1. 1

    I flagged this as spam. I like and respect some of the things that came out of grsecurity/PaX. However, this blog post mostly seems like a way to promote the product.

    1. 8

      Gonna disagree pretty strenously on that one. While they do sell a product, the post is a good breakdown, with actual code listings. I hope others don’t follow your example

      1. 3

        I agree with you here. And I prefer this kind of advertising over yet another bollocks node.js-startup that creates blogs to recruit people. I swear to god, something dies inside of me every time I read something along the lines of “Our young and fresh startup is looking for new SOAP heroes. Apply now using our REST API!”

        1. 1

          I’d prefer no advertising but that’s unrealistic.

        2. 2

          That’s fine. I think it would be a good breakdown without the product plug and the “but we offer this service to our customers” nonsense.

          1. 2

            fair enough. its a find line to be sure

        3. 2

          This feels like an ad, but with a technical mindset. I dislike their attitude the most. They maybe correct, but they come over as assholes. Oh look how great we are and how bad the kernel team is…

          1. 2

            True, there’s certainly an element of that, but honestly I was pleasantly surprised at how much less snipey and insulting this post was than most things I’ve seen from the PaX/grsec team (I feel like they’re usually worse in that regard).

            1. 2

              Yeah, if you ever read anything that grsecurity/PaX folks write it’s always the same thing. Everyone else is stupid and not doing what they’re supposed to be doing (or stealing their code and not giving credit to them) and everything they do is the proper and only way to do it. I still like some of the things they do but this attitude will always be a problem.

            2. 2

              Also I’m not completely clear when they noticed it. I hope at the latter end of this story, and then reported it. But by interspersing “we did x” in between all the “they did y” this makes me read “we noticed and just didn’t tell them”.

          1. 3

            Questions and feedback welcome!

            1. 1

              This is very cool! I’ve wondered for a couple of years now of something quite like this was possible, very excited to dig in.

              1. 2

                Thanks! This is ongoing work and we’re pushing optimizations through the implementation to make real-world-sized problems more feasible. Keep an eye out for updated iterations with more and more experimental validation :)

            1. 3

              Not really sure this quite covers “static analysis” the way its usually meant by researchers. Yes, linters perform a type of static analysis, yes, the field is quite broad, but the sum total of this page is a very weak sauce as a stand in for static analysis. For example, there is a single section for “binary static analysis”, and there is all of 4 entries. The previous section, detailing “multiple language” projects is probably closer to the colloquial sense of the word and covers a much wider breadth.

              1. 1

                the list includes static analysis tools that leverage Abstract Interpretation (eg. Ikos

                IKOS (Inference Kernel for Open Static Analyzers) is a static analyzer for C/C++ based on the theory of Abstract Interpretation. )

                1. 2

                  yeah, but how many? I don’t really want to take the time at the moment, its not that big a deal, but several of those language-oriented sections were like 50% linters. Again, not a big deal, linting involves static analysis(!), but if you want to talk to someone who actually uses static analysis for bug hunting (or whatever, performance, etc) in their day-to-day, linters are not what they mean. Binary focused static analysis is what probably 90+ percent of the current research papers published mean when the use the phrase “static analysis”. There is an interesting essay to be written about the fluidity of terms in computational science research and practice, Halvar Flake among others had a tweet about “soundness” and “completeness” relatively recently, and the squishly-ness of those terms, if you search his handle with either of those terms it’ll come up, lots of serious people in the replies, point being I think a similar problem befalls use of “static analysis”.

                  1. 1

                    Yes, the list includes a mix of syntax checkers, style checkers, narrow bounds checkers and so on. A couple of tools eg Ikos, Spark, Polyspace are based on solid theoretical methods. Ikos also does binary analysis (well, LLVM IR encoded into bitstream files), do not know about others.

                    Also agree, that we would benefit from some form of taxonomy, helping us navigate the theoretical constructs and their practical implementation in this space (eg Abstract Interpretation, Symbolic execution).

              1. 1

                For anyone who wants an actual understanding of whats involved here, go to the CakeML page, download the code, and compile it, and start disassembling it to see what it is that these sort of techniques are doing on the processor level. Then step through the proof. Work like this takes literally years to accomplish, and its going to take even sophisticated users, i.e. programmers, mathematicians, security folks, more then the ten minutes you spend flying through the paper.

                1. 1

                  The claims in this paper would not get past the advertising standards authority.

                  The usual development process was followed, i.e., specification, implementation, compilation.

                  Then some theorems were stated. Voila, the code is verified.

                  As always with formal methods snake oil, the term correctness keeps popping up. They even have a “single end-to-end correctness theorem”.

                  1. 2

                    I don’t understand your skepticism about CakeML and and correctness. From what I heard and can read around it’s a compiler that has verified passes in the sense that they proved theorems about the behavior that can happen in every one of them. In the end you can combine all you proofs about the little passes in a bigger proof for you compiler and prove your compiler correct up to the specification introduced by the theorems.

                    1. 2

                      What does it mean to prove a theorem about some code?

                      You might prove,say, that some algorithm never exceeds some limit; and the code is an implementation of that algorithm. So, modulo bugs in the code, it will never exceed the limit proved.

                      This does not prove the code is correct, only that the limit is not exceeded.

                      What can be said about a sequence of chunks of code, each associated with an algorithm that has an associated proof of some property? Individually they have the proven properties, but as a whole? What of emergent behavior?

                      1. 1

                        This argument can be used to attack pretty much any security guarantee provided by everything from cryptography to access control to formal proofs. You’re not really saying anything here and you’re certainly not actually digging into the proof to point out gaps in their logic. Its a value free over-generalization that adds nothing to the conversation. Flaws in methodology, even formal methods methodology, do not automatically make a method “snake oil” as your original post put it.

                      2. 1

                        He did eventually tell me what he thought about that. Lobsters search isn’t giving me the exact comment, though. He’s an empiricist that wants to see theories confirmed with experimental data. Most paper on formal verification do proof but no testing or even peer review. Write-up’s like Guttman’s showed some historical programs with proofs failed on one execution or inspection. My current guess is that he’d prefer each of these theorems to have a good number of experiments and review showing that they work. Then something similar for each integration with or layer on top of them.

                        An example of some validation of verified program was Csmith testing of multiple compilers, including CompCert. The testing found piles of errors in other compilers but only 2 or 3 in CompCert’s specs (not just code). This offered, for such inputs, evidence that CompCert’s methods had high quality, may be better than others (apples to oranges comparison), and code didn’t add additional errors on top of spec [1].

                        Although a fan of verification research, I support the position I just described. A mix of methods was the default for high-assurance security and other reliability/security-focused projects in the past. Here’s an example (pdf) showing why: different methods catch different problems. It’s the assurance version of defense in depth. In another example, the seL4 team put all their eggs in the formal verification basket. Whereas, INTEGRITY-178B had to do a lot more to get certified at EAL6+ High Robustness. The requirements, listed in bottom right boxes, included a mix of formal methods, thorough testing, leak prevention/analysis, and independent pentesting. My own requirements for high-assurance are a superset of what they did.

                        [1] @derek-jones, am I properly qualifying that?

                        1. 1

                          My response has nothing to do with experimental proof.

                          The claims being made (e.g., correctness) are not justified by the theory work that has been done.

                          1. 1

                            Oh OK. I can’t evaluate that since I can’t read their specs and theorems. If I validated it, I was going to recruit one of them to just tell me what each means so I could write test generators and checkers for them. Manly was interested in WordLang and DataLang as verified backends for non-ML compilers.

                    1. -1

                      Is democracy secure if only the Republicans are hacked?

