Gavin D. Howard2024-02-15T23:24:22-07:00https://gavinhoward.com/Gavin D. Howardgavin.d.howard@gmail.comHow Yzena Versions Software and Interfaceshttps://gavinhoward.com/2024/02/how-yzena-versions-software-and-interfaces/Gavin D. Howard2024-02-15T23:24:22-07:002024-02-15T23:24:22-07:00This is the versioning scheme for Yzena software, especially for the Yc monorepo.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Hackers and anyone interested in Yzena’s
software.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Confident because it’s my choice anyway.</p>
</div>
<h2 id="introduction">Introduction</h2>
<p><a href="https://yzena.com/">Yzena</a> is my business. It’s a software business, obviously.</p>
<p>In July 2022, I wrote about <a href="/about/#disclaimer">how Yzena will version software</a>.</p>
<p>I have made a few tweaks since then, so I am writing an update.</p>
<div class="note">
<p>I do repeat information in this post so that it stands alone and remains a
reference document for Yzena versioning.</p>
</div>
<h2 id="versioning-systems">Versioning Systems</h2>
<p>Anyway, what versioning system should Yzena use?</p>
<p><a href="https://semver.org/">SemVer (Semantic Versioning)</a> is okay, but not great. It is standard,
though.</p>
<p>But there are other ways.</p>
<h3 id="effver">EffVer</h3>
<p>One is <a href="https://jacobtomlinson.dev/effver/">EffVer</a>.</p>
<p>I like one thing about EffVer: it encourages <a href="https://jacobtomlinson.dev/effver/#fixing-mistakes">updating the version number when
the impact is bigger than intended</a>.</p>
<p>But beyond that…it isn’t much. Judging “impact” is still a human process, and
like everything human, it will always have problems.</p>
<p>I wish there was some way to alleviate this, and kudos to EffVer for trying, but
I don’t think EffVer will work for Yzena.</p>
<h3 id="calver">CalVer</h3>
<p>Another scheme <a href="https://calver.org/">CalVer (Calendar Versioning)</a>. This one is both new and
familiar to me.</p>
<p>It’s new because I hadn’t heard of it until recently. It’s familiar because it’s
what <a href="https://ubuntu.com/">Ubuntu</a> uses, and Ubuntu was my first Linux distro.</p>
<p>CalVer is interesting because it says nothing about how to version software
except to include a date <em>somewhere</em>.</p>
<p>This gives me a lot of flexibility.</p>
<p>In addition, CalVer has two questions to ask:</p>
<blockquote>
<ul>
<li>Does your project feature a large or constantly-changing scope?</li>
<li>Is your project time-sensitive in any way? Do other external changes drive
new project releases?</li>
</ul>
</blockquote>
<p>The answer to the first is <strong>YES</strong> since it’s a monorepo.</p>
<p>The answer to the second will be <strong>YES</strong>, even if it’s not obvious.</p>
<p>One of the examples they gave is:</p>
<blockquote>
<p>Business requirements, such as Ubuntu’s focus on support schedules.</p>
</blockquote>
<p>Since this is for a software business, I sincerely hope that Yzena software has
to care about support schedules.</p>
<p>So CalVer makes sense for Yzena software.</p>
<p>So I just need to choose a scheme and be done, right?</p>
<p>Not so fast.</p>
<h3 id="editions">Editions</h3>
<p>One of the CalVer examples they gave was of <a href="https://calver.org/#teradata">Teradata</a>. Teradata has an
interesting scheme that I think the CalVer website describes well:</p>
<blockquote>
<p>Teradata’s usage is notable not for the prominence of the technology or
company, but because there have been multiple releases in 2016 which were
versioned as 15.10. This may seem breaking at first, but the meaning and
utility is clear.</p>
<p>The library maintainers have crafted a resourceful hybrid of semantic
versioning and calendar versioning. The YY.MM part of the version are used as
a combined SemVer major version. That is, for new releases, the API of the
library remains the same as it did in October 2015. Dependent code written
since then is safe to upgrade. We will see the year and month segments update
next time there is a breaking API change.</p>
</blockquote>
<p>I like this, for several reasons.</p>
<p>One, it’s kind of like Ubuntu’s version scheme, and since I care about support
schedules, this seems nice to me.</p>
<p>Two, it’s also kind of like Rust’s edition scheme. I have a programming language
myself, and Rust’s edition scheme seems to be the best for that.</p>
<p>Three, I can make the rest of the version anything I want.</p>
<p>But there is another thing I want from the version: knowing the date a version
was released.</p>
<p>Why? Well, because it makes sense.</p>
<p>For example, SQLite, a project that I want to emulate, always adds the date of a
version after the version. This is a good idea because the user can see how old
the version is.</p>
<p>However, adding it in the documentation means that it is still not part of the
version. If it’s part of the version, there’s no need to add it.</p>
<p>So I’d like to put the date of release in the version.</p>
<p>However, there is yet one more thing I want a version to have: a marker of how
many versions there have been in an “edition.”</p>
<h2 id="scheme">Scheme</h2>
<p>So, without further ado, here is Yzena’s versioning scheme:</p>
<pre tabindex="0"><code>E0Y.E0M.0INC.0Y-0M-0D
</code></pre><p>where <code>E0Y</code> is the zero-padded year for the edition, <code>E0M</code> is the zero-padded
month for the edition, and <code>0INC</code> is the zero-padded, increment version number.</p>
<p>Yes, there are <em>four</em> components of the version. And one of them is <em>eight
characters!</em></p>
<p>😲</p>
<p>Yeah, I know it’s a lot, but there’s a lot of information there.</p>
<p>So let’s go over it all.</p>
<h3 id="edition-components">Edition Components</h3>
<p>First, there needs to be two parts for the edition because, unlike Rust, I want
the month.</p>
<p>Why? To have finer granularity. And because I expect to release new editions
more than once a year.</p>
<h3 id="version-increment-component">Version Increment Component</h3>
<p>The third component is the number of releases in the edition, starting from 0.</p>
<p>This means it <em>always</em> increments or drops to 0. It has to change on every
release.</p>
<p>It also tells the user something important: how many times has this edition had
a release?</p>
<p>Yes, this is important. Say I release a <code>23.07</code> edition, and it is still the
active edition 10 years later. If the increment component is <code>01</code>, then people
might rightly question whether the project is alive, but if it is <code>57</code>, then
people will probably understand that the project is alive. And not only that
it’s alive, but that it’s <em>stable</em>.</p>
<p>That component is important because it will show how well-off the project is
when combined with the edition.</p>
<h3 id="release-date-component">Release Date Component</h3>
<p>Finally, the last component is the release date in year, month, day, with
separating hyphens.</p>
<p>The hyphens are important; in the <a href="/about/#disclaimer">last version</a> of Yzena’s version system,
the release date was <em>three</em> components, and this is too much.</p>
<p>But separate the components with hyphens, and they become one component, even if
it’s…<em>special</em>.</p>
<p>There is one further tweak: the year will always be two digits, unlike the real
<code>0Y</code> in CalVer (which will go to three digits for years at or above 2100),
because I don’t expect an edition, much less an increment version, to last 100
years.</p>
<h3 id="why-four">Why Four?</h3>
<p>So…what it sounds like is that there are really three components: edition,
increment, and release date. Why do I still separate the edition with a period?</p>
<p>Well, I do it because Ubuntu does it, and personally, I think it looks better
than a four- or six-digit number.</p>
<h3 id="small-version">Small Version</h3>
<p>At this point, there are people among my readers who are yelling at their
screen. They are the people who package software, whether for a Linux distro or
some other reason.</p>
<p>They are yelling at me because a lot of them work with software that works with
version numbers, and their software probably has to make a few soft assumptions
about what kind of versions exist. I’m pretty sure one of those assumptions is
that there are not <em>four</em> components of a version number.</p>
<div class="note">
<p>Because who in their right mind would have <em>that many</em>?!</p>
</div>
<p>Packagers, I hear you.</p>
<p>I know I already spent many words justifying the version increment, but the
truth is that there was a <em>second</em> reason it always increments or resets: so
that the first three components are sufficient to distinguish the version.</p>
<p>And I will go further: Even though the version control tag will have all
components, I will make sure there is an alias URL that only use the first three
components. And maybe an alias tag.</p>
<p>So despite the long version scheme, I will ensure that your packaging works with
just three components.</p>
<p>In fact, this is the <em>real</em> reason that the edition is two components!</p>
<p>So please put down your pitchforks!</p>
<p>Oh, and for users, I’ll do the same for links to things like documentation.</p>
<h2 id="interfaces">Interfaces</h2>
<p>And there are <em>still</em> people screeching! Let’s see, who did I forget…</p>
<p>Ah! The <a href="https://semver.org/">SemVer</a> and <a href="https://jacobtomlinson.dev/effver/">EffVer</a> people! You want versions to be a
<em>contract</em>, right?</p>
<p>I disagree.</p>
<p>Hey, what’s with the torches?! I’m not done yet!</p>
<p>…</p>
<p>You see, I have used SemVer for <a href="https://git.gavinhoward.com/gavin/bc">another project</a>, but judging impact turned
out to not matter.</p>
<p>Why? The project is two programs and a library. Everyone uses the programs, and
no one uses the library.</p>
<p>I need SemVer for the library, but <a href="https://lobste.rs/s/nozht8/calendar_versioning#c_sciiw5">not the programs</a>.</p>
<p>Eek…</p>
<p>There was one time I made a breaking change in the library and didn’t bump the
major version. It was a calculated risk.</p>
<p>And you know what? It paid off.</p>
<p>Why? <em><strong>Because no one uses the library!</strong></em></p>
<p>I wish I hadn’t used SemVer for that project; it has proven useless.</p>
<p><strong>Put down the tar and feathers!</strong></p>
<p>Because I understand that you want <em>some</em> contract, and I have one for you: I
will <a href="/2024/02/version-interfaces-not-implementations/">version interfaces, not implementations</a>.</p>
<p><a href="https://git.yzena.com/Yzena/Yc">My monorepo</a> will have multiple versions. Each one will be tied to a
specific API or module.</p>
<p>Multiple API versions will be supported for everything, and you will be able to
select the API versions at build time.</p>
<p>In addition, any deprecated API that is removed will eventually turn into a hard
build error.</p>
<p>You can use this to upgrade your use of my code at your convenience with the
guarantee that your code will only break if you act molasses and don’t get off
your derrieres.</p>
<p>And also that it <em>will</em> break, <em>loudly</em>.</p>
<p>Oh, and I’ll update the edition whenever an interface is removed, so it will be
obvious when work needs to be done. And I’ll carefully document the changes.</p>
<p>See, I’m not cruel!</p>
<h2 id="conclusion">Conclusion</h2>
<p>So that’s the scheme, and that’s why. I hope it works for you all, whether
users, packagers, or code archeologists.</p>Version Interfaces, Not Implementationshttps://gavinhoward.com/2024/02/version-interfaces-not-implementations/Gavin D. Howard2024-02-15T22:59:19-07:002024-02-15T22:59:19-07:00In which I steal the thunder of a smart man and write a blog post for him showing that we should not version implementations, but interfaces.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Hackers, programmers, and code architects.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Confident.</p>
</div>
<h2 id="introduction">Introduction</h2>
<p>There is a man I admire. His name is <a href="https://www.cl.cam.ac.uk/~dc552/">Dr. David Chisnall</a>.</p>
<p>Well, there was an <a href="https://staltz.com/i-wont-use-semver-patch-versions-anymore.html">article</a> complaining about <a href="https://semver.org/">Semantic Versioning</a>, and
Dr. Chisnall decided to <a href="https://lobste.rs/s/xpg31r/i_won_t_use_semver_patch_versions_anymore#c_fhxo96">weigh in</a>.</p>
<p>He started like this:</p>
<blockquote>
<p>I should write a blog about this somewhere so I can cite it and stop repeating
it…</p>
</blockquote>
<p>I have been waiting two months for that blog post.</p>
<p>Well, I need that blog post <em>right now</em> for another one of mine, so I’m going to
write the post for him.</p>
<div class="warning">
<p>With apologies to Dr. Chisnall, this post is his ideas in my own words.</p>
<p>There isn’t a single original thought in this blog post. Do go read his comment.</p>
</div>
<h2 id="the-problem">The Problem</h2>
<p>Dr. Chisnall’s thesis is simple:</p>
<blockquote>
<p>[T]he core problem with SemVer is that it is used to version implementations,
not interfaces.</p>
</blockquote>
<p>Now, if you’re smart, you probably understood what he meant right away.</p>
<p>Me? I’m dumb and had to read his comment 4 times to get it. So let me use more
words to convince myself I’m on the right track.</p>
<p>SemVer only talks about “backwards compatibility,” and that can mean anything
from “changing the name of the most used function” to <a href="https://news.ycombinator.com/item?id=2281932">“hey, your just-freed
memory cannot be reused anymore.”</a></p>
<p>Or as XKCD puts it, <a href="https://xkcd.com/1172/">“your spacebar heating is gone.”</a></p>
<p class="img">
<a href="https://imgs.xkcd.com/comics/workflow_2x.png" class="img">
<img src="https://imgs.xkcd.com/comics/workflow_2x.png" alt="XKCD: Worflow" aria-label="XKCD: Worflow" class="center" style="max-width: 256px" />
</a>
</p>
<p>In this world, <em>every</em> change has the potential to be backwards incompatible for
<em>someone</em>. Even bug fixes.</p>
<p>Why is that? Because <a href="https://en.wikipedia.org/wiki/Bug_compatibility">bug compatibility</a>.</p>
<p>Or in other words, <a href="https://www.hyrumslaw.com/">Hyrum’s Law</a>:</p>
<blockquote>
<p>With a sufficient number of users of an API,<br>
it does not matter what you promise in the contract:<br>
all observable behaviors of your system<br>
will be depended on by somebody.</p>
</blockquote>
<p>Basically, SemVer’s use of “backwards compatibility” means that the <em>contract</em>
is based on it, and because the contract is based on it, users expect all
observable behaviors to be preserved.</p>
<p>This is what Dr. Chisnall meant when he said,</p>
<blockquote>
<p>There are more subtle problems that relate to how richer type systems interact
with the guarantees in SemVer. For example, anything that does pattern
matching on structural types makes adding or removing a feature a breaking
change.</p>
</blockquote>
<p>And this is why he claimed that SemVer versions <em>implementations</em>: backwards
compatibility is a property of <em>implementations</em> (like pattern matching
changes!), not <em>interfaces</em>.</p>
<h2 id="the-solution">The Solution</h2>
<p>So the solution is versioning <em>interfaces</em>, but what does that even <em>mean</em>?</p>
<p>It means attaching the <em>contract</em> to the interface instead.</p>
<p>“Yeah, Gavin, <em>that</em> is <em>so</em> much clearer.”</p>
<p>Okay, let me try again: instead of saying something like “this public function
will remain backwards compatible,” you should say, “the header for this public
function will not change.”</p>
<p>It’s a subtle distinction, but a crucial one.</p>
<p>In the first, you are (indirectly) guaranteeing that the implementation won’t
change. Your guarantee is as deep as the code.</p>
<div class="note">
<p>And in a <a href="https://stackoverflow.com/questions/7284/what-is-turing-complete">Turing-complete</a> world, that doesn’t work even with simple bug
fixes!</p>
</div>
<p>But in the second, your guarantee is (literally) skin deep: you only guarantee
that calls to the function won’t have to <em>change</em>. Calls may be <em>deleted</em> or
<em>added</em>, but they won’t have to <em>change</em>.</p>
<div class="note">
<p>Calls may need to be deleted or added if backwards compatibility is not
guaranteed because maybe the new behavior causes problems or opens
opportunities.</p>
</div>
<p>I don’t know about you, but my experience tells me that the less I guarantee
about my code, the easier it is for me. I am lazy, so I will take the option
that lets me get away with less.</p>
<h2 id="more-interface-versioning-advantages">More Interface Versioning Advantages</h2>
<p>Okay, let’s assume there are some <em>not</em> lazy programmers who <em>like</em> giving out
guarantees like politicians dole out our taxes.</p>
<p>Are there any reasons why they should choose to version interfaces over
implementations?</p>
<p>Of course!</p>
<h3 id="graceful-deprecation">Graceful Deprecation</h3>
<p>The first is graceful deprecations. In the words of Dr. Chisnall,</p>
<blockquote>
<p>You cannot do graceful deprecation with SemVer. In a project with a good
support cycle, you have three states for interfaces within an implementation:</p>
<ol>
<li>Supported.</li>
<li>Present but deprecated.</li>
<li>Gone.</li>
</ol>
<p>Each release will cycle interfaces through this little state machine. You
cannot express this if you’re using SemVer for the implementation. If your
library supports an interface Foo, you have three versions in SemVer:</p>
<ul>
<li>1.0 - Foo is supported.</li>
<li>1.1 - Foo is deprecated, Bar is supported.</li>
<li>2.0 - Foo is gone, Bar is supported (hopefully not deprecated already)</li>
</ul>
<p>1.1 to 2.0 is not a breaking change for anyone that moved from Foo to Bar, but
there’s no way, if you are using SemVer for implementations to indicate this.
You may even have more complicated things such as</p>
<ul>
<li>1.0 - Foo is supported.</li>
<li>1.1 - Foo is supported but has some new features.</li>
<li>1.2 - Foo is deprecated, Bar is supported.</li>
<li>2.0 - Foo is gone, Bar is supported (hopefully not deprecated already)</li>
</ul>
<p>Now moving from 1.1 to 2.0 is a breaking change for everyone, but moving from
1.2 to 2.0 is not for anyone who is heeding their deprecation warnings.</p>
</blockquote>
<p>Having 1.1 to 2.0 be a breaking change, but not 1.2 to 2.0, is nasty.</p>
<p>However, when versioning interfaces, you can combine multiple interface versions
into one SemVer version. Dr. Chisnall said,</p>
<blockquote>
<p>The thing that you want is to use SemVer for interfaces, where each version of
the implementation has a tuple of interface versions. Now the flow is easy:</p>
<ul>
<li>{1.0} (Foo is supported)</li>
<li>{1.1} (Foo is supported and has new features)</li>
<li>{1.1, 2.0} (Foo is supported as is Bar)</li>
<li>{2.0} (Foo is gone, Bar remains)</li>
</ul>
<p>Now, if your dependency resolution first says ‘I need 1.x’ then it will match
the first three versions. When you get to the third, it will say ‘by the way,
there’s a newer thing you might want to migrate to’. Then you update it to say
2.0 and it still works with the third one, but will allow you to move to the
fourth.</p>
</blockquote>
<p>In other words, multiple interface versions can coexist under one implementation
version, so downstream users can more easily move to new versions.</p>
<h3 id="you-can-still-version-implementations">You Can Still Version Implementations</h3>
<p>Another quirk of versioning interfaces is that you can still version
implementations!</p>
<p>How do you do this? Easy: just tie one implementation to one interface version.</p>
<p>This isn’t an all-or-nothing thing, either; it’s as granular as you want.</p>
<p>You can freeze one function in the previous interface version, and just have a
completely new implementation of that function in the current version. You can
do this for two, three, or 42 functions.</p>
<p>You can do this at the type level too!</p>
<h3 id="wholesale-upgrades-still-work">Wholesale Upgrades Still Work</h3>
<p>But perhaps you cannot have two versions of an API at once, like in <a href="https://lobste.rs/s/xpg31r/i_won_t_use_semver_patch_versions_anymore#c_bfr5a0">this
comment</a>.</p>
<div class="note">
<p>For example, a <a href="https://git.yzena.com/Yzena/Yc">C project</a> where symbols might clash because namespaces were
dragged out and executed.</p>
</div>
<p>In that case, your users have to choose whether to adopt a new API wholesale or
stay on the old one.</p>
<p>Is versioning implementation better in that case?</p>
<p>Nope!</p>
<p>I mean, upstream can get it wrong and only offer one at a time.</p>
<div class="note">
<p>But that is just implementation versioning in disguise.</p>
</div>
<p>Or they can be smarter and offer multiple at a time.</p>
<p>This preserves graceful deprecation for downstream users by giving them time to
adapt while both are supported.</p>
<p>This is what I will do in my <a href="https://git.yzena.com/Yzena/Yc">current project</a>: there will be a build option
for the API version, and there will be preprocessor guards around specific
interfaces. You choose the API version at build time, and that’s what you get.</p>
<p>And when I finally remove old interface versions, I can make selecting those
versions a hard build error.</p>
<p>But you will still have the option of graceful deprecation.</p>
<p>And most importantly, it will be easy for me to document the breaking changes.</p>
<h3 id="monorepo-versioning">Monorepo Versioning</h3>
<p>My <a href="https://git.yzena.com/Yzena/Yc">current project</a> is a monorepo with multiple pieces of software.</p>
<p>Is it possible to version multiple pieces of software together with
implementation versioning?</p>
<p>Theoretically yes, but you’re going to have a <em>lot</em> of breaking changes.</p>
<p>But when you version interfaces, it is much easier to have disparate parts of
the repo under different versions.</p>
<div class="note">
<p>But do have some way for users to figure out what interface versions exist. A
JSON file should do.</p>
</div>
<h2 id="conclusion">Conclusion</h2>
<p>It turns that beauty in versioning is skin deep, and depending on personality
(behavior) is ugly.</p>
<p>In this one case, go for the shallow beauty of interface versioning.</p>No, Tech Debt Is Not Malpracticehttps://gavinhoward.com/2024/01/no-tech-debt-is-not-malpractice/Gavin D. Howard2024-01-18T22:17:40-07:002024-01-18T22:17:40-07:00So the Changelog podcast had some critiques of my description of tech debt, and I have a critique of their critique.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Hackers and listeners of the <a href="/about/#disclaimer">Changelog
podcast</a>.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Confident.</p>
</div>
<p>So, apparently, the <a href="/about/#disclaimer">Changelog podcast</a> thought that <a href="/2023/12/code-is-not-technical-debt/">one of my blog
posts</a> was important enough to comment on.</p>
<p>Cool!</p>
<p>But they had a critique. They linked to another show of theirs with Kris Brandow
<a href="https://changelog.com/gotime/286#transcript-263">who said</a>:</p>
<blockquote>
<p>we should get rid of [the tech debt analogy], because I don’t think the thing
that we’re talking about when we’re talking about tech debt is debt. I think
it’s more akin to malpractice, and people are being irresponsible. Because I
think most of the time when tech debt gets brought up, it’s like “Oh, we’re
just gonna skip writing the tests, or skip writing documentation so that we
can get this thing out the door faster….” And I’m like, “That’s not debt.
That’s you not doing your job properly….So it’s not tech debt, it’s
malpractice.</p>
</blockquote>
<p>You’d think that as a programmer who <a href="/2022/10/we-must-professionalize-programming-to-preserve-society-and-computing-freedom/">cares</a> <a href="/2023/10/he-who-gives-up-correctness-for-performance-deserves-neither/">about</a> <a href="/2023/11/how-to-fund-foss-save-it-from-the-cra-and-improve-cybersecurity/">professionalism</a>,
I would be the first to agree. But I do not.</p>
<p>Well, I do in part.</p>
<p>Kris <em>is</em> right that people use tech debt as an excuse for malpractice. I do not
dispute that, and I wholeheartedly agree that we should get rid of those
excuses.</p>
<p>But getting rid of tech debt entirely? As someone who <a href="/2022/10/technical-debt-costs-more-than-you-think-or-my-software-development-process/">obsesses over tech debt
to an absurd degree</a>, I say that we should absolutely <em>not</em> get rid of tech
debt!</p>
<p>Not all of it, anyway.</p>
<div class="note">
<p>Yes, I’m a hypocrite, but that’s because I have a fatal flaw as a person: I’m a
perfectionist.</p>
</div>
<p>So why? Why not get rid of all of it?</p>
<p>Because to do so would go against good engineering principles.</p>
<p>You see, engineering is not just about delivering the <em>most perfect</em> product;
it’s about doing that <em>at the smallest cost</em>.</p>
<div class="note">
<p>“Cost” could include using any resource that the engineer decides is important.
It could be dollars spent, CPU cycles, RAM usage, maintenance time, etc.</p>
</div>
<p>So yeah, programmers cut corners all the time, and the only reason that is bad
is because <em>they cut the wrong corners!</em></p>
<p>Real-world engineers cut corners <em>all the time</em>. Engineers are the world’s
<em>best</em> corner cutters.</p>
<p>And why are they the best? Because they cut the corners they can cut (to get the
cost as small as possible) while still hitting their quality targets.</p>
<p>We programmers? We don’t do that. We cut the <em>worst</em> corners. We cut the corners
that will cost us <em>more</em> in the future.</p>
<div class="note">
<p>That is, in a nutshell, what I was trying to say in <a href="/2022/10/technical-debt-costs-more-than-you-think-or-my-software-development-process/">“Technical Debt Costs More
Than You Think.”</a></p>
</div>
<p>So should we keep tech debt? Absolutely; it is important to cut corners.</p>
<p>We just need to cut the <em>right</em> corners. Anything else <em>is</em> malpractice.</p>Is "Source Available" Really That Bad?https://gavinhoward.com/2023/12/is-source-available-really-that-bad/Gavin D. Howard2023-12-27T23:38:54-07:002023-12-27T23:38:54-07:00In which I argue that Source Available Modifiable Software still respects end users.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Hackers and tech-oriented lawyers.</p>
<p>Discuss on <a href="https://news.ycombinator.com/item?id=38790767">Hacker News</a> and <a href="https://old.reddit.com/r/programming/comments/18snjxd/is_source_available_really_that_bad/?">Reddit</a>.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Mostly confident.</p>
</div>
<h2 id="introduction">Introduction</h2>
<p>Because of a <a href="https://lucumr.pocoo.org/2023/12/25/life-and-death-of-open-source/">couple</a> <a href="https://drewdevault.com/2023/12/26/2023-12-26-Prusa-is-floundering.html">posts</a>, I was reminded of two <a href="https://news.ycombinator.com/item?id=36971490">semi-recent</a>
<a href="https://news.ycombinator.com/item?id=38331173">brouhahas</a>.</p>
<p>When I originally came across them, I saw the FOSS purist side with righteous
indignation. But I had also just started building a business, so for the first
time, I understood the business side.</p>
<p>So despite my desire to post comments, I did not; I was uncomfortable with
myself and my opinions.</p>
<div class="note">
<p>Once I am aware of personal cognitive dissonance, it bothers me endlessly.</p>
<p>I am also prone to <em>not</em> being aware, of course.</p>
</div>
<p>I think I have come to terms with my thoughts and have solved my dilemma.</p>
<p>So in the spirit of <a href="https://en.wikipedia.org/wiki/Betteridge's_law_of_headlines">Betteridge’s Law of Headlines</a>, let me try to explain
why the answer to the title is “no” and why Source Available is not bad.</p>
<div class="note">
<p><strong>tl;dr</strong>: It can give end users <em>more</em> control, not less, while still allowing
authors to make money.</p>
</div>
<h2 id="free-software">Free Software</h2>
<p>We start with <a href="https://www.gnu.org/philosophy/free-sw.en.html">Free Software</a>, which is defined by <a href="https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms">Four Freedoms</a>:</p>
<blockquote>
<ul>
<li>The freedom to <strong>run the program as you wish, for any purpose</strong> (freedom 0).</li>
<li>The freedom to <strong>study how the program works, and change it so it does your
computing as you wish</strong> (freedom 1). Access to the source code is a
precondition for this.</li>
<li>The freedom to <strong>redistribute copies so you can help others</strong> (freedom 2).</li>
<li>The freedom to <strong>distribute copies of your modified versions to others</strong>
(freedom 3). By doing this you can give the whole community a chance to
benefit from your changes. Access to the source code is a precondition for
this.</li>
</ul>
</blockquote>
<p>Where did these come from? Well, I’ll let <a href="https://en.wikipedia.org/wiki/Richard_Stallman">RMS</a> tell you <a href="https://www.gnu.org/philosophy/rms-nyu-2001-transcript.txt">in his own
words</a>:</p>
<blockquote>
<p>Xerox gave the Artificial Intelligence Lab, where I worked, a laser printer,
and this was a really handsome gift….It was very fast…but it was
unreliable, because it was really a high-speed office copier that had been
modified into a printer. And, you know, copiers jam, but there’s somebody
there to fix them. The printer jammed and nobody saw. So it stayed jammed for
a long time.</p>
<p>Well, we had an idea for how to deal with this problem. Change it so that
whenever the printer gets a jam, the machine that runs the printer can tell
our timesharing machine, and tell the users who are waiting for printouts…go
fix the printer. Because…if you’re waiting for a printout and you know that
the printer is jammed…you’re going to go fix it.</p>
<p>But at that point, we were completely stymied, because the software that ran
that printer was not free software. It had come with the printer, and it was
just a binary. We couldn’t have the source code; Xerox wouldn’t let us have
the source code. So, despite our skill as programmers…we were completely
helpless to add this feature to the printer software.</p>
</blockquote>
<p>Now, I’ve known about this story since my introduction to Free Software more
than 12 years ago, but something strikes me on reading it again: RMS wanted the
source code to control <em>his</em> printer.</p>
<p>So I have a theory: when he formulated the Four Freedoms, his focus was on being
able to control <em>his</em> hardware, not on freedom.</p>
<h2 id="freedom-vs-control">Freedom vs. Control</h2>
<p>This theory, however, brought me at the problem from a different angle 50 years
removed with history that clarifies.</p>
<p>RMS saw the problem as a lack of <em>freedom</em>; with the experience of five decades,
I see it as a lack of <em>control</em>.</p>
<p>“But Gavin, those are the same thing!”</p>
<p>Not quite, but the difference is subtle:</p>
<ul>
<li>The point of <em>freedom</em> is having liberty to <em>do</em>, to <em>act</em>.</li>
<li>The point of <em>control</em> is having <em>authority</em> over <em>something</em>.</li>
</ul>
<div class="note">
<p>In the context of this post, that <em>something</em> is our devices.</p>
</div>
<p>“You need control to have freedom, Gavin.”</p>
<p>Not necessarily. It does <em>seem</em> that way, but it’s the other way around: you
need freedom to have control!</p>
<p>Imagine that you have a <a href="https://en.wikipedia.org/wiki/Grand_Theft_Auto_V">game</a>. Imagine that, through no fault of your own,
the <a href="https://www.bleepingcomputer.com/news/security/gta-5-source-code-reportedly-leaked-online-a-year-after-rockstar-hack/">source code of the game is available</a>.</p>
<p>You now have the all of ingredients for control over <em>your</em> play of the game;
you could change the source code and play the game as a god. Or a <a href="https://www.youtube.com/watch?v=2lI9_lAXG_k">chicken</a>.
Or <a href="https://www.youtube.com/watch?v=SCHpzvmw_PU">solve gaming’s greatest mystery</a>.</p>
<p>But do you have the freedom to exercise that control? Do you have the freedom to
<em>do</em> that? <a href="https://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act">No, you do not.</a></p>
<p><em>That’s</em> the difference.</p>
<div class="note">
<p>At least in software.</p>
</div>
<h2 id="rmss-mistake">RMS’s Mistake</h2>
<p>When RMS articulated the problem, he did one thing right, but he made a slight
mistake.</p>
<p>What he did right was recognize that freedom was essential for having control.</p>
<p>His mistake: he thought that <em>unfettered</em> freedom was essential for having
control.</p>
<p>It’s an easy mistake to make; after all, <em>my</em> default thought would be that
unlimited freedom <em>was</em> essential and that he was perfectly right.</p>
<div class="note">
<p>This is where my cognitive dissonance came from; that default was the sham in my
rumination.</p>
</div>
<p>But he was <em>not</em> right; it just takes some placid and precise peeling to unwrap
that wrinkle.</p>
<p>Because the key is in pieces!</p>
<h2 id="end-user-vs-dealer">End User vs. Dealer</h2>
<p>The first piece is in what kind of users exist.</p>
<p>In the 1970’s, there was only one kind of user: programmers.</p>
<p>At the time, buying software was rare; instead, it was common to pass it around
freely between colleagues and other peers, who were, by and large, other
programmers. Or other computer priests.</p>
<p>So users were, in general, all distributors. And they wanted nothing else than
to <em>use</em> the software. In other words, making money from software, from selling
it, was not a big thing.</p>
<div class="note">
<p>Obviously, writing software for pay was a thing; I’m talking about selling
software through <em>distribution</em>.</p>
</div>
<p>Things are different now. Making money became a big thing. This means that there
are different kinds of users:</p>
<ul>
<li><a href="https://en.wikipedia.org/wiki/End_user">End users</a></li>
<li>Dealers</li>
</ul>
<div class="note">
<p>In this post, a “dealer” is roughly someone who makes money from software.</p>
<p>And yes, the subtle connection to drug dealers is intentional.</p>
</div>
<p>And it turns out, to have control, they need freedom for different things.</p>
<p>End users need freedom over their device. In addition, distribution is
incidental to helping others; they only care about <em>sharing</em> so that other end
users also have control over their devices.</p>
<div class="note">
<p>The fact that end users can be <em>distributors</em> by <em>sharing</em> is why I use
“dealers” instead of “distributors” for the other kind of user, as well as why
I use “sharing” instead of “distributing” in the context of end users since
“distribution” has a definition in commercial law.</p>
</div>
<p>On the other hand, dealers need freedom over the <em>software itself</em> in order to
make money from it.</p>
<p>The question then becomes: are both kinds of users important?</p>
<p>RMS thought so. In the <a href="https://www.gnu.org/philosophy/free-sw.en.html#selling">Free Software Definition</a>, RMS specifically says,</p>
<blockquote>
<p>We want to invite everyone to use the GNU system, including businesses and
their workers. That requires allowing commercial use. We hope that free
replacement programs will supplant comparable proprietary programs, but they
can’t do that if businesses are forbidden to use them.</p>
</blockquote>
<p>I believe he was wrong; 50 years of history points to a simple fact:
<a href="https://www.techrepublic.com/article/dont-believe-the-hype-agpl-open-source-licensing-is-toxic-and-unpopular/">dealers</a> <a href="https://opensource.google/documentation/reference/using/agpl-policy">hate</a> <a href="https://news.ycombinator.com/item?id=19362919">the</a> <a href="https://av.tib.eu/media/44667">AGPL</a>, one of the strongest Free
Software licenses. They won’t use the software if they can avoid it.</p>
<p>Why? Well one line from that first link is instructive:</p>
<blockquote>
<p>…the AGPL is absolutely not free in any meaningful sense for <em>developers</em>.</p>
</blockquote>
<p>(Emphasis added.)</p>
<p>This is a <em>stunning</em> admission; the article claims that the strongest license
<em>removes</em> freedom for “developers,” which is a code word for <em>dealers</em> in this
context.</p>
<p>“Okay, Gavin, but that seems frivolous.”</p>
<p>On the contrary, it is <em>momentous!</em></p>
<p>Think about what freedom the AGPL removes: it removes the freedom to <em>not
publish source code</em>.</p>
<p>“Sure, but that’s a tiny thing, Gavin.”</p>
<p>If it was a tiny thing, companies wouldn’t have strong policies against it, so
it must be a big thing to them.</p>
<p>And why is that? <em>Because that freedom is what allows them to take control from
end users by <a href="https://www.theregister.com/2023/06/23/red_hat_centos_move/">not publishing source code</a>!</em></p>
<p><a href="https://en.wikipedia.org/wiki/Bruce_Perens">Bruce Perens</a>, who might know a thing or two about serving end users,
<a href="https://www.theregister.com/2023/12/27/bruce_perens_post_open/">said</a>,</p>
<blockquote>
<p>Open Source [and Free Software] has completely failed to serve the common
person. For the most part, if they use us at all they do so through a
proprietary software company’s systems, like Apple iOS or Google Android, both
of which use Open Source for infrastructure but the apps are mostly
proprietary. The common person doesn’t know about Open Source, they don’t know
about the freedoms we promote which are increasingly in their interest.
