toad.social

1 post1 participant1 post today

Ian Brown 👨🏻‍💻In fact, governments probably should only EVER deploy executables they have built themselves, using their own compilers (see the classic computer science paper Reflections on Trusting Trust). You’d also need chip <a href="https://eupolicy.social/tags/microcode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#microcode</a> auditing and verification for security-critical systems. And some level of chip assurance. And 🇬🇧 Cell-like audits… Details to be determined 😉<a href="https://eupolicy.social/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ReproducibleBuilds</a> <a href="https://eupolicy.social/tags/StrategicAutonomy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#StrategicAutonomy</a> <a href="https://eupolicy.social/tags/audit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#audit</a> <a href="https://eupolicy.social/tags/escrow" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#escrow</a>

IzzyOnDroid ✅You're interested in Reproducible Builds for Android apps? We've just updated our Wiki on those:<a href="https://gitlab.com/IzzyOnDroid/repo/-/wikis/Reproducible-Builds/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://gitlab.com/IzzyOnDroid/repo/-/wikis/Reproducible-Builds/</a>There are new pages for setting up build recipes, and debugging/fixing RBs – which should help you when running your own builder. Which you btw can set up on your Linux machine within 5 minutes using the scripts provided at <a href="https://codeberg.org/IzzyOnDroid/rbuilder_setup" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://codeberg.org/IzzyOnDroid/rbuilder_setup</a> :awesome:Developers also find pages there on making/keeping their apps RB.<a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reproducibleBuilds</a> <a href="https://floss.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Android</a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IzzyOnDroid</a>

Kevin Karhan :verified:<a href="https://kolektiva.social/@licho" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@licho</a> <a href="https://hachyderm.io/@osman" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@osman</a> provide evidence the code <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@signalapp</a> released is actually being deployed.<ul><li>Whereas <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@monocles</a> has <a href="https://infosec.space/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ReproducibleBuilds</a> to the point that <a href="https://floss.social/@fdroidorg" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@fdroidorg</a> literally pulls their <code>git</code> and builds it from source.</li></ul>Not to mention pushing a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Shitcoin</a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Scam</a> (<a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MobileCoin</a>) disqualifies <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> per very design! <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.youtube.com/watch?v=tJoO2uWrX1M</a><ul><li>Given the collection of <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhoneNumbers</a>, the ability to restrict functionality based off those and the fact that <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> is subject to <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudAct</a> make it inherently not trustworthy.</li></ul>And don't even get me started on the fact.it's not sustainable to run it as a <a href="https://infosec.space/tags/VCmoneyBurningParty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VCmoneyBurningParty</a>!<ul><li>As soon as Signal becomes a problem, it will be taken offline, and due to the fact that it is <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#centralized</a>, <a href="https://infosec.space/tags/proprietary" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#proprietary</a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleVendor</a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleProvider</a> that's trivial for authorities.</li></ul>Same as identifying users: They already got a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhoneNumber</a> which in many juristictions one can't even obtain without <a href="https://infosec.space/tags/ID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ID</a> legally, thus making it super easy to i.e. find and locate a user. Even tze cheapest LEAs can force their local M(V)NOs to <a href="https://infosec.space/tags/SS7" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SS7</a> a specific number...<ul><li>All these are unnecessary risks, that could've been avoided, but explicitly don't even get remediated retroactively!</li></ul>Again: Signal has a <a href="https://infosec.space/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Honeypot</a> stench, and you better learn proper <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#E2EE</a>, <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SelfCustody</a> and <a href="https://infosec.space/tags/TechLiteracy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechLiteracy</a> because <a href="https://web.archive.org/web/20210606070919/twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener noreferrer" target="_blank">corporations can't pull the 5th [Amendment] on your behalf!</a>