                      1. 9

                        The author definitely writes as if he is a partisan Democrat who consults for Democratic campaigns and not Republican ones because that’s the political party he supports (although he did name-drop the Green party). The lessons from the article are certainly as applicable to Republicans as they are to Democrats, or to other parties in other political systems, or to organizations that have nothing to do with electoral politics.

                        1. 17

                          He even encouraged Republicans to send in their stories. Ultimately, whether you like Republicans or not, we should probably secure all the elections so the citizens are the ones choosing the candidate. Whoever subverts an election is probably not trying to give us the representatives we want to live under. They might be much worse.

                          1. 1

                            It would be better, I think, if the professionals who are offering this advice would offer it to both major parties (and the non-extreme minor parties), but it is their free advice and hence their call.

                            It would be better for our republic, though, if the profession offered this as a public rather than a partisan service. Partisanship is killing us.

                            1. 15

                              It would be better for the republic if the people who need this advice valued it and listened to it. The advice is written out here for all to read, regardless of party.

                              1. 3

                                Yeah, exactly. It’s not realistic for any one person or organization to offer trainings to both major parties, at least not in the US - imagine the trust issues it would raise. Writing it down is the closest that’s possible.

                                1. -1

                                  here, here

                          1. 4

                            From the linked advice page:

                            Avoid Safari and Firefox. Under no circumstances use the Tor browser (it’s okay to use Tor, but do it with Chrome, and seek additional training on how to set it up).

                            I guess Chrome was chosen for U2F reasons.. well, thankfully a few days ago Firefox enabled security.webauth.u2f for all users out of the box, and Google registration works :)

                            But.. what the hell is that second part?

                            I myself use Tor in regular Firefox most of the time, because I don’t need anonymity and all I want is to obscure my home IP address, but Tor Browser is THE ONLY way to achieve anonymity. Only Tor Browser goes out of its way to defend against all known fingerprinting methods. Why would anyone say to NEVER use it?!?

                            1. 9

                              I’m not really in a position to endorse or dispute these opinions, but I will relay them:

                              1. Thomas Ptacek said Tor Browser was possibly the least secure browser, though he didn’t elaborate nearly as much as I wish he had. However I do gather that is/was a common opinion https://news.ycombinator.com/item?id=14251139
                              2. Exploit broker The Grugq argues that using Tor Browser puts a bit fat “target me” sign on you.

                              P.S I do think the Firefox advice is probably dated. They’ve made a lot of progress.

                              1. 6

                                Fingerprinting isn’t a problem in this specific threat model. Being a day late with security patches is a huge one.

                                1. 7

                                  More precisely: these users are subject to targeted attacks (to steal their money or discredit their campaign). Tor browser protects you from global, passive attacks.

                                  1. 3

                                    AFAIK Tor does not protect against a global passive adversary. See e.g. https://www.torproject.org/docs/faq.html.en#AttacksOnOnionRouting or https://arxiv.org/pdf/1703.00536v1.pdf The Loopix Anonymity System, Table 2 compares anonymity systems on page 13.

                                    1. 4

                                      Tor protects you from a global passive adversary in the same way that body armor protects you from bullets.

                                      You might still prefer not to get shot at…

                                2. 9

                                  He has a bad habit of doing argument from authority on stuff like that. Ego tripping. If one wants to save time, better to have links they can quickly pull up for any topic. Then, the audience gets enough information to evaluate the claim for themselves while the person helping them gets it done quickly. In this case, it appears the Tor Browser has vulnerabilities the regular browser doesn’t have due to update lag.

                                  His mention of collecting high-value targets is implying that those targeting them are incentivized to spend large sums of money on exploits for attacking them. Probably already have them for major browsers. Last thing you want to be is a possible, high-value target using an unpatched version of a tech they have exploits for. It makes things easier, not harder, for the high-strength attackers. If you use Tor, it should be with the most up-to-date components. If concerned for fingerprinting, use it on a vanilla-looking OS or configuration that’s really popular. If that is risky, adjust your usage habits accordingly.

                                  1. 8

                                    The context is that he’s talking to non sophisticated users who are worried about being hacked, not trying to convince people who already have opinions about information security. I don’t think there’s a way around presenting that kind of piece as an appeal to authority.

                                    I’d personally get more out of an in-depth companion piece, but it’s not really relevant to his goals.

                                    1. 4

                                      The context of tptacek’s recommendation is Hacker News where most users are technical, he had detailed information on lots of topics, he became a celebrity (their No 1), and he since does dismissals of counterpounts without evidence all the time. Occasinally, he references his status or connections as reason to listen. I always told him none of it matters to me: evidence first whether obscure or famous.

                                      That he’ll spend a lot of time in the discussions but argue around providing evidence shows it’s an ego thing. I got my karma there initially by countering such celebrities with claims linking to evidence. I think the RSA patents argument was closest he did to providing a pile of citations. I had to work to get that out of him. I always had to nearly force him to provide evidence or he just disappeared the second I did myself like secure browser debate.

                                      1. 6

                                        I think we’re referencing different people there. I meant Maciej, who I took to be the person providing the advice page (I suspect he probably conferred with Thomas about it, but I think it’s still in his name).

                                        As for Thomas, I definitely would prefer if more of his comments were longer and provided more justification. However, it’s not like he’s given no justification in various threads. It’s true that Tor Browser had a weird update cycle, it’s true that it was a potential target mark/monoculture for sensitive targets, and it’s also true that Firefox didn’t have as much sand boxing back in 2017.

                                        1. 8

                                          yeah, this isn’t accurate, and I’ve tangled with tptacek any number of times over there. Also, maybe don’t import that bullshit over here, theres no need, whatsoever, to run through everyones grievances with other accounts on a completely separate, and at least over here, highly disliked website. Its not an ego thing, for one, and for another, given that I’m someone who has absolutely been in a position to care about things like this, I’m grateful he does what he does over there. Everything in regard to computer security, from him, in regard to things I care about enough to follow up on, has proven to be correct.

                                          1. 3

                                            Oh sure. If I wanted drama, I’d have tagged him in the comment. I’d rather not bring drama here. Just letting the other commenter know the omission was deliberate and to just do their own digging when he does that.

                                      2. 3

                                        He covers this in this post, about providing simple answers that cover the most ground to avoid decision paralysis. I think in other communication channels he’ll be more willing to talk details, but “just buy an iphone” is to a first degree the best advice in this context, as well as “just use chrome” (it’s all in google docs anyways!)

                                        The security issue with the Tor Browser is extremely bad. I can sit around ,wait for a FF exploit, and immediately use it on a bunch of people for probably at least 24 hours. It’s so dangerous for any political campaign

                                    1. 15

                                      Sadly not on the list, but “Silence on The Wire” from No Starch is an amazing book if you’re interested in either networking or security.

                                      1. 3

                                        Is there a minimum of knowledge other than general programming that one should have to really enjoy the book? Looks intriguing, but I’m not terribly well-versed in security.

                                        1. 7

                                          No, it’s very first principles. “Here is how Ethernet works. Now, here are some interesting surveillance techniques this enables.” Repeat all the way up the networking stack.

                                          1. 6

                                            imho no. The author explains most, if not all of the required knowledge.

                                            1. 6

                                              in fact I’d go as far as to say that among books that expect little formal knowledge on behalf of the reader, its probably unique in taking them from a standing start to what was at the time of publishing some of the more sophisticated attacks and analysis you could find.

                                        1. 6

                                          Practical Binary Analysis, Attacking Network Protocols and Serious Cryptography are all, by themselves worth the price, together makes this a wonderful opportunity!

