log☇︎
583200+ entries in 0.345s
asciilifeform: and the only way to learn it, is by their works.
asciilifeform: we want to know, even if it is fifty years too late, who they were.
asciilifeform: but we do know that among us are hostile martians, who would like us to come to harm.
asciilifeform: we have no idea, let's say, what parts are useful, and which ones are boobytraps designed to kill unwary earthling dissector.
asciilifeform: let's pretend that it just happened to fall upon the earth. ☟︎
asciilifeform: undata: picture the 0.5.3 turd as a piece of martian technology.
undata: now I'm supposed to trust your infallible eye
undata: and is that more reliable than git blame?
asciilifeform: well, you referred to 'trustworthiness' which is a thing we have not yet invented.
undata: asciilifeform: so are you going to trace that line of code by hand through 1500 patches?
Adlai: and how does what I just said miss that?
asciilifeform: 'trustworthiness' can only be born from this.
asciilifeform: the most important thing is that each and every change, however slight, is attributable.
asciilifeform: Adlai: there are two separate questions here, and we are only dealing with one
undata: Adlai: so I sign the hash of the commit with my gpg key
Adlai: of course, but the "manual trust verification" approach taken further would suggest only applying critical bugfixes, as patches, signed by the developer who wrote them (preferably with a signature published at the time of the fix, alternatively obtaining a signature in the present day... or manually verifying the patch's trustworthyness, and signing yourself)
asciilifeform: lol re: linux kernel as an example to follow
undata: he uses WoT to manage what makes it into the kernel
undata: torvalds addresses this regarding the kernel and git
undata: asciilifeform: at some point wont you have to delegate that?
asciilifeform: and requires some complicated pattern-matcher to apply
undata: Adlai: there is a mountain of bugfixing to re-apply
asciilifeform: but i will not be signing any patch that i can't apply with my mind, in my mental model of the code. ☟︎
Adlai: according to github, v0.5.3 has 36 committers with github accounts (for example, doesn't include satoshi). compare this with starting on Apr 1, 2011: 8
asciilifeform: can't really argue that it's a great joy.
undata: being able to apply 700 patches by hand, having verified signatures on each one, is no measure of intelligence
asciilifeform: and a dependence on the machine to resolve questions which ought to be resolved by the mind, and thus kept 'light weight' enough to be easily resolved by the mind.
asciilifeform: but the argument here is not about sabotaged ken-thompson-style tools. but about tools that foster intellectual atrophy. ☟︎
asciilifeform: (less easy to test if it is -capable- of lying, but that's another matter)
asciilifeform: it is very easy to test if my text editor is lying.
Adlai: undata: this is more along the lines of "confirm by human approval that an unforseen software/bureaucracy/insanity 'bug' isn't afoot"
undata: your text editor isn't checking against known hashes
undata: asciilifeform: it's more likely that your text editor diddled than git did
asciilifeform: software is helping to the extent it is reasonable. for instance, i am trusting my text editor to display the actual source and not some diddled version.
undata: asciilifeform: it is absurd to think that software cannot help enforce that rigor
Adlai is not sufficiently familiar with each line of code itself to tell which of those contributions, or ones in the ensuing spikes, are trivially trustable, and which aren't
asciilifeform: and whiners who complain that this is arduous, unreasonable, etc. - are shown where the door is.
asciilifeform: all three - answer with their lives.
asciilifeform: one would read instructions. another, turn a wrench, whatever. third would check that 2 corresponds to 1. then, all three sign under that step in recipe. ☟︎☟︎☟︎☟︎
asciilifeform: there was a three-man system ☟︎☟︎
assbot: Contributors to bitcoin/bitcoin · GitHub
asciilifeform: but don't be surprised if it is treated in the same way as the phoundation's original - at the very best, a place to steal bug fixes from.
asciilifeform: undata: if you want to understand the whole point of the fork, try to understand what you lose when you choose a vcs as a canonical representation.
undata: that is precisely the scenario git helps
undata: I'd like to slash out the db bits and try something else, but I'm not going to bother with trying to manually merge other people's patches as they come along in process
asciilifeform: ben_vulpes, the one fellow who is really still working on this gizmo, is
asciilifeform: undata: you are perfectly welcome to use a vcs of whatever flavour appeals to you
undata: to me you're saying damn the microscope or we'll never understand this cell
asciilifeform: it's bad enough that we are dealing with a turd that is quite impossible to fully understand in the original.
asciilifeform: let's put it another way. i will not sign anything that i cannot read.
asciilifeform: others can disagree, and sign the empire state building.