Indeed, Open Source is used today to surveil and even oppress them.</p>
</blockquote>
<p>This is why RMS made a mistake: I believe he wanted to protect end users the
most, and he thought that welcoming commercial interests into the fold would
mean benefits would benefit end users. However, despite trying to welcome
commercial interests, they rejected his vision so that they could <em>oppress</em> end
users!</p>
<p>Sadly, even <em>I</em> subscribed to same poisonous view as commercial interests! This
made my opinion a Frankenpinion; I wanted Free Software to win, but I believed
that copyleft was holding it back.</p>
<p>And I was vocal about it! On an early version of <a href="https://yzena.com/yzena-access-license-faq/">this page</a>, I said,</p>
<blockquote>
<p>In my opinion, virality is parasitic and has caused people to use
closed-source software instead of FOSS alternatives when those alternatives
were licensed under the GPL and AGPL.</p>
</blockquote>
<div class="warning">
<p>As of the publication of this post, that quote is still there, but it will
change soon after I finish crafting those licenses and their FAQ pages.</p>
</div>
<p>Well, I was wrong; virality is good for <em>end users</em> because it forces
dealers to preserve freedom for end users.</p>
<div class="note">
<p>I think this is why RMS and his <a href="https://www.fsf.org/">Free Software Foundation</a> are so vocal
about copyleft.</p>
</div>
<p>So it is obvious that we must choose between control for end users and control
for dealers.</p>
<p>I choose end users. Autocratic dealers can go to <code>/dev/null</code>.</p>
<h2 id="principles-not-freedoms-i">Principles, Not Freedoms I</h2>
<p>So if the foundations of Free Software, the <a href="https://www.gnu.org/philosophy/free-sw.en.html#four-freedoms">Four Freedoms</a>, are not quite
right, we need to reconsider.</p>
<p>Instead of four freedoms, I would like to propose two <em>principles</em>:</p>
<ul>
<li><strong>Principle 0</strong>: End users must have enough freedom to control their devices.</li>
<li><strong>Principle 1</strong>: End users must have enough freedom to help other end users
control their devices.</li>
</ul>
<p>Principle 0 is obvious, but Principle 1 is just as important; if end users do
not have the freedom to share, that is a problem for <em>other</em> end users, most of
whom will not be programmers.</p>
<p>Sharing is critical for the freedom and control of end users who are <em>not</em>
programmers, who deserve just as much as programmers do. Therefore, Principle 1.</p>
<h2 id="source-available">Source Available?</h2>
<p>That finally brings us to <a href="https://en.wikipedia.org/wiki/Source-available_software">Source Available software</a>, of which Wikipedia
has a solid definition:</p>
<blockquote>
<p>software released through a source code distribution model that includes
arrangements where the source can be viewed, and in some cases modified, but
without necessarily meeting the criteria to be called [Open Source].</p>
</blockquote>
<p>So what’s Open Source, a term already mentioned?</p>
<p>Like Free Software, it’s a <a href="https://opensource.org/osd/">carefully honed definition</a>, which is too long
to put here.</p>
<div class="note">
<p>But that definition is also controlled by <a href="https://opensource.org/">an organization</a>.</p>
</div>
<p>Open Source is like Free Software, but more broad. Source Available is when the
source is “open,” but people decide that the license does not meet the Open
Source Definition.</p>
<p>But here’s the key: Source Available, if it’s any good, still gives end users
freedom and control!</p>
<p>But it does have to be good, which means to follow the principles above. This
means that Source Available has to:</p>
<ul>
<li>Allow the end user to modify it and use modified versions.</li>
<li>Allow the end user to share it, including modified versions.</li>
</ul>
<p>Unfortunately, not all Source Available software does this, so we need a
specific name for software that does.</p>
<p>Could we use the term “Open Source”? Ha! Fat chance!</p>
<p>The biggest cause of the brouhaha I mentioned is that Sentry called their code
Open Source when it did not fit the Open Source definition.</p>
<p>To be frank, I’m actually on the side of the purists here; we have a widely
accepted definition, so that definition should be respected.</p>
<p>Yes, even if we, as business owners, do not like the definition. And even if we
want the goodwill that comes from embracing Open Source.</p>
<div class="note">
<p>If you were wondering, the same care that makes me avoid “Open Source” is the
same care that chose “dealer” over “distributor” above because “distributor” is
a definition in many FOSS licenses.</p>
</div>
<p>So let go of the goodwill; we can find another term. We might even find one that
already has fantastic connotations.</p>
<p>In fact, I think I have one!</p>
<p>You see, both things that Source Available software must be to be good include
being modifiable, so I leaned into that by borrowing a term from gaming:
<a href="https://en.wiktionary.org/wiki/moddable"><strong>moddable</strong></a>.</p>
<p>But that’s not a single syllable; Free Software became a mind virus with a
single syllable word, even if it needs “Software” on the end, and even if <a href="https://www.fsf.org/about">it
has to be explained</a>.</p>
<p>But I can make mine a single syllable in the same spirit by adding a common
suffix to make the term “<strong>modware</strong>.”</p>
<dl>
<dt>Modware</dt>
<dd>
<p>Software that you can modify (“mod”) and share (because gamers share their
mods).</p>
</dd>
</dl>
<div class="note">
<p>I did not use “mod” because the gaming community already uses that term for the
modifications themselves, and I think they deserve to keep that term since they
came up with it.</p>
<p>Plus adding “ware” denotes that it is software and has the same flavor as terms
like <a href="https://en.wikipedia.org/wiki/Shareware">“shareware”</a> and <a href="https://en.wikipedia.org/wiki/Freeware">“freeware.”</a></p>
</div>
<p>And if that’s not descriptive enough for you, I guess we can try again.</p>
<p>Free and Open Source Software is a mouthful, but it has an easy abbreviation:
FOSS.</p>
<p>Since this category includes software whose source is available and moddable,
what if we used <strong>“Source Available Moddable Software”</strong>? Then the abbreviation
would be <strong>SAMS</strong>, which is easy to say, easy to remember, and not quite an
actual word.</p>
<div class="note">
<p>Don’t like “Moddable”? It can be changed to “Modifiable” without any loss.</p>
</div>
<p>I vote for either of these terms, or <em>both</em>, but if someone does better, it does
not matter; we just need one term with good connotations and a meme-like
quality.</p>
<h2 id="authors-vs-redistributors">Authors vs. Redistributors</h2>
<p>That brings us to the second piece of the key: the two kinds of dealers, which
are authors vs. redistributors.</p>
<p>“But Gavin! Authors <em>are</em> distributors!”</p>
<p>Well, yes. That’s why I specifically said <em>redistributors</em>.</p>
<p>Roughly, <em>authors</em> are the original developers of a piece of software, and
redistributors are any distributors that are not authors.</p>
<p>And here is where we can see <em>how</em> RMS made his mistake: he was an end user
<em>and</em> an author, and as an author/distributor, he wanted distribution freedom
too.</p>
<p>But the needs of authors are different from plain redistributors.</p>
<p>How different? Watch the following video <code>18:56</code> to <code>20:32</code> (or use <a href="https://www.youtube.com/watch?v=XZ3w_jec1v8&t=1136s">this
link</a>):</p>
<div style="position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden;">
<iframe src="https://www.youtube-nocookie.com/embed/XZ3w_jec1v8" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%; border:0;" allowfullscreen title="The Economics of Programming Languages"></iframe>
</div>
<p>In essence, authors have two costs: software development and business
development. Under FOSS, redistributors only have one: business development.</p>
<p>This means redistributors outcompete authors, in a phenomenon Evan Czaplicki
calls <a href="https://www.youtube.com/watch?v=XZ3w_jec1v8&t=1708s">“The Jeff Problem” or “Getting Jeff’ed”</a>:</p>
<blockquote>
<p>So we’ve got this Open Source Definition where Google, they give their stuff
away to Microsoft; that works. And then we have this other thing where you
have to do the development cost, you have to do the cost of business, but they
have to do the cost of developing business too.</p>
<p>But they’re Amazon, so they say, “Oh, you want to do hosting? That’s cool.
We’ll just do it more and do it to more people.”</p>
<p>And [they] start to cannibalize your business.</p>
<p>And…It’s not just Jeff; I can get Jeff’ed by anybody.</p>
</blockquote>
<p>So it turns out that certain authors need protection from redistributors just as
much as end users need protection from dealers!</p>
<h2 id="principles-not-freedoms-ii">Principles, Not Freedoms II</h2>
<p>We are in a terrible situation, where end users <em>and</em> authors are not safe from
middlemen, the dealers who are not authors.</p>
<p>This is unsustainable.</p>
<p>Putting rose-colored glasses on, I personally think that this problem is what
Sentry was trying to fix with the <a href="https://lucumr.pocoo.org/2023/11/19/cathedral-and-bazaaar-licensing/">FSL</a>. And what <a href="https://news.ycombinator.com/item?id=36584656">SourceGraph tried to
fix</a>. And why <a href="https://handbook.gitlab.com/handbook/company/stewardship/">GitLab is open core</a>.</p>
<p>Unfortunately, as software engineers, and not <em>social</em> engineers, these
companies failed to fix the problem and only stirred up stinging zingers.</p>
<p>So as a fellow programmer, let me throw my hat in the ring and fail too because
we need a concept that protects authors and end users from middlemen dealers.</p>
<p>Let me add two more principles:</p>
<ul>
<li><strong>Principle 2</strong>: Middle men should only receive the freedom that end users
need.</li>
<li><strong>Principle 3</strong>: Authors may reserve as much control to themselves as
possible, as long as Principle 0 and Principle 1 are not violated.</li>
</ul>
<p>Principle 2 should be self-explanatory.</p>
<p>However, dropping Principle 3 on the industry might be like dropping a
<a href="https://en.wikipedia.org/wiki/GBU-43/B_MOAB">MOAB</a> into a well since we are so used to Free (as in freedom) and free (as
in root beer).</p>
<p><a href="https://staltz.com/software-below-the-poverty-line.html">But</a> <a href="https://stackoverflow.blog/2021/01/07/open-source-has-a-funding-problem/">we</a> <a href="https://aaronstannard.com/sustainable-open-source-software/">have</a> <a href="https://matt.life/writing/the-asymmetry-of-open-source">a</a> <a href="https://daniel.haxx.se/blog/2021/01/15/food-on-the-table-while-giving-away-code/">funding</a> <a href="https://daniel.haxx.se/blog/2022/01/17/enforcing-the-pyramid-of-open-source/">problem</a> <a href="https://www.kitze.io/posts/github-stars-wont-pay-your-rent">in</a>
<a href="https://raccoon.onyxbits.de/blog/bugreport-free-support/">Open</a> <a href="https://raccoon.onyxbits.de/blog/reactions-bugreport-free-support/">Source</a>.</p>
<p>And legitimate companies that <em>try</em> to open their source get Jeff’ed.</p>
<p>So let me give a warning to the industry as strongly as I can:</p>
<div class="warning">
<p><strong>IF YOU DO NOT PAY FOR OPEN SOURCE SOFTWARE, WE WILL LOSE WHAT OPEN SOURCE WE
HAVE!</strong></p>
</div>
<p>If companies and programmers refuse to pay, software will only be opened by
companies that can throw money away, and there are not many of those companies.</p>
<div class="note">
<p>And they don’t care about us anyway.</p>
</div>
<p>To keep software open, we must let authors make money and prevent dealers from
eating their lunch.</p>
<p>How can we do this? By accepting licenses that meet the SAMS definition and that
may not be Open Source (by the Open Source Definition).</p>
<div class="note">
<p>And by “accepting,” I mean treating software with those licenses as equals with
Open Source.</p>
</div>
<p>The definition of SAMS is purposefully wide; it gives authors wide latitude to
choose what works for them.</p>
<p>And what may work?</p>
<ul>
<li>Noncommercial licenses like the <a href="https://polyformproject.org/licenses/noncommercial/1.0.0/">Polyform Noncommercial License</a>.</li>
<li>Noncompete licenses like the <a href="https://www.hashicorp.com/bsl">Business Source License</a>.</li>
<li><a href="https://news.ycombinator.com/item?id=38772253">Delayed Open Source</a> licenses like the <a href="https://fsl.software/">Functional Source License</a>.</li>
<li>Or anything else that gives the authors a competitive advantage while
following the Principles.</li>
</ul>
<p>Are those options wrong?</p>
<p>Despite my rabid support for FOSS, I do <em>not</em> think there is anything wrong with
this; authors have a right to put food on the table with their work, and I think
it can be done while respecting end users.</p>
<p>The only ones who get “shafted” are the middlemen dealers who do nothing but
cannibalize software that they <em>still get for free!</em></p>
<div class="note">
<p>Oh, won’t someone think of the poor dealers! 😑</p>
</div>
<h2 id="foss-vs-sams">FOSS vs. SAMS</h2>
<p>“But Gavin! Those licenses violate the Four Freedoms and the Open Source
Definition!”</p>
<p>Yeah, so?</p>
<p>Sure, you can’t run a program for <em>any</em> purpose, but that’s the only one of the
Freedoms that it violates. And you can still run a program freely as an end
user.</p>
<p>And sure, now authors can discriminate against certain <a href="https://opensource.org/osd/#persons-or-groups">groups of persons</a>
known as companies, and now they can discriminate against certain fields of
endeavor, like business ones. But they can’t discriminate against end users,
including you.</p>
<p>The only reason you would care is if you’re afraid for your company.</p>
<p>And the only reason you would be afraid for your company is if it’s a cannibal.</p>
<p>If that’s the case, I think the problem is your company, not the concept of
SAMS.</p>
<p>I am willing to sacrifice cannibals for the greater good of control for end
users and money for authors.</p>
<h3 id="contributions">Contributions</h3>
<p>But there is no such thing as a free lunch or a free ride.</p>
<div class="note">
<p>Unless you’re a cannibal dealer with FOSS.</p>
</div>
<p>There is one problem with non-FOSS SAMS, and I won’t even try to minimize it by
claiming it’s minor; it’s not.</p>
<p>The problem: contributions.</p>
<p>If you have a company and want to open your code as modware/SAMS, you may have
to give up sourcing contributions from end users.</p>
<p>Why?</p>
<div class="warning">
<p>Remember, <strong>I am not a lawyer</strong>.</p>
</div>
<p>The problem is that if you accept user contributions, you don’t own the
copyright to those contributions. If your software is already modware, you may
be fine if you stay that way.</p>
<p>However, if you decide to move from FOSS to SAMS, or even from SAMS to FOSS, you
can’t without contacting every one of those contributors to ask for permission.</p>
<p>And if you don’t get it, or can’t contact them, tough luck.</p>
<p>Another option: you could get those users to sign a <a href="https://en.wikipedia.org/wiki/Contributor_License_Agreement">CLA</a>, but <a href="https://drewdevault.com/2023/07/04/Dont-sign-a-CLA-2.html">end users
are gunshy about them now</a>.</p>
<p>The final option is to <em>not</em> accept contributions.</p>
<p>In other words, those modifications that your end users make? You can’t use them
yourself.</p>
<p>This may catastrophic, or it may be nothing. You just have to be aware and
choose if user contributions are more important than maintaining your advantage
over cannibals.</p>
<div class="note">
<p>In my case, I don’t play well with others and <a href="https://gavinhoward.org/2023/06/let-me-cure-your-impostor-syndrome/">can’t read others’ code</a>. And
I want to relax my license over time. The choice is obvious.</p>
</div>
<h3 id="foss-is-sams">FOSS Is SAMS</h3>
<p>Now, I’m sure you have noticed something: SAMS is a superset of both Free
Software and Open Source, so any FOSS is also SAMS.</p>
<p>Well, sort of. Some FOSS turns proprietary because it’s not copyleft, or is
provided as a service.</p>
<div class="warning">
<p>This is why copyleft should be default: it prevents dealers from altering the
deal for end users.</p>
</div>
<p>But any FOSS that is actually in end users’ hands in source form is SAMS.</p>
<h2 id="my-bet">My Bet</h2>
<p>Words mean nothing without action, so I am going to make a bet.</p>
<p>I am betting that SAMS/modware can be widely accepted and that they will not
reduce end user freedom while saving authors from getting Jeff’ed.</p>
<p>So I am going to put my code under a SAMS license, one of my own making.</p>
<p>As of right now, I don’t have one, but before I release my software in a few
months, I will add a noncommercial license and get it checked by a lawyer along
with the others. And then my code will be under that noncommercial SAMS license.</p>
<p>Is it a risk to my business? Absolutely; potential customers could look at the
license and flee.</p>
<p>But “all progress depends on the unreasonable man,” so I will be unreasonable
and stick to my bet, even at the cost of my future business.</p>
<h2 id="conclusion">Conclusion</h2>
<p>Of course I want to <em>insist</em> that I am right. Nevertheless, it is not on me to
say; the success of my ideas in this post depends on the industry, on <em>you</em>.</p>
<p>Do you want me to be right? Do you want me to be wrong? Act like your choice,
and we will see with time.</p>
<p>But beware lest you lose what you have to spite what you hate.</p>Code Is Not Technical Debthttps://gavinhoward.com/2023/12/code-is-not-technical-debt/Gavin D. Howard2023-12-20T23:38:08-07:002023-12-20T23:38:08-07:00Someone is wrong on the Internet; he said that all code is technical debt, and I refute that.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Hackers and suits in the tech industry.</p>
<p>Discuss on <a href="https://news.ycombinator.com/item?id=38717873">Hacker News</a>.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Confident.</p>
</div>
<h2 id="the-introduction">The Introduction</h2>
<p>So I saw a post today, and it’s so wrong I was about to post a ranty missive on
Hacker News.</p>
<p>But my ranty missives get long, so here’s a blog post instead.</p>
<div class="note">
<p><strong>tl;dr</strong>: Code is an asset, and tech debt is when the software <em>and its
internal model</em> do not match the problem and the mental model, or when the
internal interfaces do not minimize assumptions.</p>
</div>
<h2 id="the-post">The Post</h2>
<p>The post is <a href="https://www.tokyodev.com/articles/all-code-is-technical-debt">“All Code Is Technical Debt”</a> written by <a href="https://www.tokyodev.com/authors/paul-mcmahon">Paul McMahon</a>.</p>
<p>And everything is just <em>slightly</em> wrong, starting from the title.</p>
<p>So let’s break it down.</p>
<h2 id="the-thesis">The Thesis</h2>
<p>Paul’s thesis is at the end of his introduction:</p>
<blockquote>
<p>As the more code you add to an application, the slower development becomes, I
view all code as technical debt.</p>
</blockquote>
<p>But is this true? Does development speed always get slower if you add code?</p>
<p>Let’s look at the corollary: does development speed always get faster if you
<em>remove</em> code?</p>
<p>That is false on its face!</p>
<p>One of the reasons people don’t like C (besides <a href="https://gavinhoward.com/2023/02/why-i-use-c-when-i-believe-in-memory-safety/">memory bugs</a>) is its paltry
standard library! C is basically the extreme of “remove code,” and I can tell
you from experience that its tiny standard library slows development.</p>
<div class="note">
<p>I’ve spent about <a href="https://git.yzena.com/Yzena/Yc/commit/8b803cf03f98b3864">7 years</a> building my own C libraries as a replacement.</p>
</div>
<p>So if the corollary is not true, is the thesis?</p>
<p><strong>It is absolutely not true.</strong></p>
<p>Take <a href="https://git.gavinhoward.com/gavin/bc/commit/1ead5b9652a1be00">this commit</a> from my <a href="https://gavinhoward.com/2023/02/my-code-conquered-another-os/">most famous</a> <a href="https://git.gavinhoward.com/gavin/bc">project</a>.</p>
<p>In that commit, I am adding three, <em>three!</em>, new keywords and commands to <code>bc</code>
<em>and</em> <code>dc</code>.</p>
<p>For that commit, I deleted 7 lines and added 108.</p>
<div class="note">
<p>More accurately, I changed 7 lines and added 101.</p>
</div>
<p>That means I deleted an average of 1 line per keyword <em>per program</em>, and added
an average of 18 lines per keyword per program.</p>
<p>Okay, let’s see how much of that code exists 537 commits later.</p>
<div class="note">
<p>To get the 537 number, I ran <code>git rev-list 1ead5b96..HEAD | wc -l</code>.</p>
</div>
<p>I ran blames and took out whitespace-only code style fixes. Of the 108 lines,
77 still exist. That’s 71.2%.</p>
<p>And most of the ones that changed were numbers or other data that got changed
when I added <em>other</em> keywords.</p>
<p>But the other key is how <em>easy</em> it was to add those features; even if we count
both programs together, adding a keyword took me 36 lines. That’s easy to
review, easy to test, and easy to change. It’s like technical debt does not
exist.</p>
<div class="note">
<p>And <a href="/2022/10/technical-debt-costs-more-than-you-think-or-my-software-development-process/">that is intentional</a>.</p>
</div>
<p>“Okay, Gavin, but what does that have to do with Paul’s thesis?”</p>
<p>Paul’s point is that adding code is always more technical debt. He said,</p>
<blockquote>
<p>When you’re first building out an application, you can develop new features at
incredible speed. There’s no need to worry about the impact on existing users.
You can just focus on implementing new features.</p>
<p>However, as an application matures, development speed will inevitably slow
down. On a poorly implemented product, development speed slows down quickly.
But even on a beautifully implemented one, development speed still slows down
over time.</p>
</blockquote>
<p>But that was not the case for these three features. They took me about two hours
<em>total</em>, including testing!</p>
<p>This was <em>not</em> the case when I started; I could take <em>weeks</em> to add just <em>one</em>
new feature!</p>
<p>So my development speed has <em>increased</em> even though my code has grown!</p>
<p>How much has it grown? This much:</p>
<p class="img">
<a href="https://gavinhoward.com/img/bc_stack_plot.png" class="img">
<img src="https://gavinhoward.com/img/bc_stack_plot.png" alt="Git of Theseus stack plot for bc as of Dec 20, 2023" aria-label="Git of Theseus stack plot for bc as of Dec 20, 2023" class="center" />
</a>
</p>
<p>And that image only counts files in <code>include/</code>, <code>src/</code>, and <code>gen/</code>. It also
excludes text files in <code>gen/</code>.</p>
<div class="note">
<p>In particular, note that the only month that lost a significant amount of code
is Aug 2018, which was early.</p>
</div>
<p>If you were to plot the survival rates of code in <code>bc</code>, it would look like this:</p>
<p class="img">
<a href="https://gavinhoward.com/img/bc_survival_plot1.png" class="img">
<img src="https://gavinhoward.com/img/bc_survival_plot1.png" alt="Git of Theseus stack plot for bc as of Dec 20, 2023" aria-label="Git of Theseus stack plot for bc as of Dec 20, 2023" class="center" />
</a>
</p>
<p>And again, that only counts files in the same directories as above. If you plot
the survival rate for the entire repo, you’ll get this:</p>
<p class="img">
<a href="https://gavinhoward.com/img/bc_survival_plot2.png" class="img">
<img src="https://gavinhoward.com/img/bc_survival_plot2.png" alt="Second Git of Theseus stack plot for bc as of Dec 20, 2023" aria-label="Second Git of Theseus stack plot for bc as of Dec 20, 2023" class="center" />
</a>
</p>
<p>Notice that the first 40% disappeared in six months, but the next 40% is <em>still</em>
not gone more than five years later.</p>
<p>Also, do you see those small cliffs at various points? Those are where I did a
refactor to reduce tech debt.</p>
<p>There was a large cliff at the beginning because I was exploring and refactoring
as I went. I finally settled into something good after six months, but I didn’t
rest on my laurels; when I saw a problem, I fixed it.</p>
<p>In fact, I often <em>added</em> code to reduce tech debt.</p>
<p>An example is when I implemented my own <a href="https://git.gavinhoward.com/gavin/bc/src/branch/master/src/file.c">file I/O</a> in <code>bc</code>.</p>
<p>“Oh, Gavin…”</p>
<p class="img">
<a href="https://media1.tenor.com/m/ofdD0cJ5xQ0AAAAC/you-are-so-dumb-you-are-really-dumb.gif" class="img">
<img src="https://media1.tenor.com/m/ofdD0cJ5xQ0AAAAC/you-are-so-dumb-you-are-really-dumb.gif" alt="You are so dumb" aria-label="You are so dumb" class="center" />
</a>
</p>
<p>No I’m not.</p>
<p>You see, I have a built-in command-line history implementation, and that needs
raw access to the terminal for obvious reasons.</p>
<p>If I used the regular file I/O, it would have “worked,” but I would deal with
sticky issues between it and history.</p>
<p>But by implementing my own, I got rid of the sticky issues and reduced my tech
debt.</p>
<p><em>Adding</em> code <em>reduced</em> my tech debt.</p>
<p>Paul is right by <a href="https://en.wikipedia.org/wiki/Rule_of_thumb">rule of thumb</a>, but I would rather not be ruled by
<a href="https://spykids.fandom.com/wiki/Thumb_Thumbs">thumbs</a>.</p>
<p>So let’s find a more precise “rule.”</p>
<h2 id="the-rule">The Rule</h2>
<p>I already <a href="/2022/10/technical-debt-costs-more-than-you-think-or-my-software-development-process/">came up with one</a>:</p>
<blockquote>
<p>Your software is trying to solve a problem, and every problem has an unknown
shape because <a href="http://johnsalvatier.org/blog/2017/reality-has-a-surprising-amount-of-detail">reality has a surprising amount of detail</a>…</p>
<p><strong>Technical debt is every place where the software does not fit the
problem.</strong></p>
</blockquote>
<p>(Emphasis added.)</p>
<p>And it is that simple: tech debt is when your software (and the model behind it)
do not fit the problem it is trying to solve.</p>
<p>Well, not quite…</p>
<h2 id="the-metaphor">The Metaphor</h2>
<p>“Okay, Gavin, so what about our metaphor? Should we want more code or less?