                                          1. 2

                                            Probably worth pointing out just to add some context that Neumann wasn’t just ranting about a distance subfield. He made quite significant contributions to mathematical logic during is “golden age”, alongside Church, Zermelo, Fraenkel, Turing, etc. He actually developed a system alongside ZF set theory for foundations work. This was really interesting, nice find @Vyodaiken and thanks for posting

                                            1. 6

                                              This was actually a decent review. Thorough, by someone who seems to know at least something about the field and can articulately express pros and cons. Worth a read if you’re interested in TLA+, or formal methods in general.
                                              The only thing I’d push back on is the idea that Hillels book is the first “practical” book on formal methods, and I’d push back on that quite seriously. There are a number of books, going back years (decades?) that teach some aspect of what we now call “formal methods” that are eminently practical. The idea that because the examples given in the text are relate-able, “here’s a bank account model”, “this is some procedural code” or simply that its published by Apress is a little (forgive me!) parochial? Certified Programming with Dependent Types is an eminently practical book, you’re certifying common data structures one learns in school and that will absolutely show up anywhere a programmer is going to be doing the kind of work that necessitates formal methods. There are others along that line I could mention, but its worth pointing out the issue here in detail. If you’re going to be doing formal methods work, even just model checking as opposed to full on verification with a proof assistant, odds are strong that you’re not working on a CRUD app. While Hillel (and the review) point this out (the review nods at avionics), and clearly Hillel used it at a SaaS company for elearning, very, very few people are actually going to be able to get model checking approved by management as a stage of development. Amazon has become something of a non-defense/avionics poster child for this; not surprising given the scale of their systems and the money on the line and I think points to the stakes necessary for management to approve. I’d love, truly love to see formal methods more broadly adopted, I’m just not sure that the pedagogical tack necessary to successfully communicate the ideas and, er, methodology, is something that can be easily packaged as “practical” when so much of modern programming doesn’t yet or can’t be situated in a pure or semi-pure mathematical setting. The review itself kind of hints at this, by saying how the book by choosing to focus on PlusCal as opposed to pure TLA+ itself leads to a kind of obfuscation which hides the essential ideas.
                                              Anyway, what I’ve read of the book is excellent, and this review gets to some of the issues of the text both positive and negative, when I have time to get back to the book I’ll absolutely have a tab open to this review to hopefully help guide me along if I get stuck somewhere.

                                              1. 3

                                                Certified Programming with Dependent Types is an eminently practical book

                                                That’s a good book I recommended to all kinds of people wanting to start on formal verification. Almost nobody took it up. Based on online comments, more people quit than finish on Software Foundations, too. That hints that these are not practical books for average programmer. They see a massive amount of work with minimal gain. Especially in a world where customers or FOSS users tolerate bugs which they patch eventually. Practical to these people has to provide significant benefits over what they’re doing with minimal investment. That’s why you see more uptake of fuzzing (esp AFL) and property-based testing. Low effort, high gain. They like static/dynamic analysis, too, if the tool is seemless with little to no false positives.

                                                Note that safety-critical field isn’t any different. The people pushing code-level verification, static analyzers, and certifying compilers are doing hard sells. Frama-C and SPARK Ada have a tiny amount of industrial users. Astree Analyzer has some deployment like at Airbus. That field’s programmers mostly do careful coding in safer subsets, lots of review, and lots of testing. Like with regular developers, there seems to be more adoption of automated, test generators than formal methods. They wouldn’t care about CPDT either.

                                                EDIT: While I was writing that, @brocooks came in with a comment showing exactly what I was talking about. The non-formal method was more familiar, easier to do, and got results. Probably likely to try something like that again in future before TLA+ or other formalism.

                                                1. 2

                                                  right, but the “non-formal method” is exactly what I, and the reviewer himself, were talking about in terms of hiding or obfuscating the ideas. If by practical you mean “people will read it” you’re not really saying much substantively, and you’re certainly not saying much in terms of the ideas within the texts themselves. You kind of side stepped right past that point in my (admittedly long) comment. I have high hopes for Hillels book, I like it! I just think that its not the first book to deserve the title of a practical introduction to formal methods. (Just for clarity, both to Hillel and anyone else reading this, I’m referring to the line in the review about being a “practical introduction to formal methods”, the practical in the title of the book is fine, given that that is exactly what it is, a practical intro to TLA+)

                                                  1. 1

                                                    “ If by practical you mean “people will read it” “

                                                    I mean something the majority of developers… using C#/Java/Javascript/PHP/Python… might read, see some value in it, and maybe apply it to some degree. Most formal methods books, including Chlipala’s, don’t meet that minimum requirement. They will certainly get ignored. Wait, why talk future tense: they were and are being ignored by most developers. Which is fine if they’re aimed at a different, smaller audience. This one wants to appeal to the huge swath of programmers ignoring all the books on formal verification, type theory, etc. Their definition of practical is different than an aspiring language theorist or proof engineer that might benefit from works like Chlipala and Pierce.

                                                    “I just think that its not the first book to deserve the title of a practical introduction to formal methods.”

                                                    I agree with that. To me it’s a recent, practical intro. The first ones might have been something for Z or VDM which had some use in industry. Maybe SRI’s stuff or Gypsy if they had any educational books. I haven’t looked in a long time.

                                                    1. 2

                                                      I don’t think formal methods is going to be used by “the majority of developers”, whatever that aggregate actually means, because the kind of work that they do isn’t going to be helped by formal methods. You also still haven’t responded to the point about what an appropriate pedagogy looks like, because to actually make use of model checking you’re going to need to understand some serious logic, and if the road to getting people to read your book involves jettisoning that material then you haven’t really helped the reader! I don’t think Practical TLA+ outright does that, in fact I think that the choices he made were by and large the right ones, but I also don’t think you can adequately claim to have “practically” brought formal methods to the masses if you side step the “formal” part. Chlipalas book(s) are perfectly approachable, I don’t blame him or the books for them going unread, I blame a programming culture that hisses and wails and gnashes its teeth at things like rust, because g-d forbid we attempt to move beyond C/C++. I blame all of the old hands who sneer at formal methods because model checkers didn’t get fast until the last decade. I also blame a technical community that scorns academic research for any of a number of reasons, not the least of which is that a sizeable portion of the workforce is more or less self taught.

                                              1. 2

                                                if anyone has any experience or thoughts on this, I’m working through a prep for an application thats integrating a datalog engine in a pretty interesting way, and I’d welcome any thoughts on the utility of things like this, or prolog/datalog in general

                                                1. 2

                                                  What is the interesting way? Having a database that can be queried with a full fledged programming language is always a good idea in my book. The only downside is potential scalability issues but that’s a bridge that can be burned when you get to it.

                                                  1. 2

                                                    the interesting way (to me at least!) is an implementation of datalog in ocaml for an upcoming release of BAP, the binary analysis platform. A short summary is that BAP lifts binary code into its own formalized instruction language BIL, which is then analyzed via its own IR. At the moment BAP is at 1.6 and with its 2.0 release it will have shifted the semantics of BIL to incorporate a datalog implementation, allowing all kinds of interesting analysis and, importantly, increasing the size of binaries the you will be able to analyze. I see that you’re one of the organizers of the SF formal methods meetup, you might find BAP pretty interesting, I’ll add some links.

                                                    BAP http://binaryanalysisplatform.github.io/bap/api/master/index.html https://github.com/BinaryAnalysisPlatform/bap

                                                    the research being used to guide the implementation of the BAP+datalog https://kilthub.cmu.edu/articles/Holmes_Binary_Analysis_Integration_Through_Datalog/7571519 click the download link to grab a pdf of the thesis

                                                    First prototype of the implementation https://github.com/ivg/bap/blob/bap-new-semantics/lib/knowledge/bap_knowledge.mli current work https://github.com/ivg/bap/blob/primus-2.0/lib/knowledge/bap_knowledge.mli

                                                    Here’s a Coq formalization of BIL https://github.com/BinaryAnalysisPlatform/bil/tree/coq-formalization

                                                    The main developer is pretty active on Gitter, and very cool. We’ve had some interesting back and forth on classical vs intuitionistic logic.

