It is a "no brainer"!

Thursday, 14 July, Year 8 d.Tr. | Author: Mircea Popescu

Consider :

mircea_popescu Did you check/sign the copies ?
mod6 They are not signed at this time. The build script in its current form will pull the dep from and check the SHA512 against what is hardcoded into the script. If it matches, we continue, if not we die. I could create a clearsigned manifest that could reside on that could be also pulled down, verified and used.

mircea_popescu Hm. Yeah what I'm thinking is, since this "we gotta import crap" thing is going to continue, might as well put some sort of deed process into it.
mod6 I'm a bit hesitant to "sign" a file outright that I don't have carnal knowledge of -- say openssl - at least without a disclaimer that says "I am only confirming the SHA512 of this artifact is ABCDEF1234... This does not mean that I have read that code and it ``fits in head''."

mircea_popescu Hence why it'd be a deed rather than a v diff.
mod6 So was thinking a clearsigned manifest could do the trick there.

mircea_popescu Yeah, it would in this instance, but it'll become unmanageable in short order. Because it's not just one such item.
mod6 So, a clearsigned manifest that holds the URL and the SHA512 that I attest is correct then, deedbotted?

mircea_popescu What i'm thinking is : the binary/payload in question, base64'd, deedbotted, and the build script modified to take an optional parameter to "allow deedbot import from known signatures" and then it can have a $ifdef for "buildoot"="deed.soandso", and it knows that if the flag is on, it goes to where deed so and so is and checks it, debases it, unzips it etc. Make any sense ? Could have a standard disclaimer up top, have it ignore #s or w/e.
mod6 One caveat here, I want this to be the last release of the build script -- so I don't wanna do any heavy lifting here. Would rather put such effort into the makefiles instead.

mircea_popescu Makefiles also works yes. I'm thinking more in the mid term than for the next version necessarily. At least this'd allow some basis for proper management of this mess, rather than current adhocness. (I'm not saying you're making a mess, I'm just saying - we're stuck with all this grandfathered in bullshit, such as boost, openssh, who the fuck knows what else even. Qt ffs.)
mod6 Makefiles will also solve alf's complaint about "shouldn't pull these from the web at all."


asciilifeform What has mircea_popescu been smoking?? There is no qt in TRB. The deps are strictly: 1) gcc 2) some libc (musl works ok) 3) boost 4) openssl 5) bdb.

mircea_popescu Just sayin'! At some point, there actually was, iirc, or was it the xwidgets w/e that thing is called ?
asciilifeform Before the great cleansing.

mircea_popescu I was making a point omaigerd.

Now test yourself : what point was I making, omaigerd ?

Once you have the answer, consider this :

mircea_popescu asciilifeform does it wurk ?
asciilifeform not yet
asciilifeform fighting with db
asciilifeform mircea_popescu wordpress barfs MOUNTAINS of 'deprecated: xxxxxxxxxx'
asciilifeform php crapolade.
mircea_popescu yup.
asciilifeform it fills MOST OF THE SCREEN
mircea_popescu i've been ignoring it ever since accidentally got upgraded.

mircea_popescu <<< o lord have mercy.
assbot: php - Error with .htaccess and mod_rewrite - Stack Overflow ... ( )
BingoBoingo: Yeah. Czars go to Yale and Honchos either come from A&M or community college
mircea_popescu they changed how shit works because why not ?
punkman: I always wonder how people end up with that kind of title mismatch
punkman: mircea_popescu wow that's retarded
mircea_popescu no shit.
mircea_popescu revolutionarizing!
liquidassets: Engaging meatwot fun
mircea_popescu omfg and 5mb of error log.
mircea_popescu replaces E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT that apparently GETS IGNORED ANYWAY with E_ERROR and fu.☟
mircea_popescu jesus php is a pos.

Now then : we're not supporting just TRB. The emerging blog platform, for instance, is stuck importing LAMP. The whole billion+ lines of code, produced and controlled by our enemies. It's not even a case of vague "they might" fuck things up, "maybe", "sometime". Nothing of the kind : they have. They do. All the damned time, everywhere, they do, and they openly and avowedly intend to keep doing it.

Of course, from their point of view they're not actually evil, you realise. They "just want to", and in their confused minds such magic incantation makes everything a-ok.

One derivation up, the management structure that ensures they get just nothing at all and also keep wanting to perpetually, broadly known as USG but in practice a bunch of dimwitted business majors (in whose loving memory the idiotic expression in the title was preserved) encounters in practice a very simple problem : being late is an absolute. You have in fact broken the schedule. It is now a later time than that alloted for ticking tickbox T, and the tickbox T's not ticked! Meanwhile, delivering good code is a relative. They can't read it, moreover "there's no such thing as perfect software" and all that. In the conflict between an absolute and a relative, the absolute wins - it's a no brainer! Consequently, the solution whereby broken software is shipped on time seems like a perfect solution from the management's point of view. Leaving the loophole of "we can always update it / issue a fix later" somewhat satisfied senior engineers, which is to say the sparse few jwz that would perhaps be in a position to rock the boat a little if they actually managed to pull their heads out of their asses for long enough to gargle.

So here we are : software shipped broken on one end, as a guaranteed, universal phenomenon, and "required updates" as a process, baked into the very structure of things. Does this array of flotsam require static linking be disposed of ? No problem! You don't understand the logic ? That's because you don't understand how the world works! Apple could buy Russia! English speaking "software engineers" in their own minds could engineer software. Could! They could! Sure, they also aren't, nor haven't, for decades. But.They.Could.

It has to be fucked, somehow. This nonsense can't stand, and if its coming down takes flying an aeroplane into every single building taller than three stories today extant or in the future devised, it's a small price to pay, and it's getting done.

Get the fuck out of the way - if you're not part of the solution, you're the fucking problem. Every single day, day after day after day.

Comments feed : RSS 2.0. Leave your own comment below, or send a trackback.
Add your cents! »
    If this is your first comment, it will wait to be approved. This usually takes a few hours. Subsequent comments are not delayed.