Because it sure sounds like you’re advocating for more code.”</p>
<p>Nah, less code <em>is</em> better, all else being equal. But “all else equal” is
lottery-rare.</p>
<div class="warning">
<p>That’s not to say that “less code equals better” is <em>also</em> rare; it’s not.</p>
</div>
<p>I would like to propose a different metaphor: code/software is an <a href="https://en.wikipedia.org/wiki/Asset"><em>asset</em></a>.</p>
<p>“Well, what’s tech debt, then?”</p>
<p>Patience.</p>
<p>If I’m going to go all in on financial terms, let’s add <a href="https://en.wikipedia.org/wiki/Liability_(financial_accounting)">liabilities</a>:</p>
<dl>
<dt>Liability</dt>
<dd>
<p>The quantity of value that a[n]…entity owes.</p>
</dd>
</dl>
<p>As a programmer, you owe the ability to solve a problem. Anything in the code
that doesn’t solve the problem is part of that liability.</p>
<p>So technical <em>debt</em> is really <em>code liability</em>.</p>
<div class="note">
<p>I use the term “code liability” not “tech liability” to emphasize that it is
<a href="https://news.ycombinator.com/item?id=38714152">not just a problem for techies</a>.</p>
</div>
<p>“That’s stupid, Gavin; assets can’t be liabilities, so your metaphor is wrong.”</p>
<p>True, assets cannot be liabilities, but they <em>can</em> have liabilities attached to
them.</p>
<p>For example, say I buy a car with financing; that debt is a <em>liability</em> even
though the car itself is an <em>asset</em>, and that liability is attached to the car.</p>
<p>In like manner, code as an asset can have a liability attached that lessens the
value of the asset.</p>
<p>It goes further: you can be <a href="https://www.investopedia.com/terms/u/underwater.asp">“underwater”</a> on an asset. This means that your
asset may be worth <em>less</em> than the liability attached to it.</p>
<p>You can experience this with code as well; when development slows to a crawl,
you’ve gone under.</p>
<p>It can happen in two ways: the problem changes (your liability increases) or
your software becomes less useful (your asset <a href="https://en.wikipedia.org/wiki/Depreciation">depreciates</a>).</p>
<div class="note">
<p>Yep, I’m <em>still</em> going on the financial metaphors.</p>
</div>
<p>“How can software depreciate, Gavin? It’s just code.”</p>
<p><em><strong><code>node_modules</code> enters the chat</strong></em></p>
<p>If its environment changes, it may not run. And software that won’t run has
depreciated to nothing.</p>
<div class="note">
<p>This is <em>another</em> reason <a href="https://gavinhoward.com/2023/02/why-i-use-c-when-i-believe-in-memory-safety/">I choose C</a>: the environment does not change.</p>
</div>
<p>“But that doesn’t explain your supposed ‘zero’ code liability, Gavin.”</p>
<p>You’re partially right. I do keep up to date on the problem, and I do update my
software to fit the problem.</p>
<h2 id="the-interfaces">The Interfaces</h2>
<p>But that is not the only reason I have nigh nil code liability and why you do
not.</p>
<p>Paul says, <a href="https://www.tokyodev.com/articles/all-code-is-technical-debt#adding-new-assumptions-increases-debt">“Adding new assumptions increases debt,”</a> and in this, he is
correct.</p>
<p>But he is assuming that adding features requires adding assumptions. If you
create and use interfaces properly, few to no new assumptions are necessary.</p>
<p>Don’t believe me?</p>
<p>Remember that I added keywords to my <code>bc</code>; all three needed <em>zero</em> additional
assumptions.</p>
<p>The parsing followed the existing assumptions of the parser (parse up to the
character you need and no more) and the existing assumption of the virtual
machine (remove operands from the results stack and replace them with the
result).</p>
<p>“But that’s just because you were making a programming language and could make
easy assumptions!”</p>
<p>Uh, this programming language is <a href="https://en.wikipedia.org/wiki/Turing_completeness"><em>Turing-complete!</em></a> That is the very
<em>definition</em> of <strong>hard</strong> in programming. It’s also hard to making a programming
language match the problem it is made to solve.</p>
<div class="note">
<p>And I have pulled off the same thing in a larger language with <em>user-defined
keywords</em> and <em>user-defined lexers!</em></p>
<p>Coming soon…</p>
</div>
<p>To wit: <strong>your interfaces should minimize assumptions</strong>.</p>
<div class="note">
<p>Or in other words, the code’s internal model (assumptions) needs to match the
internal interfaces.</p>
</div>
<p>I do this by:</p>
<ul>
<li>Never programming past my limited ability.</li>
<li>Strictly documenting interfaces, including preconditions and postconditions.</li>
<li>Strictly programming to those interfaces, adjusting one or the other as
necessary.</li>
<li>Iterating until the interfaces are close to perfect.</li>
</ul>
<p>I know I have succeeded when those interfaces make it easy to add stuff without
intefering with other features.</p>
<h2 id="the-model">The Model</h2>
<p>And yet, that is <em>still</em> not enough.</p>
<p>The last way software can have a liability is that it doesn’t match the model.</p>
<p>The <em>mental</em> model.</p>
<p><a href="https://gist.github.com/onlurking/fc5c81d18cfce9ff81bc968a7f342fb1">“Programming as Theory Building”</a> (<a href="https://pages.cs.wisc.edu/~remzi/Naur.pdf">original</a>) is a famous essay (which
you should go read <em>right now!</em>) that uses the word <em>theory</em> for this concept,
but it is the same concept.</p>
<p>Whatever the term, the model/theory is the software as it exists in the minds of
those who create and use it.</p>
<p>Of course, the mental model will be inaccurate; if it wasn’t, we would never
have bugs, so the <em>other</em> form of code liability is when the software is
different from the mental model.</p>
<p>I fix this by testing, testing, testing. I fuzz with a crash-happy build, and I
fix every bug.</p>
<p>“But how does that improve your mental model?”</p>
<p>Because for me, one of the definitions of a bug is a <em>mismatch between my mental
model and the reality of the software</em>.</p>
<p>So when I fix a bug, I’m bring my model and the reality closer together. And I
do this until they are in harmony.</p>
<div class="note">
<p>Sometimes, this includes changing my mental model when the reality is better.</p>
</div>
<h2 id="the-bloat">The Bloat</h2>
<p>In addition, unneeded bloat is also code liability.</p>
<p>All code has a cost because assets have to be maintained, so extra code will
have a higher maintenance cost than necessary.</p>
<p>I regularly look for code to purge.</p>
<h2 id="the-prevention">The Prevention</h2>
<p>I also do one more thing that almost no developer does: I actually <em>design</em> my
code before I ever start coding.</p>
<p>In other words, I build a mental model, including the problem that the software
solves, before I start.</p>
<p>This keeps my coding laser-focused on its purpose and helps me prevent
divergence between reality and model.</p>
<p>Of course, I do have to update the initial model, but an ounce of prevention is
worth a pound of cure.</p>
<p>And <em>that</em> is how I smash code liability.</p>
<h2 id="the-other-points">The Other Points</h2>
<p>I guess I should respond to Paul’s other points.</p>
<div class="paragraph big_text">
<a href="https://www.tokyodev.com/articles/all-code-is-technical-debt#features-can-have-negative-value"><strong>Features can have negative value</strong></a>
</div>
<p>Yes, that is true, and that matches with my metaphor.</p>
<p>A feature that does not match the problem has negative value, but it is still
an <em>asset</em>, just a bad one, like a junker car.</p>
<div class="note">
<p>In the real world, assets can <em>also</em> be a poor match for their purpose, such as
the <a href="https://simpleflying.com/airbus-a380-programme-cancelled/">Airbus A380</a>.</p>
</div>
<div class="paragraph big_text">
<a href="https://www.tokyodev.com/articles/all-code-is-technical-debt#code-isnt-inherently-valuable"><strong>Code isn’t inherently valuable</strong></a>
</div>
<p>Yes, that is true.</p>
<p>Code that does not match the problem has negative value.</p>
<p>You heard that right: this is just a restatement of of <strong>“Features can have
negative value.”</strong></p>
<div class="paragraph big_text">
<a href="https://www.tokyodev.com/articles/all-code-is-technical-debt#once-a-feature-has-been-added-its-there-to-stay"><strong>Once a feature has been added, it’s there to stay</strong></a>
</div>
<p>This is also mostly true.</p>
<p>This is why I’m bullish on keeping code liability to a minimum from the start;
if I ruthlessly prune features before they can entrench themselves, this
terrible fact is not a fact for me.</p>
<p>I suggest you do the same if you can while still meeting your business goals.</p>
<div class="paragraph big_text">
<a href="https://www.tokyodev.com/articles/all-code-is-technical-debt#to-avoid-technical-debt-dont-write-code"><strong>To avoid technical debt, don’t write code</strong></a>
</div>
<p>Well, yes, but this is also like saying “to avoid missing in basketball, don’t
shoot.”</p>
<p>Code is an asset, but you need assets to do stuff.</p>
<p>Just remember that assets need maintenance to remain above water. Write code to
solve problems, and make sure that code matches the problem. Maintain it to keep
it that way.</p>
<div class="paragraph big_text">
<a href="https://www.tokyodev.com/articles/all-code-is-technical-debt#work-within-the-constraints-of-existing-assumptions"><strong>Work within the constraints of existing assumptions</strong></a>
</div>
<p>Yes, this is great advice; it is the same advice I gave above about assumptions,
although you should change bad assumptions if you can.</p>
<h2 id="the-conclusion">The Conclusion</h2>
<p>Tech debt and code liability are hotly debated, so let me throw out my opinion:</p>
<ul>
<li>Code is an asset.</li>
<li>Code can have a liability attached, which can be one or more of:
<ul>
<li>When the code does not match the problem.</li>
<li>When the code’s internal model does not match the problem.</li>
<li>When the code’s internal model does not match the mental model of users
and programmers.</li>
<li>When the code’s internal model does not match the code’s internal
interfaces.</li>
<li>And yes, when there is more code than necessary to match the problem.</li>
</ul>
</li>
<li>You can be underwater on code; this is when development stalls.</li>
<li>Thus, code must be maintained, just like any other asset.</li>
</ul>
<p>Am I right? Well, I’ll leave that for you to decide.</p>
<p><a href="https://news.ycombinator.com/item?id=38717873">Let the debate rage on!</a></p>
<hr>
<p><strong>Edit (2023-12-21)</strong>: Added “The Bloat” section based on Hacker News comments.</p>Am I a Good C Programmer?https://gavinhoward.com/2023/12/am-i-a-good-c-programmer/Gavin D. Howard2023-12-13T21:51:16-07:002023-12-13T21:51:16-07:00Daniel Stenberg compared his C programming against the average, so I thought I would do the same.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Hackers who like humble brags. 😛</p>
<p><a href="https://news.ycombinator.com/item?id=38637969">Discuss on Hacker News.</a></p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: You decide.</p>
</div>
<p>On Feb 5, 2023, I <a href="https://news.ycombinator.com/item?id=34662666">posted on Hacker News</a> the <a href="/2023/02/why-i-use-c-when-i-believe-in-memory-safety/">article</a> that became my
most popular one on that site.</p>
<p>It is called, “Why I Use C When I Believe in Memory Safety.”</p>
<p>I will let you judge whether or not I justified the decision to use C.</p>
<p>But one of my programmer idols, <a href="https://daniel.haxx.se/blog/about/">Daniel Stenberg</a>, recently <a href="https://daniel.haxx.se/blog/2023/12/13/making-it-harder-to-do-wrong/">wrote about his
experience writing C and how well he did</a>.</p>
<p>Well, I do have a <a href="https://git.gavinhoward.com/gavin/bc">C codebase</a> in <a href="/2023/02/my-code-conquered-another-os/">“wide” use</a>, and while it is not nearly
as old or widely used as <a href="https://curl.se/">curl</a>, it is still data.</p>
<p>I have kept careful track of all “C mistakes” (as Daniel put it), and <a href="https://git.gavinhoward.com/gavin/bc/src/branch/master/MEMORY_BUGS.md">there are
six</a>, about 1 per year. (I started <code>bc</code> in January 2018.)</p>
<p>Daniel compares his work against the <a href="https://www.zdnet.com/article/microsoft-70-percent-of-all-security-bugs-are-memory-safety-issues/">70%</a> <a href="https://www.zdnet.com/article/chrome-70-of-all-security-bugs-are-memory-safety-issues/">number</a>, so I’ll do the same.</p>
<div class="note">
<p>Those links say 70% of all <em>security bugs</em>, but since my <code>bc</code>/<code>dc</code> does not have
the <code>!</code> command (to spawn processes) and only reads files, not writes them
(except <code>stdout</code>), it’s hard to actually turn a memory safety issue into a
security bug, even if it’s possible.</p>
<p>And I gotta count <em>something</em>, so I’ll just count all bugs. C is so unsafe that
all bugs could be security bugs anyway.</p>
</div>
<p>Okay, so we have six C bugs; how many bugs do we have total?</p>
<div class="warning">
<p>This information is up-to-date as of the publication of this post.</p>
</div>
<p>On my <a href="https://git.gavinhoward.com/">personal code forge</a>, the <a href="https://git.gavinhoward.com/gavin/bc/issues?page=1&q=&type=all">issue count</a> is four, and one of those
is not a bug, but a <a href="https://git.gavinhoward.com/gavin/bc/issues/9">rant from someone</a> who doesn’t like my copyright notice
policy.</p>
<p>So three issues (<a href="https://git.gavinhoward.com/gavin/bc/issues/3">#3</a>, <a href="https://git.gavinhoward.com/gavin/bc/issues/8">#8</a> and <a href="https://git.gavinhoward.com/gavin/bc/issues/15">#15</a>), none of which are any of the
six C bugs.</p>
<p>Let’s look at <a href="https://git.gavinhoward.com/gavin/bc/pulls">pull requests on my personal code forge</a>.</p>
<p>There are five, two of which are for the same problem: whether to use POSIX 2008
and not use <code>_XOPEN_SOURCE</code> (<a href="https://git.gavinhoward.com/gavin/bc/pulls/1">#1</a> and <a href="https://git.gavinhoward.com/gavin/bc/pulls/2">#2</a>).</p>
<p>There is also another that is not <em>technically</em> a bug (<a href="https://git.gavinhoward.com/gavin/bc/pulls/6">#6</a>) since it just
silences a Clang warning.</p>
<p>Those could be classified as bugs or not, but I won’t count them to not inflate
my numbers.</p>
<p>So two pull requests (<a href="https://git.gavinhoward.com/gavin/bc/pulls/5">#5</a> and <a href="https://git.gavinhoward.com/gavin/bc/pulls/7">#7</a>) are for bugs, neither of which are
one of the six C bugs.</p>
<p>So three issues and two pull requests for bugs: five total.</p>
<p>Now let’s look at <a href="https://github.com/gavinhoward/bc">GitHub</a>.</p>
<p>There are <a href="https://github.com/gavinhoward/bc/issues?q=is%3Aissue+">38 issues</a>.</p>
<p>I classified 17 as not bugs:</p>
<ul>
<li><a href="https://github.com/gavinhoward/bc/issues/2">#2</a> (manual problem)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/29">#29</a> (feature request)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/30">#30</a> (release problem)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/32">#32</a> (license problem)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/33">#33</a> (<code>README</code> problem)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/37">#37</a> (question)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/43">#43</a> (feature request)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/45">#45</a> (packaging problem)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/46">#46</a> (release problem)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/47">#47</a> (feature request)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/52">#52</a> (release problem)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/58">#58</a> (question)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/59">#59</a> (praise and suggestion)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/61">#61</a> (bug in downstream test code)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/66">#65</a> (question)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/69">#69</a> (feature request)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/70">#70</a> (feature request)</li>
</ul>
<p>And I classified 21 as bugs:</p>
<ul>
<li><a href="https://github.com/gavinhoward/bc/issues/1">#1</a> (build bug)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/3">#3</a> (build bug)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/31">#31</a></li>
<li><a href="https://github.com/gavinhoward/bc/issues/34">#34</a> (build bug)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/35">#35</a> (build bug)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/36">#36</a> (test bug)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/39">#39</a></li>
<li><a href="https://github.com/gavinhoward/bc/issues/40">#40</a></li>
<li><a href="https://github.com/gavinhoward/bc/issues/41">#41</a> (test bug)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/42">#42</a></li>
<li><a href="https://github.com/gavinhoward/bc/issues/48">#48</a></li>
<li><a href="https://github.com/gavinhoward/bc/issues/50">#50</a></li>
<li><a href="https://github.com/gavinhoward/bc/issues/53">#53</a> (build bug)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/55">#55</a></li>
<li><a href="https://github.com/gavinhoward/bc/issues/56">#56</a> (build bug)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/60">#60</a> (build bug)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/62">#62</a> (test bug)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/63">#63</a> (build bug)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/64">#64</a></li>
<li><a href="https://github.com/gavinhoward/bc/issues/67">#67</a> (build bug)</li>
<li><a href="https://github.com/gavinhoward/bc/issues/71">#71</a> (build bug)</li>
</ul>
<p>If <code>bc</code> failed to build on a platform it previously built on, or had some other
unexpected build problem, I usually classify those as bugs.</p>
<p>Those bugs are labelled with “build bug” above.</p>
<p>Same thing with “test bug” items; those are items where the problem was in the
test suite.</p>
<div class="note">
<p>Of the issues and pull requests on my personal code forge, all of the issues
(<a href="https://git.gavinhoward.com/gavin/bc/issues/3">#3</a>, <a href="https://git.gavinhoward.com/gavin/bc/issues/8">#8</a> and <a href="https://git.gavinhoward.com/gavin/bc/issues/15">#15</a>) are build or test bugs, and both pull
requests (<a href="https://git.gavinhoward.com/gavin/bc/pulls/5">#5</a> and <a href="https://git.gavinhoward.com/gavin/bc/pulls/7">#7</a>) are for real bugs.</p>
</div>
<p>I’ll run numbers later with both types removed as bugs.</p>
<p>Now, for <a href="https://github.com/gavinhoward/bc/pulls?page=2&q=is%3Apr">GitHub pull requests</a>: there are 34.</p>
<p>I classified 23 as not bugs:</p>
<ul>
<li><a href="https://github.com/gavinhoward/bc/pull/5">#5</a> (build improvement, but not a bug)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/9">#9</a> (build improvement, but not a bug)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/10">#10</a> (build improvement, but not a bug)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/11">#11</a> (build improvement, but not a bug)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/13">#13</a> (feature request)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/15">#15</a> (feature request)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/16">#16</a> (feature request)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/17">#17</a> (feature request)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/18">#18</a> (feature request)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/19">#19</a> (feature request)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/20">#20</a> (feature request)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/21">#21</a> (feature request)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/22">#22</a> (feature request)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/23">#23</a> (feature request)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/24">#24</a> (style fixes)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/26">#26</a> (translation addition)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/28">#28</a> (typo fix)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/38">#38</a> (refactoring)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/49">#49</a> (typo fix)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/54">#54</a> (build improvement, but not a bug)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/57">#57</a> (documentation fix)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/68">#68</a> (feature request)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/72">#72</a> (feature request)</li>
</ul>
<p>And I classified 11 as bugs:</p>
<ul>
<li><a href="https://github.com/gavinhoward/bc/pull/4">#4</a> (build bug)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/6">#6</a></li>
<li><a href="https://github.com/gavinhoward/bc/pull/7">#7</a> (build bug)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/8">#8</a></li>
<li><a href="https://github.com/gavinhoward/bc/pull/12">#12</a> (build bug)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/14">#14</a></li>
<li><a href="https://github.com/gavinhoward/bc/pull/25">#25</a></li>
<li><a href="https://github.com/gavinhoward/bc/pull/27">#27</a> (build bug)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/44">#44</a> (test bug)</li>
<li><a href="https://github.com/gavinhoward/bc/pull/51">#51</a></li>
<li><a href="https://github.com/gavinhoward/bc/pull/65">#65</a></li>
</ul>
<div class="note">
<p>It may seem like <a href="https://github.com/gavinhoward/bc/pull/14">#14</a> was not a bug, but a compiler could have considered
the mistake as undefined behavior.</p>
</div>
<p>In addition, since my <code>bc</code> is used on FreeBSD, <a href="https://bugs.freebsd.org/bugzilla/buglist.cgi?email1=gavin%40gavinhoward.com&emailcc1=1&emailtype1=equals&list_id=659496&query_format=advanced&order=bug_id&query_based_on=">there are five bugs reported
there</a>.</p>
<p>I have classified two as not bugs:</p>
<ul>
<li><a href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264010">264010</a> (feature request)</li>
<li><a href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264501">264501</a> (documentation problem)</li>
</ul>
<p>And I have classified three as bugs:</p>
<ul>
<li><a href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266791">266791</a></li>
<li><a href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267051">267051</a></li>
<li><a href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268076">268076</a></li>
</ul>
<p><a href="https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268076">268076</a>, in particular, has <em>three</em> bugs; all of which were separate and
reported by the same user in the course of trying to fix things. Also, it is not
a memory bug because the pointer that caused the crash was explicitly
initialized to <code>NULL</code>.</p>
<p>In addition, there is one issue that that was reported on my personal code forge
that I lost through poor system administration. It was #10, and it was titled:</p>
<blockquote>
<p>“scale” not set correctly with -l when first command is a syntax error</p>
</blockquote>
<p>and I fixed it in <a href="https://git.gavinhoward.com/gavin/bc/commit/299a4fd353"><code>299a4fd353</code></a>.</p>
<p>This one was a real bug.</p>
<p>And that takes care of any bugs that I know were reported.</p>
<p>So I have:</p>
<ul>
<li><strong>3</strong> issues from my code forge.</li>
<li><strong>2</strong> pull requests from my code forge.</li>
<li><strong>21</strong> issues from GitHub.</li>
<li><strong>11</strong> pull requests from GitHub.</li>
<li><strong>5</strong> bugs from <strong>3</strong> issues from <a href="https://bugs.freebsd.org/">https://bugs.freebsd.org/</a>.</li>
</ul>
<p>And since the six C bugs were actually reported by <em>nobody</em>, but found by
myself, we can add them to the total.</p>
<p>So we have 48 bugs, six of which are C bugs. That’s 12.5%, far better than the
average of 70%.</p>
<p>However, that includes build and test bugs, of which there are 21. If we take
them out, we have 27 bugs left, and 6 of 27 is 22.2%, still far better than
average.</p>
<p>And this is where I get to whine!</p>
<p>You see, I’ve only included bugs that were reported on code forges; what about
bugs in releases that I found myself? I found <em>all six</em> of the C bugs myself, so
why shouldn’t bugs I found myself?</p>
<p>So let’s do that.</p>
<p>After doing a grep on my Git log for “bug”, “Bug”, “issue”, “Issue”, “crash”,
“Crash”, “fix”, and “Fix”, grabbing a rough estimation of what was actually in a
release, and then removing duplicates (including for reported bugs), I got this
list:</p>
<ul>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/f3e5367e1f1"><code>f3e5367e1f1</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/f4b43239652"><code>f4b43239652</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/ff24cbb8332"><code>ff24cbb8332</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/945873ddc95"><code>945873ddc95</code></a> (see also <a href="https://git.gavinhoward.com/gavin/bc/commit/54c0facdce8"><code>54c0facdce8</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/54c0facdce8"><code>54c0facdce8</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/85ac0e9cbed"><code>85ac0e9cbed</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/9e5ae8441f7"><code>9e5ae8441f7</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/bc5d89e41f9"><code>bc5d89e41f9</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/d1f5f355599"><code>d1f5f355599</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/2e9146cc105"><code>2e9146cc105</code></a> (build bug)</li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/8e787bc56de"><code>8e787bc56de</code></a> (see also <a href="https://git.gavinhoward.com/gavin/bc/commit/aa19025bab1"><code>aa19025bab1</code></a>)</li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/ae186e65ad3"><code>ae186e65ad3</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/0c1abbe6dff"><code>0c1abbe6dff</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/52670bd9b9a"><code>52670bd9b9a</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/1156cd1bdee"><code>1156cd1bdee</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/77ef954773c"><code>77ef954773c</code></a> (build bug)</li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/8850fa7919f"><code>8850fa7919f</code></a> (build bug)</li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/8a1d001dcfc"><code>8a1d001dcfc</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/701068c5a5a"><code>701068c5a5a</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/c82e10fa686"><code>c82e10fa686</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/4d3505dbcd7"><code>4d3505dbcd7</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/1d8f1e5f77d"><code>1d8f1e5f77d</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/f46644247f9"><code>f46644247f9</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/f22634b3185"><code>f22634b3185</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/3d192692a3c"><code>3d192692a3c</code></a> (test bug)</li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/f60ce30fd5c"><code>f60ce30fd5c</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/4277d5ad1a3"><code>4277d5ad1a3</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/81905ee8e22"><code>81905ee8e22</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/e0fb717308e"><code>e0fb717308e</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/04ef32e888f"><code>04ef32e888f</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/3a66b416bd1"><code>3a66b416bd1</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/e9ff9a45f5d"><code>e9ff9a45f5d</code></a> (test bug)</li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/26daf98c4ef"><code>26daf98c4ef</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/2b65eb21cfc"><code>2b65eb21cfc</code></a> (build bug)</li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/8e83f103a8d"><code>8e83f103a8d</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/f71970ae6a7"><code>f71970ae6a7</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/107c53112d4"><code>107c53112d4</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/78bc9d0c742"><code>78bc9d0c742</code></a> (see also <a href="https://git.gavinhoward.com/gavin/bc/commit/2484c9b6001"><code>2484c9b6001</code></a> and <a href="https://git.gavinhoward.com/gavin/bc/commit/92ce6d79ec9"><code>92ce6d79ec9</code></a>)</li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/96f6dc9e539"><code>96f6dc9e539</code></a> (test bug)</li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/51ca77bd1a1"><code>51ca77bd1a1</code></a> (build bug)</li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/21641355b30"><code>21641355b30</code></a> (build bug)</li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/37e3d2ad7e9"><code>37e3d2ad7e9</code></a> (test bug)</li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/2555a5e66dc"><code>2555a5e66dc</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/da4a533759a"><code>da4a533759a</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/b56c24c20e9"><code>b56c24c20e9</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/61e990a4002"><code>61e990a4002</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/2092821da59"><code>2092821da59</code></a></li>
<li><a href="https://git.gavinhoward.com/gavin/bc/commit/be2f6afca33"><code>be2f6afca33</code></a></li>
</ul>
<p>It may have some non-release bugs in there, but it’s also probably not complete,
so whatever.</p>
<p>Anyway, there are 48 bugs there, so we now have a total of 96. Six of 96 is
6.25%.</p>
<p>If we take out the build and test bugs, we have 37 of the new bugs plus 27 old
ones, which is 64. Six of 64 is 9.375%.</p>
<p>So with those numbers, am I a good C programmer?</p>
<p>I’ll let you decide.</p>
<p>But I’ll just add this: if this is what I can do in my spare time, imagine what
I could do if I got <em>paid</em>.</p>
<hr>
<p>Okay, I am <em><strong>NOT</strong></em> a good C programmer; I just <em>may</em> be better than average.</p>
<p><a href="https://en.wikipedia.org/wiki/Betteridge's_law_of_headlines">Betteridge’s Law</a> still holds.</p>A Decade of Developing a Programming Language: A Response Responsehttps://gavinhoward.com/2023/12/a-decade-of-developing-a-programming-language-a-response-response/Gavin D. Howard2023-12-01T11:42:43-07:002023-12-01T11:42:43-07:00Two people wrote posts about developing programming languages for a decade. I did too, so I wrote one of my own.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Programmers.</p>
<p>Discuss on <a href="https://news.ycombinator.com/item?id=38490651">Hacker News</a> and <a href="https://old.reddit.com/r/programming/comments/188jfmh/a_decade_of_developing_a_programming_language_a/?">Reddit</a>.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Confident-ish.</p>
</div>
<h2 id="introduction">Introduction</h2>
<p>So I saw <a href="https://yorickpeterse.com/articles/a-decade-of-developing-a-programming-language/">“A Decade of Developing a Programming Language”</a> and read it.</p>
<div class="note">
<p>Yeah, I changed the title capitalization. Deal with it.</p>
</div>
<p>Then I saw <a href="https://www.ncameron.org/blog/a-response-to-a-decade-of-developing-a-programming-language/">“A Response to ‘A Decade of Developing a Programming Language’”</a>
and realized that such posts are hype right now.</p>
<p>So I’ll hop on that train.</p>
<h2 id="history">History</h2>
<p>In late 2012, I was getting fed up with C++ in college, so I decided to develop
my own language.</p>
<p>Eleven years later, it is still under wraps. <em>Sigh…</em></p>
<div class="note">
<p>But I’m close!</p>
</div>
<p>So yeah, I’ve <em>also</em> spent a decade developing a language.</p>
<p>And I did write a comment on Hacker News for the first, but it is better as a
blog post.</p>
<h2 id="items-from-the-original">Items from the Original</h2>
<p>First, let’s critique items from the original.</p>
<h3 id="avoid-gradual-typing">Avoid Gradual Typing</h3>
<p>Absolutely.</p>
<p>I had gradual typing and abandoned it. Gradual typing is not as good as simple
Go-like inference, and that simple inference is easy to implement and takes care
of 95% of the “problem.”</p>
<p>However, you also need one or more dynamic typing escape hatches. When I
implemented a config file format by tweaking JSON, I had to implement dynamic
typing in C.</p>
<h3 id="avoid-self-hosting-your-compiler">Avoid Self-Hosting Your Compiler</h3>
<p>It depends.</p>
<p>You probably should avoid it by default, unless your language is just so much
better than the original. Rust is an example of this (compared to C++).</p>
<p>I’m writing in C, and <a href="https://gavinhoward.com/2023/02/why-i-use-c-when-i-believe-in-memory-safety/">I want memory safety</a>, so bootstrapping makes sense
for me.</p>
<h3 id="avoid-writing-your-own-code-generator-linker-etc">Avoid Writing Your Own Code Generator, Linker, etc.</h3>
<p>This is <em>excellent</em> advice! Use the standard tools. You’ll get free stuff, like
excellent debuggers and such.</p>
<p>Of course, me being me, I’m breaking it. :) I am trying a different distribution
method, where you distribute an LLVM-like IR, and the end machine then generates
the machine code on first run. In that case, there’s no linker necessary, but I
do have to write my own code generator. Fun.</p>
<p>So the original post is right, but so is the response.</p>
<h3 id="avoid-bike-shedding-about-syntax">Avoid Bike Shedding About Syntax</h3>
<p>Yes, absolutely.</p>
<p><em>However!</em> The response post is <em>also</em> right.</p>
<p>Syntax is the user interface of a programming language.</p>
<p>The best treatment of UI is to have a bevevolent dictator (<a href="https://en.wikipedia.org/wiki/Benevolent_dictator_for_life">BDFL</a>) with
<a href="http://www.paulgraham.com/taste.html">taste</a> and with good listening skills make decisions by fiat.</p>
<p>Both of those traits are important.</p>
<p>First, they must have good taste or they can’t make <em>any</em> design good.</p>
<p>Second, they must listen because <em>users</em> are more important than <em>art</em>. If the
users struggle with the UI, then the BDFL should change the UI to meet the users
where they are at.</p>
<p>Third, they need to make decisions by fiat because bike shedding can be endless
and stifling.</p>
<p>Do this right, and your UI’s will be consistent (because one good designer
controls them) but user-friendly.</p>
<p>Programming language syntax should operate the same way: have a BDFL with those
traits that has all power.</p>
<p>Yes, they should listen, so some bike shedding will happen. And <em>should</em> happen.</p>
<p>And then, at some point, the BDFL should decide that he’s listened enough and
make a decision.</p>
<p>For my part, I bikeshedded a lot, but the syntax still changed after that
because I didn’t listen.</p>
<h3 id="cross-platform-support-is-a-challenge">Cross-Platform Support Is a Challenge</h3>
<p>Yes, in more ways than one.</p>
<p>First, you have to somehow generate code for all of the platforms, then you have
to make sure your library works on all of the platforms too.</p>
<p>However, I agree more with the response that doing so upfront does improve the
design.</p>
<p>I have a good API for multiplexing items (a replacement for async stuff,
really), and it arose out of studying the Windows and POSIX API’s and figuring
out something that would work on both.</p>
<h3 id="compiler-books-arent-worth-the-money">Compiler Books Aren’t Worth the Money</h3>
<p>Yes, but please do read <a href="https://craftinginterpreters.com/"><em>Crafting Interpreters</em></a>.</p>
<p>Anyway, getting a simple parser and bytecode generator (or LLVM codegen) is the
simple part of making a language. Then you need to make it robust, and no one
talks about that.</p>
<p>Maybe I should write a blogpost about that once my language stabilizes.</p>
<h3 id="growing-a-language-is-hard">Growing a Language Is Hard</h3>
<p>Yes, absolutely. He mentioned two ways it needs to grow: libraries and users.</p>
<p>You can design a language to be easy to grow via libraries. See <a href="https://www.youtube.com/watch?v=lw6TaiXzHAE">“Growing a
Language”</a> by Guy Steele.</p>
<p>I went the extra mile with this, and user code can add its own keywords and
lexing code. So growing my language is “easy.”</p>
<div class="note">
<p>That’s not to say that getting here was easy; it was <em>excruciating</em> because the
design to do so took me years of learning to figure out and implement.</p>
<p>This is the biggest reason my language is not available yet.</p>
</div>
<p>But growing the userbase? That’s hard. You need to have a plan, and the best
plan is to solve a massive pain point, or multiple. I’m targeting multiple.</p>
<p>First, I’m targeting shell; my language can shell out as easily as shells, or
even more easily, but it’s a proper language with strong static type checking.
If there are people who want that instead of bash, they’ll get it. And there’s a
lot of <code>bash</code> people might want to replace.</p>
<p>Second, I’m targeting build systems. My language is so easy to grow, I’ve
implemented a build system DSL, and then I put a build system on top.</p>
<p>Shell and build systems are both things people hate but use a lot. These are
good targets.</p>
<p>Anyway, if I were to critique the original (and response), it’s that they were
both right that growing a userbase is hard with no shortcuts, but it <em>is</em>
possible to make growing a language easy.</p>
<h3 id="the-best-test-suite-is-a-real-application">The Best Test Suite Is a Real Application</h3>
<p>I agree with the response here: the best test suite is a <em>real</em> test suite <em>and</em>
a <em>bunch</em> of applications.</p>
<p>My language’s own build scripts are the first real program written in it. I’m
also going to replace every shell script on my machine with my language, and
most of them will make it into the formal test suite.</p>
<p>And this brings up another point: a “real” application doesn’t have to be big;
it just has to do something <em>useful</em>.</p>
<p>The smaller the applications, the better, if they are useful.</p>
<h3 id="dont-prioritize-performance-over-functionality">Don’t Prioritize Performance over Functionality</h3>
<p>Both the original and the response are correct.</p>
<p>The original is correct in that you shouldn’t prioritize performance of programs
written in your language.</p>
<p>But the response is correct that making a slow compiler fast is difficult.</p>
<p>My personal advice: implement an interpreter first; you won’t depend on LLVM
(<em>shudder</em>), and you can easily add more functionality. And do think about the
performance of your compiler upfront, but not <em>too</em> hard.</p>
<h3 id="building-a-language-takes-time">Building a Language Takes Time</h3>
<p>I’ve taken 11 years, and there’s no release yet. Yes, this is true.</p>
<p><em>cries in the corner</em></p>
<h2 id="items-from-the-response">Items from the Response</h2>
<p>The response also has extra items.</p>
<p>And actually…I have no critiques; they are all correct in my opinion!</p>
<p>Of course, that doesn’t mean I will have the same audience and goals as the
author, so I may not care about the same details, but the items are correct.</p>
<h2 id="and-my-own-advice">And My Own Advice</h2>
<p>Yes, I <em>also</em> have my own advice.</p>
<p>There’s just one item: <strong>get your programming language in front of users as fast
as possible</strong>. You need feedback from users.</p>
<p>That’s right; my advice is to <em>not</em> do what I have done.</p>
<h2 id="conclusion">Conclusion</h2>
<p>Even though I’m making a competitor, I wish both of these authors good luck!</p>
<p>And if you want to make a language, but would also like feedback, feel free to
<a href="/contact/">contact me</a>; I’d love to have programming language pen pals.</p>How to Fund FOSS, Save It from the CRA, and Improve Cybersecurityhttps://gavinhoward.com/2023/11/how-to-fund-foss-save-it-from-the-cra-and-improve-cybersecurity/Gavin D. Howard2023-11-28T23:58:28-07:002023-11-28T23:58:28-07:00The CRA may kill Open Source. But what if I told you that there is a way to not only save FOSS, but fund it, while still improving cybersecurity, would you believe me?<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Hackers, programmers, and anyone in the tech
industry. But especially EU-level politicians who might vote on the <a href="https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act">CRA</a>.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Only somewhat confident, but absolutely
confident that the ideas herein have some chance of improving the status quo.</p>
<p>Discuss on <a href="https://news.ycombinator.com/item?id=38456438">Hacker News</a> and <a href="https://old.reddit.com/r/programming/comments/186jjqf/how_to_fund_foss_save_it_from_the_cra_and_improve/?">Reddit</a>.</p>
<p>Please send this post to EU politicians.</p>
</div>
<h2 id="introduction">Introduction</h2>
<p><a href="https://edri.org/wp-content/uploads/2023/06/CRA-Vulnerability-Handling-Open-Letter.pdf">Programmers</a> <a href="https://www.internetsociety.org/blog/2022/10/the-eus-proposed-cyber-resilience-act-will-damage-the-open-source-ecosystem/">are</a> <a href="https://blog.opensource.org/the-ultimate-list-of-reactions-to-the-cyber-resilience-act/"><em><strong>terrified</strong></em></a>. And rightfully so.</p>
<p>There is a monster, a colossus that may sweep into the shining City of Open
Source and trample it all with less care than Godzilla.</p>
<p>This beast is the child of desire for better software, but it has grown into a
caricature with the opposite effect.</p>
<p>This leviathan freak is Europe’s <a href="https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act">Cybersecurity Resilience Act</a>.</p>
<p>There’s a lot of bad (and you should read about it), but to speedrun the parts I
care about:</p>
<ul>
<li>All software (“digital products”) must meet “essential cybersecurity
requirements.”</li>
<li>“Critical” software must be <em>certified</em>.</li>
</ul>
<p>Okay, doesn’t sound too bad, right? We <em>all</em> want companies to improve…</p>
<p><code><whisper></code><em>It includes Open Source software that take donations.</em><code></whisper></code></p>
<p>Son of another rippin’ sandstorm! That’s a <em>disaster!</em></p>
<h2 id="the-solution">The Solution</h2>
<p>So what if I told you there is a solution that would not only <em>save</em> Open
Source, but fund it <em>and</em> improve cybersecurity? Would you believe me?</p>
<p>If you don’t, well, you can quit reading now and pretend ignorance. <a href="https://www.youtube.com/watch?v=mnMQk3VPbpM&t=54s">And don’t
let the boot hit you on the way out.</a></p>
<p>But if you are at least curious, you probably think there is a catch.</p>
<p>I won’t bury it; the catch is this: <strong>we must <em>own</em> the responsibility society
is trying to give us and <em>act like it!</em></strong></p>
<h3 id="accepting-liability">Accepting Liability</h3>
<p>Oh, you don’t know what taking responsibility <em>means</em>?</p>
<p><code><mutter></code><em>Kids these days.</em><code></mutter></code></p>
<p>The meaning of responsibility is <strong>accepting liability if you get paid</strong>.</p>
<p>That’s it. That is all.</p>
<p>If you make it and sell it, you better make it right.</p>
<div class="note">
<p>In <em>both</em> senses of “making it right.”</p>
</div>
<h3 id="a-legal-framework">A Legal Framework</h3>
<p>Of course, if we’re going to do this, we need <em>some</em> system, and the CRA
obviously ain’t it.</p>
<p>People talk about the CRA being “vague” and “broad,” but those terms are nigh
nonsensical.</p>
<p>Let me lay out why the CRA is bad: it creates liability between parties that may
have no business relationship!</p>
<p>You could take FOSS that I wrote, and if I happen to accept donations, I’m now
liable to <em>you</em> even though you paid me <em>nothing</em>.</p>
<p>“But Gavin, we do the same thing for products.”</p>
<p>Not really.</p>
<p>Yes, a physical product does still need to meet minimum standards. But if you
get a physical thing for free from someone else (free couch on the curb,
anyone?), that person no longer has any claim on the manufacturer.</p>
<p>Software is different. If I give you some software from someone else, that does
not deprive me of that software, so the author is now liable for us both.</p>
<p>Liability for software can grow without bound.</p>
<p>In addition, software is <a href="https://en.wikiquote.org/wiki/Fred_Brooks#The_Mythical_Man-Month:_Essays_on_Software_Engineering_(1975,_1995)">“pure thought-stuff”</a>, so it is <em>not</em> limited by
physical constraints, for the most part. This means that software can become
more complex than the most complex physical objects we could build.</p>
<div class="note">
<p>Example: you make a physically accurate physics engine. And then add a dragon to
it.</p>
</div>
<p>Anyway, software is different, and we need a different legal framework.</p>
<h4 id="fault-flow-matches-money-flow">Fault Flow Matches Money Flow</h4>
<p>So let’s use fault flow, er, <em>liability protection</em>, to fix the CRA.</p>
<p>With the CRA as it is, you are basically liable to <em>all of society as a whole</em>.</p>
<p>That cannot work; that is unsustainable, maybe even for the largest companies!</p>
<div class="note">
<p>Even as someone who wishes for proper liability in the industry, that thought is
<em>petrifying!</em></p>
</div>
<p>So the most important change we need to make to the CRA is that <strong>fault should
only flow <a href="https://en.wikipedia.org/wiki/Upstream_(software_development)">upstream</a> when <em>money</em> does</strong>.</p>
<p>If there is no monetary business relationship, the software author should have
zero liability.</p>
<div class="note">
<p>Barring negligence and malice.</p>
<p>No poisoning free cookies, <a href="https://en.wikipedia.org/wiki/Alice_and_Bob#Cast_of_characters">Mallory</a>.</p>
</div>
<p>This one simple change saves Open Source. Period. No questions asked.</p>
<p>Why? Because Open Source projects don’t have business relationships. At least,
the ones we care about don’t.</p>
<p>Most importantly, our <a href="https://xkcd.com/2347/">Nebraska rando</a> will be saved from lawsuits!</p>
<p>One little detail that we must not forget: since fault flow matches money flow,
that means that whenever money <em>does</em> flow, whoever receives it <em>must</em> accept
liability.</p>
<p>This is the part that gives this teeth, and this is why it needs to be done in
law like the CRA; if contracts could <em>still</em> disclaim liability, they will, so
we need to make it <em>illegal to do so</em>.</p>
<h4 id="money-in-open-source">Money in Open Source</h4>
<p>“But Gavin, a lot of FOSS projects I care about take money, so that requirement
will hurt them.”</p>
<p>Au contraire! It gives them a built-in business model!</p>
<p>Let’s take <a href="https://www.blender.org/">Blender</a> as an example. They get donations from some of the
biggest companies.</p>
<p>Well, those companies pay to ensure Blender works on their hardware (Intel,
Dell, nVidia and AMD), so the liability that the Blender Foundation has is that
Blender will work on that hardware.</p>
<p>😐</p>
<p>Um, yes, that’s what they are already paying for. Blender would have no problem
if this proposal happened. In fact, they might get <em>more</em> money as more studios
that use Blender now must pay or accept liability.</p>
<p>And that is the built-in business model: actual FOSS maintainers would accept
the fault flowing back to them and get paid for it.</p>
<p>Starting a career in FOSS would become almost comically simple: start a business
or non-profit around some software, work on it on the side until it grows enough
revenue to support you full-time, and then quit your day job in favor of your
business.</p>
<p>No <a href="https://news.ycombinator.com/item?id=33584651">fiddling</a> <a href="https://news.ycombinator.com/item?id=33610368">with</a> <a href="https://news.ycombinator.com/item?id=34141912">business</a> <a href="https://github.com/bluewhalesystems/sold">models</a>, no trying to “sell”
your software (for money) or tug on heartstrings to drum up donations.</p>
<p>You make a project, you get programmers to use it for free (“ooh, shiny new
thing!”), and you have a business as soon as they start using your code in
employment.</p>
<p>Like stealing a bone from a puppy.</p>
<p>Of course, people <em>do</em> have to use your software, but I’m not the greatest
salesman, and I <a href="/2023/02/my-code-conquered-another-os/">got a project into Mac OSX</a>. How hard could it be?</p>
<div class="note">
<p>Famous last words.</p>
</div>
<p>“But Gavin, I would still have to found a business or a non-profit!”</p>
<p>Well, yeah, receiving money is <em>work</em>.</p>
<p>But after having spun up <a href="https://yzena.com/">an LLC</a> with the ability to receive money, I can
say that it’s not too hard.</p>
<div class="note">
<p>And if there are lawyers out there who use Open Source, you can pay it back by
guiding maintainers in setting up these orgs pro bono. Just sayin'.</p>
</div>
<p>At that point, you have an actual, real-life <em>entity</em> that businesses can send
money to. Businesses <em>love</em> sending money to <em>entities</em> rather than people.</p>
<p>For bonus points, you can use something like <a href="https://xkcd.com/2347/">GnuCash</a> to create “official”
invoices; businesses will snarf that like my wife snarfs sushi!</p>
<p>You get all this for a one-time payment of a week or two of your spare time. And
bits and pieces here and there.</p>
<p>Then if your project is good enough, and companies start using it, they’ll come
to <em>you</em>. Easiest sales ever.</p>
<p>And if nothing happens, well, you didn’t even quit your job, so no biggie.</p>
<p>But in general, I would bet my entire lifetime earnings that:</p>
<ol>
<li>More money would flow into Open Source,</li>
<li>More people would be able to make a living on their FOSS projects.</li>
</ol>
<p>Another example: OpenSSL was <a href="https://www.bankinfosecurity.com/openssl-gets-funding-after-heartbleed-a-6893"><em>sorely</em> lacking funds</a> at the time of
<a href="https://heartbleed.com/">Heartbleed</a>. And they got a measly $9000 <em>after</em>.</p>
<div class="paragraph big_text">
Wut.