                                                    1. 2

                                                      This is indeed good stuff. Thanks for the references.

                                                      1. 2

                                                        gladly! the timing on your blogposts was a nice serendipity, I just grabbed a couple of prolog books from the library to sort me out and make picking up datalog easier. One of the things I’d like to do is just cram a prolog implementation into one of my systems such that I can query system state via prolog, very much like in your posts. Not sure where I’ll go from there, but I’m not looking to make much of it, I just want to internalize the semantics of a logic language as much as I can in a short amount of time.

                                                        1. 2

                                                          Latest I saw about embedded logic/constraint solvers were about mini/micro-kanren. You might be able to re-use one of those implementations for your specific use case.

                                                1. 6

                                                  So I just skimmed the docs for a quick second, and it states that react-native essentially “packs a browser” into an app, hence the high cpu/ram usage, but then the readme sort of just denies this is a problem for revery? Without really explaining why? Hate to be that ignorant fool in the thread, but could someone explain to me how exactly this works? I’m not a frontend/js guy, and I love ocaml, but I have no idea how any of this stuff is supposed to work. How is something “native” if its not actually locally compiled machine code? thanks in advance for any takers on this

                                                  1. 4

                                                    The same Reason/OCaml code will compile down to / bind to the low level graphics libraries (ie., GL) when targeting native platforms and the “OpenGL” parts of the browser when targeting Javascript.

                                                    1. 2

                                                      thanks for taking the time to explain.

                                                  1. 6

                                                    this is was a seriously awesome read. quite a bit of reversing wisdom in that post.

                                                    1. 1

                                                      This was outstanding, just really well written. It would be nice to have a similar outline/history from someone conversant with the history of theorem proving. The introduction of the book Coq De Art actually does this to a limited degree but it’d be nice to have something a bit more comprehensive.

                                                      1. 73

                                                        Ethics are inseparable from technology, since technology enables and inhibits actions, which are subject to ethical consideration; ergo, the creation of technology is an set of actions subject to ethical judgements.

                                                        1. 34

                                                          I’d go even further than that, attempting to exclude “ethics”, broadly construed, has helped to enable a social environment within technology circles that has legitimated a great deal of what people are now rightly reacting to, the surveillance, the effects the brain of using gambling machines as a design template for websites, the unwillingness of corporations to take any responsibility whatsoever for the effects that their products have on society at large, Uber (all of it), and on and on.

                                                          1. 14

                                                            I agree with both of you. On the other hand, I also kinda see the point of wanting a space that’s focused in technical aspects, and understand OP’s fear of ethical/political discourse dominating this forum. And in the other other hand, I also feel that not speaking about the ethics of technologies, and actively discouraging this kind of discussion, is, in and of itself, a way of speaking about it, agreeing with it.

                                                            So, yeah, that’s hard. I got no solutions.

                                                            1. 8

                                                              Regarding the “fear of ethical/political discourse dominating this forum”—I understand, but we wouldn’t have to have all of these discussions if people would just stop being unethical :-) The more discussions we have now on this topic, the fewer we’ll need to have in the future. But if we don’t talk about it then, as you point out, things are only going to get worse.

                                                              1. 13

                                                                I think there’s a bit of a difference between discussing the ethics of a company and aggressively attacking a person.

                                                                The main top comment raises some points and actually encourages discussion, which admittedly doesn’t really happen in that thread. A large portion of the top upvoted comments are people chiming in and (essentially) saying “me too”. The top comment responding to a maintainer is incredibly aggressive towards the maintainer who stepped forward, only tangentially relates to the parent comment, is arguably a personal attack against that person and discourages discussion through the tone. Yet it’s more upvoted than the technical comments below.

                                                                In addition. it’s easy to forget that there are people on the other side of these usernames. It reminds me quite a bit of This is Phil Fish, a case study on how people can associate people with something larger, sometimes in damaging ways. It’s not quite the same, but I see similar parallels in how the community tends to treat employees of certain companies (yes, like Palantir… but Google also comes to mind).

                                                                I’d like to see more comments that encourage discussion, like the most upvoted top-level comment, and less comments saying “me too”, “I agree with this”, or borderline attacking the poster, like the most upvoted response to the maintainer.

                                                                1. 10

                                                                  The more discussions we have now on this topic, the fewer we’ll need to have in the future. But if we don’t talk about it then, as you point out, things are only going to get worse.

                                                                  That’s an interesting theory. I haven’t seen any evidence to support it on any of the other discussion forums I’ve used, but I suppose it might be true somewhere. I think friendlysock’s take is more accurate: by encouraging (tolerating? normalizing?) aggressive and reflexive positions on non-technical issues, we will get more of them here, not less. And eventually, the “bad money” will drive out the good, just like it does everywhere.

                                                                  1. 6

                                                                    Indeed - I think we have a plethora of examples of politics taking over, and few (none?) of political discussion settling debate so that everyone can move on.

                                                                  2. 8

                                                                    The more discussions we have no on this topic, the fewer we’ll need to have in the future.

                                                                    I disagree with this in so many ways. We cannot possibly come to some end resolution where everyone agrees on a certain set of ethics, and even if that magically happened, we cannot all agree on the best way to act upon those ethics. Political conversation already permeates way too much of society. I don’t need to see it in a forum for technical discussion. If we’re going to try to think of ways for technology to be abused, we’re not going to produce anything. Further, I think we’re totally dismissing all the great things that same technology has done and can continue to do because it can be abused. If someone wants feedback on their submission, I don’t personally want to see politically-oriented discussion around it in this particular forum.

                                                                    If the broader group of folks here wants this to become a political-friendly abyss, I’m fine with stepping away. But I don’t get that feeling right now.

                                                                  3. 4

                                                                    This is basically my opinion, too.

                                                                    (I haven’t posted more in this an the other meta threads this week because I’ve been very busy starting a new job, but as I’m catching up today I’ve really appreciated all the thoughtful discussion exploring these questions that don’t have easy answers.)

                                                                    1. 1

                                                                      I didn’t see this at the time, thanks for taking a moment to add to the discussion.

                                                                2. 36

                                                                  I think you have a point here that is both truth and lacking utility, but may be getting upvotes because hey, who wouldn’t upvote ethics in technology?

                                                                  Here are some of the practical issues with supporting debates about “ethics”.

                                                                  First, what do we mean by “ethics”?

                                                                  Are we just wanting to talk about right and wrong? That’s often a matter of aesthetics. When I was born, it was pretty commonly held that homosexual acts were Evil, that psychoactive drug usage was Corrupt, and that democracy was unquestionably Good. None of those things are unerringly true anymore.

                                                                  You might say “But friendlysock, those are matters of morals, as opposed to organized systems of beliefs that are analyzed in the context of practicing agents!”, and I would agree. That being the case, what is the point of having discussions that end up going basically:

                                                                  • “You’re immoral!”
                                                                  • “No, you’re immoral!”
                                                                  • “You both act in clear hypocrisy of your professed morals!”

                                                                  That discussion leaves everybody angry, takes up a lot of space, and doesn’t teach anybody anything. Worse, it breaks the operating regime of the site, because people will inevitably just blindly upvote the folks whose aesthetic matches theirs, and downvote or flag those that don’t–or worse, devolve into namecalling.

                                                                  Okay, well, what about big-E Ethics?

                                                                  So, we skip out on thinly-veiled callout threads and we’re just gonna limit ourselves to talking about big-E Ethics. Academic/philosopher stuff like meta-ethics and normative ethics and subtopics like utilitarianism and virtue ethics and state consequentialism and so forth.

