This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
A Map for the Regulation and Destruction of Free Software.
A buddy of mine shared an article about The White House warning people against programming in C or C++ and it teed me off about a conspiracy theory I've been harboring for going on 10 years now.
My baseline assumption is that whatever you choose to call this weird woke, centralized, authoritarian, elite/bureaucratic corporatist conglomerate, they want control. All of it. Over things that you would think have nothing to do with them. They want your wood ovens, your gas stoves, your gamer PCs, they really don't view anything as beyond their purview to "regulate" and make your life infinitely worse by slow degrees.
If you assume these are pathologically controlling busy bodies, which I think you are right to assume, the fact that anybody can program anything probably terrifies them. They barely understand technology to begin with. Just look at any time they haul a tech CEO before congress and attempt to get sound bites for their constituents. It's horrible. But the cat is more or less already out of the bag when it comes to open and free software. How would you put it back in?
By degrees the process is already underway, in the name of security. Most PC's sold today will only boot authorized operation systems, with an option in the BIOS (for now) to turn off that safety feature. Windows warns you every time you try to run an "unrecognized" executable, with the option (for now) of ignoring it's warning. People are far more habituated than ever to closed software ecosystems thanks to Apple and Google and the fact that most people spend more time on phones these days than computers. All it would take is to slowly shave away by degrees until the process of running free and open software is so frustrating that most people don't do it, and the powers that be can "deprecate the feature" under the rationale that it's not used anymore.
Maybe it starts with the big sellers of PCs like Dell, where they just don't have a BIOS that lets you boot unauthorized OSes. And for a while, that's fine, because what self respecting enthusiast buys a Dell? That's probably a perfectly fine security compromise for institutions that don't want to run the risk at all of some unauthorized code hijacking the boot process. Then maybe the feature gets cut from lower end motherboards. But that's fine, if it's still a feature that matters to you, you can always get a high end motherboard. Lots of features are only available on higher end motherboards. And then one day, with little fanfare at all, the feature vanishes.
So now you are stuck running increasingly enshittified versions of Windows and a few select Linux distros. So what?
Well, at the same time, imagine how Windows slowly chips away at the ability to run "unrecognized" code. Right now it's an annoying popup, same as it has been since Vista. Maybe one day the default behavior is switched to not letting you run it at all. But it's ok, there is a toggle to turn on the old behavior burried deep in the system settings somewhere. Maybe a security submenu. Then a while later they get rid of that, but if you know what you are doing, there is still a registry setting you can change. Then a while later they only support the feature on Windows Pro instead of Home. Then one day, it just vanishes.
So now you are stuck running enshittified versions of Windows that refuses to run "unrecognized" code. But it's cool, you can probably still do something to get your code "recognized" right?
Anyone who has had to do any web development probably knows about using self signed certs. Often good enough for local use, generally insufficient if you plan on letting anyone outside of your org attempt to use your system. You have to get a signed cert. And often pieces of software just expect a signed cert, and may not have any option at all to override it's refusal to work with a self signed one. I expect much the same will occur with "unrecognized" code.
All code will need to be signed. Maybe you can self sign code you've written on your local system, but nobody else will be able to run it. Unless they go through the added hoops of adding your key to some sort of key store for "recognized" code. But eventually the self signed qualities of the code will catch up to you, and Windows may just refuse to accept self signed code certs anymore. But no fear! Maybe Github or other organization will offer to sign your code for you. Assuming it meets their TOS, nobody on social media has cancelled you, and their AI hasn't rejected your project for hallucinated reasons. But eventually, however well relying on a 3rd party like Github to allow your code to run on your locked down operating system and your locked down hardware starts off, it will become a barely viable solution. And then free and open software is over.
I hope I'm just being overly pessimistic. But I honestly see this happening in my lifetime.
Another perspective: There are, sitting on the drives of various intelligence agencies, security researchers, and assorted "hackers", relatively small sequences of bytes. Some of these sequences, if you navigated to a webpage and received them in response, would rapidly compromise your computer, giving the attacker access to your social media accounts, private messages, bank accounts, work accounts, etc. Other sequences, if sent as messages to your phone, would do the same. This is very bad. This allows governments and intelligence agencies, the "pathologically controlling busy bodies", to see all of your stuff without a warrant. This is what NSO group sold to nation-states to target dissidents and other nation states, what they sold to the Saudis to help them kill Jamal Kashoggi, etc.
A large part of the reason for this is that the way C and C++ allow programmers to make mistakes. Many, many mistakes. Mistakes that are incredibly difficult to find manually, and mistakes that have resisted general mitigations by the smartest engineers at top tech companies for years despite heroic effort, and mistakes that are found by the dozens every month (and, implicitly, dozens are created every month). Most of these are only theoretical parts of exploits, or would be one part of many needed for a successful exploit chain, but still.
I think it's notable that your one direct link, the example of the government taking action, doesn't actually align with your proposed plan. Using Rust doesn't help the government control you more. It does the opposite.
This prevents one of the above programs from permanently replacing your operating system with itself, which they did do.
People constantly download malware. Don't think '120iq smart teenager' here, think '100iq 14 year old' or 'grandpa'. The warning helps protect these people from having their social media or bank accounts stolen.
Software developers rely on huge piles of open source software to create all this stuff. This probably isn't going to happen.
I agree with you mostly. I am not convinced that most exploits in mobiles are due to C/C++, though. I remember when TPM came around. I did not like it back then and I still do not like it, but for the most part, I don't care. Probably some of my PCs have such a chip, but then again they have plenty of features I don't use. Having a PC which refuses to boot stuff which is not signed by Microsoft until you change BIOS settings is fine for the kind of person who is happy with Windows, I am perfectly willing to go through these steps as a price to profit from the economy of scale provided by clueless PC users. (I am less than certain that this is effective, given that (1) malware might install a signed Windows kernel (or signed kernel drivers?) with known exploits and (2) taking over the kernel is not really required to fuck over the user, but that is their problem, not mine.)
What I really hate is unlocking Android. Either you buy Google Nexus products, which are on the expensive side, or you navigate a jungle of different OEMs with their own unlock procedures. (Again, I can see the appeal: OEMs profit from preloading the mobiles with their crapware, so they don't want a reseller to switch it out for some different crapware in bulk, but fuck is it annoying.)
For the PC platform, I think commercial incentives are very in the direction of PCs being able to run C/C++ as well as FORTRAN, COBOL and whatever else people might want to run on them. There is a lot of old software lying around, most of it probably in-house developments, and it is not really viable to rewrite it in another language in most cases.
Also, I do not think that Free Software is under threat that much because most of the world is clearly aware that Microsoft is a US company, and if push comes to shove, the NSA can likely ship malware signed as a Windows update. So outside the US, there is some strategic incentive to be able to run different OS (e.g. GNU/Linux) where inserting exploits might take a bit more work for the spooks.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link