 | NixOS Marketing | 263 Members |
| NixOS website + marketing team: https://nixos.org/community/teams/marketing.html | 59 Servers |
| NixOS Marketing | 263 Members |
| NixOS website + marketing team: https://nixos.org/community/teams/marketing.html | 59 Servers |
| Sender | Message | Time |
|---|---|---|
| 20 Sep 2023 | ||
 Hubble the Wolverine (they/them) joined the room. | 22:16:23 | |
| 21 Sep 2023 | ||
 Pol | I hope this is the appropriate channel for my request. I am currently working on writing a document aimed at introducing the concept of "reproducibility" in software development within the European Commission. The ultimate goal of this document is to advocate for the authorization and official recognition of Nix as a tool at the EC. Would you happen to have any existing materials that could assist me in this endeavor, such as presentations or PDFs? | 08:48:51 |
 Matthias Meschede joined the room. | 09:33:34 | |
| Matthias Meschede | Pol: just some that come to mind immediately. For research there is a presentation here (maybe you saw it) https://toot.aquilenet.fr/@civodul/111097781066920677 . Konrad Hinsen and Nicolas Rougier, who you may know, have lots of other articles about this subject and also some nice references such as a Nature paper. They are more active in the Guix world if but maybe that doesn't hurt. Andreas from our Scalable Builds Group just gave a talk about the role of build systems that touches reproducibility as well. https://media.ccc.de/v/all-systems-go-2023-219-fast-correct-reproducible-builds-with-nix-bazel#t=1288 . "The motivation behind the Reproducible Builds project is therefore to allow verification that no vulnerabilities or backdoors have been introduced during this compilation process. By promising identical results are always generated from a given source, this allows multiple third parties to come to a consensus on a “correct” result, highlighting any deviations as suspect and worthy of scrutiny." This has been cited from https://reproducible-builds.org/ . Nix has the Trustix project around this idea and jfrog this one: https://pyrsia.io/ . I have a whole long list of references about reproducibility from an old grant consortium somewhere. If it's really required I can try digging it up. | 09:41:51 |
| Pol | Nice ! Thanks I will check everything out. Regarding the definition of reproducible build, I already have this in my document: | 09:43:00 |
| Pol |  Download image.png | 09:43:04 |
| Matthias Meschede | Nice. I would try to hammer out that eproducibility greatly enhances:
| 09:47:35 |
| Matthias Meschede | * Nice. I would try to hammer out that reproducibility greatly enhances:
| 09:47:45 |
| Pol | It's done already somewhere else :D | 09:48:10 |
| Pol |  Download image.png | 09:48:13 |
 raboof | it might be good to clarify 'reproducible builds' means actual bit-by-bit reproducibility, which Nix doesn't necessarily guarantee (but definitely helps with) | 09:48:37 |
| Matthias Meschede | Looks good | 09:48:37 |
| Pol | I will when I introduce the Nix tool. First I need to introduce the concept of "Reproducibility". | 09:49:09 |
| Pol | Nix is "just" a tool that helps, just like docker is. | 09:49:20 |
| Matthias Meschede | A misunderstanding that I have sometimes seen is that Reproducibility becomes so much the center point of the discussion that it seems like a weird obsession to people with an outside perspective on software. | 09:49:47 |
| Matthias Meschede | They care about reducing cost and protecting themselves against ransomware. | 09:50:16 |
| Pol | In reply to @matto153:matrix.orgthis is definitely one of the outcome of reproducibility. I will insist on this in the document. | 09:51:10 |
| Matthias Meschede | If they understand that the lack of reproducibility is a major cause for this, in my experience the rest of the conversation becomes much easier. | 09:51:32 |
| Pol | Nice. | 09:52:44 |
 tomberek | Matthias Meschede: there is another related concept I've been thinking about that might be a better description of what Nix helps with. It is about allowing as much variance in the situation as possible and reducing the variance of the outcome. "Reproducibility" is often meant to mean that there is no variance in output. Nix allows me to change quite a few things in the environment safely. And even when I want a variance in output, that variance is limited and controlled For example; I want to patch something, I know that only that patch changed, no other change leaked in, and that the outcome should only vary due to the result of my introduced change. | 13:43:48 |
| tomberek | Reproduciblity in spite of changes in the environment. Resiliance? From the thesis: "This thesis is about getting computer programs from one machine to another—and having them still work when they get there." You change the environment, but still expect a consistency in behavior. | 13:48:29 |
| Matthias Meschede | tomberek: I thought a lot about exactly this as well. In the scientific community this is referred to as reproducibility and replicability. Unfortunately the definition is exactly the other way around as in the Nix world. Replicability refers to the ability to exactly reproduce something, whereas reproducibility refers to the ability to achieve consistent results (under some variation). Replicability as Nix gives is weaker than reproducibility in this sense, an if you want a truly robust, i.e. generalizing, result you want to be able to modify things. | 16:49:06 |
| Matthias Meschede | That Reproducibility alone is not the killer feature is also clear if you consider every close off binary blog as reproducible. And that's unfortunately a very common misunderstanding. | 16:51:42 |
| Matthias Meschede | * That Reproducibility alone is not the killer feature is also clear if you consider every closed off binary blog as reproducible. And that's unfortunately a very common misunderstanding. | 16:51:50 |
| Matthias Meschede | well, maybe replicability would be bit-by-bit reproducibility and Nix still is mostly reproducible because it lowers variance to a point that we get consistently working packages. | 16:53:18 |
| Matthias Meschede | * That Reproducibility alone is not the killer feature is also clear if you consider every closed off binary blob as reproducible. And that's unfortunately a very common misunderstanding. | 16:54:50 |
 garbas | jonge: avocadoom: Just FYI, everything that lands on main branch is published here -> https://main--nixos-homepage.netlify.app | 19:59:30 |
| garbas | avocadoom: Did you create a list of components we can start working on? you can add them to the description of the https://github.com/NixOS/nixos-homepage/issues/1125 | 20:00:32 |
| garbas | I'm currently working on those asciinema bits (since I know probably them most about it), jonge If you don't have anything to work on just pick some element (maybe something from the landing page) and announce it in this room. | 20:03:35 |
 dedmunwalk joined the room. | 23:04:28 | |