</div>
<p>Surely if this proposal became law, OpenSSL would be <em>flooded</em> with cash.</p>
<p>Oh, <em>that</em> would be a good day. And I believe that story would not just
<em>happen</em>, it would be <em>common</em>.</p>
<p>Our <a href="https://xkcd.com/2347/">Nebraska rando</a> would actually get money!</p>
<p>“But I just want to work on my project as a hobby!”</p>
<p>Ah, yes, I feel you. That’s still a good choice.</p>
<p>And this will actually make it <em>easier</em>.</p>
<p>Just don’t set anything up. And if anyone files a bug report or a feature
request that you just don’t want to deal with, simply remind them, “This is my
hobby. Go away.”</p>
<p>They’ll flee to the projects that <em>do</em> accept money, <em>because those projects
will exist</em>, and you’ll have the peace you want with a good hobby and no burn
out from entitled users!</p>
<p>Win-win!</p>
<h4 id="better-software">Better Software</h4>
<p>It gets better; with this proposal, software would <em>magically</em> get better.</p>
<p>I get that you’re worried about your favorite FOSS project that receives
donations.</p>
<p>You may ask, “Would they really be forced to accept liability if they take
money?”</p>
<p>Yep! And that’s a <em>good</em> thing!</p>
<p>FOSS projects would have to hit the brakes on features and stabilize everything;
“it’s not 1.0 yet” or “move fast and break things” are not a valid excuses in
the eyes of the law.</p>
<div class="note">
<p>And that applies to not-so-free software, too!</p>
</div>
<p>This shift would incentivize the “boring” work that makes software great because
if accepting money means putting your neck on the line, I’m sure most code
“ninjas” in FOSS and companies would slacken speed and <em>magically</em> find the time
to make an exceptional test suite.</p>
<p>In other words, by <em>requiring</em> liability, software would get better, almost like
all of the “reasons” companies and FOSS projects gave were excuses all along.</p>
<p>And I’m sure you’d like that, even for your favorite FOSS project.</p>
<h4 id="closing-loopholes">Closing Loopholes</h4>
<p>But besides the <em>work</em> that money would bring (<code><s></code>ugh, how awful!<code></s></code>),
there are a few more problems.</p>
<p><em><strong>First</strong></em>, companies might try to claim that they are not distributing
software if they have a web app or something similar.</p>
<p>Personally, I think that if the software is available for public use, it should
count, and those users deserve the same things. If it’s a web app, or an arcade
machine, OEM software, or even a IoT toaster, it counts.</p>
<p><em><strong>Second</strong></em>, companies like Google may try to claim that since their services
are “free,” they shouldn’t be subject to the law.</p>
<p>Naw, bruh, we’ll just redefine data and ads as equivalent to money in the case
of digital services and products. If a consumer gives up data, even unknowingly,
or is served ads, they are a user deserving of liability protection. Simple as.</p>
<p><em><strong>Third</strong></em>, how shall we fix the boundless liability problem caused by easily
distributing software?</p>
<p>This one is more complicated and requires politicians to play along.</p>
<p>Because the other thing the law should do is define two types of liability:
<em>direct</em> liability and <em>redistribution</em> liability.</p>
<div class="note">
<p>And the law must only allow those two types; contracts should not override them.</p>
</div>
<p>Direct liability is the liability you think it is: I make software, I give you
software, I take payment, I accept liability for <em>your</em> use of the software. I
am directly liable to you and <em>you only</em>.</p>
<p>But what if my software is a library, and you want to redistribute it as part of
your own program? Should I be liable to your users?</p>
<p>Of course not.</p>
<p>Unless I see as much green and gold as a Kansas cornfield. If you do, I would
give you <em>redistribution</em> liability protection.</p>
<p>At that point, yes, I would be liable to your users for bugs <em>in my library</em>.</p>
<p>“But Gavin, how do we know if it was a bug in the library?”</p>
<p>Wherever the fix was for the problem. If the fix is in my library, I’m liable.
In your app? You’re liable. In both? We’re both liable.</p>
<p>“But perhaps the docs were just not complete?”</p>
<p>Then <em>I</em> am liable. If I didn’t document my library enough for you to use it
correctly, that’s on <em>me</em> because complete documentation is something a
professional should create.</p>
<div class="note">
<p>Yes, I went there. Write complete docs for your projects, people!</p>
</div>
<p>Now, say I had a library, and <em>you</em> had a library that used mine. Say you got
redistribution liability from me and distributed your library to a company that
built an app using your library. Then that company distributes the app to the
public.</p>
<p>Obviously, I am liable to that third-party company because you redistributed
directly to them. But am I liable to that company’s users?</p>
<p>The answer should be <strong>no</strong>.</p>
<p>Redistribution liability must be only <em>one</em> level. This is key to preventing
boundless liability.</p>
<p>But it also will have two good side effects.</p>
<p>In our example, that third-party company <em>must</em> figure out what their transitive
dependencies are because they need redistribution liability from <em>all</em> of them.</p>
<p>So they get redistribution liability from you, and then they get redistribution
liability from me.</p>
<p>We both get paid! Hooray! And I get paid twice as much because my library was
more foundational!</p>
<div class="note">
<p>This would partially solve <a href="https://daniel.haxx.se/">Daniel Stenberg</a>’s <a href="https://daniel.haxx.se/blog/2022/01/17/enforcing-the-pyramid-of-open-source/">Open Source Pyramid
Problem</a> since foundational software used everywhere would naturally
accumulate more funds instead of the reverse.</p>
</div>
<p>That’s the first good side effect.</p>
<p>The second is like unto it: companies would actually figure out what
dependencies they have! Complete <a href="https://www.synopsys.com/blogs/software-security/software-bill-of-materials-bom.html">Software Bills of Material</a> would be
the rule, not the exception. And people would have a reason for cutting down
excessive dep trees.</p>
<h2 id="should-we-just-kill-the-cra">Should We Just Kill the CRA?</h2>
<p>“Why can’t we just <em>not</em> have liability like it is now?”</p>
<p><a href="https://www.youtube.com/watch?v=cHtahok84BA">Society don’t care.</a> People with power don’t care.</p>
<p>Alas, high-class turn to grass your sorry working class mass enmasse if you make
morass that cause impasse and harass the brass in first-class.</p>
<p>And besides, is our current system working?</p>
<p>No, it’s not. Our software is terrible. Disclaiming liability is <em>not</em> working.</p>
<p>In fact, my personal opinion is that Microsoft’s worst sin was not using its
monopoly power to push Windows or IE or Office; it was using its monopoly power
to normalize disclaiming liability <em>even when you pay</em>.</p>
<p>Absolutely ludicrous.</p>
<p>Now, I know what you’re thinking; you think responsibility is a dirty
four-letter word.</p>
<div class="note">
<p>When it’s shortened to r12y, anyway.</p>
</div>
<p>But if you think that, you’re a <em>fool</em>. And I’mma show you why.</p>
<p>First, even the US Federal Government is <a href="https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf">trying to do something</a>. It’s
obvious that society thinks the tech industry has <a href="https://en.wikipedia.org/wiki/Jumping_the_shark">jumped the shark</a>, and
it’s not a baby shark either; it’s a <a href="https://en.wikipedia.org/wiki/Megalodon">Meg</a>.</p>
<p>Techies, and tech industrialists, <a href="/2022/10/we-must-professionalize-programming-to-preserve-society-and-computing-freedom/#we-made-this-world"><em>we</em> are responsible for this</a>. It’s <em>our</em>
fault.</p>
<p>We have to <em>own</em> that responsibility.</p>
<p>Because society will <em>compel</em> us to.</p>
<h3 id="forced-responsibility">Forced Responsibility</h3>
<p>If you retort that society won’t compel us to own responsibility because we have
no <em>legal</em> responsibility, you are a <em>fool!</em></p>
<p>I mean, yes, with laws as they are, we don’t, but the CRA shows that society
seems stupid bent on giving us that legal responsibility.</p>
<p>Why is society going that direction? Well…</p>
<blockquote>
<p>We rule the world.</p>
<p>The world doesn’t know this yet. <em>We</em> don’t quite know it yet.</p>
<p>Other people believe that they rule the world, but they write the rules down,
and they hand them to us. And then we write the rules that go into the
machines that execute everything that happens on this planet nowadays.</p>
<p>No law can be enacted without software; no law can be <em>enforced</em> without
software. No government can act without software.</p>
<p>We rule the world.</p>
<p>– <a href="https://youtu.be/ecIWPzGEbFc?t=4464">Uncle Bob Martin, “The Future of Programming”</a></p>
</blockquote>
<p>Society has learned that <em>we</em> have the power to rule the world, and they want
that power back.</p>
<p>Yes, that’s right: this is a power struggle, the kind of clash with the highest
stakes and the vilest tactics.</p>
<p>Oh, and on one side is all of society, including governmental nation-state
actors with <em>mammoth</em> power who intend to keep it.</p>
<p>We, as an industry, might be “powerful,” but when society decides to use actual
<em>force</em> on us, we won’t stand a chance.</p>
<blockquote>
<p>You and I could go to jail for the code we write.</p>
<p>– <a href="https://www.youtube.com/watch?v=LmRl0D-RkPU&t=1795s">Uncle Bob Martin, Voxxed CERN 2019 Keynote</a></p>
</blockquote>
<p>Oh, you think it won’t happen? Well, let’s expand Uncle Bob’s above quote about
the <a href="https://en.wikipedia.org/wiki/Volkswagen_emissions_scandal">Volkswagen emissions scandal</a>:</p>
<blockquote>
<p>…The CEO of Volkswagen North America…said, and I quote, “Well, it was just
a couple of software developers who did it for whatever reason.”</p>
<p>Now, it <em>was</em> a couple of software developers who did it…so those guys,
whoever they were, they put their fingers on the keyboard, and they typed the
cheating code.</p>
<p>They’re in jail, and they deserve to be in jail.</p>
<p>You and I could go to jail for the code we write.</p>
<p>– <a href="https://www.youtube.com/watch?v=LmRl0D-RkPU&t=1754s">Uncle Bob Martin, Voxxed CERN 2019 Keynote</a></p>
</blockquote>
<p>That’s right: <em><strong>it has already happened!</strong></em></p>
<p>So yeah, you’re a <em>fool</em> if you think that can’t happen to you!</p>
<div class="note">
<p>And I agree: those software developers deserve to be in jail.</p>
</div>
<h3 id="catastrophic-rage">Catastrophic Rage</h3>
<p>But there’s one tiny detail about the Volkswagen emissions scandal that may have
escaped your notice: nobody died.</p>
<p>What if people <em>did</em> die? What if bad software caused a <em>catastrophe</em>?</p>
<div class="note">
<p>Of course, it will have to be a <em>catastrophe</em>, not a <a href="https://cohost.org/mononcqc/post/3647311-paper-you-want-my-p">slow walk of death</a>.</p>
<p>Yes, we are killing people everyday. Think about that and feel ashamed.</p>
</div>
<p>We’ve been lucky so far that events like the <a href="https://en.wikipedia.org/wiki/Boeing_737_MAX_groundings">Boeing 737 MAX scandal</a>, which
<em>did</em> kill people, have not stirred up rage.</p>
<p>Because three years before that scandal, Uncle Bob was prophetic:</p>
<blockquote>
<p>And when [a catastrophe] happens (and it will happen, it has to happen; it’s
just a matter of time), when this happens, the politicians of the world will
rise up, as they should, in righteous indignation, which they should have, and
they will point their fingers right at us, and they will ask us the question,
“How could you have let this happen?”</p>
<p>They won’t point at our managers because our managers will say, “Oh it was
some software guys who did it for whatever reason.”</p>
<p>They will point at us, and they will ask us this question, and we’d better
have an answer for them because if our answer is, “Well, my boss made me do
that,” that is not going to fly!</p>
<p>– <a href="https://en.wikipedia.org/wiki/Pele_(deity)">Uncle Bob Martin, “The Future of Programming”</a></p>
</blockquote>
<p>So we are running on borrowed time. Almost 5 years of borrowed time.</p>
<p>A catastrophe <em>will</em> happen, and if the fury is furious enough, society might
load us all onto a 737 MAX with an incompetent pilot and let it run out of gas
midair. Over a spittin’ volcano.</p>
<div class="note">
<p>And if society decides we deserve that, I’ll gladly be the one to fly that plane
because I think I will agree.</p>
<p>Yes, I include myself in this. <a href="/2023/11/your-loved-ones-are-prisoners-and-you-made-the-chain/#my-legacy">I am not blameless.</a></p>
</div>
<p>Techies, and tech industrialists, we are not ready for the coming catastrophe
and the <strong>pure, pristine rage</strong> that will follow.</p>
<h3 id="digital-chains">Digital Chains</h3>
<p>But even if we are all morqued, we will <em>still</em> be spared; the worst will be yet
to come.</p>
<p>We are <a href="/2023/11/your-loved-ones-are-prisoners-and-you-made-the-chain/">building digital chains</a> <em>right now</em>, and they imprison everyone who
ain’t in the elite club.</p>
<p>For if we are morqued, our loved ones will survive to live in the world we
created.</p>
<p>During the power struggle, power centers will only gather more. And then they’ll
use that power to <a href="https://interestingliterature.com/2021/07/orwell-want-picture-future-imagine-boot-stamping-human-face-meaning-origins-analysis/">stamp on the faces of your loved ones</a>. Forever.
Everywhere.</p>
<p>Yes, that includes you tech industrialists! You think governments are going to
let you act like quasi-governments? Nah, they’ll oppress you too, or merck you
if you fight back.</p>
<p><a href="https://www.nytimes.com/2023/11/23/world/asia/india-assassination-plot.html">Even if you are in a different country.</a></p>
<h3 id="a-warning-to-tech-industrialists">A Warning to Tech Industrialists</h3>
<p>And tech industrialists, while I have your attention, I have another warning for
you.</p>
<p>I know you are <em>loathe</em> to give up your laurels built up by cheating common
people with buggy software.</p>
<p>But these changes are coming <em>regardless</em> because society can only tolerate so
much. So if you want to limit the liability you have, you need to accept <em>some</em>
liability.</p>
<p>How much? The same amount as physical objects at least.</p>
<p>Of course, since software is more complex, it will be more work to get the
equivalent reliability. And since software can do so much, we should hold it to
a higher standard.</p>
<p>If you want a seat at the table to decide, you <em>have</em> to accept that liability
upfront.</p>
<p>No more pushing untested software on consumers, no more updates.</p>
<p>And if you want the least liability possible, this proposal is your best shot.</p>
<p>And Google, you can go to company Hades if you <em>dare</em> to stop the “data and ads
as money” tack!</p>
<h2 id="our-best-chance">Our Best Chance</h2>
<p>So yeah, liability will happen; it’s just a matter of when and how.</p>
<p>Our best chance to survive as an industry, and <em>not</em> meet <a href="https://en.wikipedia.org/wiki/Pele_(deity)">Pele</a> with a
supersonic swan dive, is to get society on our side.</p>
<div class="note">
<p>Even better if we could win by gaining the favor of non-state actors; we could
shake off those digital chains.</p>
</div>
<p>And how to do that?</p>
<p>Well, if we stand up right now, with a plan that will work for society and us,
they might accept it.</p>
<p>But we need to do it <em>right now!</em> Every day without a plan in place is a day
where the snowball could smash us on its way down to our shining City of Open
Source.</p>
<h2 id="how-to-be-professional">How to Be Professional</h2>
<p>“Okay, Gavin, you got a plan?”</p>
<p>Boy, do I have a plan!</p>
<p>It’s simple; we just need to emulate the best professionals: <a href="https://www.engr.ncsu.edu/academics/undergrad/profengr/">professional
engineers</a>.</p>
<p>“What makes them the best?”</p>
<p>They actually can suffer consequences. And do.</p>
<p>“Gavin, I don’t hear of many professional engineers suffering consequences.”</p>
<p>That’s because the consequences made them get their snot together, so they
actually know how to do their jobs!</p>
<p>“Wait, are you saying that we don’t know how to do our jobs?”</p>
<div class="paragraph big_text">
THAT’S EXACTLY WHAT I AM SAYING, YOU DUMB, DELUDED, DIMWITTED DOLT!
</div>
<p>Ahem.</p>
<h3 id="professional-standard-of-care">Professional Standard of Care</h3>
<p>What I mean is that professional engineers have strict standard practices they
must know and adhere to.</p>
<p>But if they do know and adhere to them, that is good enough.</p>
<p>For example, as far as I know, the engineers in the <a href="https://en.wikipedia.org/wiki/Tacoma_Narrows_Bridge_(1940)#Collapse">Tacoma Narrows Bridge
Collapse</a> never faced consequences. Why? Because the failure was the result
of a physical phenomenon that they were not expected to worry about.</p>
<div class="note">
<p>Which has since changed, so if a bridge were to collapse due to the same issue
now, there <em>would</em> be consequences.</p>
</div>
<p>But there <em>are</em> consequences for engineering negligence, such as the <a href="https://en.wikipedia.org/wiki/Hyatt_Regency_walkway_collapse#Legal">legal
consequences</a> of the <a href="https://en.wikipedia.org/wiki/Hyatt_Regency_walkway_collapse">Hyatt Regency walkway collapse</a>.</p>
<p>In fact, I highlight that collapse specifically because of the <a href="https://web.archive.org/web/20100614000956/http://www2.ljworld.com/news/2001/jul/15/lives_forever_changed/">legal changes
around responsibility</a>, which those responsible <a href="https://web.archive.org/web/20200827233017/https://www.nytimes.com/1983/03/29/us/collapse-of-hotel-s-skywalks-in-1981-is-still-reverberating-in-kansas-city.html">tried to deflect</a>.</p>
<div class="note">
<p>Though the <a href="https://punchlistzero.com/what-is-the-engineer-of-record/">Engineer of Record</a> for the Hyatt Regency, Jack D. Gillum,
supposedly <a href="https://web.archive.org/web/20160108175310/http://skywalk.kansascity.com/articles/20-years-later-many-are-continuing-learn-skywalk-collapse/">regrets what happened</a>, and did lose his license, if he was not
<em>willing</em> to directly compensate victims, I believe he didn’t regret it enough.</p>
</div>
<p>But the key is that they <em>do</em> have to adhere to those practices, and they must
do so <em>strictly</em>.</p>
<p><code><whine></code>“Building a set of best practices sounds hard."<code></whine></code></p>
<p>Bullnanny! I <a href="/2022/10/we-must-professionalize-programming-to-preserve-society-and-computing-freedom/#the-professional-programmers-standard-of-care">made a checklist</a> that would be a good start. And I’m just one
guy with a gutsy grudge.</p>
<p>With a professional standard of care, all you need to do is <em>follow it
responsibly</em> and keep it up-to-date because every professional should constantly
update best practices as knowledge grows.</p>
<p>Do that, and society will be satisfied, even if an accident happens.</p>
<div class="note">
<p>And if they’re not, well, they just wanted an excuse to bring back volcano
sacrifices anyway.</p>
</div>
<p>So taking on responsibility is not as bad as it sounds; just make sure you have
an up-to-date checklist that you follow more religiously than politicians lie.</p>
<div class="note">
<p>Random plug: please read <a href="https://en.wikipedia.org/wiki/The_Checklist_Manifesto"><em>The Checklist Manifesto</em></a>.</p>
</div>
<h3 id="professional-code-of-ethics">Professional Code of Ethics</h3>
<p>But having just an up-to-date standard of care is <em>not</em> enough.</p>
<p>We need to have a standard of <em>ethics</em> too. With teeth.</p>
<p>And yes, <a href="/2022/10/we-must-professionalize-programming-to-preserve-society-and-computing-freedom/#the-professional-programmers-code-of-ethics">I made one already</a> as well.</p>
<p><a href="https://www.youtube.com/watch?v=OVXt8jBAGkc">“Bored!”</a></p>
<p>No shim, Sherlock! Ethics are boring. But necessary.</p>
<p>Remember the Volkswagen story? The CEO was all too happy to throw those
programmers under the bus. Our managers will as well.</p>
<div class="note">
<p>Yes, I’ve had a manager throw me under the bus before.</p>
</div>
<p>If we professionalize, we have to have a standard of ethics to prevent that.</p>
<p>Here’s how it works: CEO or <a href="https://dilbert.fandom.com/wiki/Pointy-Haired_Boss">PHB</a> tells you, “Do this shady thing.”</p>
<p>You say “No, it’s against the Software Engineer Code of Ethics.”</p>
<p>PHB says, “Do it or you’re fired.”</p>
<p>You say, “You need a professional software engineer on this project; good luck
keeping one if you fire them for following the Code of Ethics. They’ll want to
keep their licenses.”</p>
<p>That’s why it has to have teeth; if engineers could lose their license for
violating it, that’s a powerful incentive. You could always find another job;
you can’t easily get a license back.</p>
<div class="warning">
<p>And if the engineers do play along, they’ll deserve the blame because they had
an out and didn’t take it.</p>
</div>
<p>Professionalizing protects us more than it injures us; we can handle liability,
but that programmer pulverizing bus is a problem.</p>
<p>Also, there will be a nice side effect: we will be in control of project
management, not product owners or managers.</p>
<p>In engineering projects, the “manager” or “director” is an <em>engineer</em>, the
<a href="https://punchlistzero.com/what-is-the-engineer-of-record/">Engineer of Record</a>. We could figure out how to run our projects best for
<em>us</em>. No stupid “sprints,” no <em>useless</em> meetings, no performative standups.</p>
<div class="note">
<p>Unless you love them.</p>
</div>
<h3 id="people-certification">People Certification</h3>
<p>Of course, if there are professional Engineers of Record, we need a way to
certify them.</p>
<p>Well, obviously, we need to train them and test them. Duh.</p>
<p>…</p>
<p>Okay, that’s dodging discussion. <em>How</em> should it be done?</p>
<p>Let me tell you a story.</p>
<p>I raised these ideas publicly at a conference once, and a woman castigated me
for gatekeeping, saying that just because my parents paid for my college
education doesn’t mean that others can.</p>
<div class="note">
<p>I paid for my own college education, by the way.</p>
</div>
<p>I was green, so I couldn’t think fast enough to respond, but now I know.</p>
<p>Since <a href="https://www.mensurdurakovic.com/hard-to-swallow-truths-they-wont-tell-you-about-software-engineer-job/">university doesn’t prepare you for a programming job</a> anyway, we can
forego a college requirement.</p>
<p>Instead, we should require an <a href="https://en.wikipedia.org/wiki/Apprenticeship">apprenticeship</a>.</p>
<p>It makes sense; programming is a craft, and it is best learned on the job.</p>
<p>Such jobs should have no gatekeeping requirements, but they should be intensive,
focused on output <em>and</em> mentorship, and quite long.</p>
<p>Also, not every programmer needs to be certified; only the best should be, and
only the best should be apprentices. An Engineer of Record should be able to
direct hundreds of uncertified programmers, and not one of them should need
certification if the Engineer of Record does his job right.</p>
<p>So yes, we need training, but we should avoid putting any obstacle in the way
that requires anything but humility and ability to learn.</p>
<p>Any such obstacle will harm us and society, and society won’t be happy.</p>
<h3 id="software-certification">Software Certification</h3>
<p>I have been skirting one subject: when exactly a software project <em>needs</em> a
certified Engineer of Record.</p>
<p>The CRA already has an answer: anything classified as Class I or Class II
products.</p>
<div class="note">
<p>A fairly good list of both is <a href="https://datainnovation.org/2022/09/an-overview-of-the-eus-cyber-resilience-act/">here</a>.</p>
</div>
<p>Those are good lists, but I don’t think the details matter.</p>
<p>On this point, we could let the politicians debate and decide, with some advice.
Whatever society decides is important enough to need certification <em>is</em>
important enough, simply by being part of the list that a majority cares about.</p>
<div class="note">
<p>Though I would personally add any software that takes part in handling the
software supply chain, such as compilers, interpreters, package managers, build
systems, version control systems, etc.</p>
</div>
<div class="warning">
<p>Oh, and compiler authors, I think <a href="/2023/08/the-scourge-of-00ub/">00UB</a> should be <em>illegal</em>, and I will
work to make it so. You have been warned.</p>
</div>
<p>But if you’re unnerved that the list will be so large that the industry will
come to a standstill due to the lack of certified Engineers, the best way to
convince society that something isn’t important enough is to treat <em>all</em>
software as critical and develop them right, even if you’re not certified.</p>
<p>If every programmer treated their software with the care society deserves, then
society might minister mercy on some things.</p>
<h3 id="bootstrapping-the-plan">Bootstrapping the Plan</h3>
<p>Alrighty then, we have a plan for a system, but how do we start the engine?
After all, certified Software Engineers of Record don’t exist (except in a few
countries), so how do we get some?</p>
<p>First, let’s create a professional organization. Then let’s have it nail the
Standard of Care and the Code of Ethics.</p>
<p>And then, that organization could solicit nominations from everywhere about who
could be considered the “root” professional engineers, programmers so good, so
ethical, and so careful, that they deserve the title without any training.</p>
<div class="note">
<p>I hereby nominate: <a href="https://en.wikipedia.org/wiki/D._Richard_Hipp">Dr. D. Richard Hipp</a> of <a href="https://en.wikipedia.org/wiki/SQLite">SQLite</a>, <a href="https://en.wikipedia.org/wiki/Daniel_Stenberg">Daniel
Stenberg</a> of <a href="https://en.wikipedia.org/wiki/Libcurl">cURL</a>, and <a href="https://www.bolet.org/~pornin/">Thomas Pornin</a> of <a href="https://bearssl.org/">BearSSL</a>.</p>
</div>
<p>Once the nominations are in, members could vote yes or no on each nomination.
Every person with a <em>supermajority</em> is given the title by fiat.</p>
<p>And then, companies should offer to pay one or more to take on apprentices while
preparing existing software for certification.</p>
<p>Because yep! There be stuff that need cert pronto!</p>
<p>Once the root Engineers are chosen, they should be given a period of time to
certify existing software. Maybe one or two years.</p>
<p>After that point, both the Engineers and the software are bootstrapped, and
society quietly transitions to a superior status quo.</p>
<h2 id="conclusion">Conclusion</h2>
<p>If you don’t believe by now that accepting liability is the best thing that can
happen to the tech industry, I’m a crude communicator.</p>
<p>But if I have convinced you, your journey to professionalism starts now.</p>
<p>Keep a checklist. Refer to it often. Hit a minimum standard. Evangelize
professionalism. Participate politically. Refuse to break your personal code of
ethics. And stand by your work or admit your mistakes.</p>
<p>Our industry, our world, our shining City of Open Source, and the freedom of our
loved ones depend on all of us, including <em>you</em> now that you know.</p>
<p>So change yourself first. If enough of us do that, the rest will follow.</p>
<p>Oh, and do send this to the EU politicians. They need a plan to replace the CRA,
so let’s give it to them.</p>
<hr>
<p><em>Thank you to <a href="https://loup-vaillant.fr/">Loup Vaillant</a> for reading a draft of this post; his “very
short comment” was worth an ounce of gold for every word.</em></p>Your Loved Ones Are Prisoners, and You Made the Chainhttps://gavinhoward.com/2023/11/your-loved-ones-are-prisoners-and-you-made-the-chain/Gavin D. Howard2023-11-05T06:18:18-07:002023-11-05T06:18:18-07:00Our digital world is now made of chains. You made them. And you can break them. For the sake of our future, you must.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Programmers and anyone who works at least in a
tech-adjacent job, including managers, project owners, HR, support personnel,
and executives. <a href="https://news.ycombinator.com/item?id=38150938">Discuss on Hacker News</a>.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Confident, terrified, and enraged.</p>
</div>
<h2 id="introduction">Introduction</h2>
<p>Are you a programmer? Or a manager over programmers? Or an executive with
programmers somewhere below you?</p>
<p>If so, do you like free society?</p>
<p>Then stop what you’re doing and feel ashamed.</p>
<p>Because you are building the chains that will enslave your loved ones.</p>
<p>Because what you’re doing is destroying free society and bringing back
<a href="/about/#disclaimer">feudalism</a>.</p>
<h2 id="digital-feudalism">Digital Feudalism</h2>
<p>If you’re tech-aware, you’re probably noticing a bunch of trends, all in the
same direction: <a href="https://en.wikipedia.org/wiki/Serfdom">serfdom</a>. <em>Digital</em> serfdom.</p>
<p>If you’re not tech-aware, well, let me fill you in.</p>
<p>Mostly accurate serfdom speedrun: serfs were people who were basically slaves to
lords/nobles. They had a <em>bit</em> more freedom than actual slaves, but only a bit.</p>
<p>Their slavery was either <a href="https://en.wikipedia.org/wiki/Debt_bondage">debt bondage</a> or <a href="https://en.wikipedia.org/wiki/Indentured_servitude">indentured servitude</a>, not
unlike more modern <a href="https://en.wikipedia.org/wiki/Company_store">company stores</a>.</p>
<p>How modern? Well…</p>
<div style="position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden;">
<iframe src="https://www.youtube-nocookie.com/embed/CPW3YikDwEM" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%; border:0;" allowfullscreen title="YouTube Video"></iframe>
</div>
<p>And in a nutshell, that’s serfdom: in exchange for access to societal
necessities, serfs can’t own any property and are locked into one-sided
contracts that enriches someone else and impoverishes them.</p>
<div class="note">
<p>A <em>social contract</em> can count as a one-sided contract.</p>
</div>
<p>So what is digital serfdom? It happens when, in exchange for access to digital
societal necessities, people can’t own any digital property and are locked into
one-sided contracts that enriches someone else and impoverishes them.</p>
<p>Yes, the only change is the twice addition of the word “digital.” This is
because the list of “societal necessities” has changed since Medieval times and
now.</p>
<p>The list in Medieval times might have looked like this:</p>
<ul>
<li>Food.</li>
<li>Water.</li>
<li>Shelter.</li>
</ul>
<p>The list today might look like this:</p>
<ul>
<li>Food.</li>
<li>Water.</li>
<li>Shelter.