LavX NewsEnhancing Software Supply Chain Security: The Quest for Reproducible ReleasesIn an era where software supply chain security is paramount, developers are challenged to create reproducible releases. This article delves into the technical hurdles and innovative solutions that are...<a href="https://news.lavx.hu/article/enhancing-software-supply-chain-security-the-quest-for-reproducible-releases" rel="nofollow noopener noreferrer" target="_blank">https://news.lavx.hu/article/enhancing-software-supply-chain-security-the-quest-for-reproducible-releases</a><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tech</a> <a href="https://mastodon.cloud/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SupplyChainSecurity</a> <a href="https://mastodon.cloud/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ReproducibleBuilds</a> <a href="https://mastodon.cloud/tags/CI_CD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CI_CD</a>

jbz"Over the last few releases, we changed our build infrastructure to make package builds reproducible. This is enough to reach 90%. The remaining issues need to be fixed in individual packages. After this Change, package builds are expected to be reproducible. Bugs will be filed against packages when an irreproducibility is detected. The goal is to have no fewer than 99% of package builds reproducible."<a href="https://www.phoronix.com/news/Fedora-43-Expect-Reproducible" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.phoronix.com/news/Fedora-43-Expect-Reproducible</a><a href="https://indieweb.social/tags/fedora" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fedora</a> <a href="https://indieweb.social/tags/reproduciblebuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reproduciblebuilds</a> <a href="https://indieweb.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a> <a href="https://indieweb.social/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a>

IzzyOnDroid ✅With our rbuilder_setup scripts now ready, the wiki page on Verification Builders has been updated, too:<a href="https://gitlab.com/IzzyOnDroid/repo/-/wikis/Reproducible-Builds/Verification-Builder" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://gitlab.com/IzzyOnDroid/repo/-/wikis/Reproducible-Builds/Verification-Builder</a><a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reproducibleBuilds</a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IzzyOnDroid</a>

IzzyOnDroid ✅Wanted to run your own builder for <a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reproducibleBuilds</a> and were disappointed our RBuilder Setup was only available for Debian-based systems? Then we have good news for you: a few min ago, 2 PRs have been merged. The setup scripts now also support RPM & Arch based systems 🥳RPM/Arch lack packages for apksigner & dexdiff (which are needed for debugging). We're on it, those will follow hopefully soon™.Thanks to <a href="https://mastodon.social/@Iamlooker" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Iamlooker</a> and Patrick (from FlorisBoard) for your help!<a href="https://codeberg.org/IzzyOnDroid/rbuilder_setup" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://codeberg.org/IzzyOnDroid/rbuilder_setup</a>

IzzyOnDroid ✅New day, new Milestone: now 500 apps at <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IzzyOnDroid</a> are <a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reproducibleBuilds</a> :awesome:

IzzyOnDroid ✅🐣 oops… the Easter egg hatched early! We've just reached a goal we hoped to achieve around Easter:At <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IzzyOnDroid</a> 40% – so 2 out of every 5 apps – are now <a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reproducibleBuilds</a> 🥳So whenever you see one or more green shields next to the version of an app in our repo browser at <a href="https://apt.izzysoft.de/fdroid" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://apt.izzysoft.de/fdroid</a> you can be sure: this was built exactly from the source code it claims to be, nothing added or taken away.Oh, and we should roll out those new shields soon™, so you see the independent builders 😉

IzzyOnDroid ✅Want to try running your own builder – to confirm apps as <a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reproducibleBuilds</a> or just to build your own apps? At <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IzzyOnDroid</a> we've just made "easy setup scripts" available which should take care for all requirements, while letting you choose which parts you want:<a href="https://codeberg.org/IzzyOnDroid/rbuilder_setup" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://codeberg.org/IzzyOnDroid/rbuilder_setup</a>These scripts are not yet thoroughly tested (just a bit on Linux Mint/Debian/Ubuntu), so we'd welcome volunteers & their feedback.Thanks to <a href="https://social.nlnet.nl/@nlnet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nlnet</a> for supporting us on this project! You're awesome :awesome:

IzzyOnDroid ✅Welcome to the RB family, Payload Dumper 🥳<a href="https://apt.izzysoft.de/packages/com.rajmani7584.payloaddumper" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://apt.izzysoft.de/packages/com.rajmani7584.payloaddumper</a>Payload Dumper lets you extract boot.img or any other (partition) images without any PC and without SuperUser (root) access, directly on your Android device.Thanks to the help of its developer, with today's release this app is now RB :awesome:<a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reproducibleBuilds</a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IzzyOnDroid</a>