                                                                  And those are really fun topics. We have problems with those as the basis for subthreads though:

                                                                  • Hardcore philosophy (despite our having a tag by that name, since that usage is looser) is off-topic.
                                                                  • Most users (myself included!) are completely underskilled to talk big-E Ethics without a lot of clarifying back-and-forth and education in threads. Even assuming we have the skill to do all of that in a subthread (we don’t) and that we avoid falling back into moralizing (we won’t), such conversations suck all of the air out of the room for the technical discussion. That Palantir thread had us scrolling to the very bottom to get anything involving code or tech.
                                                                  • We’re gonna end up having the same discussions over and over again, as the big-E Ethics questions are, rather famously, undecidable.

                                                                  Okay, fine, what about professional ethics?

                                                                  Sure! If people want to talk about how a given thing violates professional ethics, then I think that is healthy. Here is the ACM Code of Ethics. Use that as a starting point in a subthread.

                                                                  Note though that we still don’t have professional organizations in the sense of, say, Professional Engineers. Our profession isn’t organized enough for that. So, talking about “professional” ethics is kinda hard.

                                                                  ~

                                                                  Overall, I just don’t think that the “ethics” discussions are what people are actually after here. I think people want to callout and shit on other folks, and that they want to show to their friends solidarity in an aesthetic. This damages one of the only good venues for safe technical discussion on the ’net today.

                                                                  And I won’t stand for that.

                                                                  1. 31

                                                                    I would, gently, point out that adjucating morals to aesthetics (the study of beauty, and of which the current post-Romantic admits a separate aesthetic for each individual) is not a stance that is particularly admirable.

                                                                    Simply keeping “Lobsters about tech” is a big E ethics decision, with ramifications that ripple out.

                                                                    If you want to demand that people treat other people well, that is a stable ethical choice that is supportable and relatively decidable.

                                                                    ~

                                                                    But to be clear, working for Palantir - or other major enabler of violence & repression that generates widespread sideeye, is both a technical and an ethical choice; pointing this out and pushing back against consuming technical material from such an enabler seems perfectly reasonable.

                                                                    We can debate whether working for Palantir is ethical - it probably also enables benefits to LEOs working complex cases and addressing real social harm. Many times on other social media sites, employees of ethically tangled companies will comment and discuss the complexity and reality of working in these environments. There is a very real debate, it’s not an open and shut thing where some group of activists come in and screams.

                                                                    I reiterate: technology and ethics are intertwingled. While some contexts are more neutral than others, very few are pure neutral.

                                                                    1. 12

                                                                      @pnathan I didn’t want to wade into this muck, but you seem genuine. In my mind is not whether debates about ethics is good or bad, but rather what is lobste.rs for? There are PLENTY of places on this big internet to get on a soapbox and yell about whatever gets your goat. I want a quiet corner where I can just read about technical things. Code, decisions behind code, some PLT, some math and the occasional bit of humor. Perhaps the people here saying, well Kaushik, its time to go away somewhere else because that’s not what lobste.rs is for any more, and I will join the stragglers as we exit out of yet another refuge inundated by the loud and obnoxious soap box crowd.

                                                                      1. 10

                                                                        I’m 100% with you here. I see way too much soap boxing and bickering pretty much everywhere else on the internet. This was a safe haven for technical discussion without the political theater. If it’s going to become that, I’ll be happy to leave and try to form yet another community where we are trying to avoid this kind of stuff.

                                                                        1. -2

                                                                          leave and try to form yet another community where we are trying to avoid this kind of stuff

                                                                          I’ll wager that ethical questions will inevitably follow you there, as they are inextricably part of the human experience, whether or not the primary topic is tech.

                                                                          1. 4

                                                                            I’m not trying to avoid them entirely, I just want a forum for technical discussion. Not everything has to be polluted with other topics and agendas

                                                                            1. 1

                                                                              You might find the more focused discussion you seek in a special-interest forum. General-interest fora will attract general topics of conversation.

                                                                              1. 11

                                                                                Lobsters has been that forum for me until recently.

                                                                                1. 0

                                                                                  That’s interesting. I hear many voices in this thread expressing the same. I never saw this website as something like that, I just saw it as a place where some relatively niche computing topics are aggregated.

                                                                                  1. 8

                                                                                    You’re also relatively new here compared to some of us, so that probably feeds into it. The site has grown quite a bit since I joined.

                                                                                    1. 1

                                                                                      I was reading this website for a long while before I got an invitation, but it is fair to say my account history is relatively new. When I started reading, most posts seemed to get an average of 1 or 2 comments. It’s hard for me to reconcile this—some folks are lamenting that recent discussions are not in keeping with the historical tone of the site, but the site has been historically silent on most topics.

                                                                                      1. 5

                                                                                        Try looking at it from a different perspective. Perhaps the absolute level of good quality comments hasn’t moved too much, but perhaps the absolute level of low quality comments has increased. If that’s true, it increases the signal-to-noise ratio and can lead to the “we used to have more good quality content here” observation.

                                                                                        1. 2

                                                                                          I was being very generous with the comment count. Even today, when I posted that comment, half of the front page articles had zero comments. Perhaps the signal level is just too low to begin with. Maybe there’s no consensus on what the signal is.

                                                                        2. 4

                                                                          you seem genuine

                                                                          That’s one of the nicest things someone not my wife has said to me for some time. :) Thank you.

                                                                          My basic thought is that I also want a corner where we can seriously talk about highly technical things, but we should be aware and also talk about the broader ramifications of our work, because we have the technical background to get the implications of our work and be correct about how it works, and to talk about the ethical implications of how a specific capability works/doesn’t work (whereas I have deep suspicions of an arbitrary op-ed columnist whinging about tech and begging for regulation).

                                                                          To ask for a soapbox free zone seems completely ok - to ask for an ethics-free zone is an ethical choice that selects for specific social choices (as non-obvious as that may seem). To be specific: I’m not sure discussing the ethics of a new compiler gets us anywhere, but if its produced by Dr. Evilheart Murder Enterprises, maybe we need to discuss if using it supports D.E.M.E., and if we can redeem the technology from its production in the context of D,E.M.E. I don’t think that this is some lefty social justice agenda I’m asking for…. Maybe I’m wrong.

                                                                        3. 12

                                                                          I acknowledge the intertwingling, abstractly. But it seems you’re not addressing friendlysock’s actual concern. Is an announcement thread by a new user who happens to be the maintainer of an open source project an appropriate place to have the “very real debate” about whether working for that person’s employer is an ethical choice? When a commenter on that post engages in a blatant personal attack and is rewarded with upvotes aplenty, is the “very real debate” being furthered?

                                                                          1. 10

                                                                            I would say so: it’s an opportunity for the software developers of Palatir to make a case that they are acting in an ethical fashion, that the world is complex and they are producing a net good. When I worked for a Famously Bad Reputation company, we were encouraged to defend the company. This would have definitely been a place where the maintainer could have defended themselves - if company policy allowed, of course.

                                                                            One of the interesting bits of social psych is conformity matters. If the general community shuns X group, to the point where its a permanent black mark on the record generating firings/no-hirings and it’s not something anyone is comfortable around at church, marrying family members, etc, then the X group diminishes into the fringe. Whether you are conservative or liberal, you wind up having a conformity and a social order. I’m not personally sure where to draw that line and place the mark, but Palantir is a popular target for placing that mark.

                                                                          2. 8

                                                                            I would, gently, point out that adjucating morals to aesthetics (the study of beauty, and of which the current post-Romantic admits a separate aesthetic for each individual) is not a stance that is particularly admirable.

                                                                            Why not? There’s a huge variation in morality within our own culture, let alone looking across cultures. You can find people that believe that it’s immoral for two people with the same groin-endianness to get married, and others who think that it’s immoral for to accumulate a large amount of money. You have people who think that allowing dictators to abuse their people is immoral, and others who think that intervention is a bigger evil. You have people who think that it’s important to protect the freedom of users with copyleft licenses, and people who think that copyleft immorally restricts commercial use of software. You have fights between which supposedly divinely inspired book written thousands of years ago by uneducated sheep herders/traders/warriors/… is the primary authority on how to live your life. The list goes on, and all of them have people who believe one thing or the other.

                                                                            The shifting scene of prevailing ethical thought really does make it more like aesthetics than people are often comfortable admitting. Yes, it has longer term effects on people’s lives, and yes, it’s got some underlying principles, but it’s certainly not some sort of fixed beacon of truth.

                                                                            Why do you think that there is a universal set of ethics that people subscribe to? And if you don’t, do you really want this site to be either the battleground for deciding this, or a community of yes-men who boringly signal that yes, they are indeed a part of the in-group?

                                                                            There are lots of valid and interesting discussions to have on these topics, but to me, they detract from lobste.rs.

                                                                          3. 2

                                                                            The book that revived virtue ethics as a viable project, MacIntyre’s After Virtue, points out how (and explains why) contemporary ethical debates have a peculiarly shrill and interminable character.

                                                                            1. 2

                                                                              This is a weird use of “aesthetics”. I don’t really know what you’re trying to say.

                                                                              1. 2

                                                                                I read “aesthetics” as, roughly, “something that a group of people has decided to call ‘basic human decency’, with the various external trappings this entails”.

                                                                            2. 21

                                                                              Yet I somehow suspect if I ask “What are the ethical implications of creating a webassembly backend for ocaml?” that I won’t receive quite as many upvotes.

                                                                              1. 6

                                                                                If the answer to the question “What is it built for?” is “for missile guidance systems”, we are in a different territory pretty quickly, though! Nothing technology lives without context.

                                                                                To turn this into something more tangible: when DARPA invested around 10 million for https://c2rust.com/, it definitely raised some eyebrows and sparked a couple of discussions.

                                                                                1. 9

                                                                                  ARPA/military were behind the Internet, GPS, Tor, and (via defense contractors) majority of contributions to Linux kernel. Yet, most people discuss them without warnings or ethical debates in threads.

                                                                                  It’s just specific things that are also talking points in liberal media.

                                                                                  1. 2

                                                                                    You are making it seem like these things have not been discussed, which is definitely not the case. Also, we’re not liberal media, we’re a community.

                                                                                    1. 2

                                                                                      Most of the statements read like they were pulled out of the liberal media. Pop-culture politics. People that actually care about popular politics here, say inclusion of under-represented groups, would have people from those groups, esp women, in the main teams (eg Rust compiler/libraries), be submitting work from such underrepresented people here to Lobsters instead of white/asian males, linking to write-ups by the same in the comments, and so on. There’s just one or two people doing that consistently off the top of my head.

                                                                                      Inclusive politics here mainly equals writing comments and language policing to such people, not actually highlighting work by or bringing in underrepresented. Aka what they’d do if it really mattered. Same with employers, eco-friendliness, etc where someone could call out an OP in the majority of threads every day about the ethical ramifications of what they’re submitting. They only do on specific, popular, talking points, though.

                                                                                      I make an exception for you since your community work probably does a lot of good in inclusion. A lot of good period. On Lobsters, though, most people voting for prioritizing politics for social justice certainly aren’t boosting minorities or even ethical suppliers. So, I call BS on it really mattering to them past ego value from social signaling, virtue and shaming.

                                                                                  2. 9

                                                                                    So if somebody builds a webassembly backend for missile guidance and puts it on github, is it ethical to use it for protein folding research? Or is it forever tainted?

                                                                                    1. 1

                                                                                      That’s a different question, and yes, it’s an interesting one. It’s also not like things on Github are just there. They still have a maintainer, a hosting organisation, and a leadership.

                                                                                  3. 2

                                                                                    Thats a cute non-sequitur, given that no one is inserting ethical implications into things like that. Seeing as this thread was sparked by the discussion around the ethical implications of software labor being used to further the work of a surveillance contractor, its not just a worthless message-board retort, its actively muddying the waters around issues that are inseparable from ethical questions.

                                                                                  4. 18

                                                                                    You’ve got to go about asking these questions in a way that actually enables the OP to respond. Instead, we got a massively passive-aggressive jab at the OP’s company:

                                                                                    I guess it may be possible to work at a seedy company and still do good stuff […] Regardless, thanks for releasing this as free software.

                                                                                    After which, the top commenter is hailed as a hero, and, to no one’s surprise, the OP didn’t respond.

                                                                                    A reword that might have actually elicited a response might have started with “Thanks for releasing this as free software!” rather than the “yeah, your company sucks, but thanks anyway” angle.

                                                                                    1. 9

                                                                                      the creation of technology is an set of actions subject to ethical judgements

                                                                                      Assuming that it is true - is it possible to have a small place (e.g. lobste.rs) which is for discussing technology without ethical implications and all the rest of the net for discussing whatever you want (also ethical aspects of technology)? Is this something you can imagine being possible or do you think that such place can’t exist? (this is a serious question)

                                                                                      1. 32

                                                                                        That’s certainly an important question.

                                                                                        I think that it’s certainly possible to mention technology without explicitly mentioning ethics. I also think that engaging in that way is an ethical position. You can separate them at the surface level of discussion, but not in the substance.

                                                                                        That said, I can certainly imagine a community in which technology is discussed but ethics is never explicitly mentioned. I would not want to be part of such a community; I would find it deeply unsettling. I do think that some people might like it, and there are a variety of reasons for that and I wouldn’t want to make assumptions about any particular person’s reasons.

                                                                                        1. 7

                                                                                          I think the problem with ethical discussions on a technical forum is that there’s not really a shared basis for those discussions. We might have a bunch of members from various religions and cultures who subscribe to widely different ideological frameworks and ethical principles. These different backgrounds are likely to be incommensurate, incompatible, and irresolvable.

                                                                                          In that way it’s similar to discussions like “Are static types good or evil?” or the famous editor wars—so called “religious flame wars” which are known to ruin communities if left to fester.

                                                                                          So indeed it is a kind of ethical decision about the norms of the community—whether ethical claims and disagreements ought to be encouraged in comment threads. There are pretty good reasons against.

                                                                                          Let’s say I’m a committed socialist or communist or anarchist. There are many such people who are programmers. Now I have very good reason to enter threads about commercial activity and ask the involved people to justify their clearly immoral participation in the tyrannical, plutocratic, deeply unjust system of capitalism. I would of course encounter a bunch of dirty capitalist apologists trying to argue against my ethical position… and we could go on for a long time… almost certainly to the detriment of the community.

                                                                                          1. 5

                                                                                            “I think the problem with ethical discussions on a technical forum is that there’s not really a shared basis for those discussions. We might have a bunch of members from various religions and cultures who subscribe to widely different ideological frameworks and ethical principles. These different backgrounds are likely to be incommensurate, incompatible, and irresolvable.”

                                                                                            You nailed it. That isn’t hypothetical: it happens in every political thread. The ending, minus rare exceptions, is everyone ends up believing what they already believed with some shunning their opponents in some way. Lobsters doesn’t work for political discussion that’s about actually changing people’s mind.