<ul>
<li>And an <a href="https://news.ycombinator.com/item?id=31303908"><em>address</em></a>!</li>
</ul>
</li>
<li>Identification, which <a href="https://news.ycombinator.com/item?id=33964809">can be lost</a>.</li>
<li>Bank account.</li>
<li>In some cases, an email address.</li>
<li>A credit or debit card because <a href="https://www.brookings.edu/articles/cash-will-soon-be-obsolete-will-america-be-ready/">cash is being phased out</a>.</li>
<li><a href="https://news.ycombinator.com/item?id=33963269">A working cell phone</a>.</li>
<li>Access to the Internet for some of the above.</li>
</ul>
<div class="note">
<p>Yes, access to the Internet is nigh a necessity; without it, there are entities
you cannot interact with at all. An example is the Social Security
Administration if you don’t have access to transportation to get to an SSA
office.</p>
</div>
<p>Five of those things are digital: bank account, email address, credit/debit
card, cell phone, and access to the Internet.</p>
<div class="note">
<p>Yes, a bank account is digital. Your money in a bank account is a number in a
computer somewhere in your bank, not actual cash.</p>
</div>
<p>We might also add social media and messaging app accounts for communication.</p>
<div class="note">
<p>I include social media because some critical entities only communicate through
social media.</p>
</div>
<p>Imagine that you are homeless. It doesn’t matter how it happened, just that it
happened. (Maybe someone you trusted betrayed you, or maybe your house burned
down; <a href="https://streetlifesolutions.blogspot.com/2020/12/this-is-real-thats-not.html">it could still happen if you’re intelligent</a>.) Now, imagine your
phone gets soaked because it rained, and you don’t have shelter.</p>
<p>What have you lost? Everything.</p>
<p>Do you have money? Well, you need a bank account, and you had better hope that
<a href="https://news.ycombinator.com/item?id=36075799">you can access it without an app</a>.</p>
<p>Well, maybe you can rebuild your life! Unless, of course, <a href="https://news.ycombinator.com/item?id=37379794">your government ID is
digital</a> and <a href="https://news.ycombinator.com/item?id=37379795">requires a device controlled its maker</a>.</p>
<p>So now you’re dependent on one of two <em>huge</em> companies, Google or Apple, in
order to have a bank account and a government ID. And <a href="https://news.ycombinator.com/item?id=37208936">they hate</a> <a href="https://news.ycombinator.com/item?id=33963269">the
homeless</a>.</p>
<p>A duopoly on access to society. That’s digital feudalism.</p>
<h2 id="what-could-have-been">What Could Have Been</h2>
<p>It wasn’t supposed to be this way! Computers were supposed to <em>help</em> us! They
were supposed to be a <a href="https://www.youtube.com/watch?v=KmuP8gsgWb8">“bicycle for the mind.”</a></p>
<p>That charming phrase is underselling it.</p>
<p>Computers could have automated everything that was automatable. They could have
removed work that humans are bad at to leave us to do the things we are <em>good</em>
at.</p>
<p>We could have had faithful user agents that obeyed us!</p>
<h2 id="what-actually-is">What Actually Is</h2>
<p>They could have automated vacuuming! Oh, <a href="https://en.wikipedia.org/wiki/Roomba">they did</a>, but <a href="https://www.komando.com/security-privacy/roomba-security-tips/855380/">the vacuum spies
on you</a>.</p>
<p>They could have automated your home. Oh, <a href="https://www.komando.com/security-privacy/roomba-security-tips/855380/">they did</a>, but <a href="https://old.reddit.com/r/BlockedAndReported/comments/14a23ll/amazon_locked_a_guy_out_of_his_own_house_because/">it will lock you
out if you’re deemed racist</a>.</p>
<p>They could have automated lights. Oh, <a href="https://en.wikipedia.org/wiki/Philips_Hue">they did</a>, but <a href="https://rachelbythebay.com/w/2023/09/26/hue/">you have to agree
that you don’t own the lights anymore</a>.</p>
<p>They could have automated temperature control. Oh, <a href="https://store.google.com/category/connected_home?hl=en-US&pli=1">they did</a>, but <a href="https://news.ycombinator.com/item?id=37681302">you now
don’t own the air in your home</a>.</p>
<p>They could have automated a lot of stuff in your car. Oh, <a href="https://www.cazoo.co.uk/the-view/buying/what-is-a-car-infotainment-system/">they did</a>, but
<a href="https://www.neverbeclever.org/blog/my-rude-ass-car/">your car is rude now</a>. And <a href="https://news.ycombinator.com/item?id=38102083">less reliable</a>.</p>
<h3 id="bots-over-humans">Bots Over Humans</h3>
<p>Okay, so things were automated, and the peasants got serfed. Surely, we are
still able to do the things we’re good at, right?</p>
<p>Ha! Not a chance!</p>
<p>Humans are good at talking to other humans, so <a href="https://news.ycombinator.com/item?id=38019461">they</a> <a href="https://news.ycombinator.com/item?id=38019256">have</a> <a href="https://news.ycombinator.com/item?id=37943361">the</a>
<a href="https://news.ycombinator.com/item?id=37833352">bots</a> <a href="https://news.ycombinator.com/item?id=37066631">do</a> <a href="https://news.ycombinator.com/item?id=36336256">it</a>.</p>
<p>Humans are good at being famous, so <a href="https://www.theguardian.com/film/2023/nov/01/scarlett-johansson-artificial-intelligence-ad">they have the bots steal the fame</a>,
<a href="https://jurgengravestein.substack.com/p/stephen-fry-issues-a-stark-warning">including voices</a>.</p>
<p>Humans know that the <a href="https://en.wikipedia.org/wiki/Python_(programming_language)">Python programming language</a> and the <a href="https://en.wikipedia.org/wiki/Pandas_(software)">pandas
library</a> are related to software, not animals, so <a href="https://lerner.co.il/2023/10/19/im-banned-for-life-from-advertising-on-meta-because-i-teach-python/">they use bots to ban
people from advertising courses for them</a> in the name of animal cruelty, or
something.</p>
<p>Law enforcement sometimes needs to post violent content for public information,
so <a href="https://ktla.com/news/local-news/lapd-youtube-channel-suspended-for-posting-violent-content/">they have bots ban it</a>.</p>
<p>Humans are good at grading papers, so <a href="https://twitter.com/rustykitty_/status/1709316764868153537">they have bots do it</a>, even though
the companies with the bots are actually just <a href="https://news.ycombinator.com/item?id=37767467">selling snake oil</a>.</p>
<p>Writers need to write a lot, so <a href="https://authory.com/blog/how-ai-detectors-are-destroying-livelihoods">they have bots check it for bot writing</a>,
even though the checkers <a href="https://news.ycombinator.com/item?id=38101679">think the US Constitution was written by bots</a>.</p>
<p>Humans are better customers than bots, so <a href="https://news.ycombinator.com/item?id=35304712">they have bots check if you’re a
human</a>.</p>
<p>Humans are better at programming, so <a href="https://drewdevault.com/2022/06/23/Copilot-GPL-washing.html">they have bots launder intellectual
property</a> and <a href="https://www.theverge.com/2023/11/4/23946353/generative-ai-copyright-training-data-openai-microsoft-google-meta-stabilityai">argue that it’s okay</a> because the <a href="https://matthewbutterick.com/chron/will-ai-obliterate-the-rule-of-law.html">ends justify the
means</a>.</p>
<h3 id="rent-seeking">Rent Seeking</h3>
<p>Even worse, you may buy stuff from companies, but they act like they are
<em>renting</em> that stuff to you.</p>
<p>Google demands the right to <a href="https://discuss.kde.org/t/f-droid-version-of-kdeconnect-uninstalled-by-playprotect/5992">delete apps from your phone</a>.</p>
<p>HP demands the right to <a href="https://abcnews.go.com/Technology/wireStory/hp-fails-derail-claims-bricks-scanners-multifunction-printers-102286365">brick your printer if you use third-party ink</a>.</p>
<p>Microsoft demands the right to <a href="https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/trusted-platform-module-overview">check if your hardware is “blessed”</a> for
<a href="https://gist.github.com/osy/45e612345376a65c56d0678834535166">“security.”</a></p>
<p>BMW tried to make you <a href="https://www.forbes.com/sites/alistaircharlton/2023/09/07/bmw-drops-controversial-heated-seats-subscription-to-refocus-on-software-services/">rent part of your own car</a>.</p>
<p>Your $400 baby monitor <a href="https://www.theregister.com/2023/10/06/miku_baby_monitor/">needs a subscription</a>.</p>
<p>Bitwarden and other password managers <a href="https://news.ycombinator.com/item?id=38104533">won’t let you export passkeys</a>
because it keeps you locked in.</p>
<p><a href="https://www.nme.com/news/gaming-news/xbox-will-block-third-party-controllers-to-preserve-the-console-experience-3525752">XBox won’t let you use “unauthorized” third-party controllers</a>, which can
make accessibility impossible.</p>
<p>Companies will <a href="https://www.theverge.com/2023/10/4/23902615/wii-u-nintendo-3ds-online-shut-down">shut down services</a>, <a href="https://www.fsf.org/blogs/community/software-that-supports-your-body-should-always-respect-your-freedom">including life-critical ones</a>,
and refuse to help keep replacements running.</p>
<p>Patent trolls <a href="https://www.eff.org/deeplinks/2023/06/our-right-challenge-junk-patents-under-threat">buy up patents just to get money from true innovators</a>.</p>
<p><a href="https://www.wired.com/2015/04/dmca-ownership-john-deere/">John Deere claims to own every tractor they sold!</a></p>
<p><a href="https://www.nytimes.com/2009/07/18/technology/companies/18amazon.html">Amazon will erase books from your Kindle.</a></p>
<p><a href="https://www.youtube.com/watch?v=Ln4rsxWq3WM">Samsung will disable the phone you bought legally.</a></p>
<p>Device makers will make devices that <a href="https://news.ycombinator.com/item?id=38144520">hide your medical info from you</a> so
that you can be charged $200 to get it back.</p>
<p>And the manufacturer of your trains <a href="https://social.hackerspace.pl/@q3k/111528162462505087">disables them if a third party repairs
them</a>.</p>
<h3 id="advertising">Advertising</h3>
<p>And that’s not to mention all of the advertising they are pushing, even perhaps
on stuff you <em>bought</em>!</p>
<p><a href="https://dig.watch/updates/eu-data-regulator-decided-to-ban-personalised-advetising-on-facebook-and-instagram">Facebook/Meta used opt-out behavioral advertising in the EU</a> after
promising to make it opt-in.</p>
<p><a href="https://www.bloomberg.com/news/articles/2023-10-24/meta-sued-by-california-states-over-harmful-youth-marketing">They also advertise to children in harmful ways.</a></p>
<p><a href="https://arstechnica.com/gadgets/2023/09/googles-widely-opposed-ad-platform-the-privacy-sandbox-launches-in-chrome/">Google lets advertisers see “topics” you like</a>, while <a href="https://news.ycombinator.com/item?id=37427557">hoarding <em>more</em> data
about you</a>.</p>
<p>Google <a href="https://arstechnica.com/security/2023/10/google-hosted-malvertising-leads-to-fake-keepass-site-that-looks-genuine/">advertises malware to you</a>. And they’ll show <a href="https://news.ycombinator.com/item?id=37941308">ads for war videos to
kids</a>.</p>
<p>They also <a href="https://www.404media.co/youtubes-war-on-adblockers-shows-how-google-controls-the-internet/">declared war on adblockers</a>.</p>
<p>It’s so bad that you <a href="https://journals.sagepub.com/doi/10.1177/09637214221121570">have to develop the skill of <em>ignoring</em> stuff</a>.</p>
<p>Microsoft even <a href="https://ghacks.net/2023/10/03/windows-copilots-is-showing-third-party-ads-to-windows-users/">advertises their AI product in an OS you <em>paid for</em></a>.</p>
<p>And you’ll <a href="https://adguard.com/en/blog/smart-tv-ad-blocking.html">see ads in a smart TV that you bought</a>!</p>
<p>Or in a <a href="https://rachelbythebay.com/w/2019/10/05/nxdomain/">hijacked domain</a>.</p>
<h3 id="surveillance">Surveillance</h3>
<p>It gets worse. There are links above about companies spying on you. Turns out,
companies will sell that data and ignore your requests for privacy.</p>
<p>Remember the Facebook behavioral advertising I mentioned above? That <a href="https://news.ycombinator.com/item?id=38112247">needs
surveillance to work</a>.</p>
<p><a href="https://www.bloomberg.com/news/articles/2023-10-30/23andme-will-give-gsk-access-to-consumer-dna-data">23andMe is giving your DNA to healthcare companies</a>, even if you <a href="https://news.ycombinator.com/item?id=38081605">never
submitted your DNA</a>.</p>
<p>Oh, and <a href="https://blog.23andme.com/articles/addressing-data-security-concerns">they allowed hackers access to your DNA</a>, too.</p>
<p>Google added a “privacy button” and then <a href="https://www.theregister.com/2023/10/24/google_privacy_button/">ignored it</a>.</p>
<p><a href="https://stackdiary.com/german-court-bans-linkedin-from-ignoring-do-not-track-signals/">LinkedIn ignored “Do Not Track” requests.</a> They also <a href="https://news.ycombinator.com/item?id=37732203">demand your phone
number.</a></p>
<p>Mastercard gets fees from your purchases <em>and</em> <a href="https://www.eff.org/deeplinks/2023/10/mastercard-should-stop-selling-our-data">sells your data</a>.</p>
<p><a href="https://www.techradar.com/computing/browsers/microsoft-now-demands-to-know-why-you-just-wont-use-edge-when-you-inevitably-download-chrome-using-it">Microsoft demands to know why you won’t use Edge.</a></p>
<p><a href="https://www.eff.org/issues/cell-tracking">Cell providers track your location and sell it.</a></p>
<p>If you use Google Maps, <a href="https://news.ycombinator.com/item?id=37583915">Google forces you to allow all of their products to
track location.</a> And they <a href="https://oag.ca.gov/system/files/attachments/press-docs/Filed%20stamped%20Google%20Complaint.pdf">tricked you into allowing it</a>, too.</p>
<p>Likewise, <a href="https://news.ycombinator.com/item?id=37584368">Google and Facebook combine privacy policies</a> so that all of your
data can be used by all of their “services.”</p>
<p>Amazon Alexa <a href="https://news.ycombinator.com/item?id=37825653">spies on your other devices</a>.</p>
<p>Google <a href="https://fosstodon.org/@Joe_0237/111145684757912952">embeds tracking links in <em>your</em> documents</a>.</p>
<h3 id="swindling">Swindling</h3>
<p>And companies won’t just passively spy on you; they’ll fleece you.</p>
<p>Audible <a href="https://www.brandonsanderson.com/guest-editorial-cory-doctorow-is-a-bestselling-author-but-audible-wont-carry-his-audiobooks/">cheats you <em>and</em> authors</a> to keep a monopoly position.</p>
<p>Uber <em>and</em> Lyft <a href="https://arstechnica.com/tech-policy/2023/11/uber-lyft-pay-328-million-for-cheating-drivers-out-of-earnings-ny-says/">cheated drivers</a>.</p>
<p><a href="https://www.sec.gov/news/press-release/2023-227">SolarWinds lied about cybersecurity risks.</a></p>
<p>AI companies are <a href="https://www.afr.com/technology/google-brain-founder-says-big-tech-is-lying-about-ai-human-extinction-danger-20231027-p5efnz">trying to cheat a regulatory moat into existence</a>.</p>
<p>Google is <a href="https://www.techdirt.com/2023/10/23/google-decides-to-pull-up-the-ladder-on-the-open-internet-pushes-for-unconstitutional-regulatory-proposals/">trying to pull up the ladder with another regulatory moat</a>.</p>
<p><a href="https://twitter.com/molly0xfff/status/1710718416724595187">FTX was faking its insurance fund with random numbers.</a></p>
<p><a href="https://www.ctrl.blog/entry/windows-system-components-default-edge.html">Microsoft tries to force you to use Edge.</a></p>
<p>Scammers will steal from you <a href="https://www.straitstimes.com/singapore/woman-loses-over-44k-after-downloading-third-party-app-to-buy-fish">if you download the wrong app</a>.</p>
<p>Amazon used its power to <a href="https://www.thebignewsletter.com/p/the-ftc-sues-to-break-up-amazon-over">lay a “hidden tax” across the entire economy</a>.
<a href="https://news.ycombinator.com/item?id=37766670">eBay does it too.</a></p>
<p>Oh, and <a href="https://news.ycombinator.com/item?id=37769430">eBay will lie to both seller and buyer about the auction price</a>.</p>
<p>Landlords <a href="https://arstechnica.com/tech-policy/2023/11/14-big-landlords-used-software-to-collude-on-rent-prices-dc-lawsuit-says/">may have used software to raise rents</a>.</p>
<p><a href="https://news.ycombinator.com/item?id=36854166">Go Daddy will steal domains.</a></p>
<p><a href="https://www-heise-de.translate.goog/news/Microsoft-krallt-sich-Zugangsdaten-Achtung-vorm-neuen-Outlook-9357691.html?_x_tr_sl=de&_x_tr_tl=en&_x_tr_hl=de">Microsoft will steal your email login.</a></p>
<p>Others will <a href="https://news.ycombinator.com/item?id=38135661">steal</a> <a href="https://news.ycombinator.com/item?id=34913596">your</a> <a href="https://news.ycombinator.com/item?id=37056467">money</a> in the guise of “fraud
prevention.”</p>
<p>Experian will <a href="https://krebsonsecurity.com/2023/11/its-still-easy-for-anyone-to-become-you-at-experian/">let thieves steal your Experian account</a>.</p>
<p>And on a personal note, Chromium made itself my default browser without asking,
just because I opened it.</p>
<h3 id="poisonous-industry">Poisonous Industry</h3>
<p>In fact, <a href="https://hachyderm.io/@softwaredoug/111245545674056246">the entire tech industry has been poisoned by “investment.”</a></p>
<p>That’s why <a href="https://news.ycombinator.com/item?id=37902091">AI is all the buzz</a>. Before that, <a href="https://news.ycombinator.com/item?id=37617967">it was NFT’s</a> and
<a href="https://www.theguardian.com/technology/commentisfree/2022/jun/19/the-crypto-crash-all-ponzi-schemes-topple-eventually">cryptocurrencies</a>, which <a href="https://www.cbsnews.com/news/bitcoin-mining-cryptocurrency-riot-texas-power-grid/">stole government money as well</a>.</p>
<p>Venture capital will <a href="https://www.newyorker.com/magazine/2020/11/30/how-venture-capitalists-are-deforming-capitalism">prop up bad startups until competitors are mercked</a>.</p>
<p>Remember the Google “topics” thing I mentioned above? Google uses that to <a href="https://news.ycombinator.com/item?id=37427557">keep
a moat</a>.</p>
<p>Amazon, Google, and Apple <a href="https://time.com/5929888/amazon-parler-aws/">colluded to boot a social media platform from the
web</a>.</p>
<p>Companies will <a href="https://news.ycombinator.com/item?id=37984789">turn a blind eye to DMCA and copyright abuse</a>.</p>
<p><a href="https://old.reddit.com/r/Android/comments/17k9qri/policy_team_is_making_me_remove_one_of_the_most/">They’ll refuse to let a developer publish a wallpaper app.</a> But they’ll
also <a href="https://www.wired.com/story/phantomlance-google-play-malware-apt32/">keep malware published without interference</a>.</p>
<p><a href="https://blog.cloudflare.com/kiwifarms-blocked/">They’ll take your site off the Internet</a>, or <a href="https://www.ctrl.blog/entry/cloudflare-ip-blockade.html">they’ll just take <em>you</em> off
the Internet</a>.</p>
<p>They made tools that <a href="https://arstechnica.com/tech-policy/2023/11/deepfake-nudes-of-high-schoolers-spark-police-probe-in-nj/">allowed pictures of girls to be turned sensual</a>,
without consent.</p>
<h3 id="addiction">Addiction</h3>
<p>But it’s not enough for our noxious industry.</p>
<p><a href="https://nothinghuman.substack.com/p/the-tyranny-of-the-marginal-user">Companies appeal to your baser self</a> to keep you addicted.</p>
<p>Video games try to <a href="https://www.theguardian.com/society/2021/apr/02/video-game-loot-boxes-problem-gambling-betting-children">trigger gambling with loot boxes</a>, <a href="https://www.forbes.com/sites/jasonwosborne/2023/05/25/how-loot-boxes-in-childrens-video-games-encourage-gambling/">even for
children</a>.</p>
<p>They <a href="https://www.nbcnews.com/tech/tech-news/addicted-losing-how-casino-apps-have-drained-people-millions-n1239604">do it in other ways too</a>.</p>
<p>Recommendation engines try to keep you engaged. And trapped. By <a href="https://news.ycombinator.com/item?id=37890673">hacking your
mind</a>.</p>
<p>Companies <a href="https://twitter.com/FUTO_Tech/status/1719468941582442871">ban content that helps users reduce dependence on them</a>.</p>
<h3 id="governments">Governments</h3>
<p>And it’s not just companies that are doing this. Governments are too.</p>
<p>They’ll happily <a href="https://www.businessinsider.com/trudeau-canada-freeze-bank-accounts-freedom-convoy-truckers-2022-2">freeze bank accounts of the “wrong” protesters</a>.</p>
<p>They’ll happily allow companies to spy because <a href="https://www.eff.org/deeplinks/2023/10/adtech-surveillance-and-government-surveillance-are-often-same-surveillance">they’ll buy the data</a>.</p>
<p>They’ll <a href="https://thepointsguy.com/2017/03/opt-out-tsa-body-scanners/">do full body scans at the airport</a>, and if you opt-out, <a href="https://www.frommers.com/tips/airfare/saying-no-to-the-tsas-full-body-scans-may-come-at-a-price">you may
pay a price</a>.</p>
<p>They’ll <a href="https://last-chance-for-eidas.org/">mandate that browsers let them read your Internet traffic</a>.</p>
<p>They want your device to scan your files for <a href="https://www.missingkids.org/theissues/csam">CSAM</a>, and <a href="https://twitter.com/matthew_d_green/status/1423071186616000513">Apple granted
their wish</a>.</p>
<p>They use a database that <a href="https://blog.xot.nl/2023/10/11/tainting-the-csam-client-side-scanning-database/index.html">can be tainted</a>, and <a href="https://9to5mac.com/2021/10/15/governments-planned-to-misuse-csam-scanning-tech/">they planned to do so even
before Apple announced it</a>.</p>
<h3 id="free-and-open-source-software">Free and Open Source Software</h3>
<p>Think Free and Open Source Software will save us? Think again.</p>
<p><a href="https://en.wikipedia.org/wiki/ImageMagick">ImageMagick</a> <a href="https://github.com/ImageMagick/ImageMagick/discussions/6826">can’t distribute signed binaries for Windows anymore</a>.</p>
<p>Microsoft <a href="https://support.mozilla.org/en-US/kb/windows-10-warns-me-use-microsoft-verified-app">puts up scary warnings for Firefox</a>.</p>
<p>Companies <a href="https://arstechnica.com/cars/2023/10/mazdas-dmca-takedown-kills-a-hobbyists-smart-car-api-tool/">kill open source tools for their products</a>.</p>
<p><a href="https://www.inkandswitch.com/local-first/">Local-first software</a> is cool, but if <a href="https://www.theverge.com/22684730/students-file-folder-directory-structure-education-gen-z">people don’t know how their files
are stored</a>, it doesn’t matter.</p>
<p>Google <a href="https://vivaldi.com/blog/googles-new-dangerous-web-environment-integrity-spec/">tried</a> and <a href="https://news.ycombinator.com/item?id=38118627">failed</a> to add <a href="https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/bare.pdf">attestation</a>, a thoroughly
evil attempt to control what software you can run, into Chrome. They even <a href="https://news.ycombinator.com/item?id=36857676">had
employees demanding that people aquiesce</a>. And they <a href="https://android-developers.googleblog.com/2023/11/increasing-trust-for-embedded-media.html"><em>still</em> added it into
Android apps</a>.</p>
<p>In fact, Google’s attestation in Android is <a href="https://news.ycombinator.com/item?id=36882331">less secure</a>. And you have to
<a href="https://news.ycombinator.com/item?id=37881235">hack it to make it work on non-Android phones</a>.</p>
<p>Governments will also <a href="https://www.eff.org/deeplinks/2023/05/eus-proposed-cyber-resilience-act-raises-concerns-open-source-and-cybersecurity">threaten Open Source software</a> and <a href="https://www.bunniestudios.com/blog/?p=6862">open
ISA’s</a>.</p>
<h3 id="bugs">Bugs</h3>
<p>And then there’s just plain negligence leading to bugs.</p>
<p><a href="https://www.reddit.com/r/GooglePixel/comments/y039zn/i_compiled_all_the_pixel_911emergency_call/">Google Pixels can fail to call 911.</a></p>
<p><a href="https://arstechnica.com/gadgets/2023/10/android-14s-ransomware-data-storage-bug-locks-out-users-remains-unfixed/">Android 14 can brick phones.</a></p>
<p><a href="https://embeddedgurus.com/barr-code/2013/10/an-update-on-toyota-and-unintended-acceleration/">Toyota killed people.</a></p>
<p><a href="https://www.fsf.org/blogs/community/software-that-supports-your-body-should-always-respect-your-freedom">Apps for medical devices fail frequently.</a></p>
<h3 id="dark-patterns">Dark Patterns</h3>
<p>And we haven’t even talked about <a href="https://www.deceptive.design/">dark patterns</a> yet!</p>
<p>Fortunately, <a href="https://www.deceptive.design/hall-of-shame">there’s already a list</a>, but <a href="https://news.ycombinator.com/item?id=28517187">there are plenty more</a>.</p>
<h2 id="what-happened">What Happened</h2>
<p>How did we get here?</p>
<p>We got here because of <em>you!</em></p>
<p><em>You</em> worked for these companies. <em>You</em> made the software that did all of this.</p>
<p><strong>“But I’m just a programmer; I can’t say no. I got bills to pay.”</strong></p>
<p>That’s just the <a href="https://www.urbandictionary.com/define.php?term=yuppie-nuremberg+defense">Yuppie-Nuremberg Defense</a>, and I guarantee you that it
will not fly with future generations. Nor will it fly with your loved ones once
they realize that they are trapped.</p>
<p><strong>“But I’m just a manager…”</strong></p>
<p>Yeah, and you told your programmers what to do, right? You’re the one who gave
the “order,” right?</p>
<p><strong>“But I’m just an executive; I don’t know what happens on the front lines.”</strong></p>
<p>Then you’re negligent. Also, you’re the one who sets the business model, right?
If your business model encourages this, then maybe <em><strong>YOU ARE THE ONE MOST AT
FAULT!</strong></em></p>
<p><strong>“But I’m not even a programmer. I’m a system administrator.”</strong></p>
<p>Yeah, and who will run the machines without you?</p>
<p>I have gotten recruiting emails from a <a href="https://en.wikipedia.org/wiki/Big_Tech">FAANG company</a>, trying to get me to
apply to data center job. I categorically refused because my job would literally
be to keep that terrible software running.</p>
<p><strong>“But I’m an HR person at one of those companies.”</strong></p>
<p>Yeah, and your job is to keep programmers at those companies, and without
programmers, there would be no digital feudalism, right?</p>
<p><strong>“But I work in accounting…”</strong></p>
<p>Same thing.</p>
<p><strong>“But I work in <code><insert job here></code>.”</strong></p>
<p>It’s all the same thing!</p>
<p>Your company keeps you employed for a reason! They keep you employed doing
whatever you do because it supports the mission of enriching the company (and
its controllers) at the expense of society.</p>
<p><a href="https://drewdevault.com/2020/05/05/We-are-complicit-in-our-employers-deeds.html">You are complicit in your employer’s deeds.</a></p>
<p>There are more than 100 links above, and link by link, you built a chain.</p>
<p>You may think that you’re not responsible; after all, you can only touch one
link.</p>
<p>But if everyone thinks that and each individually forges a link, then everyone
forges the chain together.</p>
<p>The end result is the same: your loved ones are prisoners.</p>
<p>You may think that <em>your</em> loved ones are not; after all, you may teach them to
avoid the chain links that <em>you</em> made.</p>
<p>But again, there are more than 100 links above, and that was just two months of
watching for things on Hacker News.</p>
<p>Have you taught your loved ones about all of those links? Could you, even if you
wanted to?</p>
<p>You and the guys in that company you hate? You’re a chain-forging team.</p>
<p>You, and <em>all</em> of you, are effectively saying to the rest of society, “screw
you, got mine.”</p>
<p>Shame on you!</p>
<h2 id="legacies">Legacies</h2>
<p><strong>“But even though I’m a programmer, I don’t even work on that code.”</strong></p>
<p>That may be true, but that doesn’t mean you don’t help the company build digital
feudalism.</p>
<p>Everything you do helps with that.</p>
<p>Don’t believe me? I’ll show you with real-world examples.</p>
<p>Let’s start with some famous names in computer science.</p>
<div class="note">
<p>Yes, I’m going to name names. Also, I’m going to focus on those that others
respect.</p>
</div>
<p><a href="https://en.wikipedia.org/wiki/Ken_Thompson">Ken Thompson</a> built Unix, codesigned UTF-8, worked on regular expressions,
and did lots of other stuff.</p>
<p>And he helped build <a href="https://go.dev/">Go programming language</a>, which Google uses to <a href="https://news.ycombinator.com/item?id=16143918">let
young, dumb programmers build digital chains <em>faster</em></a>.</p>
<p><a href="https://en.wikipedia.org/wiki/Rob_Pike">Rob Pike</a> worked on Plan 9 and UTF-8. He also helped build Go.</p>
<p>And ironically, their work to make Unix for us is now moot because their own
former employer, Google, is using Unix to build phones and laptops that serve
their maker instead of their users.</p>
<p>People hold them in high esteem; I hope later generations see their <em>true</em>
legacy: of showing us what could have been and <em>taking it away</em>.</p>
<p>So yes, even “innocuous” things like a programming language enable your
overlords.</p>
<p>And nearly everyone is guilty!</p>
<p><a href="https://en.wikipedia.org/wiki/Walter_Bright">Walter Bright</a>, a programmer I admire and have interacted with directly on
Hacker News, wrote software for Facebook, so they could make chains faster.</p>
<p><a href="https://en.wikipedia.org/wiki/John_Carmack">John Carmack</a> worked for Facebook.</p>
<p><a href="https://en.wikipedia.org/wiki/Anders_Hejlsberg">Anders Hejlsberg</a> works for Microsoft on C# and TypeScript.</p>
<p><a href="https://en.wikipedia.org/wiki/D._Richard_Hipp">D. Richard Hipp</a> worked for General Dynamics on contract with the US Navy.</p>
<p><a href="https://en.wikipedia.org/wiki/Paul_Graham_(programmer)">Paul Graham</a> built a business that builds startups.</p>
<p><a href="https://en.wikipedia.org/wiki/Bill_Joy">Bill Joy</a> turned into a venture capitalist.</p>
<p><a href="https://en.wikipedia.org/wiki/Leslie_Lamport">Leslie Lamport</a> works for Microsoft.</p>
<p><a href="https://en.wikipedia.org/wiki/Chris_Lattner">Chris Lattner</a> worked for Google, Apple, and Tesla, and now works in “AI.”</p>
<p><a href="https://en.wikipedia.org/wiki/Bram_Moolenaar">Bram Moolenaar</a> worked for Google.</p>
<p><a href="https://en.wikipedia.org/wiki/Charles_Petzold">Charles Petzold</a> worked for Microsoft.</p>
<p><a href="https://en.wikipedia.org/wiki/Simon_Peyton_Jones">Simon Peyton Jones</a> worked for Microsoft.</p>
<p><a href="https://en.wikipedia.org/wiki/Dennis_Ritchie">Dennis Ritchie</a> did not publish some research at the behest of the NSA.</p>
<p><a href="https://en.wikipedia.org/wiki/Ron_Rivest">Ron Rivest</a>, <a href="https://en.wikipedia.org/wiki/Adi_Shamir">Adi Shamir</a>, and <a href="https://en.wikipedia.org/wiki/Len_Adleman">Leonard Adleman</a> patented
<a href="https://en.wikipedia.org/wiki/RSA_(cryptosystem)">RSA</a>, which resulted in them to control a lot of cryptography for a long
time.</p>
<p><a href="https://en.wikipedia.org/wiki/Guido_van_Rossum">Guido van Rossum</a> worked for Google and DropBox; he now works for
<a href="https://en.wikipedia.org/wiki/Joel_Spolsky">Microsoft</a>.</p>
<p><a href="https://en.wikipedia.org/wiki/Joel_Spolsky">Joel Spolsky</a> worked for Microsoft.</p>
<p><a href="https://en.wikipedia.org/wiki/Guy_L._Steele_Jr.">Guy L. Steele, Jr.</a> worked for Oracle.</p>
<p>Why did I focus a lot on where people worked? Because they often build tools for
<em>other developers</em>, and those tools then enable other developers to build
chains.</p>
<p>But there is another side effect: these companies have <em>monopolized</em> the best
minds in our industry, and they do that on purpose; they want to starve the rest
of the industry of the best talent.</p>
<p>And these respected programmers let them do it.</p>
<h3 id="my-legacy">My Legacy</h3>
<p>Naming names is risky. To do it against respected people is sacrilege.</p>
<p>So I know this post will burn bridges. A lot of bridges. It will burn bridges
that don’t exist yet. It will burn so much that I may become a pariah in the
only industry where I could make use of my only talent.</p>
<p>That does not matter anymore.</p>
<p>All that matters is that I do my part to stop or slow this terrible and tragic
tide.</p>
<p>So what is <em>my</em> legacy?</p>
<p>It’s not good, either.</p>
<p>I entered the US Air Force Academy with the intention of becoming an officer.
Fortunately, I failed.</p>
<p>I applied to work at Google and <a href="/2019/07/better-hiring-practices/">interviewed</a> with the intention of working
there. Fortunately, I failed.</p>
<p>I worked at an <a href="https://en.wikipedia.org/wiki/High-performance_computing">HPC</a> company called <a href="https://schedmd.com/">SchedMD, LLC</a> that <em>might</em> have
bad customers.</p>
<div class="note">
<p>I cannot comment if they do now or if they did when I was there, but just think
of who might run a supercomputer, and there is a chance that SchedMD might
support them.</p>
</div>
<p>I did not quit SchedMD immediately after an incident that caused me to think
that SchedMD did not have their customers’ interests in mind.</p>
<p>In addition, I’ve fixed bugs in my software for Google.</p>
<p>Yes, even <em>that</em> is bad.</p>
<p>Earlier, I agreed with Drew DeVault that <a href="https://drewdevault.com/2020/05/05/We-are-complicit-in-our-employers-deeds.html">we are complicit in our employers'
deeds</a>, but even <em>that</em> is sugarcoated.</p>
<p>As a FOSS project maintainer, I am complicit in the deeds of any company that
I help to use my software.</p>
<p>When an employee of Google contacts me about a bug in my <a href="https://git.gavinhoward.com/gavin/bc"><code>bc</code></a>, which is
used in Android, I become complicit if I help.</p>
<p>So, Elliott Hughes, I’m sorry, but I can’t fix any more bugs for Google or the
Android Open Source Project.</p>
<p>I don’t like it either! I mean, I like you as far as we’ve interacted on GitHub.
