[ sorry for duplacates; I've realized I have sent this from a wrong From: address, so I'm sending it again ]
Hello. I don't usually write here, but I believe this is important. I agree that the tone used initialy by Guido was really bad. But there are strong arguments that lead to what he said. I would like to at least present the argument, even if only pointing to external references. Because there is one, and for the same reason I don't like when people go saying that "earth is flat", or that "there is no coronavirus" [0], because that is strongly disrespectful of science, I also believe that for agreeing or disagreeing on the subject being discussed on this thread, one would also need to show where the agreement or disagrement comes from. Scientifically -- and I'm including human sciences. The argument would not be strictly in exact sciences, and that may be why it is uncomfortable for programmers to actually pay attention to it [1]. The argument would likely go through Mumford, Foucault, Deleuze, Zuboff. I wont reproduce it here. However, cryptographer Phil Rogaway did write an essay that is closely related to that, and explains much of the core of it. It is called "The Moral Character of Cryptographic Work" [2], and is really brilliant. This as a distingueshed IACR lecture in 2015 [3]. IACR is the International Association for Cryptologic Research [4]. So. One important thing: Lewis Mumford noticed [5] that technology is not always of the same kind. Sometimes it is more useful than damaging, and sometimes it is the other way around (the terminology he used is different, but it is the same). And people have been working on developing technology without any attention to that (nuclear energy is the usual first example of this. Rogaway metions the Russel-Einstein manifesto, for example. It was written by two exact science researchers! Rogaway also mentions in his text that "Academic cryptography used to be more political" -- check that. A few examples may be interesting. With nuclear energy, there came a requirement for more authoritarianism, stronger vertical power structures. Why? Because the potential for damage is huge. See, for example, the radioactive boy scout, David Hahn [6]. I do recall that there was some similar incident in Europe, but couldn't easily find the reference. Besides requiring more authoritative power, nuclear energy is also related to several disasters, and there is thenuclear waste problem. Am example closer to programmers: deep fake. "We have neural networks, and we now can train deep networks" - everybody is happy. "We can use deep learning in videos and audios" - happier. Then comes deep fake. It is hard -- and will possibly become harder and harder -- to detect wether a video is fake or not. This could potentially lead both criminology and investigative journalism to the pre-photography era. There will be a solution, and I am afraid that it will, again, require an even more authoritative society (your video, photo or audio must have been recorded by a tivoized device with a unbreakable crypto module, otherwise it is useless). AND you will need to trust the manufacturer (they COULD use the private keys to create whatever fake videos they want). See... Technology is not "neutral". (Interestingly, this is also why darktable -- a great software package -- does not have a face recognition module [7]) As to LLVM. Being or not funded by a foundation is not really a good criterion for assessing software, I'm afraid. But I can do this: I trust the people who develop GCC. They have a longstanding strong ethical commitment, and I have no reason to be afraid of what gcc may do on my system. I don't trust LLVM, for several reaosns, so I avoid it as much as possible. Jerônimo (The guy who maintains the LibreCMC and OpenWRT packages of Picolisp [8] -- by the way, OpenWRT and similar firmware would probbaly not exist if developers of Linux and several userland utilities had not picked the GNU/GPL as a license. Another example of a decision that does have an impact on how technology will be used and how it impacts people's lives. With LibreCMC, I have some more confidence that my router runs *strictly* what I want, for example. This is important for security, since I don't want to have to trust a big hardware maker. See, for example, what is already happening with other devices -- smart TVs recording audio on your house and SENDING IT TO THE MANUFACTURER. And they don't even deny it) [0] It is really sad that I have been seeing this a lot in my country. [1] About the communication gap between exact sciences and human sciences, see C. P. Snow, "TheTwo Cultures". There is a Wikipedia page for the text: https://en.wikipedia.org/wiki/The_Two_Cultures [2] https://web.cs.ucdavis.edu/~rogaway/papers/moral-fn.pdf [3] https://www.youtube.com/watch?v=F-XebcVSyJw [4] https://www.iacr.org/ [5] https://en.wikipedia.org/wiki/Technics_and_Civilization [6] https://en.wikipedia.org/wiki/David_Hahn Also, Silverstein, Ken (2004). The Radioactive Boy Scout: The Frightening True Story of a Whiz Kid and His Homemade Nuclear Reactor. Villard. ISBN 978-0812966602. [7] https://darktable.org/ https://github.com/darktable-org/lua-scripts/pull/100#issuecomment-351001162 There is an external Lua script for that, https://github.com/darktable-org/lua-scripts/blob/master/contrib/face_recognition.lua but the feature was denied into the core. [8] https://gitlab.com/jpellegrini/openwrt-packages On Sun, Apr 19, 2020 at 04:24:48PM +0200, Jo-To Schäg wrote: > Dear Guido, > > all our time on earth is limited. We all got our own priorities. > I think the PicoLisp community gladly spends time teaching people. Even > multiple times. > However the PicoLisp community does not like to solve problems for other > people. > Especially if it is motivated for political reasons. > Do not expect Alex to spend his time on satisfying your paranoia or > political motivations. > > You are weary of the giants of muscle and steel, I come from Cyberspace, > the new home of Mind. On behalf of the future, I ask you of the past to > leave us alone. You are not welcome among us. You political motivations > have no sovereignty where we gather. - inspired by the Declaration of > Cyberspace > > Also you do not need to leave the community but at least stop bothering > Alex about your political opinions. > We have heard you concern thrice. As far as i see we only use LLVM to > translate LLVM-IR to some CPU architecture, so we only depend on the code > for that. > You could write your own LLVM-IR to x86 translator if you are bothered by > LLVM itself. > > > > On Sun, 19 Apr 2020 at 15:54, Guido Stepken <gstep...@gmail.com> wrote: > > > Alex, this is not the point. One day LLVM will inject trojan code, because > > US government, by law, tells them to do so! > > > > With Cloud Act and Patriot Act US government can advise any US company or > > organisation to implement evil code. > > > > Can you do a full code review at every update coming for LLVM? I can't! > > Nobody can! 2.5 million lines is out of anybody's reach! > > > > 100 bytes more in a binary can make a *huge difference* from security oint > > of view. Do you always know, why LLVM suddenly is generating bigger code? > > Can be everything. E.g. this: > > > > https://gist.github.com/DGivney/5917914 > > > > TCC, i can review any time .... code is so tiny. Well ok, TCC binary code > > is not as highly optimized in terms of speed, but AMD processor microcode > > does compensate that. Differences to GCC -O3 or LLVM - in practice - have > > become negligible. > > > > TCC always is fast enough. And i repeat: Stop using US software stacks! > > > > Best regards, Guido Stepken > > > > Am Sonntag, 19. April 2020 schrieb Alexander Burger <a...@software-lab.de>: > > > Hi Guido, > > > > > >> Look at LLVM generated bloat and compare with Nokolisp. Less is more!!! > > In > > >> terms of size as well as of security. > > > > > > True, LLVM is huge (as is gcc, and other equivalent systems), but this is > > > irrelevant because I *use* it only to translate *my* code. > > > > > > The generated pil21 'picolisp' binary is only a few percent larger than > > the > > > assembly version of pil64. > > > > > > ☺/ A!ex > > > > > > -- > > > UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe > > > -- UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe