[FRIAM] Meanwhile, back on the troll farms

Roger Critchlow rec at elf.org
Thu May 7 15:38:49 EDT 2020 

It's already happened more than once.  People, acting as if they cared
about the code have taken over existing projects when the current developer
loses interest.  Then they modify the code so it does something evil in
addition to its original purpose, say stealing bitcoin wallet credentials.
Others have submitted packages which were one letter typos for trusted
packages, with the same sort of surprises hidden in them.

So, that's a routine sort of criminal evil, taking over some open source
code to steal from the people who depend on it.  You pretend to be one kind
of person, and you're actually competent as the kind of person you pretend
to be, but you're really in it for what you can steal.

But what's in play here, at least implicitly, is Trump's claim that he's
being subverted by a cabal.  In that case you would need to study to become
a computational epidemiologist, earn an advanced degree, have an academic
career, all so you would be ready when a pandemic threatened to put forward
a model of the epidemic designed to make Trump look like an idiot, to cause
the economies of the world to be destroyed by fear of a false danger.  And
you're doing this because you're evil and you want to make a mark on the
world and you don't care who gets hurt?

Then there's this model,
https://statmodeling.stat.columbia.edu/2020/05/05/university-of-washington-biostatistician-unhappy-with-ever-changing-university-of-washington-coronavirus-projections/,
which is apparently just a big polynomial curve fit, so every time they
drop in another couple of thousand data points, the predictions swing all
over the place.  That's a model, constructed according to well known
methods of curve fitting, probably backed by lots of unit tests, but some
would argue that it's a stupid model that only proves that you can make a
polynomial go anywhere.

-- rec --

On Thu, May 7, 2020 at 2:42 PM <thompnickson2 at gmail.com> wrote:

> Marcus,
>
>
>
> Thanks for taking my question seriously.  I understood what I was talking
> about even less than I usually do.
>
>
>
> Let’s say I was an evil genius and wanted to introduce evil code into a
> project on github.  What would happen?
>
>
>
> N
>
>
>
> Nicholas Thompson
>
> Emeritus Professor of Ethology and Psychology
>
> Clark University
>
> ThompNickSon2 at gmail.com
>
> https://wordpress.clarku.edu/nthompson/
>
>
>
>
>
> *From:* Friam <friam-bounces at redfish.com> *On Behalf Of *Marcus Daniels
> *Sent:* Thursday, May 7, 2020 11:05 AM
> *To:* The Friday Morning Applied Complexity Coffee Group <
> Friam at redfish.com>
> *Subject:* Re: [FRIAM] Meanwhile, back on the troll farms
>
>
>
> Nick writes:
>
>
>
> *< *What exactly IS the policing mechanism in open source.  Darwinian?
> Reputational?  Does this HAVE to provoke a crisis of confidence in the
> general public?  Or could it be seen as a heroic thrown-together first step
> that is now being improved? >
>
>
>
> They are whining about simple or absent unit tests as a litmus test for
> whether the code is reliable.   It’s like saying you don’t dare drive your
> car if you didn’t take out its alternator and test its voltage output last
> week.   ‘cause someone might have changed the alternator!   Eventually
> there will be consequences if the alternator fails, like stalling or the
> battery dying.   Same thing in a big simulation.   All of the parts and
> pieces of a simulation are there for a reason and global things will start
> to change in noticeable ways if something is broken.   I would say getting
> mechanisms working correctly is less difficult that choosing what
> mechanisms are appropriate in the first place.   Usually in use of a
> simulation one has instrumentation available on almost everything, and
> there is a constant checking and double- checking even if those checks are
> not embodied in automated tests.  Automated tests can even give a false
> sense of security, because they may not deal with the parameter ranges that
> happen in with the coupled system.  If you would rather have a bunch of
> unit tests, or to have modelers using and stressing the code every day, you
> have the wrong priorities.
>
>
>
> My irritation is with the notion of unit tests as a prerequisite for code
> reliability.   There are tighter ways to integrate assertions of code
> behavior with the code.   The bandwagon obsession with unit tests is in
> some sense an obstacle even better practices.   I wouldn’t even call them
> trolls, because a troll has intention to rile people up.  These folks are
> more like pompous ditto heads who feel the need to posture about the right
> way to do software engineering.   People that love unit tests love not
> understanding the problem they are solving, and prefer to work in pieces.
> This take a is a little harsh, but in this context (advising COVID-19
> policy) I don’t find the behavior very helpful.
>
>
>
> Marcus
>
>
> .-. .- -. -.. --- -- -..-. -.. --- - ... -..-. .- -. -.. -..-. -.. .- ...
> .... . ...
> FRIAM Applied Complexity Group listserv
> Zoom Fridays 9:30a-12p Mtn GMT-6  bit.ly/virtualfriam
> unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
> archives: http://friam.471366.n2.nabble.com/
> FRIAM-COMIC http://friam-comic.blogspot.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://redfish.com/pipermail/friam_redfish.com/attachments/20200507/f14fb5ad/attachment.html>

More information about the Friam mailing list