Egregoros

Signal feed

David Chisnall (*Now with 50% more sarcasm!*)

@david_chisnall@infosec.exchange

I am Director of System Architecture at SCI Semiconductor and a Visiting Researcher at the University of Cambridge Computer Laboratory. I remain actively involved in the #CHERI project, where I led the early language / compiler strand of the research, and am the maintainer of the #CHERIoT Platform.

I was on the FreeBSD Core Team for two terms, have been an LLVM developer since 2008, am the author of the GNUstep Objective-C runtime (libobjc2 and associated clang support), and am responsible for libcxxrt and the BSD-licensed device tree compiler.

Opinions expressed by me are not necessarily opinions. In all probability they are random ramblings and should be ignored. Failure to ignore may result in severe boredom and / or confusion. Shake well before opening. Keep refrigerated.

Warning: May contain greater than the recommended daily allowance of sarcasm.

No license, implied or explicit, is granted to use any of my posts for training AI models.

Posts

Latest notes

The recent post criticising Free Software advocates for advocating user-modifiable software and then being annoyed at LLMs annoys me and the reason is best illustrated by this analogy:

Public-transport advocates spend years advocating for a connected public-transport infrastructure, where it’s easy to take a small combination of busses, metros, trams, and trains to get from anywhere to anywhere. The network would be efficient and operated as a non-profit-making public good, making individual movement cheap (or, ideally, free). They work with municipalities to build out some of this infrastructure, persuade national governments to invest in the longer routes, and so on.

Someone comes along with a massive subsidy for a handful of private taxi companies to hire a bunch of drivers and give free (paid for by investors) ride to everyone. The drivers are immigrants who don’t speak the language very well, which is great for the taxi companies because they are easy to exploit (they are, in fact, underpaid and put in dangerous situations routinely). The owners of the taxis are pocketing a load of investor money for every ride though.

When you get in one of these taxis, there’s a 90% chance they’ll take you where you want, a 9% chance they’ll take you somewhere nearby, and a 1% chance they’ll just drop you off in a dangerous part of town. A bunch of people are mugged and a few more murdered as a result of this, but the companies aren’t liable. The investors behind this tell everyone ‘don’t bother learning to drive, there’s no point, our taxis will take you anywhere, for much less money!’. At the same time, ridership on existing public transport drops off, leading to calls to cut its funding and there are mass redundancies for bus drivers and so on. The taxis are all diesel and heavily polluting, leading to worse air quality everywhere they go. To make sure that they can pick people up easily, the ones not actively giving rides are constantly circulating, placing huge strain on road infrastructure and further increasing pollution.

And then someone says to those public-transport advocates: ‘this is what you wanted, why are you unhappy just because it’s not delivered in the way you imagined?’

@alice

I now live somewhere civilised, where someone saw my partner and I riding a tandem and felt the need to roll down the window and shout ‘you two are so fucking cute!’ as he drove past, but before I moved here:

I have long wavy hair and often wear long black coats, so look quite feminine from behind. The number of people who would roll down their window to catcall as they went past, then see the front of me and realise that they had just catcalled a boy was… a lot. And this was especially fun when they had other people in the car, because you can bet that was a cat full of homophobes.

@feld @phnt @giacomo

The FSF was not a large enough organisation to deter infringers in the case I was directly involved with and they do have a track record of going after infringers. And, unfortunately, copyright assignment meant that they were the only people who could go after infringers.

What might work is a CLA, or even license clause, that allows multiple parties to go after infringers (have standing to sue as designated agents of the copyright holder) and requires that they split the proceeds with the copyright holders on a fixed ratio, with legal fees coming out of their part. That would incentivise other groups to chase down any instance of infringement in hope of a payout.

I’d be very nervous of putting something like this in a license as complex as any of the FSF’s though, because it would also incentivise chasing individuals who accidentally infringed and would immediately settle because they wouldn’t be able to afford to go to court.

One of the problems with using copyright law to protect end users (the FSF’s strategy) is that only the copyright holder has standing to sue, but they are not the ones harmed by violation. If I release a GPL’d program, and you buy something containing a derived work that doesn’t respect the license and (for example) contains some easily fixed bug that you cannot fix due to this violation, you are harmed but I am the one who has standing to sue.

But rather than do any of this, what I want is to build systems where end users can easily modify and extend them and create an ecosystem where closed proprietary products can’t compete because users expect and actively exercise the rights to modify and redistribute software. Requiring users to understand a complex license before they exercise the rights that are the thing that differentiates Free Software from non-Free software provides a barrier to their exercising these rights, which composes with any technical barriers.

@feld @giacomo

To be fair, it’s not uncommon for lawyers to be able to give a definitive answer. They will often say things like ‘the court will weigh these things and it depends on which one they consider most important’.

And this is why contracts and licenses should follow consensus and not try to set it. If two parties think they agree, the contract formalises it and helps them avoid misunderstandings and provides a framework for resolution if there are problems later. If two parties disagree, attempting to reconcile that with a contract or license is just a way of ensuring that some lawyers down the line make a load of money from both of them.

