| 21 Jun 2021 |
 siraben | In reply to @hexa:lossy.network
his post is essentially dead it's back to third place | 07:55:37 |
| siraben | but i downvoted | 07:55:39 |
| siraben |
The website says reproducibility can reduce the risk of developers being threatened or bribed to backdoor their software, but that is just ridiculous. Developers have a perfect method for making their own software malicious: bugdoors. A bugdoor (bug + backdoor) is a deliberately introduced "vulnerability" that the vendor can "exploit" when they want backdoor access.
this seems to miss the point of reproducibility, IMO
| 07:58:03 |
| siraben | *
The website says reproducibility can reduce the risk of developers being threatened or bribed to backdoor their software, but that is just ridiculous. Developers have a perfect method for making their own software malicious: bugdoors. A bugdoor (bug + backdoor) is a deliberately introduced "vulnerability" that the vendor can "exploit" when they want backdoor access.
this seems to miss the point of reproducibility, IMO (I'm aware I'm preaching to the choir here though 😅)
| 07:59:14 |
 raboof | he wrote a blogpost about that a while back, too. I haven't re-read it, but it seems his point boils down to "X doesn't solve all problems of humanity, so it is useless" - which doesn't seem too helpful. | 08:00:16 |
| raboof | * taviso wrote a blogpost about that a while back, too. I haven't re-read it, but it seems his point boils down to "X doesn't solve all problems of humanity, so it is useless" - which doesn't seem too helpful. | 08:01:18 |
| siraben | I agree, that appears to be his opinion, and the claim that reproducible builds adds complexity is startling | 08:01:23 |
| raboof | * taviso wrote a blogpost about that a while back, too. I haven't re-read it, but it seems the argument boils down to "X doesn't solve all problems of humanity, so it is useless" - which doesn't seem too helpful. | 08:01:33 |
| raboof | well, it quite obviously adds complexity, as we have to Do Stuff to make it happen. It also reduces complexity in other places. How that balances out is not easy to quantify :) | 08:02:46 |
| siraben | in the innocent case, unreproducible binaries still behave "the same" (this is very vague, since program equivalence is not trivial under compiler optimizations for instance) | 08:02:49 |
| siraben | * in the innocent case, unreproducible binaries still behave "the same" (this is very vague, since program equivalence is not trivial under compiler optimizations for instance), but this quickly does not become the case | 08:03:28 |
| siraben | you can use bit-for-bit reproducibility as evidence for the claim "my program is your program" | 08:04:03 |
| siraben | and the more the environments under which you perform the build differ, if you still maintain identical binaries that's really good | 08:04:41 |
| siraben | * and the more the environments under which you perform the build differ, if you still maintain identical binaries that's really good and the claim is even stronger | 08:04:57 |
| raboof | taviso also makes a lot of incorrect assumptions on how we would use reproducibility, which makes his posts even harder to follow | 08:05:18 |
| raboof | * taviso also makes a lot of incorrect assumptions on how we would use reproducibility, which makes the argument even harder to follow | 08:05:32 |
| siraben | "the developer can insert a malicious bug therefore reproducibility is moot" | 08:08:02 |
| raboof | atemu12: you mention you successfully reproduced the 21.05 ISO - did you also compare it to the one published at https://nixos.org/download.html ? When I did that I ran into https://github.com/NixOS/nixpkgs/issues/125380 | 08:09:25 |
|  Foxboron joined the room. | 08:14:42 |
| Foxboron | Tavis in a nutshell: https://xkcd.com/2368/ | 08:16:19 |
| Foxboron | But, not why I joined :) How is Nixos dealing with the linux signing key which gets generated during build to sign modules? | 08:16:52 |
| raboof | Foxboron: IIRC we disable module signing, and then no key is generated (https://github.com/NixOS/nixpkgs/pull/107625) | 08:18:28 |
| Foxboron | Thats.. uh.. not good? It makes lockdown mode unusable on NixOS if I'm not mistaken | 08:19:13 |
 Linux Hackerman | See the PR comments | 08:19:54 |
| Foxboron | Yeah, that's not a good solution. But it also explains why I couldn't figure out how it was dealt with. :/ | 08:21:12 |
| raboof | In reply to @foxboron:archlinux.org
Thats.. uh.. not good? It makes lockdown mode unusable on NixOS if I'm not mistaken it makes lockdown unusable on a plain NixOS installation, but if you want lockdown, you likely also want other customizations. That is still very much possible on NixOS | 08:22:23 |
| raboof | 'unusable' is perhaps not the right word, 'disabled by default'? | 08:22:36 |
| Foxboron | You are also loosing the ability to detect tainted modules on any normal nixos installation. That is a net negative in terms of security for any live deployment. | 08:23:22 |
| Foxboron | But yes, disabled by default is the correct word. | 08:23:40 |
| raboof | for example, when using distro-provided signed modules, even after lockdown someone could get the signed modules for a floppy disk driver and elevate their privileges. Better to custom-compile a kernel and only sign the modules you want to have available on your secure system, or even disable the module system entirely. (though I realize I'm somewhat making the XKCD 2368 argument now ;) ) | 08:25:45 |
