robryk @robryk@qoto.org
I enjoy things around information theory (and data compression), complexity theory (and cryptography), read hard scifi, currently work on weird ML (we'll see how it goes), am somewhat literal minded and have approximate knowledge of random things. I like when statements have truth values, and when things can be described simply (which is not exactly the same as shortly) and yet have interesting properties.
I live in the largest city of Switzerland (and yet have cow and sheep pastures and a swimmable lake within a few hundred meters of my place :)). I speak Polish, English, German, and can understand simple Swiss German and French.
If in doubt, please err on the side of being direct with me. I very much appreciate when people tell me that I'm being inaccurate. I think that satisfying people's curiosity is the most important thing I could be doing (and usually enjoy doing it). I am normally terse in my writing and would appreciate requests to verbosify.
I appreciate it if my grammar or style is corrected (in any of the languages I use here).
Joined Nov 2020
@oldladyplays Yup. And for me it's still in the spirit of April Fool's because it causes confusion. (Also, hail Eris.)
The way I decided to celebrate April Fool's is to tell people a puzzle that causes confusion (because two contradictory things seem to be very obviously true), such that they learn something nontrivial by resolving that confusion. An extremely nice property of that is that it isn't spoiled by first asking them whether they want to partake.
@rq is the source of your confidence empirical or theoretical?
@tqbf what is exactly the chief engineer theory?
Trusting trust only applies if we're taking about something that's a dependency of the compiler (or rather of the toolchain). Otherwise this is just the tedious problem of whether the build process is deterministic (e.g. does it include current time somewhere in the output?).
Also, its activation conditions were pretty strict (both at build time as well as at runtime), so there's a good chance it wouldn't enable itself there even if the malicious sources were used.
@aeva it was only (fully) present in _source tarballs_ from maintainer (but not in the repo), so that depends on where guix was getting its sources from.
@erl you mean a steeple as in the tower that is often placed on top of a church and might sometimes contain a bell?
@niconiconi do you use something other than skin oil for that?
@erl what's a _catholicism grade_ steeple?
Re the supposed killswitch: I don't get the point of a killswitch. Where would malware authors use it?
@Conan_Kudo @jwf I'm somewhat concerned that the site ignores the hypothesis that the attacker compromised Lasse's dev environment (I think it does by stating free of caveats that tarballs signed by Lasse were created by Lasse).
Sure, it's not a general solution to the "malicious committer" problem, but it _is_ a solution to _this_ attack. (Obviously, if we were doing that, the attacker would choose a different attack, though potentially risking a larger chance of discovery.)
@luis_in_brief @cfiesler in this case this wasn't even adversarial testing, just testing on the typical questions that might be expected
What about using sources from version control instead of from released tarballs?
It sounds like it might make sense to deny access to testdata until the build is don (i.e.in nix terms, until the normal output is fully written out), because it's easiest to hide random cruft there.
Is this something that might be semi practical to do in nixos?
@b0rk use custom work trees for any scripts that have to commit changes they make to avoid having to deal with dirty work tree and impact of untracked files on the script's behavior
If you already had to do countersinked holes or chamfers on all edges, is I'd appreciate knowing how you did they. (These two are examples of things that I find tedious in solvespace and would love to have a better approach to.)
@b0rk so the only way to get it back is to find the hash in terminal scroll back. Sigh...
@b0rk oh. Then I was mistaken and you can lose the thing being popped :( (I assume it doesn't get added to the global reflog?)
I enjoy things around information theory (and data compression), complexity theory (and cryptography), read hard scifi, currently work on weird ML (we'll see how it goes), am somewhat literal minded and have approximate knowledge of random things. I like when statements have truth values, and when things can be described simply (which is not exactly the same as shortly) and yet have interesting properties.
I live in the largest city of Switzerland (and yet have cow and sheep pastures and a swimmable lake within a few hundred meters of my place :)). I speak Polish, English, German, and can understand simple Swiss German and French.
If in doubt, please err on the side of being direct with me. I very much appreciate when people tell me that I'm being inaccurate. I think that satisfying people's curiosity is the most important thing I could be doing (and usually enjoy doing it). I am normally terse in my writing and would appreciate requests to verbosify.
I appreciate it if my grammar or style is corrected (in any of the languages I use here).
Joined Nov 2020
