Oh dear, Since you (Guido Stepken) are already ranting about US software stacks (e.g. LLVM), I will take the opportunity to add my 2 Euro-cents.
What about your operatjng system? I presume you are using Linux. Have you yet audited the ca. 5 MLoc of code that are the Linux kernel? Other operating systems (the BSDs all hail from the US, except OpenBSD, which is from Canada, but which is well in the US and Her Majesty's Government sphere of influence) have similar problems. Not to mention the hardware, which for the popular modern amd64 platform also comes from the US and contains numerous "security" backdoor. So unless you run your own compiler on your own OS on custom built hardware, it is hard to get the degree of security that you seem to want. Bummer, but we'll somehow have to put up with it. Am 18. April 2020 22:46:14 MESZ schrieb Guido Stepken <gstep...@gmail.com>: >Hi Alex! > >"completely replace it with pil21" ... (LLVM based) > >Using US software stacks, even if open source and under a free license >are >not tolerable. For any nation, for any kind of project. > >US Cloud Act, Patriot Act, by law, force US companies as well US >organisations in general, such as Linux Foundation as well as Apache >Foundation and LLVM Foundation to comply with US law. > >Here's a possible outcome: >https://www.infoq.com/news/2016/06/visual-cpp-telemetry/ > >The compiler itself becomes a NSA/CIA spy tool. With (compressed) over >420 >megabytes of source code size for LLVM, world does not have the >slightest >chance to do any security review on that software stack. > >And that's what stupid cowboys are hoping for: Not only creating >Lock-In - >as well as legal problems - on APIs of all kinds (see Oracle-Google >lawsuit) with Apache/Linux/LLVM/... Foundations, stupid cowboys are >also >injecting spy code into in all kinds of US controlled libraries (NPM >now is >Microsoft/Github owned) and especially compilers, development tools. > >My urgent advice: Stay with your own x64 compiler, forget about >everything >that is coming from or is directed by US companies, US foundations of >any >kind. > >Switch to LLVM with pil21 and i cannot recommend you and your (until >today: >trustworthy) software stack any longer for any kinds of projects. > >And i can assure you: My influence is **much bigger** than you might >think! >Stop that, immediately! > >Use C99 compilers, that are small enough to be security reviewed, such >as >TCC. > >Best regards, Guido Stepken > >Am Samstag, 18. April 2020 schrieb Alexander Burger ><a...@software-lab.de>: >> Hi Andras, >> >>> If you are interested I have patched the 19.12 32bit sources to >compile >without GCC. >>> I have attached the changed files: pico.h, main.c, apply.c and >flow.c >> >> Thanks a lot! >> >> >>> Since clang does not support variable length array in structures I >allocate the bindFrame >>> with alloca() and provided a macro in pico.h to ease this: >allocFrame(). >>> >>> I know that the 32bit version is not the mainstream version, but >feel >free to >>> abuse the patches. >> >> Cool! >> >> As I'm concentrating on pil21, I'm glad if development and >maintenance of >pil32, >> mini and/or ersatz is taken care of by others. Until it is replaced >by >pil21 >> next year, I will do necessary fixes to pil64 and then - if all goes >well >- >> completely replace it with pil21. >> >> Let's hope that no major problems pop up ... ;) >> >> ☺/ A!ex >> >> >> -- >> UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe >> >> -- You have zero privacy anyway. Get over it. Scott McNealy 1999
