On Friday 05 March 2021 03:14:51 to...@tuxteam.de wrote:
> On Fri, Mar 05, 2021 at 01:33:14AM -0500, Stefan Monnier wrote:
> > > AIUI compilers have been studied so extensively that their
> > > production is largely automated.
> >
> > Oh, no. There are some parts we know how to automate, but by
On Fri, Mar 05, 2021 at 01:33:14AM -0500, Stefan Monnier wrote:
> > AIUI compilers have been studied so extensively that their production is
> > largely automated.
>
> Oh, no. There are some parts we know how to automate, but by and large
> it's all hand written code.
:-)
> AIUI compilers have been studied so extensively that their production is
> largely automated.
Oh, no. There are some parts we know how to automate, but by and large
it's all hand written code.
> Create an EBNF specification, feed it through a tool
> chain (lex, yacc, cc, as, ld, etc.), and
On 3/4/21 9:28 PM, David Christensen wrote:
(One more step of 'cT = cT(a)' may be required
Correction: cT = cT(T)
David
On 3/4/21 6:50 PM, Stefan Monnier wrote:
The abstract states:
"In the DDC technique, source code is compiled twice: once with a
second (trusted) compiler (using the source code of the compiler’s
parent), and then the compiler source code is compiled using the
result of the first compilation.
> The abstract states:
>
> "In the DDC technique, source code is compiled twice: once with a
> second (trusted) compiler (using the source code of the compiler’s
> parent), and then the compiler source code is compiled using the
> result of the first compilation. If the result is
On Thu, 4 Mar 2021 23:34:25 +0100
wrote:
>
> Yes, but... letting your compiler plant bugs into someone else's
> software to phone back to *you*... chutzpah. Had to be Microsoft.
>
>
Not necessarily, nearly all writers of Windows software believe that
they own your computer while their
On Thu, Mar 04, 2021 at 05:18:38PM -0500, Stefan Monnier wrote:
> > The part that I find more interesting is the "emergent evil" thing.
> > Somehow the techies found that it is OK to do that and they did,
> > in the best of their intentions.
>
> I'm not surprised: it's quite common to want to get
On 3/4/21 12:43 AM, to...@tuxteam.de wrote:
Read David A. Wheeler's work [1] and put yourself in the 2010s :-)
> [1] https://dwheeler.com/trusting-trust/
The abstract states:
"In the DDC technique, source code is compiled twice: once with a
second (trusted) compiler (using the
> The part that I find more interesting is the "emergent evil" thing.
> Somehow the techies found that it is OK to do that and they did,
> in the best of their intentions.
I'm not surprised: it's quite common to want to get some kind of
information about how your program performs (i.e. things
On Thu, 4 Mar 2021 19:05:38 +0100
to...@tuxteam.de wrote:
> On Thu, Mar 04, 2021 at 11:16:25AM -0500, Celejar wrote:
...
> > I know I can't avoid the risk
> > entirely, but this is one of the reasons I try hard to limit my use of
> > software to stuff in the repos. I understand it's no magic
On Thu, Mar 04, 2021 at 11:16:25AM -0500, Celejar wrote:
[...]
> > - Sometime 2017 [1], Microsoft put out a version of Visual Studio
> > which baked "phone home" functionality into its compiled "products".
[...]
> > I call this pattern "Emergent Evil".
>
> Outrageous, certainly - this
Hey, bathroom scales are something (I think) I am qualified to talk about, at
least from the POV of a user ;-)
On Thursday, March 04, 2021 10:05:29 AM Joe wrote:
> On a rather smaller scale, my electronic bathroom scale has a feature
> whereby if a person gets back onto the scale within thirty
On Thu, 4 Mar 2021 16:14:08 +0100
to...@tuxteam.de wrote:
> On Thu, Mar 04, 2021 at 09:21:46AM -0500, Celejar wrote:
> > On Thu, 4 Mar 2021 14:17:59 +0100
> > wrote:
> >
> > > On Thu, Mar 04, 2021 at 08:10:45AM -0500, Celejar wrote:
> > > > On Thu, 4 Mar 2021 09:41:13 +
> > > > Joe wrote:
On Thu, 4 Mar 2021 15:05:29 +
Joe wrote:
> On Thu, 4 Mar 2021 08:10:45 -0500
> Celejar wrote:
>
> > On Thu, 4 Mar 2021 09:41:13 +
> > Joe wrote:
...