undata: asciilifeform: there is not one single canonical timeline in any project
asciilifeform: but it is that output, and only that, which i am willing to sign.
asciilifeform: undata: well, to the extent that any version control system can be cudgelled into coughing up output compatible with 'patch' - then yes.
undata: you're not removing complexity; you're just making the same process slower
Adlai: darcs seems the likeliest candidate right now, though
Adlai: i'm going to stop talking before i sound like a broken record, but this topic is likely to come up again once i've got something more substantial to say in defense of some tool for easing (ie, partially automating, up to the point of confirming signature verification) this process... no guarantee on how soon that could be, or which tool.
undata: I'll argue that git is doing precisely what you're doing by hand.
asciilifeform: dwarfing the actual healthy tissue.
asciilifeform: and since it never quite succumbs to the cancer, the tumours become planetary-sized.
asciilifeform: look at extant software and you will see what happens to engineering when moving parts stop having weight and cost.
asciilifeform: the point here is not to filter undesirable -people-
undata: it's just a pain in the ass
asciilifeform: this business, where things have to keep 'growing' for no apparent reason at all, needs to go.
undata: asciilifeform: the process you've demanded be manual is not nearly a hard enough hurdle to filter undesirables
assbot: Program Provability and the Rule of Technical Greed
Adlai: at least, not to a great degree... but i get the idea
asciilifeform: undata: i want it to get harder.
undata: and your nuke sub is going to get harder and harder to work on as the number of patches grows
Adlai: darcs isn't that intelligent. the input data it gets from a repository is a partially ordered list of patches, possibly signed. this is slightly more general than an ordered list of patches, but just as secure and interactive/manual
undata: asciilifeform: the process of producing a git commit is entirely dumb
asciilifeform: try to understand the nature of this 'nuke sub' and the pitfalls of tying one's fortune to 'darcs' or a similarly 'intelligent' instrument.
asciilifeform: Adlai: we have the metadata. the integer in the patch fileames.
Adlai: a "conflict" would require a separate patch, which should be signed by the resolver
asciilifeform: (if you have a solution, geneticists would love to hear about it. 'sequence alignment' is ruinously expensive, in computational terms.)
Adlai: same bounds hold, or don't, for "his patches, and all those dependent upon them"
asciilifeform: incidentally, the problem of 'patcher than is never fooled by deletions and line count shifts' is not solvable in the general case.
Adlai: git commits to a specific state of code. what if it becomes evident that a specific developer was working to introduce bugs, and you only want to excise his patches? that has unbounded painfulness in git, but bounded painfulness in darcs.
undata: Adlai: as you were then; git solves precisely this problem or would not work.
Adlai: asciilifeform: you can add metadata such as patch dependency which is not evident just from the patch's raw contents
asciilifeform: Adlai: in what way is 'darcs' output more useful than unix patch?
undata: Adlai: it turns out there are a few of those
Adlai: yes, and they're not looking for a hash database
undata: Adlai: this was my argument.
asciilifeform: and per the current state of the art, that means unix diff outputs.
Adlai: let's put it this way: the act of fetching signed patches with darcs conducts *exactly* the manual verification workflow which you currently do
asciilifeform: but when it's time to cough your changes back up and have them up for public study, they have to be physically minimal
asciilifeform: (the canonical representation can be taken and stuffed into a git repo, or darcs, or cvs, whatever, for your personal pleasure)
Adlai: of course i understand, although i still think darcs could actually work for this
asciilifeform: try to understand why a git repo cannot be the canonical representation.
Adlai: i only set up the repo. doing so required going through all the manual steps (and i did verify gpg signatures with identities fetched from public keyservers)
asciilifeform: aha i think ben_vulpes has one of his own
Adlai: (specifically for this repo)
asciilifeform: but it is only a tool that some people prefer to use. a 'git' or other similar gizmo will not be the authoritative representation of bitcoind.
Adlai: people other than me have used it?
asciilifeform: Adlai: on the contrary, several people (even you?) are using 'git'
assbot: Logged on 13-11-2014 16:38:23; asciilifeform: Adlai: darcs << as a military man, perhaps you are familiar with systems that could be automated easily, but aren't? e.g., ru nuke sub controls
Adlai: https://pgp.mit.edu/pks/lookup?search=Adlai << so, while the current contributors' reasons for not using git[hub] are understandable, i'll leave this up and perhaps update it at my leisure, in case it'll be useful to anybody inhabiting a separate region on the paranoia/lazyness continuum
Adlai: https://pgp.mit.edu/pks/lookup?search=Adlai << /nick accidentally got squatted by ashley while i was in the army. never heard of waksman though.
asciilifeform: i know i like to.