                                                                                            Of course, many of you are starting with the foundation that people wanting politics want a political discussion. They mostly don’t as evidenced by their comments in such threads. If you’re curious, I just described here the evolution of politics and behavioral patterns on this site from when I first came to where we’re at now. Given the same environment, political discussion is and will continue to be impossible because the dominant group intends for it to be. They want compliance and conversion, not discussion.

                                                                                            1. 3

                                                                                              I don’t necessarily know that changing people’s minds should be the goal, but I also don’t know that it’s impossible. I think you’re describing what happens when everyone reacts defensively. It’s indeed not possible to change someone’s mind if they aren’t willing to open up and have a real conversation, so I wish the world in general would be more open to interacting in ways that aren’t so resistant to real dialogue.

                                                                                              I’m an optimist, and I believe that when people try, they can engage with the goal of at least leaving each other with something to think about.

                                                                                        2. 6

                                                                                          I’ll suggest this (mainly tongue-in-cheek) but it might be a good solution: for every submission provide another link next to ‘reply’ called ‘ethics-reply.’ The links go to two separate discussion areas. That way, people can dip into the tech or ethics discussions as they like.

                                                                                          1. 6

                                                                                            If such a place did exist, I think you’d have trouble finding a lot of people who would want to hang out there. I’ll just jump immediately to the most extreme possible example: if someone posted an article about the technology used by the Nazis to organize the Holocaust, but discussing the attendant ethics was strictly forbidden, would you be happy participating in that discussion? Would you want to spend a lot of time talking to other people who would be happy participating in that discussion?

                                                                                            1. 14

                                                                                              if someone posted an article about the technology used by the Nazis to organize the Holocaust, but discussing the attendant ethics was strictly forbidden, would you be happy participating in that discussion?

                                                                                              I am a jew who was raised by holocaust survivors. My answer is yes. In fact, I think it’s the only way that one could have a discussion about the technology used by the Nazis that wasn’t immediately dragged off topic.

                                                                                              And, honestly, an ethical discussion would either be abhorrent or boring, since a vibrant discussion implies a difference of opinion, and anyone who has significant differences in belief with me on the ethics of systematic mass murder is someone that I don’t expect to have a productive discussion with.

                                                                                              1. 12

                                                                                                Yes to both, to be honest. I did a bit of research for a point the other day, and something occurred to me.

                                                                                                Technology, especially computing, is all about solving problems at scale and efficiently. For the most part of the 19th and 20th centuries, the domains that actually had the scale to justify theoretical work and practical development tended overwhelmingly towards things like military applications (standing armies tending to be some of the largest organized groups around) and demographics/census/taxcollecting work.

                                                                                                For better or worse, note that IBM was really good at tabulating census data, something that the Nazis took advantage of. I personally would be happy talking about techniques for tabulating that data and managing it, in hopes that it could be applied to more positive uses. Similarly, I’d be happy to learn about rocketry from von Braun, even though most of what he learned he learned by dropping explosives on British civilians.

                                                                                                1. 5

                                                                                                  Let’s take the specifics. Is Palantir stuff that remarkable to be worth the inevitable fallout in the comments and personal ethical compromises? Is it really that seminal and groundbreaking?

                                                                                                  It is a dilemma when we talk about say an SS officer who also happened to run the US Moon programme. But Palantir is adtech’s meaner sibling, what is there that makes it worth picking the turd pile?

                                                                                                  1. 9

                                                                                                    The drop in the level of technical discussion is the issue, not the company being discussed. I’d prefer to let posts on unethical companies die in silence, rather than make this site a worse place to discuss technology.

                                                                                                    1. 2

                                                                                                      Another reason is highlighting the bad gives you less time to create the good. Most people that care can look up a company to see if there’s anything messed up. The bad or at least going with the flow are also the majority. If we’re talking companies, I’d rather people put more effort into highlighting ethical ones with useful tech or products. Basically, anything that can be a fit here on technical grounds with them also mentioning in a comment that the person, company, product, etc is good/beneficial for (reasons here). Maybe they mention some bad examples with it if trying to shame companies. Just optimize to promote more tech and examples of public benefit over just calling out bad companies who are the perpetual default.

                                                                                                      Easy example: Prgmr.com over Digital Ocean, AWS, Google, or Azure if fits use case due to ‘straight-forward offerings, great service, some nice people, and freely hosting an excellent site for deep, technical discussion.” The submission might even be about something else entirely that’s merely hosted on the ethical product/service. Then, they add a quick note about it that barely distracts from the focus on technical content. Just all flows together for the reader.

                                                                                                    2. 8

                                                                                                      the inevitable fallout in the comments

                                                                                                      The fallout is not “inevitable” - it is not a force majeure. Actual, specific, individuals CHOOSE to make it about the “ethics”. You’re asking people to appease these individuals.

                                                                                                    3. 2

                                                                                                      Would you be also ok to discuss methods of performing deadly medical experiments on people with Nazi concentration camps staff? Would you be ok to advise them how to improve the scale and speed? Would you still want to keep such discussions ethics-free? How about diacussing effectiveness of guns with the Zodiac Killer? Or advising Ted Kaczynski on bombs?

                                                                                                      edit: Please note my intention here is not to seed outrage; I’m sincerely interested in your answer, as I find it hard to imagine setting really no ethics limits, so I’m curious to gauge where would you actually set them? Or would you really want no limits?

                                                                                                      1. 6

                                                                                                        I’ll pick on your first example, because I don’t see benefit in addressing the others (I read you as making the same category of point, with those added for emphasis).

                                                                                                        Would you be also ok to discuss methods of performing deadly medical experiments on people with Nazi concentration camps staff? Would you be ok to advise them how to improve the scale and speed?

                                                                                                        Let me turn that around on you:

                                                                                                        Would you prefer they do them inefficiently, if you knew they were going to do them regardless? Would you prefer that the innocent lives lost in the nominal science of these experiments be done in vain because somebody screwed up their data collection? Would you prefer that, for the same data, they use extra prisoners because they suck at statistical power analysis?

                                                                                                        I don’t support immoral behavior, such as mass murder and torture. I do recognize that whether such things are legally or ethically permissible (again, not morally) is something that transcends individual opinion, and that where those acts fall is a function of the zeitgeist of the times. Sloppy engineering, science, and math will always be sloppy, aesthetics of the time be damned.

                                                                                                        We can’t get to identifying and fixing/discouraging/pillorying that sloppy behavior if we can’t engage with it. We can’t even get close enough to try and reclaim those lost souls if we can’t engage with them on (nominally objective) material civilly.

                                                                                                        1. 6

                                                                                                          Thanks for the interesting reply! So, I think in shortest words I could express what I think about this the following way: I would indeed prefer for them to do this ineffectively - I’d say that is the principle behind sabotage. As far as I know, sabotage works. And that’s indeed what I’d hope to be able to say I’m doing against actions I believe to be significantly unethical. (Though trying to keep my own integrity in means employed to that end.)

                                                                                                          1. 9

                                                                                                            I’m not sure sabotage always works the way one hopes. When you destroy the results of human experimentation, the data is recreated by repeating the experiments on a new set of humans. That seems like a bad outcome for those involved.

                                                                                                            I think the problem is we too often define success as hurting the bad people, and yes sabotage hurts them, but we too should consider the collateral damage of our actions.

                                                                                                            1. 6

                                                                                                              It’s not about hurting bad people. It’s about making their evil work harder and less efficient at actually hurting good people, while also trying to convince evildoers to not do the evil in the first place, and preferably do good instead and thus become good people. If doing evil is easy for them, it won’t make them do less of it, but rather more of it. They will always invent new experiments to do on a new set of humans anyway. Appeasement policy did not work on the onset of WW2. A bully must be stopped, not let continue the bullying. A child doing bad things must be reprimanded and informed/educated about bad consequences of their deeds, not spoiled.

