#spectrum on 2019-09-02

2019-08-29 20:55 qyliss changed the topic of #spectrum to: A compartmentalized operating system | https://spectrum-os.org/ | Logs: https://logs.spectrum-os.org/spectrum/

10:40 <qyliss> ehmry: I’ve also been offered NixOS’ hydra, but its not availability that’s the problem, it’s trustworthiness of the build hardware.

10:42 <ehmry> qyliss: yes, it would be nice to have some tooling to compare build artifacts across multiple hydras

10:43 <qyliss> Yeah, that would be good

10:43 <qyliss> At that point I may take you up on the off

10:43 <qyliss> Offer

10:44 <qyliss> the work gchristensen has been doing on r13y.com has been good and interesting. Can probably use it.

10:48 <adisbladis> I was toying with using blockchains for trusting untrusted builds. If you've ever seen https://en.wikipedia.org/wiki/Convergence_(SSL) I was thinking something similar for binary artifacts where all hashes are stored in an immutable ledger.

10:48 <adisbladis> Obviously it would only work for reproducible builds

10:49 <adisbladis> But only being able to substitute reproducible builds may not be so bad?

10:50 <qyliss> I'm skeptical of anything with the word 'blockchain' in it :P

10:50 <qyliss> I think the hard problem will be, how do you know a build is reproducible?

10:51 <qyliss> I can set up five computers and have them all claim to have produced my malicious payload

10:51 <qyliss> So trust becomes important

10:51 <adisbladis> qyliss: You'll have trust agility, anyone can publish a drv-hash and the resulting output hash. It would be up to you to decide who to trust.

10:52 <qyliss> Yeah.

10:52 <adisbladis> And if everyone would produce different output hashes that build would never be substituted :)

10:52 <adisbladis> Because trust could never be established

10:53 <adisbladis> Blockchain or not doesn't matter, it does have some interesting properties for the use case though

10:53 <qyliss> sure

10:54 <qyliss> I think this is a much harder problem than it initially seems, so I'm hesitant to commit to anything in this direction yet.

10:54 <adisbladis> qyliss: I think you can consider that orthogonal to spectrum-os

10:54 <qyliss> yeah

10:55 <qyliss> I'm not sure if the problem has yet been solved sufficiently for me to be able to make use of it.

11:01 <ehmry> I think the "reproducible builds" project is coming along well enough, r13y.com is using their tools already

11:01 <qyliss> Oh yeah.

11:01 <ehmry> at some point they will have to do somthing about notaries I think

11:01 <qyliss> It's trust that's the big problem right now I think.

11:35 manveru has joined #spectrum

17:19 <adisbladis> qyliss: Where is the name Spectrum coming from?

17:19 <qyliss> You ever seen a Qubes system, with all the coloured windows?

17:19 <qyliss> I wanted to call it Prism, because it focuses different colours into a single thing

17:20 <qyliss> But PRISM has... bad connotations in this space :P

17:20 <adisbladis> qyliss: Ahh, makes sense :)

19:46 ehmry has quit [Ping timeout: 245 seconds]

19:47 andi- has quit [Ping timeout: 264 seconds]

19:48 ehmry has joined #spectrum

19:52 andi- has joined #spectrum

20:16 ehmry has quit [Ping timeout: 245 seconds]

20:57 spacekookie has quit [Read error: Connection reset by peer]

20:57 spacekookie has joined #spectrum

21:10 lejonet has joined #spectrum

22:03 lejonet has quit [Ping timeout: 258 seconds]

22:08 lejonet has joined #spectrum