Notices by Morten Linderud (foxboron@chaos.social)

So, we did a thing.

https://github.com/systemd/systemd/pull/36914

#systemd #golang #go #rust

Localization is hard.

Google Titan costs 35 euros in Europe. 35 USD in the US.

They launched in Norway this weekend. What's the price?

35 NOK (3 EUR/USD).

How many can you buy? 10!

@luj @zacchiro @Zimm_i48

> Note that even projects that do monitor build reproducibility like Debian or Arch Linux only do it at a given point in time (when the package gets built) and not backward in time like we did in our experiment!

Arch does have an archive going back to 2016~2018, and we are able to reliably reproduce packages from way back when. Fwiw.

@luj @zacchiro @Zimm_i48

And there are better citations for the improbable aspect of reliably reproducing nix packages from when the topic was originally discussed inn 2016.

Only citing me is not giving me more fans!

@luj @zacchiro @Zimm_i48
Another aspect of this problem is whether or not the 91% figure, which is not mentioned in the paper, is this bi-effect of the decade of work by the reproducible build effort?

I'd be also interested if the 91% figure is inflated? nixpkgs consume entire package indexes where some ecosystems are more reproducible than others.

> Proposing something that contradicts the GNU Coding Standards is a non-starter.

Sir, this is a Linux.

Seems like #FOSDEM is not immune to the AI-fad as well, great.

Jack Dorsey wasn't on my bingo card either, really.

#VLC

@LaF0rge

I suspect foodhackingbase will have one

I'm mind blown you can compromise a release CI/CD system with two malicious branch names. Like how.

https://github.com/ultralytics/ultralytics/issues/18027

#Security #SupplyChainSecurity

Badge pimping?

Some @kpcyrd stickers available if you find me :)

@ryanc @Dtl @viq

I tried getting ffmpeg to output Hackers through caca but it wasn't super easy as you need to render each frame from the nurses driver.

@Dtl @viq @ryanc

Love it. Totes doing that.

https://github.com/Foxboron/ssh-the-planet

@ryanc

This is funny. I wrote a SSH server that writes out the script to Hackers while ignoring Ctrl-C.

@mjg59

How are you exposing the yubikey to the browser? Are you using uhid or is there other ways?

Days since `sbctl` soft-bricked a machine because of terrible OEM firmware: 0

Don't buy a slimbook.

#SecureBoot #Linux #sbctl #slimbook

@mort @gregkh

Using CVE counts as an argument this way has always been bogus though, regardless of what is currently happening.

Someone pointed out that rpm strips packages faster than pacman so a little bit of xargs hacking later and I've shaved off 1.5/2 seconds of the pacman package building.

https://gitlab.archlinux.org/pacman/pacman/-/merge_requests/175

#rpm #pacman #ArchLinux

@clacke @dch @mjg59

We don't have several independently developed compilers, so we are only getting weak proofs of DDC. We are still reliant on different versions of GCC.

https://reproducible-builds.org/news/2019/12/21/reproducible-bootstrap-of-mes-c-compiler/

NixOS isn't bootstrappable yet as it's a WIP, so only really Guix.