And I’d certainly sit and chat in person.</p>
<p>But I must refuse to help anymore. And that goes for <em>everything</em>.</p>
<p>You see, I’ve <a href="https://yzena.com/">founded a business</a> and poured around 5k-10k hours into <a href="https://git.yzena.com/Yzena/Yc">one
repo</a>, and I’ve decided that I will be picky with my clients.</p>
<p>I wasn’t always picky; when I worked in the industry, I might have done work
that helped organizations that are building digital serfdom.</p>
<p>Now? I will refuse a client if they are part of the problem. I will be a “lowly”
bus driver instead. Or something else.</p>
<p>I will <em>not</em> be part of the problem; I will only be part of the solution.</p>
<p>I hope that, if nothing else, people remember <em>that</em> about me.</p>
<h2 id="the-solution">The Solution</h2>
<p>So what are <em>you</em> to do?</p>
<p>You must do the same thing I am doing: take individual action.</p>
<p>First, encrypt everything. <a href="https://blog.tripu.info/encrypt/">It’s your <em>ethical duty</em> to do so.</a></p>
<p>Second, find a job that does not make digital chain links. If there’s nowhere to
do that, change industries.</p>
<p>And lest you think I’m a hypocrite, I <a href="https://gavinhoward.org/2022/09/grounded-for-life-losing-the-dream-of-flight/">attempted to become a helicopter
pilot</a>, and I got a Class B <a href="https://en.wikipedia.org/wiki/Commercial_driver's_license">CDL</a>.</p>
<p>I’m trying.</p>
<p>But okay, I still am a <em>bit</em> of a hypocrite.</p>
<p>I’m a programmer at heart, and the root of that tree goes deeper than
<a href="https://insideout.fandom.com/wiki/Jangles_the_Clown">Jangles</a>.</p>
<p>So despite my best efforts, I’ve always come back to programming.</p>
<p>But this time…this is different.</p>
<p>How so? Well, I’m going to gather data and <em>act</em> on it.</p>
<p><strong>I invite all executives and/or employees of companies that are not part of the
problem to <a href="https://gavinhoward.com/contact/">contact me</a>.</strong></p>
<p>Give me your best pitch about why you are not part of the problem.</p>
<div class="note">
<p>Companies funded by venture capital need not contact me; remember, investment
is part of the problem.</p>
<p>“Growth at all costs” will cost all of your principles, eventually.</p>
</div>
<p>If I believe you, and I will do heavy research, I’ll put your company’s name in
an upcoming blog post, as well as why <em>I</em> think your company is good.</p>
<p>You’ll get free marketing, for both potential clients <em>and</em> potential hires, and
I’ll get an idea of how much of our industry is actually <em>good</em>.</p>
<p>But…if I cannot find enough good companies, I will quit programming for good.</p>
<p>Because if chaining my loved ones is the only way I can make money as a
programmer, I’ll just stop.</p>
<div class="note">
<p>I might even delete that 10,000 hour repo if the temptation is too strong.</p>
</div>
<p>Why would I do that? Surely, there is <em>something</em> good I can do, right?</p>
<p>Well, I make developer tools, and if my clients build chains, I would be
enabling them to do that, just like the people I called out above.</p>
<p>So I will just say no.</p>
<p>You should too; it’s time for <a href="https://www.ben-evans.com/benedictevans/2023/8/24/when-tech-says-no">tech to say no</a>.</p>
<p>In fact, instead of saying “screw you, got mine!” to regular people, we should
<a href="https://news.ycombinator.com/item?id=37389979">say it to our overlords</a>.</p>
<p>We should step back, admit what we are doing, come to a gentlemen’s agreement
with those other people in that company you hate, and <em>all</em> decide to stop being
part of the problem.</p>
<p>Because the fewer people that are willing to make links, the less links there
are.</p>
<p>In addition, the fewer people that are willing to make links, the lower the
quality of the programmers that companies will use to make links, and then the
links will be lower quality, too.</p>
<p>With few enough links, the chain cannot work, and the worse the links are, the
more easily the chain is broken.</p>
<p>Yes, it will suck, and yes, it will be hard, and yes, you’ll probably take a cut
to your lifestyle.</p>
<p>But do you really want to live in a <a href="https://www.socialcooling.com/">socially cooled world</a>, a world of
digital feudalism and chains?</p>
<p>You cannot live in ignorance now that you’ve read this post. So what are you
going to do about it?</p>
<div style="text-align: center;">
<p><strong>Are you going to break <em>your</em> link?</strong></p>
</div>An Open Letter to Cryptographers: Please Work Togetherhttps://gavinhoward.com/2023/10/an-open-letter-to-cryptographers-please-work-together/Gavin D. Howard2023-10-26T09:09:05-06:002023-10-26T09:09:05-06:00There is controversy on the NIST's post-quantum selections, and I have some thoughts.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Anyone with an interest in cryptography. Oh,
and cryptographers themselves. Discuss on <a href="https://news.ycombinator.com/item?id=38026689">Hacker News</a>.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Ticked off, trying to calm down.</p>
</div>
<p>Dear Cryptographers,</p>
<p>You don’t know me, unless you’ve had the pleasure or misfortune of coming across
me on the Internet.</p>
<p>I’m not a cryptographer, so you shouldn’t listen to me.</p>
<p>However, I am studying to become a <a href="https://loup-vaillant.fr/articles/rolling-your-own-crypto#level-3-implementing-crypto">Level 3 cryptographer</a>. I’m nowhere near
close yet, but, I now have enough knowledge to be dangerous.</p>
<div class="note">
<p>No, I’m <em>not</em> rolling my own implementations yet, so I’m not a danger to my
users.</p>
<p>Get off my back.</p>
</div>
<p>So maybe you <em>should</em> listen to me. Just in case.</p>
<p>First, an apology: to make this easier, I’m going to use the word “crypto”
instead of “cryptography.” I know that some people will read that as
“cryptocurrency,” but I don’t deal with that trash. I mean <em>real</em> cryptography.</p>
<p>This letter is to you “real” cryptographers, and by that, I mean all <a href="https://loup-vaillant.fr/articles/rolling-your-own-crypto#level-4-inventing-crypto">Level 4
cryptographers</a>, the ones who invent, research, and otherwise prove new
crypto.</p>
<p>Now, I don’t know <em>exactly</em> what’s going on, but I do know that there are
<a href="https://www.newscientist.com/article/2396510-mathematician-warns-us-spies-may-be-weakening-next-gen-encryption/">rumblings of disagreement</a>.</p>
<p>Normally, I wouldn’t care, as disagreements on new things are to be expected.</p>
<p class="img">
<a href="https://gavinhoward.com/img/djb_scare.png" class="img">
<img src="https://gavinhoward.com/img/djb_scare.png" alt="I fear no man. But that...thing...it scares me." aria-label="I fear no man. But that...thing...it scares me." class="center" />
</a>
</p>
<p>And what’s that thing? Daniel J. Bernstein’s <a href="https://blog.cr.yp.to/20231003-countcorrectly.html">claim that NIST screwed up the
math on Kyber</a>, And his <a href="https://blog.cr.yp.to/20220805-nsa.html">lawsuit against the US government</a> that produced
the claim.</p>
<p>“Well, that’s because you’re probably a fan of DJB and believe everything he
says! You believe he’s doing the right thing in this crazy lawsuit, don’t you?!”</p>
<p>No, not at all.</p>
<p>The problem is that I <em>do not know</em> what to think!</p>
<p>And as I’m sure you know, <strong>not knowing what is true in crypto is perilous.</strong></p>
<p>I’ve listened to you all over the years, and I’ve heard you say, over and over
again, that crypto is not something you can <em>guess</em> with; you have to
<em>know</em>.</p>
<p>You said that <a href="https://blog.cryptographyengineering.com/2018/10/19/lets-talk-about-pake/">crypto should include proofs of security</a>, and I believed
you.</p>
<p>You said that <a href="https://www.cryptofails.com/post/121201011592/reasoning-by-lego-the-wrong-way-to-think-about">programmers should not use crypto primitives like Legos</a>, and
I believed you.</p>
<p>You said that <a href="https://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own">programmers should not roll their own crypto</a>, and I believed
you.</p>
<div class="note">
<p>If fact, you said it enough that <a href="https://loup-vaillant.fr/articles/implemented-my-own-crypto#argon2i-from-scratch">Argon2i was not independently re-implemented
for <em>two years!</em></a> Or even if it was, the reference implementation and spec
both had the same bug! <sup id="fnref:1"><a href="#fn:1" class="footnote-ref" role="doc-noteref">1</a></sup></p>
<p>I agree with <a href="https://loup-vaillant.fr/">Loup Vaillant</a>: this “don’t roll your own crypto” went too far.</p>
</div>
<p>You said that <a href="https://twitter.com/tqbf/status/346328557989007360">breaking crypto is how you learn it</a>, and I believed you.</p>
<p>And then you said that, no, <a href="https://www.daemonology.net/blog/2013-06-17-crypto-science-not-engineering.html">breaking crypto is not necessary to learn it
anymore</a>, and I didn’t know what to think anymore.</p>
<p>Now, this small disagreement probably doesn’t matter in practice.</p>
<p>But the failure to reimplement Argon2i? That is…disconcerting.</p>
<p>It gets worse, and Argon2 is still at stake.</p>
<p>It may not be the best <a href="https://nitter.net/TerahashCorp/status/1155129705034653698#m">password-based key derivation function</a>, apparently.</p>
<p>Well, then, why is everyone recommending it?</p>
<p>This is where I sigh and adjust what I do to fix your mistakes.</p>
<p>For example, I use Argon2 where I can, but where I do use it, I make it run for
at least 3 seconds, <em>3 times</em> longer than the threshold where it supposedly
becomes better than bcrypt. Just in case.</p>
<p>And on that note, I get that crypto is hard, but do you really need to make it
so inaccessible?</p>
<p>When I started learning, I was bombarded with weird terms and math, and I had to
slowly build my vocab and reasoning. That learning curve was steeper than sheer
cliffs.</p>
<p>Making things more accessible is important because security will always be weak
as long as two things are true:</p>
<ul>
<li>Crypto is hard to learn, and</li>
<li>You need to learn crypto to roll your own.</li>
</ul>
<p>Look, I get it; crypto is hard, maybe it will always be hard to learn. So
perhaps programmers should do what you say and refuse to roll their own.</p>
<p>Ha! Fat chance! This is the <em>real</em> world, and the real world doesn’t care about
that!</p>
<p>Sometimes, bad crypto is better than no crypto, so programmers will roll their
own.</p>
<p>The only thing to do is make crypto easier to learn.</p>
<p>I think it’s possible. I don’t think crypto needs to be hard to learn in the
<em>lower</em> levels. If it was much easier to learn Level 1 Crypto (<a href="https://loup-vaillant.fr/articles/rolling-your-own-crypto#level-1-using-crypto">“Using
Crypto”</a>) and Level 2 Crypto (<a href="https://loup-vaillant.fr/articles/rolling-your-own-crypto#level-2-choosing-crypto">“Choosing Crypto”</a>), maybe rolling your
own crypto would be much more possible.</p>
<p>“But Gavin, rolling your own is still Level 3 Crypto.”</p>
<p>Yes, but sometimes, you use “rolling your own crypto” to also mean <a href="https://galois.com/blog/2021/03/actually-you-are-rolling-your-own-crypto/">“choosing
and using standard algorithms.”</a> You know, <a href="https://www.cryptofails.com/post/121201011592/reasoning-by-lego-the-wrong-way-to-think-about">treating crypto like Legos</a>.
Which we’re not supposed to do either, right?</p>
<p>And that brings up a question: why not?</p>
<p>“Uh, well, with crypto, the whole system matters, and uh…”</p>
<p>Yes, I believe you. But why is it that way <em>when it doesn’t have to be?</em></p>
<p>“Oh, but it does!”</p>
<p>And this is the first time I just don’t believe you.</p>
<p>Earlier, I linked to a <a href="https://blog.cryptographyengineering.com/2018/10/19/lets-talk-about-pake/">post about PAKE’s</a>, “password-authenticated key
exchanges,” including <a href="https://eprint.iacr.org/2018/163.pdf">OPAQUE</a>.</p>
<p>They are a nice idea; people use passwords to prove to an online service that
they are who they say they are, <em>without sharing the password!</em></p>
<p>Sounds great! Sounds wonderful!</p>
<p>Sounds like they could be used instead of passkeys, <a href="https://lapcatsoftware.com/articles/2023/5/1.html">with all of their freedom
problems</a>!</p>
<h2 id="so-why-for-the-love-of-all-cute-things-on-earth-are-you-not-raising-cain-and-pushing-pakes-instead-of-passkeys">SO WHY FOR THE LOVE OF ALL CUTE THINGS ON EARTH ARE YOU NOT RAISING CAIN AND PUSHING PAKE’S INSTEAD OF PASSKEYS?!</h2>
<p>“Well, uh, because passwords in PAKE’s are still phishable…”</p>
<p><em><strong>BULL ROAR!</strong></em></p>
<p>Implement OPAQUE in the browser, and it doesn’t <em>matter</em> what site is running a
man-in-the-middle; that password <em>never</em> leaves the user’s machine!</p>
<p>So stop fooling around, get OPAQUE as an official <a href="https://www.ietf.org/archive/id/draft-irtf-cfrg-opaque-02.html">RFC</a>, and put it in the
browser!</p>
<div class="warning">
<p>Yes, I’m really mad! Passkeys could be the chains the imprison me and my loved
ones!</p>
</div>
<p>Okay, I get it, I could be misunderstanding the point of PAKE’s. I’m sure that
if I am, you all can argue that fact effectively.</p>
<p>Instead, you all are arguing in circles about whether or not there was a math
mistake in Kyber’s security level!</p>
<p>Yes, DJB, I <em>tried</em> to read your treatise. Ain’t nobody got time for that!</p>
<p>Make it short and punchy. And don’t spike the punch.</p>
<p>Anyway, I bet that part of the reason other cryptographers are still debating
whether there was a mistake or not is because your post is too long to
effectively read.</p>
<p>Make it accessible, and you might kill two birds with one stone.</p>
<p>As for the rest of you cryptographers, why is there still a debate about Kyber?
Go over the math, figure it out; the rest of us can’t do <em>anything</em> until you
do.</p>
<p>Which just means we’ll be vulnerable to quantum computers for longer.</p>
<p>Yes, your bickering is making us all <em>less safe!</em> That goes for you, DJB, and
that goes for everyone else.</p>
<p>Focus on the <em>truth</em>! What algorithms are the cheapest, and <em>easiest to
implement</em>, while being safe enough?</p>
<p>DJB, if that means your submission is not the best, you had better cool your ego
and <em>deal</em> with it. Being <em>actually</em> correct is far more important than being
<em>thought</em> correct.</p>
<p>Because again, <strong>not knowing what is true in crypto is perilous.</strong></p>
<p>And for the rest of you, if that means his really is the best, well, we’re all
just going to have to deal with the <a href="https://lwn.net/Articles/681616/">impending crypto monoculture</a>, aren’t
we?</p>
<p>Now, you all may say that you’re trying to understand DJB’s argument, and if you
are, good. (Seriously, DJB, can you distill it down?)</p>
<p>But once you <em>do</em> understand it and help the <em>rest of us</em> to understand it, you
all and DJB need to amicably shake hands, acknowledge that you hate each other
but that you won’t let that get in the way of being professionals, and then
crack each other’s algorithms like professionals because the best revenge would
be to find that juicy break.</p>
<p>“Oh, we don’t hate each other.”</p>
<p><a href="https://infosec.exchange/@tqbf/111230462365795132">I’ve</a> <a href="https://infosec.exchange/@tqbf/111226273523090131">seen</a> <a href="https://news.ycombinator.com/item?id=32365259">how</a> <a href="https://news.ycombinator.com/item?id=32368598">you</a> <a href="https://news.ycombinator.com/item?id=32365679">all</a> <a href="https://mastodon.cr.yp.to/@djb/111228217237315611">talk</a> <a href="https://mastodon.cr.yp.to/@matthew_d_green@ioc.exchange/111227604741551751">about</a>
<a href="https://mastodon.cr.yp.to/@matthew_d_green@ioc.exchange/111227637925544338">each</a> <a href="https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/W2VOzy0wz_E/m/UGeTmPCqBAAJ">other</a> and <a href="https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/W2VOzy0wz_E/m/Ck4A39cZBAAJ">to</a> <a href="https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/W2VOzy0wz_E/m/_uo1vP7bAAAJ">each</a> <a href="https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/W2VOzy0wz_E/m/yzZEoM6vAAAJ">other</a>.</p>
<p>If that’s how you speak in public, I can only <em>imagine</em> the animosity in
<em>private</em>.</p>
<p>And to speak on that last email specifically: DJB, sure, the NIST appears to be
stonewalling you in that thread, but before that, they did say <a href="https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/W2VOzy0wz_E/m/wPCPWx23BQAJ">they wouldn’t
engage any further</a>.</p>
<p>Is that good? No, and I don’t like what they did there. I do lay part of the
blame on them.</p>
<p>But I still lay some blame on you. Here’s why: did you have <em>proof</em> before you
went forward with the accusations?</p>
<p>After all, <strong>not <em>knowing</em> what is true in crypto is perilous.</strong></p>
<p>This may sound stupid, but I’m sure someone of your level could have implemented
Kyber-512 and started <em>measuring</em>. After all, Linux has some great profilers,
including ones which measure memory cost.</p>
<p>So take a deep breath, go back, and redo everything. If you were wrong, please
do as suggested <a href="https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/W2VOzy0wz_E/m/5WDY6YE_BAAJ">here</a> and retract your accusation.</p>
<p>The rest of you, well, you should measure too. Quite frankly, as a programmer
with a bit of experience, your numbers about memory access seem like they may
have been pulled out of nowhere. Where is that justification coming from?</p>
<div class="note">
<p>Okay, never mind, after reading <a href="https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/W2VOzy0wz_E/m/r4kEgxuBAAAJ">this</a>, those numbers make more sense.</p>
<p>Mea culpa.</p>
</div>
<p>And saying things <a href="https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/W2VOzy0wz_E/m/nz2LQeghBQAJ">like this</a>:</p>
<blockquote>
<p>“ML-KEM-512 is useful” is more important than “we can’t quite agree on how to
count its bits of security”.</p>
</blockquote>
<p>seems overly optimistic; we need to know the exact number, or at least a hard
lower bound!</p>
<p>Anyway, please apologize to each other and start re-engaging as professionals.
And do the math and the measuring.</p>
<p>That said, if DJB is wrong, and it turns out he started this drama without proof
and solely because of ego, I think I tentatively support the proposal
<a href="https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/W2VOzy0wz_E/m/E7m6PtLdAAAJ">here</a>, except that instead of a ban for life, DJB would have to show that
he has capped his ego to acceptable levels.</p>
<p>Which DJB, please do, even if they don’t kick you out. As a fellow blunt speaker
(hey, I’ll admit it), that’s part of why NIST is not engaging with you.</p>
<p>In my experience, people only started taking me seriously after I <a href="https://gavinhoward.com/2022/04/i-believe-zig-has-function-colors/">put down the
flames</a> and <a href="https://gavinhoward.com/2023/02/why-i-use-c-when-i-believe-in-memory-safety/">wrote seriously</a>.</p>
<p>Because the funny thing about persuasive writing is that you do have to
<em>persuade</em>. And the funny thing about people is that if you attack them, they
get defensive and tend to <em>reject</em> logic; persuasion never works at that point.</p>
<p>Yes, I know I’m guilty of that here. I’m not a great writer, and this letter is
hard because I have to walk a fine line between smacking you all hard enough
that you’ll get my point, but also making it clear that I believe in you all.</p>
<p>And I do! I’ve trusted you <em>this</em> far, and if you all correct things, I’m
willing to trust you going forward.</p>
<p>But until you do, this drama is making me nervous.</p>
<p>Unfortunately, one thing that makes me especially nervous is the <a href="https://mastodon.cr.yp.to/@matthew_d_green@ioc.exchange/111227640856435353">off-hand
dismissal</a> of DJB’s concerns about the NSA, which <a href="https://mastodon.cr.yp.to/@djb/111040184736711694">appear to have</a> <a href="https://mastodon.cr.yp.to/@djb/111040315369205737">some
foundation</a>.</p>
<p>I agree with <a href="https://mastodon.cr.yp.to/@phf@social.sdf.org/111228631676900103">this user</a>, who said:</p>
<blockquote>
<p>So they have a terrible history but this time they’re playing it straight?
Based on what? Gut feeling? I am sorry but that’s about as useful to the
interested outsider as Dan’s claims. Seems to me the safe bet is to use crypto
that’s been well-designed but far away from the NSA/NIST folks.</p>
</blockquote>
<p>Cryptographers, you are right that DJB shouldn’t cry wolf when there’s no wolf,
but having NSA people on the NIST competition team is a <em>real</em> wolf.</p>
<p>I understand that there’s a possibility that they could have done nothing
nefarious, but dismissing the possibility by saying it’s “unlikely” is nigh
negligent.</p>
<p>And that brings me to you, NSA. <em>You</em> are the reason this is a problem. Not DJB,
not other cryptographers. <em>You</em> caused this.</p>
<p>Matthew Green is right when <a href="https://ioc.exchange/@matthew_d_green/111227865578874178">he says</a>:</p>
<blockquote>
<p>What’s so aggravating to me is that the NSA holds a vast amount of the US (and
global) cryptanalytic knowledge. We need them to weigh in on these new
algorithms, which will ultimately be used to secure US classified data and
military secrets.</p>
<p>And yet, by interfering with and sabotaging cryptography in the past, the NSA
has utterly destroyed its credibility with the scientific world. This is
ultimately enabling the current campaign against NIST’s PQC standardization
effort, and the result could be really harmful to global infosec.</p>
<p>I think the academic community could benefit from less cynical exploitation of
this fact. But the NSA is still ultimately to blame for where we are.</p>
<p>Whatever benefits the agency got from its sabotage campaign in the past were
short-term and ephemeral. But the damage is cumulative and lasting — like
spending too much time in the sun.</p>
</blockquote>
<p>Like <a href="https://en.wikipedia.org/wiki/Icarus">Icarus</a>.</p>
<p>So you done messed up, and you have to accept that fact. You have to <em>act</em> like
it.</p>
<p>Unfortunately, Matthew Green is also right when <a href="https://mastodon.cr.yp.to/@matthew_d_green@ioc.exchange/111227843902006362">he says</a>:</p>
<blockquote>
<p>The problem here is that NSA has a fabulous amount of our national
cryptanalytic knowledge. Since what we’re debating here will ultimately be the
algorithms used by NSA and the US DoD, it’s essential that they weigh in on
these new algorithms.</p>
<p>And of course their opinions are based on classified knowledge so there has to
be trust. And what’s so frustrating is that they destroyed that trust in the
past. The result is what’s happening right now.</p>
</blockquote>
<p>In other words, you, the NSA, <em>need</em> to weigh in, but you have also lost the
trust to weigh in.</p>
<p>How do we square that circle?</p>
<p>I think the answer lies in crypto history, in a paper called <a href="https://eprint.iacr.org/2015/1018.pdf">“A Riddle Wrapped
in an Enigma”</a>:</p>
<blockquote>
<p>The first time the NSA publicly and decisively gave support to ECC occurred at
a meeting of the American National Standards Institute (ANSI) in December
1995. The backers of RSA at the meeting were casting doubt on the safety of
ECC-based protocols; in the mid-1990s a page called “ECC Central” on the RSA
website carried statements by leading personalities in cryptography that
characterized ECC as untested and based on esoteric mathematics. The
nontechnical industry representatives on the ANSI committee were impressed by
the RSA argument. As the heated debate continued, the NSA representative left
to make a phone call. When he returned, he announced that he was authorized to
state that the NSA believed that ECC had sufficient security to be used for
secure communications among all U.S. government agencies, including the
Federal Reserve. People were stunned. In those days the NSA representatives at
standards meetings would sit quietly and hardly say a word. No one had
expected such a direct and unambiguous statement from the NSA. The ECC
standards were approved.</p>
</blockquote>
<p>So why does this work? The key is to remember that we only need one bit of
information from you as the NSA: would you be willing to use a cryptosystem for
<em>your</em> own stuff?</p>
<div class="note">
<p>In this context, “your own stuff” also includes all communications of the US
Federal Government.</p>
</div>
<p>If you are, then chances are we common folk can trust that answer because as
much as you want to read <em>our</em> stuff, you don’t want others to read <em>your</em> stuff
<em>more</em>.</p>
<p><em>That’s</em> all you should give. Nothing else. Just one single bit of information.</p>
<p>And until then, you should go to your corner and play alone, quietly. You don’t
have the right to play with the cool kids even though you’re <em>more intelligent</em>;
<em>trust</em> is more important than <em>intelligence</em>.</p>
<div class="warning">
<p>Actually, NSA, that’s a good general lesson for you: you will better serve your
mission if you did the hard work of <em>earning</em> trust back, not just from
cryptographers, but from the average American, than you would by the extra
intelligence gleaned from the shady and unconstitutional tactics you use now.</p>
<p>And the worst part is that when I was younger, I wanted to work in cryptanalysis
for you, but I can never do that because I will never support your activities.</p>
</div>
<p>Er, ahem, I got a little sidetracked.</p>
<p>For the rest of you all, let’s figure out the math and ensure that the hard
lower bounds are proven. I don’t care if Kyber has the most security as long as
it has enough.</p>
<div class="note">
<p>I want one with 256 bits, but I’ll accept one with a 128-bit <em>hard lower bound</em>.
No fudging with “Oh, it’s <em>almost</em> as hard as AES-128.”</p>
</div>
<p>But I also wonder whether these primitives are okay. Because if <em>you</em> can’t
figure out the math, maybe it’s too complex? If you all struggle, where’s the
hope for mere mortals such as myself?</p>
<p>In my opinion, the best crypto primitives are, in order:</p>
<ol>
<li>Hard for classical <em>and</em> quantum computers.</li>
<li>Simple to implement, including without side channels.</li>
<li>Easy to understand.</li>
</ol>
<p>If lattices are the best of what we’ve got, fine. But maybe there’s some
notoriety to be found in finding a new crytposystem family?</p>
<div class="note">
<p>Hint, hint.</p>
</div>
<p>Now, where was I? Oh, yeah, I was talking why I don’t believe that
<a href="https://www.cryptofails.com/post/121201011592/reasoning-by-lego-the-wrong-way-to-think-about">cryptosystems can’t be assembled like Legos</a>.</p>
<p>My reason for this, and it might be shaky, is OPAQUE.</p>
<p>I’ve read the OPAQUE paper. I’ve read the RFC draft. I’ve read and studied <a href="https://toc.cryptobook.us/"><em>A
Graduate Course in Applied Cryptography</em></a> far enough to <em>almost</em> convince
myself that the OPAQUE security proof is sound.</p>
<p>And one thing that strikes me about OPAQUE: the security proof relied on
<em>properties</em> of primitives, not primitives themselves.</p>
<p>This is <em>excellent!</em> This means that <em>properties</em> are more important than
<em>primitives</em>.</p>
<p>But more importantly, it means that, in order to use a particular primitive with
OPAQUE, you don’t need to prove the cryptosystem as a whole; you just need to
prove the <em>primitive</em>.</p>
<p>This is what <em>A Graduate Course in Applied Cryptography</em> does; it builds up
proofs using properties, and then it proves that some primitives have, or don’t
have, those properties.</p>
<p>In other words, <em>A Graduate Course in Applied Cryptography</em> shows that treating
primitives like Legos <em>is possible</em>, and OPAQUE is the first existing proof of
that fact.</p>
<div class="note">
<p>That I’ve seen.</p>
</div>
<p><em>That’s</em> why I don’t believe you on this; you have already proven yourselves
wrong!</p>
<p>Even better, this points the way to a better way to learn cryptography.</p>
<p>Let’s go back to Loup Vaillant’s <a href="https://loup-vaillant.fr/articles/rolling-your-own-crypto">levels of cryptography</a>:</p>
<ol>
<li><a href="https://loup-vaillant.fr/articles/rolling-your-own-crypto#level-1-using-crypto">“Using Crypto”</a></li>
<li><a href="https://loup-vaillant.fr/articles/rolling-your-own-crypto#level-2-choosing-crypto">“Choosing Crypto”</a></li>
<li><a href="https://loup-vaillant.fr/articles/rolling-your-own-crypto#level-3-implementing-crypto">“Implementing Crypto”</a></li>
<li><a href="https://loup-vaillant.fr/articles/rolling-your-own-crypto#level-4-inventing-crypto">“Inventing Crypto”</a></li>
</ol>
<p>We want to make it as easy as possible to climb that ladder.</p>
<p>So how easy could it be to get someone to Level 1? I think it could be as easy
as learning a list of protocols to use, such as <a href="https://gist.github.com/tqbf/be58d2d39690c3b366ad">Cryptographic Right
Answers</a>, with a few tweaks to focus on high-level protocols such as:</p>
<ul>
<li>The standard encryption protocol for encryption. (Use asymmetrical encryption
to bootstrap symmetric encryption, authenticate, encrypt-then-MAC, don’t use
ECB, etc.)</li>
<li>OPAQUE for passwords.</li>
<li>How to generate random numbers. (<code>/dev/urandom</code>, <code>BCryptGenRandom()</code>, etc.)</li>
<li>Etc.</li>
</ul>
<p>This is only possible if these high-level protocols are implemented in an
easy-to-use form.</p>
<p>But they do have to be implemented <em>a lot</em>; every language needs its own
easy-to-use implementation. Sometimes that may mean FFI to a C library;
sometimes, that may mean direct implementation like <a href="https://filippo.io/">FiloSottile</a> is doing
for Go.</p>
<p>But those libraries have to be easy to get, easy to build/import, and impossible
to misuse. I’m talking <a href="https://blog.codinghorror.com/falling-into-the-pit-of-success/">pits of success</a> here.</p>
<p>When done right, that should be all required to get a programmer to Level 1, and
the world would be <em>far</em> better for it because this would be all that’s
necessary for the <em>vast</em> majority of programmers.</p>
<p>But getting to Level 2 should be just as easy: in order to “choose” crypto, all
they should be required to learn are</p>
<ol>
<li>Properties,</li>
<li>The kinds of primitives that exist, and</li>
<li>The actual primitives that provide those properties.</li>
</ol>
<p>Yes, that’s it! All they need to learn is <em>what is important</em>, what can
<em>provide</em> that, and <em>how</em> those things fit together.</p>
<div class="warning">
<p>For you non-cryptographer programmers reading this, it is <em>crucial</em> that you
still learn what kinds of primitives exist; some Legos can only be used for
certain things, and the same applies here.</p>
</div>
<p>If you have built up protocols properly, relying only on proven properties
rather than direct primitives, this should be the point at which a programmer
<em>can</em> Lego cryptosystems together.</p>
<div class="note">
<p>And on that note, why has not one of you taken the step of actually proving the
“standard” encryption protocol like OPAQUE was?</p>
<p>Seriously, set up the standard protocol, prove it using <em>properties</em> and then
people can just put in certain primitives in certain places.</p>
<p>Or have you, and I just don’t know? Do the proofs in <em>A Graduate Course of
Applied Cryptography</em> count?</p>
</div>
<p>This does mean that we need <em>fantastic</em> implementations of various primitives in
<em>all</em> languages, of course, along with protocol implementations that can plug in
various primitives.</p>
<p>But if we had that, this would remove 99% of all other use cases; programmers
with special requirements would be able to grab the primitives they need and
Lego them together without fear.</p>
<p>And cryptographers, you all could sleep easy knowing that crypto stupidity the
world over is fading.</p>
<p>Anyway, what about getting to Level 3? I think that that is where the difficulty
<em>should</em> ramp up.</p>
<p>But I would also break Level 3 into two sublevels.</p>
<p>Level 3.1 would be about implementing <em>protocols</em>, and to do that, a programmer
should learn:</p>
<ul>
<li>How to read and evaluate proofs (this is both for evaluating systems and for
understanding the “why” of things like <a href="https://moxie.org/2011/12/13/the-cryptographic-doom-principle.html">encrypt-then-MAC</a>, for example),</li>
<li>How to break cryptosystems,</li>
<li>How to <em>exactly</em> implement a protocol from a spec (a skill that would serve
them well elsewhere too!),</li>
<li>How to thoroughly test cryptosystems, and</li>
<li>Probably other things that real cryptographers are welcome to correct me on.</li>
</ul>
<p>Once there, <em>they</em> could implement high-level protocols and leave the primitives
for those at a higher level.</p>
<p>Level 3.2 would be about implementing <em>primitives</em>, and to do that, a programmer
should learn:</p>
<ul>
<li>How to break primitives,</li>
<li>How to test primitives,</li>
<li>What side channels are and what kinds there are,</li>
<li>How to avoid them, and</li>
<li>Probably other things that real cryptographers are welcome to correct me on.</li>
</ul>
<p>Once there, they could implement primitives.</p>
<p>And of course, Level 4 can stay where it is with all of you PhD’s and
researchers. Have fun <a href="https://news.ycombinator.com/item?id=37759760">staring into randomness</a>.</p>
<p>Heh, this letter went everywhere, didn’t it?</p>
<p>I meant to spark correction regarding the <a href="https://en.wikipedia.org/wiki/NIST_Post-Quantum_Cryptography_Standardization">PQC Competition</a>, but I guess I
had a lot on my mind after studying cryptography for so long with little to
show.</p>
<p>The ironic thing about this letter is that, despite it stemming from my desire
to enter the crypto world, it will probably make me a pariah.</p>
<p>Oh well, and I understand. But it’s because I care about the security and
safety of everyone’s information. And I care about reducing crypto stupidity.</p>
<p>I’ll be the first to admit that <em>I am not immune to criticism!</em> There are <em>tons</em>
of things here that you cryptographers can condemn. Please do. I would love it
if cryptographers everywhere jumped on a bandwagon to clarify the truth.</p>
<p>After all, <strong>not knowing what is true in crypto is perilous.</strong></p>
<p>But there is one thing that you cannot criticize or correct, and that is <em>my
view</em> of what’s happening. Sure, I may be wrong about what’s going on, but this
letter is about what I see.</p>
<p>At least I didn’t immediately believe <a href="https://www.newscientist.com/article/2396510-mathematician-warns-us-spies-may-be-weakening-next-gen-encryption/">this</a>, but it still looks bad from
the outside.</p>
<p>…And now I’m guilty of writing a treatise, just like DJB! Four thousand words,
one quarter of the size.</p>
<p>Sigh…I’m sorry. I revised as much as I could. I understand if you don’t read
it.</p>
<p>…Maybe that’s a good thing for me; then I won’t be a pariah!</p>
<p>Er, ahem, so long, and thanks for all the crypto!</p>
<p>Truly. Thank you.</p>
<p>Gavin Howard</p>
<div class="footnotes" role="doc-endnotes">
<hr>
<ol>
<li id="fn:1">
<p>A email to myself from Loup Vaillant. <a href="#fnref:1" class="footnote-backref" role="doc-backlink">↩︎</a></p>
</li>
</ol>
</div>He Who Gives Up Correctness for Performance Deserves Neitherhttps://gavinhoward.com/2023/10/he-who-gives-up-correctness-for-performance-deserves-neither/Gavin D. Howard2023-10-22T00:57:15-06:002023-10-22T00:57:15-06:00Someone was wrong on the Internet about correctness vs performance, and I decided to vent.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Hackers, programmers, anyone in a
software-related job. Discuss on <a href="https://news.ycombinator.com/item?id=37973434">Hacker News</a>.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Extremely confident, even a little smug. Hey,
I’m only human.</p>
</div>
<div class="warning">
<p>I am angry. My <a href="https://insideout.fandom.com/wiki/Anger">anger</a> took over, and I am writing a blog post, even though I
tried to mellow out.</p>
<p>So yeah, expect some verbal fire and brimstone; Sodom and Gomorrha are lonely.</p>
</div>
<h2 id="the-introduction">The Introduction</h2>
<p>Earlier today, I was on <a href="https://news.ycombinator.com/">Hacker News</a>.</p>
<div class="paragraph red_text">
Strike one.
</div>
<p>I saw a <a href="https://news.ycombinator.com/item?id=37967257">post</a> about <a href="https://blog.regehr.org/archives/213">undefined behavior (UB) in C</a>.</p>
<div class="paragraph red_text">
Strike two.
</div>
<p>I saw someone complaining a technique I use and decided to comment.</p>
<div class="paragraph red_text">
Strike three. I’m out.
</div>
<p>The resulting conversation was terribly depressing and infuriating.</p>
<h2 id="the-technique">The Technique</h2>
<p>So…what is this technique that I must vigorously defend? It <em>has</em> to be
life-changing, right? Surely, it <em>must</em> be the secret to life, the universe, and
everything, yes? After all, only something like that would deserve the negative
energy and subpar post I’m now writing, no?</p>
<p>Um, well, no…</p>
<p>I use <em>unsigned</em> integers, not <em>signed</em> integers.</p>
<div class="note">
<p>“Uh, Gavin, what are unsigned and signed integers?”</p>
<p><em>Signed</em> integers can go <em>negative</em>, i.e., they can have a negative “sign.”
<em>Unsigned</em> integers cannot go negative.</p>
<p>That’s good enough for this discussion. Now get off my lawn!</p>
</div>
<p>I even go so far as to implement <a href="https://git.yzena.com/Yzena/Yc/src/commit/80af8c2bd6a87fb549a35eab52fa0840d057309d/include/yc/arith.h">my own arithmetic</a> to simulate signed
<a href="https://en.wikipedia.org/wiki/Two's_complement">two’s-complement arithmetic</a>.</p>
<h2 id="the-destroyer">The Destroyer</h2>
<p>“That’s it? So what?”</p>
<p>Ah, if only. No, there are three more facts you must know:</p>
<ol>
<li>Just about every operation on signed integers can result in UB.</li>
<li>Conversely, almost every operation on unsigned integers <em>cannot</em> result in
UB.</li>
<li>UB can cause anything to happen.</li>
</ol>
<p>In other words, if you use signed integers, then every <code>+</code>, <code>-</code>, <code>*</code>, <code>/</code>, <code>>></code>,
and <code><<</code> you write can blow up your program.</p>
<p>Oh, never mind, it can <a href="https://web.archive.org/web/20210508125532/https://twitter.com/m13253/status/1371615680068526081">blow up</a> <a href="https://godbolt.org/z/1q1bjn">your computer</a>.</p>
<p>The <a href="https://thephd.dev/c-undefined-behavior-and-the-sledgehammer-guideline">post</a> we were discussing was about the “Sledgehammer Principle,” which
says that UB takes a sledgehammer to the part of the program that executed UB.</p>
<p>I believe that the author, JeanHeyd Meneide, is good at what he does. And he is
on the committee that standardizes C.</p>
<p>But Mr. Meneide is terribly, awfully wrong about this. UB is not a sledgehammer;
it is a <em>nuclear holocaust!</em></p>
<p>After UB, <em>anything</em> can happen; the program and the computer may be dead.</p>
<p>Or we all might be dead because</p>
<ul>
<li>the AI controlling the nuclear arsenal executes some UB,</li>
<li>which leads to light off of clouds looking like a hostile missile launch,</li>
<li>which leads the AI to launch a “counter” attack,</li>
<li>which leads to a <em>real</em> missile launch.</li>
</ul>
<div class="note">
<p>What? Too unrealistic? Nah, <a href="https://en.wikipedia.org/wiki/1983_Soviet_nuclear_false_alarm_incident">it almost happened</a>.</p>
</div>
<p>So why? Why is undefined behavior in C like this? After all, Java, Go, Rust, and
others have undefined behavior too; what makes C (and C++) so special?</p>
<p>Well, there’s one more fact that you need to know: compiler authors for C are
fans of <a href="/2023/08/the-scourge-of-00ub/">00UB</a>.</p>
<p>00UB, as I define it, is the idea that UB is licensed to kill.</p>
<div class="note">
<p>“Kill what, Gavin?”</p>
<p>Anything. Programs, computers, people, all living life, the <a href="https://www.youtube.com/watch?v=cFslUSyfZPc&pp=ygUca3Vyc2dlemF0IGRlc3Ryb3kgYmxhY2sgaG9sZQ%3D%3D">nearest black
hole</a>. Whatever it can reach out and touch.</p>
</div>
<h2 id="the-villians">The Villians</h2>
<p>Who are the villians of this James Bond wannabe reconned story?</p>
<p>Well, this spy better look in the mirror and suicide deep six MI6 because he and
his handlers are the villians.</p>
<p>Yes, that’s right: compiler authors are the villains.</p>
<p>Compiler authors, who I shall call <a href="https://en.wikipedia.org/wiki/SPECTRE"><code>SPECTRE</code></a> (<a href="https://meltdownattack.com/">very appropriate</a>),
like 00UB because they can use it as an excuse to destroy your code so that they
look impressive on benchmarks.</p>
<blockquote>
<p>Oh, your program had UB? I’ll just <a href="https://lwn.net/Articles/342330/">delete that <em>crucial check for
<code>NULL</code></em></a>! No biggie.</p>
</blockquote>
<blockquote>
<p>Oh, your code had an infinite loop? Well I looped the loop over your hard
drive to <a href="https://godbolt.org/z/1q1bjn">wipe it</a>. Your machine should run faster now, in more ways than
one, so I did you a favor!</p>
</blockquote>
<p>Because all they care about is all the accolades from all the people who love
all the raw speed. All of it.</p>
<p>In fact, every last bit of it; they want to go <em>so</em> fast that they’ll make their
compilers exorcize massive sections of code.</p>
<p>“Oh, just be a better programmer and avoid UB!” they’ll say.</p>
<p>So they assume that programmers will actually be <em>superhuman</em> and avoid all of
the teeming traps that would impede Indiana Jones?</p>
<p>Nah, they’re either ignorant or malicious. And to claim ignorance of the foibles
of fleshy fools, as all mortals are, is more brazen than the prows of Roman
<a href="https://en.wikipedia.org/wiki/Quinquereme">quinqueremes</a> <a href="https://en.wikipedia.org/wiki/Battle_of_Cape_Ecnomus">quickly quashing Carthage combatants</a>.</p>
<p>Malicious, they must be.</p>
<p>“That’s too harsh, Gavin!”</p>
<p>Is it? They have indirectly given us at least half of all cybersecurity
vulnerabilities. All to look good on benchmarks.</p>
<p>If fact, John Regehr said it better:</p>
<blockquote>
<p>It is <em>basically evil</em> to make certain program actions wrong, but to not give
developers any way to tell whether or not their code performs these actions
and, if so, where.</p>
<p>– <a href="https://blog.regehr.org/archives/226">John Regehr</a> (emphasis added)</p>
</blockquote>
<p>But surely, there are people who could stop them, right?</p>
<p>Yes, they exist. They are the committee for standard C.</p>
<p>But perhaps as a foreboding, the committee has a wonderfully good name for a
sinister spy syndicate: <a href="https://www.open-std.org/jtc1/sc22/wg14/">WG14</a>.</p>
<p>And so it is; WG14 is made up of the very people they must stop.</p>
<p>Besides <a href="https://web.archive.org/web/20200316050008/https://news.quelsolaar.com/2020/03/16/how-one-word-broke-c/">two</a> <a href="https://news.ycombinator.com/item?id=37970200">people</a>, the committee, as far as I know, tacitly
endorses the view that 00UB is official policy.</p>
<div class="note">
<p>And though JeanHeyd Meneide <a href="https://thephd.dev/c-undefined-behavior-and-the-sledgehammer-guideline#we-blinked-first">claims to be one of the good guys</a>, he is one
of the bad guys because he’s on the committee!</p>
</div>
<h2 id="the-useful-idiots">The Useful Idiots</h2>
<p>JeanHeyd Meneide <a href="https://thephd.dev/c-undefined-behavior-and-the-sledgehammer-guideline#we-blinked-first">claims that users blinked first</a>. That’s false.</p>
<p>The truth is that there were some useful idiots that accepted the narrative
created by <code>SPECTRE</code>; they decided that, yes, performance was <em>everything</em>.</p>
<p>And this is where my conversation on Hacker News appears: I was talking with a
<a href="https://en.wikipedia.org/wiki/Useful_idiot">useful idiot</a>.</p>
<p>Yes, this person seemed to <em>actually</em> believe that performance was more
important than anything else.</p>
<p>He complained about using unsigned integers to avoid UB because it would <em>hurt
optimization!</em> And that was after <em>acknowledging</em> that the possible bugs from
using unsigned integers would be less bad than UB.</p>
<p>(⊙.⊙)</p>
<h2 id="the-punishment">The Punishment</h2>
<p>In the <a href="https://founders.archives.gov/documents/Franklin/01-06-02-0107">spirit of Ben Franklin</a>, those who would give up essential
correctness, to purchase a little <a href="https://meltdownattack.com/">temporary performance</a>, deserve neither.</p>
<p>I hereby order such punishment to be carried out.</p>
<p>And so it is!</p>
<p>Wait, what?</p>
<p>Yep, the punishment has already been carried out.</p>
<p>Of course, <code>SPECTRE</code> may convince themselves that nothing has happened, but I
bet every single one of them has had their data breached from some company
somewhere. And I bet it has happened multiple times, enough that at least <em>one</em>
of the breaches was caused by UB.</p>
<p>But it gets worse; that’s only the <a href="https://news.ycombinator.com/item?id=37968875">visible price</a>.</p>
<p>The invisible <em>cost</em> is something <code>SPECTRE</code> themselves might hate, but they
might not realize that they are the cause.</p>
<p>You see, <a href="/2023/02/why-i-use-c-when-i-believe-in-memory-safety/">I love C</a>. I also despise it, and others do too.</p>
<p>Why? Because it’s “unsafe,” which is code for “bugs will probably cause
structure smashing somewhere.”</p>
<p>This makes people nervous.</p>
<p>It makes me nervous too, but I’ve developed tools to get around it. Everyone
else isn’t so lucky.</p>
<p>What they do instead is create <em>better</em> platforms, ones that keep you safe.</p>
<p>Boom! <a href="https://en.wikipedia.org/wiki/Electron_(software_framework)">Electron</a>.</p>
<p>Which is famous as one of the slowest, bloatiest, disastrous artifacts of
software in existence.</p>
<p>Nevertheless, programmers choose to write their apps using Electron.</p>
<p>And the world mourned.</p>
<p>But it is still <em>better!</em> Because it’s <em>safer</em>.</p>
<p>If WG14 had done their job and <code>SPECTRE</code> hadn’t raised a ruckus for their
rationalization of viral vulnerabilities, and instead, had fixed up the problems
with C, perhaps C would still be the best language to write apps in.</p>
<p>Think of it: it could be safe <em>and</em> fast! But <code>SPECTRE</code> and WG14 decided that
they wanted <em>faster</em>.</p>
<p>So I hereby sentence <code>SPECTRE</code> and WG14 to life imprisonment in an Operating
System written in Electron and order this sentence to be carried out.</p>
<p>Oh, wait, it already has been as well; the operating system is called Google
Chrome.</p>
<div class="note">
<p>Yes, Electron uses Chrome, not the other way around.</p>
<p>Don’t nitpick me for a joke.</p>
</div>
<p>And just like the last punishment, <em>all</em> of us are suffering it.</p>
<h2 id="the-solution">The Solution</h2>
<p>You think I’m being harsh again?</p>
<p>WG14 could have <em>fixed</em> this, <em>long</em> ago. By removing dumb UB from the language
and defining it.</p>
<p>“No, they couldn’t; it’s too ingrained!”</p>
<p>I’m sure there are <em>tons</em> of developers that would hunt them down and glare hard
at them for daring to <em>reduce bugs!</em></p>
<p>“But they couldn’t fix pointers, not without breaking the ABI!”</p>
<p>Bull roar.</p>
<p>There are <code>malloc()</code> implementations that have fast ways of returning the true
size of allocations. Combine that with a language-level construct, and you have
a way to get the length of an array from just the pointer.</p>
<p>So perhaps add something analogous to <code>sizeof()</code>, except it takes a pointer
value and returns the length. Call it <code>lengthof()</code>. Or <code>lenof()</code>, whatever.</p>
<p>So WG14 could add a function to the <code>malloc()</code> set that returns the size, and
<code>lengthof()</code> could take that value and divide it by the size of the type that
the pointer points to; easy way to get the length. No change to the ABI!</p>
<p>“But what about pointers to the stack, Gavin?”</p>
<p>Do you seriously think the language wouldn’t have some way of taking a pointer,
figuring out where in the stack it is, what function it is for, and what
local variable it is for?</p>
<p>“But that would require using the frame pointer!”</p>
<p>So what? That’s a small price to pay for that feature.</p>
<p>Which, by the way, would enable a bunch of other stuff too, like stacktraces and
good swag like that.</p>
<p>“But what about losing optimizations? Does that mean we can’t optimize based on
the absence of UB anymore?”</p>
<p>Yeah, that’s the point.</p>
<p>But if you <em>really</em> must have some optimizations, only assume when the UB is
<em>opt-in</em>, not opt-out.</p>
<p>Here’s what I mean: the <code>restrict</code> keyword is something the programmer has to
<em>explicitly</em> put in the code, and it tells the compiler that the programmer is
taking responsibility for its use.</p>
<p>Thus, <code>restrict</code> is opt-in, and the compiler can go to town.</p>
<p>Signed arithmetic overflow? That’s just normal code; don’t assume.</p>
<p>Is the programmer sharing data across threads? That’s explicit, and thus, it is
opt-in, and the compiler can assume no data races.</p>
<p>Non-terminating loop? At least <em>warn</em>, but for the love of all beautiful things,
<em>don’t</em> just <em>remove</em> them!</p>
<p>At this point, I’m using unsigned types to <em>opt-out</em> of optimizations; that is
backwards.</p>
<div class="note">
<p>And should be common; it shouldn’t be <a href="https://news.ycombinator.com/item?id=37933467">controversial</a>.</p>
</div>
<p>Point being, there are solutions. What gives, WG?</p>
<h2 id="the-conclusion">The Conclusion</h2>
<p>Sigh. I’m sorry for this rant. I’m sick and tired and sick and tired of the mess
we have in software.</p>
<p>But this was a lot of fun to write. And cathartic.</p>
<p>Anyway, 00UB is bad, and the people who push it are bad, and we can still fix
this, and we should.</p>
<p>It’s past midnight; I’m going to bed.</p>Lessons Learned as a User 3: Prepare for the Futurehttps://gavinhoward.com/2023/09/lessons-learned-as-a-user-3-prepare-for-the-future/Gavin D. Howard2023-09-25T23:30:42-06:002023-09-25T23:30:42-06:00In this third post in an ad-hoc series, I talk about why preparing for the future is critical to the survival of software.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Hackers and programmers. Discuss on <a href="https://news.ycombinator.com/item?id=37654897">Hacker
News</a>.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Confident about the principle, confident that
Wayland is the future, not confident in how long that will actually take.</p>
</div>
<p>I prefer minimal distraction in my OS. So I run Gentoo with it set up <em>exactly</em>
the way I want.</p>
<div class="note">
<p>And then get distracted watching compiles. It’s…mesmerizing…😵💫</p>
</div>
<p>One of my most notable departures from everyday Linux is that I run a <a href="https://en.wikipedia.org/wiki/Tiling_window_manager">tiling
window manager</a>.</p>
<p>I do this for several reasons:</p>
<ul>
<li>I can use the keyboard more, which is important for saving my overworked
hands.</li>
<li>I spend less time handling windows. (Yes, I do; with a full desktop
environment, I was dragging windows a lot.)</li>
<li>I spend less CPU and memory.</li>
</ul>
<p>I know the last item seems…dumb, but I found DE’s like KDE and GNOME
constantly spending the equivalent of more than one core at idle.</p>
<p>When fuzzing, which I do a lot of, that’s the equivalent of slowing the fuzzer
down by at least 12.5%, at least on my machine. Over a three-week fuzz run (the
length of my last one), that’s like losing 2 days 15 hours of fuzzing.</p>
<p>With a TWM, I spend about a third of core, while running <code>htop</code>, <code>btop</code>, a music
player, and Firefox. Over the course of three weeks, that loses me about 21
hours.</p>
<p>Anyway, I run a TWM, and based on my dotfiles repo, I added my first TWM config
on 06 Oct 2020, just under three years ago.</p>
<p>That TWM was the <a href="https://awesomewm.org/">Awesome Window Manager</a>.</p>
<div class="note">
<p>Yes, that is its name.</p>
</div>
<p>I <em>love</em> Awesome; it lives up to its name for me. It was so flexible and
hackable that I was able to hack it to work well for me. I even managed to learn
a smidge of Lua from it.</p>
<div class="note">
<p>It’s the sole reason Lua is on my list of <a href="/2023/02/why-i-use-c-when-i-believe-in-memory-safety/#rust-isnt-fun-for-me">programming languages that I have
written code in</a>.</p>
</div>
<p>But there is one thing about Awesome that worries me: <a href="https://github.com/awesomeWM/awesome/issues/159#issuecomment-1046231222">there is no plan to port
it to Wayland</a>.</p>
<p>Why am I worried? Because X11 will die.</p>
<p>Whether I like it or not (and I do not), Wayland is here, and it’s going to be
the future.</p>
<p>Of course, that wouldn’t matter if X11 would never die, but unfortunately, X11
will die. It is <em>inevitable</em>.</p>
<p>People get old and retire from programming. The X11 programmers will get old and
retire eventually.</p>
<div class="note">
<p>If they even still exist!</p>
</div>
<p>Wayland is where the development is happening. The younger programmers are all
working on it and <a href="https://utcc.utoronto.ca/~cks/space/blog/unix/XDeathwatchStarts">not on Xorg</a> because they apparently consider the Xorg
codebase as toxic as a <a href="https://en.wikipedia.org/wiki/Superfund">Superfund site</a>.</p>
<div class="note">
<p>Not sure I blame them, based on things I’ve heard about the <a href="https://en.wikipedia.org/wiki/Inter-Client_Communication_Conventions_Manual">ICCCM</a>.</p>
</div>
<p>Now, people weren’t happy about how Wayland was created; it seems they didn’t
<a href="https://news.ycombinator.com/item?id=31958989">listen to user needs</a> <a href="https://news.ycombinator.com/item?id=31941462">at first</a>.</p>
<p>However, based on a <a href="https://pointieststick.com/2023/09/17/so-lets-talk-about-this-wayland-thing/">more recent blog post</a> and <a href="https://news.ycombinator.com/item?id=37551264">comments</a>, the tide
seems to be turning, at least based on <a href="https://arewewaylandyet.com/">Are We Wayland Yet?</a> and my
<em>feeling</em> on reading the comments.</p>
<div class="warning">
<p>Yes, just a <em>feeling</em>. This was entirely unscientific.</p>
</div>
<p>So I decided that three years in one Window manager was enough, and it was time
for a change.</p>
<p>At least, if I could find a TWM that supported X11 <em>and</em> Wayland because I don’t
want to switch to Wayland just yet.</p>
<p><a href="https://arewewaylandyet.com/">Are We Wayland Yet?</a> had a list, and I recognized two: <a href="https://swaywm.org/">Sway</a> and
<a href="https://qtile.org/">Qtile</a>.</p>
<div class="note">
<p>Recognition mattered to me because that was a good baseline for the possibility
that the TWM would exist and be well-supported.</p>
</div>
<p>Now, there are two kinds of TWM’s: manual tilers and dynamic tilers. Sway is the
former, and Qtile is the latter. I prefer dynamic, so Qtile was ahead at the
start.</p>
<p>Some TWM’s are configured with a an actual programming language, allowing
extensibility and hackability. Some use a homegrown config language that does
not allow hacking as well.</p>
<p>Qtile is written and configured in Python, one of the most hackable programming
languages. Sway, while written in C (which would be more efficient), is
configured with a custom config language (the <a href="https://i3wm.org/docs/userguide.html">i3 config language</a>) that is
not as hackable.</p>
<p>But before I made my decision, I went back to the YouTube channel that convinced
me to try a TWM in the first place: <a href="https://www.youtube.com/@DistroTube">DistroTube</a>. I wanted to see what his
opinion of Qtile vs Sway was.</p>
<div class="note">
<p>I actually checked his opinion of Qtile vs i3 since Sway is just an i3 clone for
Wayland.</p>
</div>
<p>And it turns out that he <a href="https://www.youtube.com/watch?v=xysISs0mcj8">likes Qtile better</a>. In fact, it seems <a href="https://www.youtube.com/watch?v=3EtaUHZZHXw">Qtile is
his current favorite</a>.</p>
<p>This is good, in more ways than one!</p>
<p><a href="https://www.youtube.com/@DistroTube">DistroTube</a> is known for pushing TWM’s, and he pushes a lot of traffic to
them. If he has a favorite, chances are that people will remain interested in
it, making its long-term prospects even better.</p>
<p>So Qtile is a good and obvious choice.</p>
<div class="note">
<p>And even better: when I got on the IRC channel, the devs seemed active, both on
X11 fixes and Wayland support.</p>
</div>
<p>So I spent two days porting my Awesome config. It took a while, and I ran into
some bugs (in my config, not in Qtile), but I got it done. My Qtile config runs
well, and it does basically exactly what my Awesome config did.</p>
<details class="spoiler">
<summary class="spoiler-summary"><b>What were the bugs, Gavin?</b></summary>
<p>Qtile and Awesome are slightly different in how they handle switching between
what Awesome calls “workspaces” and Qtile calls “groups.”</p>
<p>Awesome allows you to directly pin workspaces to certain monitors, which I need
because I have two monitors, one a quarter of the size of the other.</p>
<p>When you try to switch to a group in Qtile, it moves that group to the current
monitor, even if I wanted that group pinned to the other monitor.</p>
<p>But Qtile is so hackable that there is a way to make it behave <em>as though</em>
groups are pinned to each monitor.</p>
<p>The kicker is that doing so requires executing several things in order. Forget
one, and you get weird behavior.</p>
<p>Those were the bugs I ran into: I forgot something important to maintain that
illusion.</p>
</details>
<p>In fact, Qtile is so hackable that I was able to write keybindings based on
<em>mouse position</em>.</p>
<p>This experience taught me an important lesson: if you don’t prepare your
software for the future, it won’t <em>have</em> a future.</p>
<p>Okay, I may have already understood that lesson instinctively (I did write a
<a href="https://git.gavinhoward.com/gavin/bc/src/branch/master/manuals/development.md"><em>massive</em> document</a> in my <a href="https://git.gavinhoward.com/gavin/bc">most famous project</a> just to prepare for the
future), but now, I understand it <em>intellectually</em>.</p>
<p>And as a bonus: hackability is a great feature if done right.</p>The Scourge of 00UBhttps://gavinhoward.com/2023/08/the-scourge-of-00ub/Gavin D. Howard2023-08-18T21:56:25-06:002023-08-18T21:56:25-06:00Compiler authors claim that the possibility of UB is a license to kill. They are wrong. They are not James Bond.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Programmers and hackers. <a href="https://news.ycombinator.com/item?id=37185390">Discuss on Hacker
News</a>.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Confident.</p>
</div>
<h2 id="introduction">Introduction</h2>
<p>So I was part of the founding group of Stack Exchange’s <a href="https://langdev.stackexchange.com/">Programming Language
Design and Implementation</a> site. I joined because I’m designing a language
myself.</p>
<p>At first, things were great. And then came one person.</p>
<p>Now, I respected this person. I like several blog posts on this person’s blog,
which are mostly on programming languages, their design, and how to make best
use of them.</p>
<p>So when I saw this person join, I was happy to hear more from them.</p>
<p>And then…</p>
<p>Well, I saw a question about undefined behavior, and I answered. This sparked a
discussion with this person about undefined behavior.</p>
<p>There seemed to be a lot of misunderstandings; I could not get a handle on what
this person thought UB meant.</p>
<p>I finally figured it out: this person’s definition of UB was not “the language
spec can’t guarantee anything.” Instead, it was “compilers can assume UB does
not exist and optimize accordingly.”</p>
<p><a href="https://www.destroyallsoftware.com/talks/wat">Wat</a>.</p>
<p>This was a moment when things clicked for me. But to explain why and what, I
need to explain some background.</p>
<h2 id="ub-in-c-and-c">UB in C and C++</h2>
<p>UB in C and C++ is roughly defined as “anything can happen.”</p>
<div class="note">
<p>The true quote is “the Standard imposes no requirements.”</p>
</div>
<p>Compiler authors believe that this lets them do whatever they want.</p>
<p>Perhaps they are right, but that is not the question I want to address.</p>
<p>The question is: <em>should</em> compiler authors be able to do whatever they want? I
argue that they should not.</p>
<h2 id="compiler-author-vs-language-user">Compiler Author vs. Language User</h2>
<p>Now, I’m a language designer. I’m a compiler author. You would think I would
have much of the same opinion as other compiler authors.</p>
<p>But I have something different from typical compiler authors: I am a language
user <em>first</em>.</p>
<p>This may seem like no distinction at all, but it is.</p>
<p>The distinction is hinted at Russ Cox’s new blog post <a href="https://research.swtch.com/ub">“C and C++ Prioritize
Performance Over Correctness.”</a> In fact, the hint is in the title: authors
for C and C++ compilers care more about performance than about correctness.</p>
<p>This is the perspective of someone who is a <em>compiler author</em> first.</p>
<p>I call this perspective “00UB” because, like the <a href="https://en.wikipedia.org/wiki/00_Agent">00 agent</a> James Bond, this
perspective claims that UB has a <a href="https://en.wikipedia.org/wiki/Licence_to_kill_(concept)">license to kill</a> code.</p>
<p>Meanwhile, <em>most</em> programmers care more about <em>correctness</em>. By “correctness,” I
mean that they want their code to run the way they think it should run and that
the compiler will be a faithful translator.</p>
<p>This is the perspective of someone who is a <em>language user</em> first.</p>
<p>Don’t believe me? Well, Russ Cox lists some egregarious “optimizations” that
Clang does, and <a href="https://news.ycombinator.com/item?id=37178515">this</a> is the response to one of them.</p>
<p>Programmers <a href="https://news.ycombinator.com/item?id=37178515">do not expect</a> that compilers will remove overflow checks, but
<a href="https://research.swtch.com/ub#overflow">they will</a>.</p>
<p>Programmers <a href="https://research.swtch.com/ub#overflow">do not expect</a> that compilers will remove infinite loops that
do not have side effects, but <a href="https://research.swtch.com/ub#loops">they will</a>.</p>
<div class="note">
<p>Note that those surprised programmers are actually <em>Rust</em> compiler authors.</p>
</div>
<p>Programmers <a href="https://lwn.net/Articles/342330/">do not expect</a> that compilers will remove <code>NULL</code> pointer checks,
but <a href="https://research.swtch.com/ub#null">they will</a>.</p>
<div class="note">
<p>The response of the Linux kernel devs to that GCC optimization was to <a href="https://lwn.net/Articles/342420/"><em>disable</em>
it as much as possible</a> using <code>-fno-delete-null-pointer-checks</code>.</p>
<p>By the way, <a href="https://news.ycombinator.com/item?id=19662624">Linux also uses</a> <code>-fwrapv</code>, <code>-fno-strict-overflow</code>, and
<code>-fno-strict-aliasing</code>.</p>
</div>
<h2 id="basically-evil">Basically Evil</h2>
<p>And so, at the end of that discussion I mentioned earlier, I had the epiphany
that compiler authors for C and C++ have <em>deliberately</em> pushed a definition of
UB that most programmers never even consider before they are burned by it.</p>
<p><em>This</em> is why that person was so adamant that my definition of UB, the one
shared by most unburned programmers, is wrong: this person is a compiler author
first and was consciously trying to push the definition that fit their
worldview.</p>
<p>Unfortunately, C and C++ compiler authors have largely succeeded.</p>
<p>How did they do this? Easy: they control the standard.</p>
<p>Few people think about this, but there is a bunch of actual, breathing people
that have to propose, debate, and incorporate changes to the standard.</p>
<p>There are a lot of people on the C++ committee and a smaller number on the C
committee.</p>
<p>And many of them are compiler authors. In fact, they make up a huge chunk of the
committees.</p>
<p>So despite holding the minority world view, they have managed to <em>force</em> it on
us by fiat because we have to use their compilers. And they have managed to stop
several proposals to remove undefined behavior from standards.</p>
<div class="note">
<p>Including <a href="https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1509.pdf">this one</a>.</p>
</div>
<p>Now, in earlier times when I was more incendiary, I might have said that
compiler authors were malicious. But now…</p>
<p>Wait, compiler authors are creating compilers that <em>deliberately</em> miscompile
code. In fact, a compiler researcher, John Regehr, said,</p>
<blockquote>
<p>It is <em>basically evil</em> to make certain program actions wrong, but to not give
developers any way to tell whether or not their code performs these actions
and, if so, where.</p>
<p>– <a href="https://blog.regehr.org/archives/226">John Regehr</a> (emphasis added)</p>
</blockquote>
<p>So yeah, they <em>are</em> malicious, and I’m not the only one saying so.</p>
<h2 id="what-to-do">What to Do?</h2>
<p>So what do we do?</p>
<p>Well, first, we need to start pushing back on the 00UB definition of UB. We
should all start using <code>-fwrapv</code>, <code>-fno-delete-null-pointer-checks</code>,
<code>-fno-strict-overflow</code>, and <code>-fno-strict-aliasing</code> on Clang and GCC (and the
equivalents on MSVC). And <em>this</em> should become the <em>de facto</em> standard C and
C++.</p>
<p>Chris Lattner, a compiler author who started LLVM, <a href="https://blog.llvm.org/2011/05/what-every-c-programmer-should-know_21.html">concedes</a> that using
those flags is tantamount to using separate dialects. He says that they are
non-portable, but since GCC and Clang are basically the only two compilers for
Unix-like systems, I would consider them portable enough.</p>
<p>Second, someone should create <a href="https://groups.google.com/g/boring-crypto/c/48qa1kWignU/m/o8GGp2K1DAAJ"><code>boringcc</code></a>, a compiler that uses the
definition of UB that most programmers use, and it should be made completely
cross-platform, able to target Windows, Mac OSX, iOS, Linux, Android, the BSD’s,
and any other semi-important platforms.</p>
<div class="note">
<p>Yes, I’ve thought about creating <code>boringcc</code> myself, but I’m busy with other
projects for <a href="https://yzena.com/">my business</a>.</p>
<p>However, if you want <code>boringcc</code>, <a href="https://yzena.com/contact/">contact my business address</a>. If I get
enough interest, I’ll do it because real, tangible interest would convince me
that there is more of a business case for that compiler than my current
projects.</p>
</div>
<p>Third, if you can get on the C or C++ committee, do so; having more voices
against the 00UB worldview would help.</p>
<h2 id="conclusion">Conclusion</h2>
<p>Whatever the case, we need to start pushing back against this perspective; it is
a scourge on our industry, destroying confidence in our code and our compilers.</p>
<p>And compiler authors need to back down from their “evil” perspective.</p>I Have Blocked OpenAIhttps://gavinhoward.com/2023/08/i-have-blocked-openai/Gavin D. Howard2023-08-18T15:20:36-06:002023-08-18T15:20:36-06:00OpenAI published info about its spider. I blocked it. This is why.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Anyone with any opinion about “AI,” especially
LLM’s. <a href="https://news.ycombinator.com/item?id=35696146">Discuss on Hacker News</a>.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Satisfied.</p>
</div>
<p>So OpenAI recently <a href="https://platform.openai.com/docs/gptbot">revealed info about its spider</a>. That information
included its bot name (GPTBot) and its user agent string.</p>
<p>But even more importantly, they revealed the IP address blocks that they would
use.</p>
<p>So I blocked them all.</p>
<div class="note">
<p>I also blocked their spider with <code>robots.txt</code> and my server; they’ve already
added IP blocks, and this is a good backup.</p>
</div>
<p>Why did I do this?</p>
<p>Because I don’t want my material used for training LLM’s.</p>
<div class="note">
<p>Especially my <a href="https://git.gavinhoward.com/">personal code</a> and my <a href="https://git.yzena.com/">business code</a>.</p>
</div>
<p>However, there’s a catch: one of the sites blocked is <a href="https://docs.yzena.com/">https://docs.yzena.com/</a>,
which is the documentation for my <a href="/tag/yzena/">Yzena</a> software.</p>
<p>Most people who think LLM’s are good will probably be stunned; after all, if my
documentation could be crawled, GPTx could answer people’s questions about my
software for me.</p>
<p>But here’s the problem: it will answer them <em>wrong</em>.</p>
<p>You see, my documentation will be thorough. If it doesn’t answer all user
questions, it’s not good enough.</p>
<p>But despite the volume of documentation that will exist, and the good
organization to make that volume searchable.</p>
<p>But still, GPTx should <em>help</em> users, right? Wrong.</p>
<p>Despite the volume of documentation, my documentation would still be just a tiny
blip in the amount of information in the LLM, and it will still pull in
information from elsewhere to answer questions.</p>
<p>And since my software will be unique, anything outside the documentation is
liable to be wrong.</p>
<p>And so I will probably be answering <em>more</em> questions by people misled about my
software than would be saved by GPTx.</p>
<p>I’ll answer honest questions; I delight in serving users.</p>
<p>But I don’t want to have to dispel wrong notions because of a dumb bot using
statistics to pretend to speak.</p>I Have Split My Bloghttps://gavinhoward.com/2023/08/i-have-split-my-blog/Gavin D. Howard2023-08-04T00:01:07-06:002023-08-04T00:01:07-06:00People were demanding I split my blog between personal and professional posts. I did so, and this is why.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Anyone who has ever read my blog at
<a href="https://gavinhoward.com/">https://gavinhoward.com/</a>.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Still feeling weird.</p>
<p>Please don’t post this to Hacker News or any other link aggregation site.</p>
</div>
<p>So about a week ago, I had people railing against me. As usual, it was about my
blog.</p>
<p>Well, I usually try to not listen, but this time, there seemed to be some
genuinely helpful advice: maybe I should split my blog between the professional
stuff and the personal stuff.</p>
<p>But it feels weird to do so because I don’t feel comfortable separating my work
from my faith.</p>
<p>I consulted a few people I trust, and one of them, a man who had a successful
career, pointed out to me that separating the blogs would be less like
separating my faith from my work and more like writing to my audience, something
that is definitely within my ethics.</p>
<p>So I have done it: my blog has been split in two.</p>
<p>The professional one is <a href="https://gavinhoward.com/">https://gavinhoward.com/</a>. The personal one is
<a href="https://gavinhoward.org/">https://gavinhoward.org/</a>.</p>
<p>I have also set up redirects on <a href="https://gavinhoward.com/">https://gavinhoward.com/</a> for all posts that
have been moved to <a href="https://gavinhoward.org/">https://gavinhoward.org/</a>.</p>How Yzena Versions Softwarehttps://gavinhoward.com/2023/07/how-yzena-versions-software/Gavin D. Howard2023-07-10T21:53:12-06:002023-07-10T21:53:12-06:00This is the versioning scheme for Yzena software, especially for the Yc monorepo.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Hackers and anyone interested in Yzena’s
software.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Confident because it’s my choice anyway.</p>
</div>
<h2 id="introduction">Introduction</h2>
<p><a href="/tag/yzena/">Yzena</a> is my business. It’s a software business, obviously.</p>
<p>I have long wondered what versioning system I should use for that software.</p>
<p><a href="https://semver.org/">SemVer (Semantic Versioning)</a> is okay, but not great. It is standard,
though.</p>
<p>But there are other ways.</p>
<p>There’s <a href="https://calver.org/">CalVer (Calendar Versioning)</a>, for example. This one is both new and
familiar to me.</p>
<p>It’s new because I hadn’t heard of it until recently. It’s familiar because it’s
what <a href="https://ubuntu.com/">Ubuntu</a> uses, and Ubuntu was my first Linux distro.</p>
<h2 id="calver">CalVer</h2>