@feld @phnt @giacomo

There’s also the problem that defending it is expensive. They refused to defend the license for one FSF project I was involved with because they didn’t think the risk / reward calculation made sense. Which means that FSF licenses on GNU projects don’t apply to you if you have enough money to look like you can make going to court very expensive. On individual-run projects, they don’t apply to anyone willing to simply ignore them because individuals can’t afford to take violators to court.

@whitequark

This is very close to where I parted ways with the FSF. There's always a tension between enabling people to create the desirable thing and enabling people to make the undesirable. Their view is that it should be very hard to make the undesirable thing, and slightly easier to make the desirable thing. My view is that you should make it so easy to make the desirable thing that people always have a choice and then, once the desirable thing exists, you can apply other pressures to get rid of the undesirable thing.

I don't think deskilling is the right framing for a lot of these things, it's about where you focus cognitive load. There's a line from the Stantec ZEBRA's manual (1956) that says that the 150-instruction limit is not a real problem because no one could possibly write a working program that complex. Small children write programs more complex than that now. That's not a loss to the world, the fact that you don't have to think about certain things means you can think about other things, such as good algorithm and data structure design.

There was research 20ish years ago comparing C and Java programs and found that the Java programs tended to be more efficient for the same amount of developer effort, because Java programmers would spend more time refining data structure and algorithmic choices and improve entire complexity classes, whereas C programmers spend the time tracking down annoying bug classes that are impossible in Java and doing microoptimisations. Of course, under time pressure, Java developers will simply ship the first thing that works and move onto new features rather than doing that optimisation. C programmers would take longer to get to the MVP level and their poorly optimised code was often faster than poorly optimised Java.

I see LLMs as very different because they don't provide consistent abstractions. A programmer in a high-level language has a set of well-defined constraints on how their language is lowered to the target hardware and can reason about things, while allowing their run-time environment to make choices within those constraints. Vibe coding does not do this, it delegates thinking to a machine, which then generates code that is not working within a well-defined specification. This really is deskilling because it's not giving you a more abstract reasoning framework, it's removing your ability to reason.

Letting people accomplish more with less effort, in an environment where their requirements are finite, ends up shifting power to individuals, because it reduces the value of economies of scale.

@giacomo @whitequark

I think you're misunderstanding my point. The FSF decides to promote the creation of Free Software (a goal I agree with) by creating complex licenses.

Developing software reusing software under any license requires understanding the license. The FSF's licenses are sufficiently complex that I have had multiple conversations with lawyers (including some with the FSF's lawyers) where they have not been able to tell me whether a specific use case is permitted. This places a burden on anyone developing Free Software using FSF-approved licenses, because there are a bunch of use cases that the FSF would regard as ethical, but where their licenses do not clearly permit the use.

It places a larger burden on people doing things that the FSF disapproves of. They have to come up with exciting loopholes. Unfortunately, it turns out that this isn't that hard and once you've found a loophole you can keep using it. The FSF responds with even more complex licenses.

EDIT: To be clear, the FSF and I have very similar goals. I just think that their strategy is completely counterproductive. Complex legal documents empower people who can afford expensive lawyers. We're increasingly seeing companies using AGPLv3 to control nominally-Free Software ecosystems.

Apparently I missed that Tony Hoare died last week.

I think the first time I met Tony was when we were both on the same panel. The Psychology of Programming Interest Group (PPIG) conference arranged a panel with some people from their community and two relative outsiders. They didn’t tell me until I turned up that there were only two and I was the one without a Turing Award or a knighthood. I was, as you might imagine, somewhat intimidated by this. Tony was amazing. He made me feel like we were just two peers in the subject, each with valid opinions to contribute.

I spent a few years with my office a couple of doors down from his. He was always happy for people to drop in and chat. I went to him with questions periodically and always learned something. Rarely an answer to my question, but always something interesting.

A huge loss to the field.

I have a load of kitchen utensils made of silicone. They’re great: heatproof so you can leave them in the pan, poor thermal conductors so doing so doesn’t burn your hands, and soft so they don’t damage non-stick things.

But I remain in awe of whichever materials scientist looked at stone and said ‘this is great, but it would be better if we made it squidgy’ and then did it. Who looks at stone and decides it should be squidgy?

@lain @soatok @inex

That's not uncommon in C. The Java Native Interface has a design rationale document that says that it doesn't, for example, check null pointers because it's impossible to check for the general case of invalid pointers.

I don't really agree with this philosophy, but it did provide a nice showcase for CHERI (the JNI was explicitly designed to not be a trust boundary, so being able to turn it into a defensible one was great).

Is there any way in #FreeBSD of adding extra REQUIRES lines to RC scripts without modifying the script? I have an iscsi export that is exported over WireGuard. The iscsi scripts start after the network is up, but not after WireGuard starts. And so they try to bind go an IP that doesn't yet exist and fail (similar problems on the client and server, with different failure modes) and require manual prodding. I really want a thing in rc.conf or similar to be something like iscsid_extra_requires="wireguard" or similar.