This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
Another perspective: There are, sitting on the drives of various intelligence agencies, security researchers, and assorted "hackers", relatively small sequences of bytes. Some of these sequences, if you navigated to a webpage and received them in response, would rapidly compromise your computer, giving the attacker access to your social media accounts, private messages, bank accounts, work accounts, etc. Other sequences, if sent as messages to your phone, would do the same. This is very bad. This allows governments and intelligence agencies, the "pathologically controlling busy bodies", to see all of your stuff without a warrant. This is what NSO group sold to nation-states to target dissidents and other nation states, what they sold to the Saudis to help them kill Jamal Kashoggi, etc.
A large part of the reason for this is that the way C and C++ allow programmers to make mistakes. Many, many mistakes. Mistakes that are incredibly difficult to find manually, and mistakes that have resisted general mitigations by the smartest engineers at top tech companies for years despite heroic effort, and mistakes that are found by the dozens every month (and, implicitly, dozens are created every month). Most of these are only theoretical parts of exploits, or would be one part of many needed for a successful exploit chain, but still.
I think it's notable that your one direct link, the example of the government taking action, doesn't actually align with your proposed plan. Using Rust doesn't help the government control you more. It does the opposite.
This prevents one of the above programs from permanently replacing your operating system with itself, which they did do.
People constantly download malware. Don't think '120iq smart teenager' here, think '100iq 14 year old' or 'grandpa'. The warning helps protect these people from having their social media or bank accounts stolen.
Software developers rely on huge piles of open source software to create all this stuff. This probably isn't going to happen.
I agree with you mostly. I am not convinced that most exploits in mobiles are due to C/C++, though. I remember when TPM came around. I did not like it back then and I still do not like it, but for the most part, I don't care. Probably some of my PCs have such a chip, but then again they have plenty of features I don't use. Having a PC which refuses to boot stuff which is not signed by Microsoft until you change BIOS settings is fine for the kind of person who is happy with Windows, I am perfectly willing to go through these steps as a price to profit from the economy of scale provided by clueless PC users. (I am less than certain that this is effective, given that (1) malware might install a signed Windows kernel (or signed kernel drivers?) with known exploits and (2) taking over the kernel is not really required to fuck over the user, but that is their problem, not mine.)
What I really hate is unlocking Android. Either you buy Google Nexus products, which are on the expensive side, or you navigate a jungle of different OEMs with their own unlock procedures. (Again, I can see the appeal: OEMs profit from preloading the mobiles with their crapware, so they don't want a reseller to switch it out for some different crapware in bulk, but fuck is it annoying.)
For the PC platform, I think commercial incentives are very in the direction of PCs being able to run C/C++ as well as FORTRAN, COBOL and whatever else people might want to run on them. There is a lot of old software lying around, most of it probably in-house developments, and it is not really viable to rewrite it in another language in most cases.
Also, I do not think that Free Software is under threat that much because most of the world is clearly aware that Microsoft is a US company, and if push comes to shove, the NSA can likely ship malware signed as a Windows update. So outside the US, there is some strategic incentive to be able to run different OS (e.g. GNU/Linux) where inserting exploits might take a bit more work for the spooks.
More options
Context Copy link
More options
Context Copy link