you do copy and archive everything, some people will pull a Regina George and ask why are you so obsessed about the subject, indicating that you caring too much should mean that they should win by fiat. Most normies are close to this, therefore I often can't bring myself to bother with the cataloguing.

More comments

At least in regards to the White House statement on using memory safe languages, I don't see any sort if conspiracy there. The reality is that massive hacks have been pulled off again, and again, and again, and again, and again due to buffer overflows and other memory safety errors. This includes in software written by people with significant experience with C/C++ and who are aware of common exploits.