> > > Indeed. The new heartbeat/data return function in OpenSSL, itself
> > > the core of much Open Source security, was suggested by
On Thu, Mar 04, 2021 at 09:21:46AM -0500, Celejar wrote:
> On Thu, 4 Mar 2021 14:17:59 +0100
> wrote:
>
> > On Thu, Mar 04, 2021 at 08:10:45AM -0500, Celejar wrote:
> > > On Thu, 4 Mar 2021 09:41:13 +
> > > Joe wrote:
> > >
> > > ...
> > >
> > > > Undoubtedly. But there is also no doubt
On Thu, 4 Mar 2021 08:10:45 -0500
Celejar wrote:
> On Thu, 4 Mar 2021 09:41:13 +
> Joe wrote:
>
> ...
>
> > Undoubtedly. But there is also no doubt that gcc and every other
> > serious compiler in the West has been compromised. Why would they
> > *not* be?
>
> Do you have any evidence
oor?
> Assunto: Re: Trusting trust [was: PARTIAL DIAGNOSIS of Installation problems]
> De: to...@tuxteam.de
> Enviado em: 4 de março de 2021 10:18
> Para: cele...@gmail.com
> Cópia: debian-user@lists.debian.org
>
>
>
> On Thu, Mar 04, 2021 at 08:10:45AM -0500, Celejar wrote: &g
On Thu, 4 Mar 2021 14:17:59 +0100
wrote:
> On Thu, Mar 04, 2021 at 08:10:45AM -0500, Celejar wrote:
> > On Thu, 4 Mar 2021 09:41:13 +
> > Joe wrote:
> >
> > ...
> >
> > > Undoubtedly. But there is also no doubt that gcc and every other
> > > serious compiler in the West has been
I discover it on October 2019 nobody listen to me
Enviado via UOL Mail
Assunto: Re: Trusting trust [was: PARTIAL DIAGNOSIS of Installation problems]
De: to...@tuxteam.de
Enviado em: 4 de março de 2021 10:18
Para: cele...@gmail.com
Cópia: debian-user
On Thu, Mar 04, 2021 at 08:10:45AM -0500, Celejar wrote:
> On Thu, 4 Mar 2021 09:41:13 +
> Joe wrote:
>
> ...
>
> > Undoubtedly. But there is also no doubt that gcc and every other
> > serious compiler in the West has been compromised. Why would they *not*
> > be?
>
> Do you have any
On Thu, 4 Mar 2021 09:41:13 +
Joe wrote:
...
> Undoubtedly. But there is also no doubt that gcc and every other
> serious compiler in the West has been compromised. Why would they *not*
> be?
Do you have any evidence for this, or is it just your assumption,
because "why would they not be?"
On 2021-03-04 09:41, Joe wrote:
Of course. Any externally-supplied network device is inherently
untrusted. It is unwise to give any IoT device access to your network,
it is fail-safe to assume that every such device reports back as much
as possible to some Chinese company.
Most certainly. The
On Thu, 4 Mar 2021 09:43:57 +0100
wrote:
> On Wed, Mar 03, 2021 at 05:42:36PM -0800, David Christensen wrote:
>
> [...]
>
> > So, you designed, built, and programmed your "single other machine"
> > using machines that you designed, built [...]
>
> This is disingenuous.
>
> The whole game
On Wed, Mar 03, 2021 at 05:42:36PM -0800, David Christensen wrote:
[...]
> So, you designed, built, and programmed your "single other machine"
> using machines that you designed, built [...]
This is disingenuous.
The whole game is about trust. I trust gcc more than I trust MSVC.
That may be a
25 matches
Mail list logo