<p>Anyway, CalVer is interesting because it says nothing about how to version
software except to include a date <em>somewhere</em>.</p>
<p>This gives me a lot of flexibility.</p>
<p>In addition, CalVer has two questions to ask:</p>
<blockquote>
<ul>
<li>Does your project feature a large or constantly-changing scope?</li>
<li>Is your project time-sensitive in any way? Do other external changes drive
new project releases?</li>
</ul>
</blockquote>
<p>The answer to the first is yes since it’s a monorepo.</p>
<p>The answer to the second will be yes, even if it’s not obvious. One of the
examples they gave is:</p>
<blockquote>
<p>Business requirements, such as Ubuntu’s focus on support schedules.</p>
</blockquote>
<p>Since this is for a software business, I sincerely hope that Yzena software has
to care about support schedules.</p>
<p>So CalVer makes sense for Yzena software.</p>
<p>So I just need to choose a scheme and be done, right?</p>
<p>Not so fast.</p>
<h2 id="editions">Editions</h2>
<p>One of the CalVer examples they gave was of <a href="https://calver.org/#teradata">Teradata</a>. Teradata has an
interesting scheme that I think the CalVer website describes well:</p>
<blockquote>
<p>Teradata’s usage is notable not for the prominence of the technology or
company, but because there have been multiple releases in 2016 which were
versioned as 15.10. This may seem breaking at first, but the meaning and
utility is clear.</p>
<p>The library maintainers have crafted a resourceful hybrid of semantic
versioning and calendar versioning. The YY.MM part of the version are used as
a combined SemVer major version. That is, for new releases, the API of the
library remains the same as it did in October 2015. Dependent code written
since then is safe to upgrade. We will see the year and month segments update
next time there is a breaking API change.</p>
</blockquote>
<p>I like this, for several reasons.</p>
<p>One, it’s kind of like Ubuntu’s version scheme, and since I care about support
schedules, this seems nice to me.</p>
<p>Two, it’s also kind of like Rust’s edition scheme. I have a programming language
myself, and Rust’s edition scheme seems to be the best for that.</p>
<p>Three, I can make the rest of the version anything I want.</p>
<p>But there is another thing I want from the version: knowing the date a version
was released.</p>
<p>Why? Well, because it makes sense.</p>
<p>For example, SQLite, a project that I want to emulate, always adds the date of a
version after the version. This is a good idea because the user can see how old
the version is.</p>
<p>However, adding it in the documentation means that it is still not part of the
version. If it’s part of the version, there’s no need to add it.</p>
<p>So I’d like to put the date of release in the version.</p>
<p>However, there is yet one more thing I want a version to have: a marker of how
many versions there have been in an “edition.”</p>
<h2 id="scheme">Scheme</h2>
<p>So, without further ado, here is Yzena’s versioning scheme:</p>
<pre tabindex="0"><code>E0Y.E0M.0INC.0Y.0M.0D
</code></pre><p>where <code>E0Y</code> is the zero-padded year for the edition, <code>E0M</code> is the zero-padded
month for the edition, and <code>0INC</code> is the zero-padded, increment version number.</p>
<p>Yes, there are <em>six</em>, <em><strong>SIX</strong></em>, components of the version.</p>
<p>😲</p>
<p>Yeah, I know it’s a lot, but there’s a lot of information there.</p>
<p>So let’s go over it all.</p>
<h3 id="edition-components">Edition Components</h3>
<p>First, there needs to be two parts for the edition because, unlike Rust, I want
the month.</p>
<p>Why? To have finer granularity. And because I expect to release new editions
more than once a year.</p>
<h3 id="version-increment-component">Version Increment Component</h3>
<p>The third component is the number of releases in the edition, starting from 0.</p>
<p>This means it <em>always</em> increments or drops to 0. It has to change on every
release.</p>
<p>It also tells the user something important: how many times has this edition had
a release?</p>
<p>Yes, this is important. Say I release a <code>23.07</code> edition, and it is still the
active edition 10 years later. If the increment component is <code>01</code>, then people
might rightly question whether the project is alive, but if it is <code>57</code>, then
people will probably understand that the project is alive. And not only that
it’s alive, but that it’s <em>stable</em>.</p>
<p>That component is important because it will show how well-off the project is
when combined with the edition.</p>
<h3 id="release-date-components">Release Date Components</h3>
<p>Finally, the last three components are the release date in year, month, day.</p>
<p>There is one tweak: the year will always be two digits, unlike the real <code>0Y</code> in
CalVer (which will go to three digits for years at or above 2100), because I
don’t expect an edition, much less an increment version, to last 100 years.</p>
<h3 id="why-six">Why Six?</h3>
<p>So…what it sounds like is that there are really three components: edition,
increment, and release date. Why do I still separate the “subcomponents” with
periods?</p>
<p>When it comes to the edition, I do it because Ubuntu does it, but I could be
convinced to not do that.</p>
<p>As for the release date, well, an 8-digit number is just too much.</p>
<h3 id="small-version">Small Version</h3>
<p>At this point, there are people among my readers who are yelling at their
screen. They are the people who package software, whether for a Linux distro or
some other reason.</p>
<p>They are yelling at me because a lot of them work with software that works with
version numbers, and their software probably has to make a few soft assumptions
about what kind of versions exist. I’m pretty sure one of those assumptions is
that there are not <em>six</em> components of a version number.</p>
<div class="note">
<p>Because who in their right mind would have <em>that many</em>?!</p>
</div>
<p>Packagers, I hear you.</p>
<p>I know I already spent many words justifying the version increment, but the
truth is that there was a <em>second</em> reason it always increments or resets: so
that the first three components are sufficient to distinguish the version.</p>
<p>And I will go further: Even though the version control tag will have all
components, I will make sure there are alias URL’s to all downloads that only
use the first three components.</p>
<p>So despite the long version scheme, I will ensure that your packaging works with
just three components.</p>
<p>So please put down your pitchforks!</p>
<p>Oh, and for users, I’ll do the same for URL’s to things like documentation.</p>
<h2 id="conclusion">Conclusion</h2>
<p>So that’s the scheme, and that’s why. I hope it works for you all, whether
users, packagers, or code archeologists.</p>How I Made a Monorepohttps://gavinhoward.com/2023/07/how-i-made-a-monorepo/Gavin D. Howard2023-07-10T16:08:22-06:002023-07-10T16:08:22-06:00A long time ago, I made a monorepo out of several Git repos. This post is my attempt to describe what I did for future generations.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Hackers, Git users, code archeologists, and
anyone who would need to do forensics on Yzena repositories.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Not confident; I don’t have perfect memory of
what I did, but this is the best I’ve got.</p>
</div>
<p>Five months ago, I wrote about how I <a href="/2023/02/a-git-sin-re-signing-an-entire-git-repo/">re-signed a few entire Git repos</a>.</p>
<p>One of the requirements for my process was this:</p>
<blockquote>
<p>It has to deal with a repo that is a bunch of combined repos.</p>
</blockquote>
<p>That requirement was for a reason: on 01 Aug 2020, I finished combining a bunch
of repos into one monorepo.</p>
<p>Originally, <a href="/tag/yzena/">Yzena</a> had a bunch of separate repositories:</p>
<ul>
<li>One for C utilities that all others used.</li>
<li>One for data structures.</li>
<li>One for I/O and filesystem manipulation.</li>
</ul>
<p>and a few others.</p>
<p>Eventually, these separate repositories became unwieldy because it separated
concerns too much, and sometimes, I wanted to access internals of one repo in
another.</p>
<p>So I started thinking about making a monorepo.</p>
<p>I read a lot to make the decision. Most people said that monorepos work best for
tiny teams or massive companies, not inbetween.</p>
<p>Well, I <em>am</em> a tiny team: just one.</p>
<p>Thus, I bit the bullet and decided to combine the repos.</p>
<p>I decided to make the root repo, my C utilities, the monorepo.</p>
<div class="note">
<p>This is why the monorepo is called “Yc.” That name is a stylized abbreviation
for “Yzena C.”</p>
</div>
<p>The first thing I did, at least on most of them, was to put the entire repo
contents in a folder named the same as the repo. So for example, I put all of
the files in the <code>dyna</code> repo in the <code>dyna/</code> folder, which made the <code>src</code> folder
<code>dyna/src</code> in the repo.</p>
<p>This was to help prevent merge problems.</p>
<p>Now, I’m not stupid, so the next thing I did was to completely copy each repo so
that the old versions would be available. And I still have those clones.</p>
<p>Fourth, one by one, I would merge a single repo into the root one using a
command like this:</p>
<pre tabindex="0"><code>$ git merge <repo>/master --allow-unrelated-histories
</code></pre><p>I am not sure if that is the exact command for each one, but one thing I do
clearly remember: I used the <code>--allow-unrelated-histories</code> option.</p>
<p>There were obviously merge problems, and I fixed them manually. I don’t remember
what I had to do.</p>
<p>After that, I had to fix compile errors, where merges were not handled properly.</p>
<p>But that was it.</p>
<p>So what was my purpose to this?</p>
<p>To record what I did for posterity.</p>
<p>My father-in-law is a computer forensic expert, and during a recent vacation, I
was at his house. We were talking about computer forensics, and I realized that
if a forensics expert had to go through Yzena’s monorepo, they would hate me.</p>
<p>By recording what I did, I hope that their work would be easier.</p>
<p>And on that note, if someone does need to do forensics on my monorepo, let me
know, and depending on your purpose, I might send you the original repos to make
forensics easier. After all, comparison with before and after should make it
easy.</p>
<p>This includes the clone of the monorepo from before the re-sign procedure; yes,
I have that too.</p>
<div class="note">
<p>If you need forensics for a lawsuit, I do want to be served with a subpoena. But
if you do that, I’ll happily comply; I just want that for my records and to have
proof that you <em>do</em> need the clones for the purposes of the lawsuit.</p>
</div>
<p>So if you need those clones, <a href="/contact/">let me know</a>.</p>An Apology to the Gentoo Authorshttps://gavinhoward.com/2023/06/an-apology-to-the-gentoo-authors/Gavin D. Howard2023-06-09T00:41:17-06:002023-06-09T00:41:17-06:00I made several mistakes with a PR to the Gentoo authors. I need to apologize.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: The Gentoo authors. And anyone else who would
like to laugh at me. 😊</p>
<p>I don’t think this should be posted anywhere, so please don’t.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Apologetic and embarrassed. Also, not
confident in my checklists <em>at all</em>.</p>
</div>
<h2 id="introduction">Introduction</h2>
<p>I am a Gentoo user. I run Gentoo as my daily driver and server workhorse. I have
for at least two years. You would think I would know what I am doing.</p>
<p>And yet…</p>
<p>I made several mistakes packaging software for Gentoo recently.</p>
<p>My <code>bc</code> is in the package repo. I am the maintainer of the package.</p>
<p>When I last updated the package, I copied the wrong file, which was only caught
by a Gentoo author.</p>
<p>I guess I was just too tired.</p>
<p>Then I started running my own <a href="https://matrix.org/">Matrix</a> server. I needed a desktop client. I
settled on <a href="https://matrix.org/docs/projects/client/neo-chat">Neochat</a>, but the package on Gentoo didn’t have encryption. I
decided to change the package to use Olm, the Matrix cryptographic library.</p>
<p><a href="https://github.com/gentoo/gentoo/pull/31113">I did so.</a></p>
<p>Look at that thread. Look at all of the things I got wrong.</p>
<ul>
<li>I got the license wrong for one of the projects.</li>
<li>I didn’t wire up tests.</li>
<li>I keyworded things wrong.</li>
<li>I missed two dependencies.</li>
<li>I added an unnecessary dependency.</li>
</ul>
<p>This was unbelievable. What a clustermess.</p>
<p>Apparently, I just can’t correctly package software for Gentoo.</p>
<p>I’m sorry. I’m really, <em>really</em> sorry.</p>
<p>Yes, I screwed up.</p>
<p>So I’m going to do a postmortem here.</p>
<p>First, I’m going to continue to maintain the packages you have made me
responsible for, as well as the upstream <code>bc</code>.</p>
<p>Second, I’m not going to request to add any more packages to Gentoo, except at
your request. This includes my own software!</p>
<div class="note">
<p>This is because I’m going to vendor my dependencies, and <a href="https://wiki.gentoo.org/wiki/Why_not_bundle_dependencies">I know you hate
that</a>. But I do have <a href="#explanation-for-vendoring">reasons below</a>.</p>
</div>
<p>Third, because I’m a checklist guy, I’m going to write checklists for adding and
updating packages in Gentoo. You’re welcome to rip them, adjust them, and add
them to the Gentoo Wiki.</p>
<div class="warning">
<p>I do not speak for the Gentoo authors. These lists are not official and are
almost certainly wrong; check the Gentoo Wiki for official versions, if any.</p>
<p>But I doubt they’ll add them because they probably won’t add value for anyone
but me.</p>
</div>
<h2 id="checklist-for-updating-a-package">Checklist for Updating a Package</h2>
<ol>
<li>Copy an ebuild from the previous version.</li>
<li>Add <code>~</code> to <em>all</em> keywords!</li>
<li>Run <code>ebuild <ebuild_file> manifest</code>.</li>
<li>Run <code>ebuild <ebuild_file> compile test install</code>.</li>
<li>Run <code>git add .</code>.</li>
<li>Run <code>pkgcheck scan</code>, fix problems, and repeat as necessary.</li>
<li>Run <code>pkgdev commit</code>.</li>
<li>Run <code>pkgcheck scan --commits</code>.</li>
<li>Double check everything.</li>
<li>Did you <em>actually</em> double-check everything?</li>
<li>Push and open a PR.</li>
</ol>
<h2 id="checklist-for-adding-a-package">Checklist for Adding a Package</h2>
<ol>
<li>
<p>Ensure you can manually build the software that you will package, along with
its dependecies. This will help you find all of the dependencies and build
options.</p>
</li>
<li>
<p>One-by-one, remove a dependency from the build and see what happens. Add it
back before going to the next dependency. This is to ensure that all of the
dependencies are needed, or what changes in the build when the dependency is
missing.</p>
</li>
<li>
<p>Create a VM with a virgin Gentoo install. Seriously. This is to help ensure
that the dependency list for a package is complete. I added a package that
required OpenSSL, which I already had installed, so it built correctly even
though I didn’t add OpenSSL as a dependency.</p>
</li>
<li>
<p>Reread the <a href="https://wiki.gentoo.org/wiki/Basic_guide_to_write_Gentoo_Ebuilds">Basic Guide to Write Gentoo Ebuilds</a>. Select any templates
you need.</p>
</li>
<li>
<p>Review the <a href="https://devmanual.gentoo.org/ebuild-writing/functions/index.html">Ebuild Phase Functions</a> and figure out what you need.</p>
</li>
<li>
<p>Check the <a href="https://devmanual.gentoo.org/eclass-reference/index.html">Eclass Reference</a> for any eclasses that you may use for the
package and its dependencies.</p>
</li>
<li>
<p>Follow steps 8-31 for missing dependencies, one at a time, then for the
package itself.</p>
</li>
<li>
<p>Make sure the Copyright header is at the top and has the current year in it.</p>
</li>
<li>
<p>Make sure you’re using the latest EAPI.</p>
</li>
<li>
<p>Add <code>inherit <eclass_list></code> if you are going to use any eclasses.</p>
</li>
<li>
<p>Set <code>DESCRIPTION</code>.</p>
</li>
<li>
<p>Set <code>HOMEPAGE</code>.</p>
</li>
<li>
<p>Set <code>SRC_URI</code>.</p>
</li>
<li>
<p>Set the license.</p>
</li>
<li>
<p>Did you double check that the license was correct?</p>
</li>
<li>
<p>Put <code>SLOT="0"</code>. If you need separate slots, give up now.</p>
</li>
<li>
<p>Add <code>KEYWORDS="~<your_machine_arch>"</code>. That’s it. The Gentoo authors do not
like it when you add more keywords, and for good reason.</p>
</li>
<li>
<p>Set <code>IUSE="<list_of_use_flags>"</code>. If you don’t already know what <code>USE</code> flags
the package needs, you fail. You should have found that out when building
the software manually. Go back to the beginning and try again.</p>
</li>
<li>
<p>Set <code>DEPEND</code>, if any. If you don’t know all of the dependencies already, you
fail. Feel ashamed. If you don’t feel ashamed, give up. If you felt proper
shame, you can go back to the beginning and try again.</p>
</li>
<li>
<p>Put</p>
<pre tabindex="0"><code>RDEPEND="
$DEPEND
"
</code></pre><p>If you need any extra runtime dependencies, you have chosen violence. Stop
and reconsider your life choices.</p>
</li>
<li>
<p>Put any necessary patches, if any. If you don’t know if you need any, fail.
If you <em>do</em> know, and you <em>do</em> need patches, you have decided to nuke the
world. <a href="https://www.youtube.com/watch?v=Ht9v8YLy-O4&t=1259s">Set up a lightning rod and yell at Zeus instead.</a></p>
</li>
<li>
<p>Add a <code>src_configure()</code> function, if necessary. This will probably be
necessary if you have <code>USE</code> flags. Otherwise, cool your jets, dude.</p>
</li>
<li>
<p>Add any other phase functions. If you need anything other than <code>src_test()</code>,
bring a lawyer because you’re going to have to argue your case.</p>
</li>
<li>
<p>Run <code>ebuild <ebuild_file> manifest</code>.</p>
</li>
<li>
<p>Run <code>ebuild <ebuild_file> compile test install</code>.</p>
</li>
<li>
<p>Run <code>git add .</code>.</p>
</li>
<li>
<p>Run <code>pkgcheck scan</code>, fix problems, and repeat as necessary.</p>
</li>
<li>
<p>Run <code>pkgdev commit</code>.</p>
</li>
<li>
<p>Run <code>pkgcheck scan --commits</code>.</p>
</li>
<li>
<p>Double check everything.</p>
</li>
<li>
<p>Did you <em>actually</em> double-check everything?</p>
</li>
<li>
<p>After all dependencies are done, and the package itself is done, push and
open a PR.</p>
</li>
<li>
<p>Be patient. The Gentoo authors are overworked because of idiots like me.</p>
</li>
</ol>
<h2 id="explanation-for-vendoring">Explanation for Vendoring</h2>
<p>Okay, I promised I would explain why I will vendor my dependencies.</p>
<div class="warning">
<p>I love you, Gentoo authors. I really do. I depend on you, and you have given me
a great experience. You do excellent work, and you’ve saved my bacon several
times.</p>
<p>So when I criticize you here, I hope it comes off nicely; I’m not trying to
lambast you.</p>
</div>
<div class="note">
<p>Also, I have read <a href="https://blogs.gentoo.org/mgorny/2021/02/19/the-modern-packagers-security-nightmare/">Michał’s post</a>.</p>
</div>
<p>First reason I will vendor dependencies: it will be easy because I won’t have
very many. I have carefully chosen <em>three</em>:</p>
<ul>
<li>SQLite.</li>
<li>BearSSL.</li>
<li>Libcurl.</li>
</ul>
<p>I <em>may</em> add one or two more:</p>
<ul>
<li>Zstandard.</li>
<li>XXH3.</li>
</ul>
<p>But I already have a hash, and I may implement a version of Zstandard’s
predecessor, lz4, that allows streaming, so I can easily <em>not</em> have those as
dependencies.</p>
<div class="note">
<p>Yes, I am that obsessive about my dependencies.</p>
</div>
<p>Second, I’m going to test each version of my software with the latest versions
of <em>all</em> of my dependencies, and every time a new version of a dependency comes
out, I will prepare an update to my own just to have the latest version of all
dependencies. This will be complete with full testing using the new dependency.</p>
<div class="note">
<p>I wouldn’t be surprised if I manage to update my software to the new version
before you release the new version of the dependency because I have three, and
you have countless packages.</p>
</div>
<p>Trying to test my code with multiple sets of versions will become combinatoric.
I can’t afford that; it will actually be easier to keep my code up-to-date and
to release extra times than to test multiple versions.</p>
<p>Third, I really disagree that dynamic linking is okay; what if an API changes in
a way that is incompatible at runtime, but compatible at compile-time?</p>
<p>Examples include:</p>
<ul>
<li>Reording <code>enum</code> items.</li>
<li>Reordering function arguments of the same type.</li>
<li>Reordering <code>struct</code> fields.</li>
</ul>
<p>I don’t know how often that happens, but I don’t want my software to cause harm
because a dependency was wrong.</p>
<p>So basically, I’m going to vendor because I know my dependencies, will always
update my code to the latest versions, and will always release a version of my
code to explicitly depend on the latest versions because I only want to test one
set of versions.</p>
<p>Of course, if Gentoo ships the latest of my dependencies and wants to undo the
bundling, I’ll make that possible. But I will also try to make my code error at
compile time if the version does not match the expected version.</p>
<h2 id="conclusion">Conclusion</h2>
<p>I don’t really have a conclusion other than sorry that I screwed up!</p>
<p>Also, love you all; you rock, and I enjoy Gentoo.</p>
<p>Keep calm and compile on.</p>The Most Annoying Math Problemhttps://gavinhoward.com/2023/04/the-most-annoying-math-problem/Gavin D. Howard2023-04-24T21:13:38-06:002023-04-24T21:13:38-06:00There is one math problem I want solved. It annoys me.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Hackers, mathematicians, and cryptographers.
<a href="https://news.ycombinator.com/item?id=37182366">Discuss on Hacker News</a>.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: About as confident as a lone gazelle on the
savannah.</p>
</div>
<p>When I attended university, there was one class that defied all of my
expectations: Theory of Computation.</p>
<p>First of all, it did not have much theory. Second, it had a lot of applied math.
Third, I expected it to be useless, but I came out of that class with two
fantastically important things.</p>
<p>This post is about the first: a math problem that annoyed me.</p>
<p>The problem was the <a href="https://en.wikipedia.org/wiki/P_versus_NP_problem">P versus NP problem</a>, a problem that was ostensibly so
important that it <a href="https://www.claymath.org/millennium-problems">has a million dollar bounty</a>.</p>
<div class="note">
<p>In fact, if P = NP, then all of the other million dollar problems are solved as
well!</p>
<p>This makes it the most important of the million dollar problems.</p>
</div>
<p>And yet, it hasn’t been solved yet.</p>
<p>Since I was young, naive, and cash-strapped college student, the P v NP problem
intrigued me. I spent spare brain cycles on it.</p>
<p>Over time, I graduated, started working, got married, and generally became less
cash-strapped. So I didn’t care about the million dollars anymore.</p>
<p>But…</p>
<p>It still annoyed me. P v NP is central to knowing the <em>soft limits</em> of
computers. It seemed like there was a hole in the bottom of computer science,
and there are a lot of obviously smart people in computer science who could do
something about it but just…didn’t.</p>
<p>Why wasn’t it solved?</p>
<p>I <em>still</em> spent spare brain cycles on it.</p>
<p>But then I ran into an even <em>larger</em> problem.</p>
<p>You see, I started studying cryptography because I wanted to be a <a href="https://loup-vaillant.fr/articles/rolling-your-own-crypto">Level 3
cryptographer</a>.</p>
<p>I learned a lot (and am still learning), but I quickly found out that, like
computer science, cryptography had a hole in its foundation.</p>
<p>Except that this time, it wasn’t just a hole; there was no foundation at all!</p>
<p>The problem is this: no one knows if <a href="https://en.wikipedia.org/wiki/One-way_functions">one-way functions</a> exist.</p>
<p>This may not seem like a big deal, but it’s everything.</p>
<p>First of all, if one-way functions exist, then P ≠ NP, so proving the existence
of one-way functions would solve the P v NP problem.</p>
<p>Second, all of cryptography assumes one-way functions exist.</p>
<p><a href="https://www.destroyallsoftware.com/talks/wat">Wat</a>.</p>
<p>Cryptography didn’t start out with a lot of proofs, but it has grown that over
time.</p>
<div class="note">
<p>Take the <a href="https://everyoneneedsencryption.gavinhoward.com/">OPAQUE</a> protocol. It has a strong proof of correctness.</p>
</div>
<p>Just about every proof in cryptography has assumptions.</p>
<p>The vast majority are practical. Most of them are about that attacker’s
power/abilities. Some are about the lack of information leaks elsewhere. A few
might be more about mathematical axioms.</p>
<p>And underlying them all is an implicit assumption: that there are some functions
that cannot be easily reversed without some specific knowledge.</p>
<p>That’s right; we don’t know if cryptography actually <em>works</em>. It may not, and
the NSA might be laughing at us as they read <em>everything</em>.</p>
<p>Why does this matter?</p>
<p>Well, if <em>any</em> computable function could be easily reversed, for some definition
of “easy,” then it doesn’t matter what you encrypt; the attacker can just
reverse the mathematical function of encryption without the specific knowledge
you have: the key.</p>
<p>Voilà! No encryption is effective.</p>
<p>It’s a terrifying prospect to contemplate.</p>
<p>And yet, we have based our modern economies on this assumption. The world
<a href="https://everyoneneedsencryption.gavinhoward.com/">depends on cryptography</a>!</p>
<p>You could not safely move money over the Internet without it. You could not keep
your information safe. You could not keep governments at bay.</p>
<div class="warning">
<p>If governments <a href="https://www.globalencryption.org/2023/04/statement-on-eu-us-cooperation-against-encryption/">tell you</a> that they need weak cryptography to catch bad guys,
remember: they really want it to watch <em>you</em> because the bad guys won’t use
the weak cryptography.</p>
</div>
<p><em>That’s</em> why this problem annoys me: everything depends on it.</p>
<p>I want <em>someone</em> to prove one-way functions exist, and I want it done in such a
way that we could make unbreakable cryptographic primitives <em>by construction</em>.</p>
<p>I know, I’m a dreamer.</p>
<p>I’m also spending spare brain cycles on the problem, even though I’m stupid.</p>
<p>But why am I tackling <em>this</em> problem instead of the easier P v NP problem?</p>
<p>Because I think it might be easier to solve.</p>
<p>Honestly, it’s probably because of my stupidity that I think proving one-way
functions exist may be easier than cracking the P v NP problem.</p>
<p>But I see P v NP as more difficult because if P ≠ NP, you need to prove that
there is <em>no</em> algorithm to solve an NP problem quickly. That’s gobs harder than
finding one counterexample.</p>
<p>Solving the one-way functions problem would entail finding one, just <em>one</em>
counterexample: a function that cannot be reversed without knowing all or some
of the original inputs, for all possible inputs.</p>
<p>This sounds hard, but there’s already an example of solving this kind of
problem: <a href="https://www.gcsu.edu/sites/files/page-assets/node-808/attachments/brodkorb.pdf">Alan Turing and the Entscheidungsproblem</a>.</p>
<p>Alan Turing proved that some functions are not computable. He proved that some
functions will cause a computer, a Turing Machine, to never halt.</p>
<p>“Well, that’s all good. Doesn’t that prove that one-way functions exist?”</p>
<p>No. Uncomputable functions are impossible for the attacker <em>and the defender</em>!</p>
<p>We need a function that is computable for defenders and impossible for
attackers.</p>
<p>But I think that’s the key: if someone could construct a reversible Turing
Machine that will halt in reverse when given the right input(s), but never halt
when given the wrong input(s), <em>that</em> could be a great first step to proving
that one-way functions exist.</p>
<p>The second and final step would be to prove that there cannot exist a Turing
Machine that could return the correct input(s).</p>
<p>Yes, this is like what is required for proving the P v NP problem, but I think
it will be easier because the Turing Machine could be constructed in a way to
make it impossible to compute the function any other way by ensuring that all
candidate Turing Machines never halt.</p>
<p>In other words, I believe we can customize the Turing Machine to the proof to
make it easier.</p>
<p>Now, why am I giving away my current thoughts, even if it means someone beats me
to a million dollars?</p>
<p>Because it probably won’t work.</p>
<p>But also because I want this proven!</p>
<p>Go ahead, use my ideas! Prove that one-way functions exist! Please!</p>
<p>I want this <a href="https://www.urbandictionary.com/define.php?term=mind+virus">mind virus</a> gone!</p>AI Evangelists Scare Mehttps://gavinhoward.com/2023/04/ai-evangelists-scare-me/Gavin D. Howard2023-04-24T21:10:10-06:002023-04-24T21:10:10-06:00In which I learn that AI evangelists only care about bringing forth their version of Utopia.<div class="warning">
<p><strong>Please see the <a href="/about/#disclaimer">disclaimer</a>.</strong></p>
</div>
<div class="note">
<p><a href="https://v4.chriskrycho.com/2018/assumed-audiences.html"><strong>Assumed Audience</strong></a>: Artists, hackers, and anyone affected by “AI”
models. If you are, and you want to do something, please fight back. One way to
do so is to support <a href="https://matthewbutterick.com/">Matthew Butterick</a>’s <a href="https://githubcopilotlitigation.com/">two</a>
<a href="https://stablediffusionlitigation.com/">lawsuits</a>.</p>
<p><a href="https://news.ycombinator.com/item?id=35696134">Discuss on Hacker News</a>.</p>
<p><a href="https://v5.chriskrycho.com/journal/epistemic-status/"><strong>Epistemic Status</strong></a>: Confident.</p>
</div>
<p>I just had an email conversation with an AI evangelist. It opened my eyes.</p>
<p>This particular evangelist, <a href="https://github.com/rom1504">Romain Beaumont</a>, came to my attention with a
<a href="https://news.ycombinator.com/item?id=35681085">Hacker News post</a> about a <a href="https://github.com/rom1504/img2dataset/issues/293">request for Beaumont to allow website operators
to opt-in to his scraping tool</a>.</p>
<p>If you don’t follow that link, let me summarize it: his image scraping tool does
<em>not</em> respect <code>robots.txt</code> and instead, has a <a href="https://github.com/rom1504/img2dataset#opt-out-directives">custom opt-out procedure <em>for
website operators</em></a> that the user of the tool can disable!</p>
<p>In other words, he gave users of his tool a way to opt-out of the opt-out!</p>
<p>Well, he locked the thread before I got to it, so I decided to email him since
his email was public.</p>
<p>Now, Beaumont did not give me permission to post the email conversation we had.
so I’m only going to summarize using his publicly available writing.</p>
<p>His refusal to give permission is ironic though, because while he didn’t give
permission, Beaumont claims that it’s unethical to have opt-in rather than
opt-out for scraping:</p>
<blockquote>
<blockquote>
<p>Why not be a good netizen and make it so it only works on sites that have
opted in? I’m happy to give you a PR to do that, if you like?</p>
</blockquote>
<p>That would be unethical, you can read the readme to understand why.</p>
</blockquote>
<blockquote>
<p>Letting a small minority prevent the large majority from sharing their images
and from having the benefit of last gen AI tool would definitely be unethical
yes.</p>
</blockquote>
<p>Let me clarify that for you: Beaumont believes it is unethical to prevent users
from using <em>your</em> work however <em>they</em> want just because you post it on your
website.</p>
<div class="note">
<p>Yes, this includes if you put “All rights reserved.”</p>
</div>
<p>That’s scary.</p>
<p>Why does he believe this? The clue lies in the last post he made on <a href="https://github.com/rom1504/img2dataset/issues/293">the
request</a>:</p>
<blockquote>
<p>It is sad that several of you are not understanding the potential of AI and
open AI and as a consequence have decided to fight it.</p>
</blockquote>
<p>In other words,</p>
<p class="img">
<a href="https://d1avok0lzls2w.cloudfront.net/uploads/academy/52827f1a67d786.30081841.jpg" class="img">
<img src="https://d1avok0lzls2w.cloudfront.net/uploads/academy/52827f1a67d786.30081841.jpg" alt="You will be assimilated. Resistance is futile." aria-label="You will be assimilated. Resistance is futile." class="center" />
</a>
</p>
<p><a href="https://memory-alpha.fandom.com/wiki/The_Best_of_Both_Worlds_(episode)">“Freedom is irrelevant. Self-determination is irrelevant. You must comply.”</a></p>
<p>That’s <em>terrifying</em>!</p>
<p>He seemed to think that AI was a pure good and that it should be pushed forward
<em>regardless</em> of the consequences.</p>
<p>When I mentioned some problems, like no attribution, he said that they could be
fixed.</p>
<p>If so, why were they not fixed before companies released them?</p>
<p>The truth is that AI is a black box and that their creators don’t understand
them. <a href="https://www.youtube.com/watch?v=30jNsCVLpAE&t=2173s">You can’t fix what you don’t understand.</a></p>
<p>Even worse, they are black boxes that we use to make decisions for us.</p>
<p>IBM once had a <em>fantastic</em> opinion about computers making decisions:</p>
<blockquote>
<p>A computer can never be held accountable. Therefore, a computer can never make
a management decision.</p>
<p>– <a href="https://twitter.com/swiftonsecurity/status/1385565737167724545">IBM Slide</a></p>
</blockquote>
<p>And it gets worse: companies will use that to diffuse and destroy liability:</p>
<blockquote>
<p>If AI companies are allowed to market AI systems that are essentially black
boxes, they could become the ultimate ends-justify-the-means devices. Before
too long, we will not delegate decisions to AI systems because they perform
better. Rather, we will delegate decisions to AI systems because they can
get away with everything that we can’t. You’ve heard of money laundering?
This is human-behavior laundering. At last—plausible deniability for
everything.</p>
<p>– <a href="https://matthewbutterick.com/chron/will-ai-obliterate-the-rule-of-law.html">Matthew Butterick</a></p>
</blockquote>
<p>Do you want to live in that world? I don’t.</p>
<p>Yet AI evangelists seem to think that those bad things will just not happen, as
though AI itself can’t be used for bad.</p>
<p>That’s either malice or wishful thinking.</p>
<p>In the case of Beaumont, I’m inclined to think there’s no malice, mostly because
he talks as though AI will benefit us:</p>
<blockquote>
<p>You will have many opportunities in the years to come to benefit from AI. I
hope you see that sooner rather than later. As creators you have even more
opportunities to benefit from it.</p>
</blockquote>
<p>I told him that it’s all well and good if he’s right because if it is, AI will
happen over my protests and the protests of others, and everything good will
come to pass. People like me will just slow it down enough to make people think
and <em>work</em> through problems, rather than dismissing them as “more training
needed.”</p>
<p>But if he’s wrong, and he is, it will be <em>catastrophic</em>, even for AI
evangelists.</p>
<p>So I will not go quietly into the night. I will show that AI will <em>not</em> increase
the “uniqueness” of art and other content. I will refuse to engage and become an
island unto myself and show that human content is, and will always be, king.</p>
<p>And if people try to use my work, I will fight every step of the way, even if I
have to go to law school myself.</p>
<p>I will <em>not</em> be assimilated.</p>