| 17 Sep 2025 |
 emily | they also only ship one SDK 😈 | 02:21:40 |
 Randy Eckenrode | They’ve at times shipped multiple SDKs. | 02:22:14 |
| Randy Eckenrode | The wrapper changes to use 14.0 as the minimum version are meant to be a test of using only one SDK. | 02:23:16 |
| Randy Eckenrode | https://github.com/maxgoedjen/secretive/releases/tag/v3.0.0 | 02:26:08 |
| Randy Eckenrode | Mostly interesting to see the secure enclave added new key types in macOS 26. | 02:26:19 |
| Randy Eckenrode | https://developer.apple.com/documentation/cryptokit/using-the-quantum-secure-apis | 02:28:08 |
 Winter | you don't understand, i need my ssh key to be quantum safe | 02:28:32 |
| Winter | * you don't understand, i need my ssh key to be quantum secure | 02:28:36 |
| emily | yeah I'm just teasing :) | 02:33:17 |
| emily | I thought nobody had come up with a post-quantum signature scheme that was actually very good yet. | 02:33:53 |
| Randy Eckenrode | Maybe we can only use one SDK in the future. We’ll have to see how the wrapper changes go. | 02:33:55 |
| emily | https://github.com/maxgoedjen/secretive/pull/618/files Secretive is arm64e now. wild | 02:34:39 |
| Randy Eckenrode | There’s an RFC. I guess that’s what Secretive is supporting even OpenSSH doesn’t support it. There’s a prototype, but it’s abandoned. | 02:34:42 |
| Randy Eckenrode | It’s supported on macOS 26 (see above). | 02:35:32 |
| emily | yeah, just funny to see it happen overnight | 02:35:49 |
| Randy Eckenrode | Is any of the hardening stuff available to ad-hoc signed applications? | 02:35:53 |
| Randy Eckenrode | It’s still going to be a while before we can use it. | 02:36:17 |
| Randy Eckenrode | https://developer.apple.com/documentation/bundleresources/entitlements/com.apple.security.hardened-process | 02:37:52 |
| emily | https://devblogs.microsoft.com/oldnewthing/20250915-00/ entirely by-the-numbers Raymond Chen post except for the last paragraph which makes the whole thing worth it | 02:38:03 |
| emily | ("Why is the name of the Microsoft Wireless Notebook Presenter Mouse 8000 hard-coded into the Bluetooth drivers?") | 02:38:11 |
| emily | (even the title sounds like you got an LLM to make up an Old New Thing post) | 02:38:29 |
| emily | I'm guessing it needs a real signature like the hardened runtime stuff | 02:39:18 |
| emily | oh hey Swift 6.2 is out | 02:39:33 |
| Randy Eckenrode | Darwin stuff first. | 02:39:43 |
| Randy Eckenrode | Then Swift. I’ll try to go the C++ bootstrap route. Maybe it will sidestep all the annoying Linux stuff. | 02:39:58 |
| Randy Eckenrode | I really hope Swift Build is not required though. That one is going to suck badly to package. | 02:40:17 |
| Randy Eckenrode | (The work I have done is like the minimum to get it not to fail immediately. I think I may have successfully built a simple project, but it hardcodes so many references to /usr stuff.) | 02:41:04 |
 samasaur | here's my example package. it just imports SwiftUI. builds fine with no SDK in buildInputs, builds fine with apple-sdk_13 or older in buildInputs, but breaks with a newer SDK | 02:48:13 |
| samasaur | i could be misinterpreting you (or there could be internal changes that you have or would make that would fix this issue) but i'm pretty sure this is the right way to package a Swift package at the moment and bringing in the 14.0 SDK breaks it | 02:48:55 |
 Katalin 🔪 | In reply to @emilazy:matrix.org
https://devblogs.microsoft.com/oldnewthing/20250915-00/ entirely by-the-numbers Raymond Chen post except for the last paragraph which makes the whole thing worth it hah! | 02:51:00 |