IzzyOnDroid ✅Welcome to the RB family, StreetMeasure 🥳<a href="https://apt.izzysoft.de/packages/de.westnordost.streetmeasure" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://apt.izzysoft.de/packages/de.westnordost.streetmeasure</a>StreetMeasure is an app to measure distances and heights. It was made for usage with StreetComplete and other OpenStreetMap editors. But you can use it for other things, too.Thanks to the joint efforts with its author (thanks Tobias!), starting with v1.5 this app is now RB :awesome:RB status at IoD now: 471 apps (38.4%)<a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reproducibleBuilds</a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IzzyOnDroid</a>

LavX NewsReproducible Builds: A Milestone for openSUSE's RBOS Project Enhancing Supply Chain SecurityThe Reproducible-openSUSE (RBOS) project has achieved a significant milestone by demonstrating the ability to build a Linux distribution with 100% bit-identical packages. This advancement is crucial f...<a href="https://news.lavx.hu/article/reproducible-builds-a-milestone-for-opensuse-s-rbos-project-enhancing-supply-chain-security" rel="nofollow noopener noreferrer" target="_blank">https://news.lavx.hu/article/reproducible-builds-a-milestone-for-opensuse-s-rbos-project-enhancing-supply-chain-security</a><a href="https://mastodon.cloud/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a> <a href="https://mastodon.cloud/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tech</a> <a href="https://mastodon.cloud/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SupplyChainSecurity</a> <a href="https://mastodon.cloud/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ReproducibleBuilds</a> <a href="https://mastodon.cloud/tags/openSUSE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#openSUSE</a>

Kevin Karhan :verified:<a href="https://mastodon.ie/@davey_cakes" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@davey_cakes</a> personally, I'd point at <a href="https://infosec.space/tags/Codium" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Codium</a> which removes all the <a href="https://infosec.space/tags/proprietary" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#proprietary</a> <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> <a href="https://infosec.space/tags/bloat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bloat</a> and instead has <a href="https://infosec.space/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ReproducibleBuilds</a>.<a href="https://vscodium.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://vscodium.com</a>

IzzyOnDroid ✅Miss the <a href="https://floss.social/tags/AndroidAppRain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AndroidAppRain</a> at <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IzzyOnDroid</a> ? Well, I'm currently busy filling the gaps with <a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reproducibleBuilds</a> – and as I was asked: Yes, that's much harder the longer an app was not updated. Missing dependencies that cannot be fixed anymore (like, JCenter went offline last year). Build issues / upstream fixes needed, but the dev no longer around to help. And so on. So with 3+ years unmaintained, maybe 9 our of 10 apps simply fail…Doing our best to get as much in as possible, though 🤞

Vagrant CascadianNote to self:I must admit I probably could have used a slide about why <a href="https://floss.social/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ReproducibleBuilds</a> is important in my talk yesterday.More and more I would like to stress that reproducible builds are most importantly about being able to say that a given artifact was produced from specific bit of source code, and all of the security and other benefits derive directly or indirectly from that.Ideally you can recursively make such assertions all the way down, and you end up with <a href="https://floss.social/tags/BootstrappableBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BootstrappableBuilds</a>

Vagrant CascadianSpeaking on the half-hour at <a href="https://fosstodon.org/@pycascades" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@pycascades</a> My first go presenting "Re-Py-Ducible Builds" So refreshing to be at a conference where everyone is wearing a mask!<a href="https://floss.social/tags/WearAMask" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WearAMask</a> <a href="https://floss.social/tags/PyCascades2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PyCascades2025</a> <a href="https://floss.social/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ReproducibleBuilds</a> <a href="https://floss.social/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Python</a>

IzzyOnDroid ✅Welcome to the RB family, Hypatia 🥳 <a href="https://apt.izzysoft.de/packages/org.maintainteam.hypatia" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://apt.izzysoft.de/packages/org.maintainteam.hypatia</a>Hypatia is the worlds first FOSS malware scanner for Android. It is powered by ClamAV style signature databases.Thanks to some help by <a href="https://mastodon.social/@asandikci" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@asandikci</a> from the MaintainTeam we managed to the the green shield up today :awesome: <a href="https://floss.social/tags/reproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reproducibleBuilds</a> <a href="https://floss.social/tags/IzzyOnDroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IzzyOnDroid</a>

