From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ian Grant Newsgroups: gmane.lisp.guile.devel Subject: Re: Verifying Toolchain Semantics Date: Sat, 4 Oct 2014 21:35:09 -0400 Message-ID: References: <87mw9dfz8l.fsf@netris.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Trace: ger.gmane.org 1412472922 20522 80.91.229.3 (5 Oct 2014 01:35:22 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 5 Oct 2014 01:35:22 +0000 (UTC) Cc: guile-devel To: Mark H Weaver , Markus Kuhn Original-X-From: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Sun Oct 05 03:35:17 2014 Return-path: Envelope-to: guile-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XaajE-0008JR-SO for guile-devel@m.gmane.org; Sun, 05 Oct 2014 03:35:17 +0200 Original-Received: from localhost ([::1]:45819 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XaajE-0003O6-7q for guile-devel@m.gmane.org; Sat, 04 Oct 2014 21:35:16 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:57552) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XaajA-0003NW-P9 for guile-devel@gnu.org; Sat, 04 Oct 2014 21:35:14 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xaaj9-0006B4-6P for guile-devel@gnu.org; Sat, 04 Oct 2014 21:35:12 -0400 Original-Received: from mail-wg0-x233.google.com ([2a00:1450:400c:c00::233]:41901) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xaaj8-0006Ay-Rj for guile-devel@gnu.org; Sat, 04 Oct 2014 21:35:11 -0400 Original-Received: by mail-wg0-f51.google.com with SMTP id b13so4074216wgh.10 for ; Sat, 04 Oct 2014 18:35:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=xs+T33RVecB7Xh6Cx4KvHvO2BPEeQp9xT6CYYLMlroY=; b=ouyyfAPboZVZYle5vXcP+QSh/B05y/LxHiaRwr3LPs7lVbo3PJWS1HWg92aOV2fPS0 vpfx3pYPsraef4Y3sQpEW/3xwvWl57wyvrlx8m37LicPJCp78pgSEdpAmoiTIJwsGG1f +3YMPEdtKRqA0FcWHE7B62sH8ochjLC/P2KNor90QzWRbl+Kq9bMyq+DJcGhn4m6Lhiw SQtmR7/DJ/yFd6WwGimxrRg9rhAHNMKWlkCVOy25WQHticClUv+3Nh6ZaCKIY2uUtxnf iWmp7/cwIACa0iIL7eeVsohryFlIBT/nL0OWxSLqxwJkE3L8MWrca2Enshkm0qPUIaEn 7Vag== X-Received: by 10.180.211.230 with SMTP id nf6mr9036470wic.47.1412472909846; Sat, 04 Oct 2014 18:35:09 -0700 (PDT) Original-Received: by 10.194.77.49 with HTTP; Sat, 4 Oct 2014 18:35:09 -0700 (PDT) In-Reply-To: <87mw9dfz8l.fsf@netris.org> X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:400c:c00::233 X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Original-Sender: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.lisp.guile.devel:17539 Archived-At: On Fri, Oct 3, 2014 at 2:23 AM, Mark H Weaver wrote: >> http://livelogic.blogspot.com/2014/10/the-foundation-part-i.html > I downloaded the PDF linked in that blog entry and attempted to view it > using Emacs's docview mode, which reported that the pdf->png process > died with a segfault. This means that there is a bug in that program. PDF (or ISO 32000) is a well-defined text file format. See http://www.adobe.com/devnet/pdf/pdf_reference.html So no software tools should ever segfault reading a PDF file. Even one that contained a trojan program. If the software were properly designed and written then it would be _impossible_ for there to be a trojan in a PDF file. > It's ironic that someone who claims to be so concerned with security > steadfastly refuses to provide his most important essays in a simple, > transparent format. Instead, he insists to distribute them in an opaque > format that can only be interpreted by a small handful of very complex > programs with a large attack surface. The "attack surface" is indeed huge, but only because of the shoddy standards of the software developers who implement it! > For that matter, it's also interesting that someone concerned about > Thompson viruses would suggest that Guile should distribute it's > compiler in the form of pre-compiled intermediate C code (compiled from > Scheme) instead of bootstrapping from source code, in order to speed up > the compilation process. I have already explained why this is an invalid argument. It is also hypocritical, because the guile source distribution already includes over 50,000 lines of intermediate shell script. This is unintelligible (I have tried reading ./configure, there are these functions which construct strings of 512 backslashes, and stuff like that, and _no_ explanation for why that is necessary!) On the contrary, the intermediate code I suggest shipping need not necessarily be unintelligible. It would be very clear, and quite concise. For an example (in Standard ML) of the sort of code-generating code I am talking about, see http://livelogic.blogspot.com/2014/07/writing-assembler-using-standardml.html Basically, the inductive structure of the parser and interpreter will still be very clear in the application of the assembler-generating primitives. Now Standard ML is nothing much more than than typed scheme, with a _very_ powerful "module system" which has a sound formal basis in constructive logic: an ML functor application is essentiallya formal correctness proof. So we could quite easily translate Standard ML to scheme, and the generated scheme would be perfectly readable and auditable. > I've wasted more time than I should have reading Ian's writings, looking > for an answer to this apparent contradiction in his views, and I haven't > found it. You have indeed wasted your time, because the contradiction is not in my writing, it's only in your own mind. > While we're on the subject of paranoid theories, here's one for you: > maybe Ian Grant's true motive is to induce some of the most important > developers of free toolchains and the Linux kernel to load PDFs that > infect their computers with malware, in order to subvert our core > infrastructure. Well, if I do succeed in distributing malware, it will be a good demonstration of what I have been arguing for months now, which is that your "core infrastructure" is _very,_ _very_ flaky, and that far from being "the most important developers," you are in fact just part-time amateur hackers playing at your 'hobbies'. What I am trying to do here is wake you people up from what will otherwise prove to be terminal sleep. This is not a hobby, you are combatants in a global information war, and it will cost some of you your lives, > Ian: tell me again, why do you refuse to distribute your essays in plain > text? I read GNU Thunder and I don't remember seeing anything in there > that justifies the use of such a complex format. As I recall, it's just > plain text anyway. I don't distribute plain text because it is too easy to alter. Once I send one of these "essays" out I have no control over what happens to it. So I try to make it as hard as I reasonably can for people to edit what I have written. If you were "the most important developers" you would be able to write a program to reliably display PDF. Ian