                                                                                                              1. 1

                                                                                                                Well put.

                                                                                                      2. 5

                                                                                                        if someone posted an article about the technology used by the Nazis to organize the Holocaust, but discussing the attendant ethics was strictly forbidden, would you be happy participating in that discussion?

                                                                                                        Interesting example - you are asking if I would be interested in (discussing) e.g. technological aspects of IBM products around Second World War. Yes, this might be very interesting. I can also imagine other Nazi tech related topics that I wouldn’t find interesting (but see no reason for others not to be interested in) and in such cases I would use the hide button. Hopefully such place wouldn’t be all war tech from Nazi Germany or modern day USA ;)

                                                                                                        1. 4

                                                                                                          I would absolutely be hanging out there. That was kind of how this place has been for the most part.

                                                                                                          As to your question about Nazis, yes I would want to discuss the technology, and I’d be happy to discuss it with people in those threads. If it were completely neutral politically, there is the potential to have great technical discussion.

                                                                                                          1. 3

                                                                                                            I think you’d have trouble finding a lot of people who would want to hang out there

                                                                                                            I agree, but that’s not a bad thing, is it? This is not some sort of mass movement.

                                                                                                          2. 0

                                                                                                            s it possible to have a small place (e.g. lobste.rs) which is for discussing technology without ethical implications and all the rest of the net for discussing whatever you want

                                                                                                            No. Even if it were, this would not be it.

                                                                                                            1. 1

                                                                                                              Even if it were, this would not be it.

                                                                                                              How do you know this?

                                                                                                              1. 0

                                                                                                                Because this site is full of intelligent people.

                                                                                                                1. 9

                                                                                                                  Ah. You’re implying that “discussing technology without ethical implications” is exclusive to stupid people. Do I understand you correctly?

                                                                                                                  1. 2

                                                                                                                    I’m chewing on my keyboard right now!

                                                                                                                    1. 1

                                                                                                                      Discussing technology without coming up against ethical issues is impossible. I don’t think intelligent people would just skirt around them when they come up.

                                                                                                            2. 5

                                                                                                              Do you have an example of an action that would not be subject to ethical judgements? In trying to understand your claim, but I don’t sufficiently understand the definitions you’re using to determine whether you’ve made a falsifiable statement or not. Will you spend a little time describing the limits of your statement or what empirical observations support it?

                                                                                                              1. 6

                                                                                                                I would argue that there is a class of actions, e.g., selecting one knife over another in the kitchen for cooking, that has neither inherent ethic or no ethical consequence. Now, the ethic selected for consideration will affect whether you consider something to be of consequence. If, e.g., there is an ethical judgment on the Proper Utensils To Use, then that becomes of ethical consequence. Generally, societies consider actions such as killing adult humans to have inherent ethics.

                                                                                                                Suppose we choose gcc or clang - then you are supporting, ever so mildly, one development philosophy & license over another. Those licenses are widely considered to have ethical entailments. The FSF has very strong ethical stances about licensing.

                                                                                                                Now, with respect to empirical observations, I suggest weapons systems: they are an obvious technology which carries ethical implications. Other technology might be: AirBNB (affects housing), Uber (affects taxi operators), factory robots (replaces factory workers). Each of those affects jobs and thus the ability of many members of society to be fed and housed, a clear ethical question.

                                                                                                                I hope those presents samples that adequately points towards the answer you are looking for.

                                                                                                                1. 7

                                                                                                                  I would argue that there is a class of actions, e.g., selecting one knife over another in the kitchen for cooking, that has neither inherent ethic or no ethical consequence.

                                                                                                                  Interesting. Why do you believe that the methods that knife companies use to exploit their workers and the labor conditions of their employees would not be something to discuss? Do you believe that the environmental implications of importing knives from China rather than buying them locally has no ethical impact? What about the historical implications of Western expansion and influence in Japan, and the resulting western style Gyuto knives supplanting Sujihiki style kitchen knives? In fact, not only are there ethical implications, there are deep historical forces involved in your selection of kitchen knives.

                                                                                                                  Of course there are ethical considerations in picking kitchen knives. But you might not want someone to bring them up every time you try to discuss paring potatoes, because they may be considered to be off topic by some.

                                                                                                                  1. 4

                                                                                                                    Ah, this is the problem with language: I was contemplating grabbing one knife out of my kitchen bin versus another. “Selection” is a polymorphic verb over multiple objects dispatching… and yes, actual purchasing of knives exercises an ethical choice regarding the supply chain and who gets my infinitesimally small dollar choice.

                                                                                                                    It’s a bit tiring, as a friend said to me once, there is no ethical consumption under capitalism(even if you disagree with my Lefty friend there, you can get the spirit of the statement) - sometimes you do just need to get the Thing done. One has to care the appropriate amount, and respond in the proportional manner.

                                                                                                                    1. 10

                                                                                                                      there is no ethical consumption under capitalism

                                                                                                                      I’d go one step further: There’s no such thing as an unquestionably ethical action. The economic model doesn’t matter – everything is an ethical trade off. With that realization, it becomes clear that ethical debates can be shoehorned in anywhere, which is why a space where discussions on ethics are deemed off topic can be valuable.

                                                                                                                      (Edit) High quality discussion on ethics would be interesting, but quality is subjective, and discussions are prone to turn into flame wars and shaming, especially in today’s internet climate, so I’d rather have them declared off topic, at least in this little corner.

                                                                                                                      1. 8

                                                                                                                        If politics is encouraged in every applicable thread (it is now) and I wanted to join that practice (I don’t), I could be calling folks out in many (sometimes most) threads here each day on ethics around employers, code maintenance, energy use, disposable products causing environmental harm, using tech that’s non-inclusive cuz few understand it or CPU/RAM requirements price out the poor, and so on. It would be ridiculous even when true since it distracts so much from the kinds of technical submissions that brought many people to Lobsters in the first place. Especially those actually building interesting stuff vs just submitting.

                                                                                                                        It’s why I was for either ban on politics or a tag so it would be in specific threads folks could filter. Both got shot down. Here we are.

                                                                                                              2. 6

                                                                                                                You’re absolutely correct.

                                                                                                                Hell, Portland State University’s CS program even has a requirement class “CS 305 Social, Ethical, and Legal Implications of Computing”[0]. I suspect this is not an anomoly..

                                                                                                                1. https://www.pdx.edu/computer-science/cs305
                                                                                                                1. 2

                                                                                                                  If you really want it to be that you can pretend. But I don’t know why you would feel better doing so.

                                                                                                                  1. 10

                                                                                                                    I mean, his entire schtick is “Neo-Reaction”, he’s defended owning slaves, and the list absolutely goes on from there. I’m not sure why thats controversial. If you want to sift through his oeuvre for more tidbits on what he believes by all means, but denying that he believes in all different kinds of hierarchy and especially racial hierarchy is going to be a problem when you’re done.

                                                                                                                    1. 3

                                                                                                                      If you can give a pithy explanation of what urbit is really about, you’ll be the first in my experience.

                                                                                                                      There are some cool concepts but it seems like they are melded together to create a solution to some problem which is never clearly stated, unless the problem is “there should be a digital asset akin to land in that it is impossible to create more of it,” which isn’t a problem most people, even most people posting on various programming-oriented messageboards, would find compelling.

                                                                                                                      1. 1

                                                                                                                        “a digital asset akin to land in that it is impossible to create more of it” is actually a really interesting solution to the problem of making digital identities expensive enough to discourage spam, and also to the problem of funding the development of a social network before the social network has gotten large enough to be obviously valuable. Certainly not the only such solution, but a solution. I’d actually like to see other projects that have nothing to do with Urbit try out their own spins on the idea of cryptographically-verified digital land ownership.