Kevin Karhan :verified:<a href="https://possum.city/@tauon" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@tauon</a> 1) <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudAct</a> is just <a href="https://infosec.space/tags/CyberFacism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberFacism</a>, look it up! <a href="https://en.wikipedia.org/wiki/CLOUD_Act" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://en.wikipedia.org/wiki/CLOUD_Act</a><ul><li>And with <a href="https://infosec.space/tags/Trumpism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Trumpism</a> ravaging the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#USA</a> must be considered as <a href="https://infosec.space/tags/hostile" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hostile</a> as <a href="https://infosec.space/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> and the "P.R." <a href="https://infosec.space/tags/China" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#China</a> by anyone who takes <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpSec</a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> & <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ComSec</a> seriously!</li></ul>-2) <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@signalapp</a> 's <a href="https://infosec.space/tags/Server" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Server</a> code is proprietary and since it's centralized we can't trust that the code they release is what's running on their backend! <ul><li>Plus their <a href="https://infosec.space/tags/App" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#App</a> doesn't allow <a href="https://infosec.space/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ReproducibleBuilds</a> (if Signal was <a href="https://infosec.space/tags/FLOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FLOSS</a> it would be on <a href="https://floss.social/@fdroidorg" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@fdroidorg</a> / <a href="https://infosec.space/tags/Fdroid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Fdroid</a>) but alas it isn't!</li></ul>-3) <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> still demands <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhoneNumbers</a> which are <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> either by association (<a href="https://infosec.space/tags/Number" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Number</a> => <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICCID</a> = <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIM</a> = <a href="https://infosec.space/tags/IMSI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IMSI</a> => <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IMEI</a> => Location Data <a href="https://infosec.space/@kkarhan/113467346741876822" rel="nofollow noopener noreferrer" target="_blank">as I explained before</a><a href="https://infosec.space/@kkarhan/113878565911126519" rel="nofollow noopener noreferrer" target="_blank">twice</a>) or mandatory <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KYC</a> / <a href="https://infosec.space/tags/ID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ID</a> requirements (even on prepaid cards), which an increasing amount of juristictions do...<ul><li>They have no "<a href="https://infosec.space/tags/LegitimateInterest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LegitimateInterest</a>" demanding said <a href="https://infosec.space/tags/PersonallyIdentifyingInformation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PersonallyIdentifyingInformation</a> to begin with! </li></ul>-But don't take my word for it. <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.youtube.com/watch?v=tJoO2uWrX1M</a><ul><li>Ask yourself if you'd trust someone <a href="https://www.youtube.com/watch?v=0DSGq9FQKU4" rel="nofollow noopener noreferrer" target="_blank">peddlibg</a> <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Shitcoin</a> <a href="https://infosec.space/tags/Scams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Scams</a> like <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MobileCoin</a> with your data!</li></ul>

Stefano ZacchiroliLast but not least, my student <a href="https://chaos.social/@luj" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@luj</a> will present «How reproducible is <a href="https://mastodon.xyz/tags/NixOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NixOS</a>?» on Saturday <a href="https://fosdem.org/2025/schedule/event/fosdem-2025-4430-how-reproducible-is-nixos-/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://fosdem.org/2025/schedule/event/fosdem-2025-4430-how-reproducible-is-nixos-/</a> . The talk is about our large-scale historical (2017-2023) experiments on the bitwise reproducibility of <a href="https://mastodon.xyz/tags/Nix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Nix</a> packages. Unmissable if you are into functional package managers and/or <a href="https://mastodon.xyz/tags/reproduciblebuilds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reproduciblebuilds</a> .For the gory details, check out the preprint of our <a href="https://mastodon.xyz/tags/MSR2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MSR2025</a> paper about this work: <a href="https://upsilon.cc/~zack/research/publications/msr-2025-nix-reproducibility.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://upsilon.cc/~zack/research/publications/msr-2025-nix-reproducibility.pdf</a><a href="https://mastodon.xyz/tags/FOSDEM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FOSDEM</a>

Recent searches

Search options

Administered by:

Server stats:

#reproduciblebuilds