@marcan
It means they have too much money and don't mind suing until you get tired if it and go 'fine, give me that paper', it run out of money, whichever comes first.
No, you should not give in. Yes, it does happen.
@developing_agent
It means they have too much money and don't mind suing until you get tired if it and go 'fine, give me that paper', it run out of money, whichever comes first.
No, you should not give in. Yes, it does happen.
@developing_agent
@raboof @ska @reproducible_builds Sure; I meant to say that you can detect trusting trust issues without bit-by-bit identical binaries. Having those makes the detection even easier, of course!
@ska @reproducible_builds Note that reproducible builds doesn't necessarily give you bit-for-bit identical binaries, and that's also not necessary. What they give you is a toolkit to figure out which changes are normal results of different build dependencies, and which ones aren't. Things like diffoscope, e.g.
@ska @reproducible_builds If I build a version of some reproducibly-built software using a compromised tool chain and you built it using a non compromised one, and you shared the relevant bits of the output with me, then we know that one of us has a fishy compiler and the trusting trust issues are discovered.
That still leaves figuring out what happened, of course, but you don't need to be an expert to get this far. With your method of auditing binaries, you do.
That still leaves figuring out what happened, of course, but you don't need to be an expert to get this far. With your method of auditing binaries, you do.
@autism101 @actuallyautistic Some (also spectrum) people find emails extremely difficult to deal with properly and prefer getting a phone call... π€·
Maybe better to discuss with the party involved and see what works for the both of you?
Maybe better to discuss with the party involved and see what works for the both of you?
@fsfe why is only the audio of your "What is Free Software" videos translated, and not the visuals? That seems suboptimal. https://media.fsfe.org/w/p/9gYSyoEYggsqBExLWjRejL
@ska
Only if the reproducer uses the same compromised tool chain. The whole point of reproducible builds is that you can in fact use your own version of the tool chain and still get the same result.
Cc @reproducible_builds
Only if the reproducer uses the same compromised tool chain. The whole point of reproducible builds is that you can in fact use your own version of the tool chain and still get the same result.
Cc @reproducible_builds
@simevidas Eh, a "scroll this page up" swipe should never ever ever be confused with a "please refresh this page and lose all my context"? Seems rather obvious to me π€·
Actually, it turns out that there is a BIOS update! Itβs just not through LVFS π€¦
@simevidas I would have liked it if it wasn't so broken. Sometimes, when scrolled way down and I try to scroll up a bit, that triggers it, causing me to lose where I was in the page... no thanks.
Today's complete waste of time yakshaving:
I want to switch on my home server with home-assistant.io
So I enable wake-on-lan in the system's BIOS
Which causes it to immediately power on after every "sudo poweroff"
Which I try to fix using "fwupdmgr"
Which, it turns out, requires UEFI boots, which I did not yet move the server to
Which I got to work for 99% using incomplete Internet guides
Which I could fix using a live image
At which point I find that there is no firmware update... π
I want to switch on my home server with home-assistant.io
So I enable wake-on-lan in the system's BIOS
Which causes it to immediately power on after every "sudo poweroff"
Which I try to fix using "fwupdmgr"
Which, it turns out, requires UEFI boots, which I did not yet move the server to
Which I got to work for 99% using incomplete Internet guides
Which I could fix using a live image
At which point I find that there is no firmware update... π