Since writing the post you link, I finally threw my hands up and made a new distro with some security engineer peers that prioritizes supply chain security and mandates 100% full source bootstrapping and determinism: https://stagex.tools
It does not even try to be a workstation distro so we can get away with a small number of packages, focusing on building software with high accountability.
Thankfully OCI build tooling is mature enough now that we can build using standards and do not need a custom build framework and custom languages like nix/guix does anymore.
Encouraging the use of Nix in production is wildly irresponsible. I am really surprised to see Google do this given their generally high security bar. Maybe this team operates in a bubble and gets to prioritize developer experience above all else.
Nix in production is more common than you think, even at scale.
It's hard to know what exactly your security concerns are here, but if you look at the current ecosystem of using containers and package registries, Nix is pretty clearly a solid contender, security-wise.
IMO you need an immutable appliance-like OS that is deterministic and full source bootstrapped to do reproductions with minimized trusting-trust attack risk.
"Git push" to it and it will do a build in a throw-away VM then have the host sign the artifact results and push signatures to the same or a different repo.
Love this project; thanks for letting us know about it. I have been voted "Least likely to succeed in Web Hosting Security" by HN for 13 years in a row, so apologies if this is irrelevant. But being able to know precisely what software you're running would be a great way to run a web server, no? Or is it not efficient enough running in a container or what?
That is why we made StageX, which allows you to generate bootable web server images or containers bit for bit identical every time so prod is predictable and accountable.
If you give an LLM any trust at all to write or execute production bound operations without human review, then anything bad that happens is -your- fault. I forgive occasional human error, but a human handing off prod control to a third party or an LLM is unforgivable.
If I found out a privileged engineer was brain dead enough to let LLMs anywhere near prod, I would fire them on the spot, and seriously examine an interview and training process that allowed someone that stupid prod access in the first place. I will not even work at an org that lets vibe coding Apple fanboy types near prod as it is a mess waiting to happen I am going to be expected to clean up. Might as well hand a child a chainsaw.
In orgs where I lead infra, I do not let anyone near prod unless they have a deep knowledge of Linux internals, system calls, etc and decade or more of experience running and debugging Linux on their own homelabs and workstations. By that point they have enough experience to be more capable than any LLM anyway and would never think of reaching for one.
As someone with a neodymium magnet in his finger, failing to disclose this to an MRI tech could rip it out, which would be unpleasant. Always be hyper aware of ferrous metal near an MRI machine.
Because governments always follow rules and never change them?
Private spending and communication are the beating heart of a healthy democracy and must be run directly by the public and decentralized or aspiring tyrants will co-opt them.
The people will never actually be in charge until we stop letting currency be controlled by governments and corporations.
I use it to donate or pay for legal things online I wish to keep anonymous like I would use cash for in person. Most people in the US do not value privacy, but for those few of us that want to purchase online with privacy, or those in heavily censored countries, cryptocurrency is the only option.
Just because few people make use of their rights is not a valid argument for their removal.
I would never use BTC purchased directly from an exchange to make anonymous payments. If a vendor only accepts BTC and I want privacy I normally swap it for monero then back for BTC again to remove any connection to me.
A key is just a 256 bit number. You can literally create one with paper and dice rolls. They will no sooner figure out who is holding most of these than they will figure out who is holding cash, or the identities of the 25m+ people downloading pirated media right now.
At best they can ask the public to please turn over their private keys, which will go about as well as efforts to stop piracy.
> key is just a 256 bit number. You can literally create one with paper and dice rolls
Well sure, but if you want to actually use it you need the whole keypair. Unless you're really good with you elliptic curve abacus you're going to need a computer for that l.
They can prosecute transactions with unregistered keys as money laundering. They may not have the resources to get everybody but they can collect a few scalps pour encourager les autres.
Yep, they can also prosecute merchants who accept payments that don't go through "approved" middlemen (banks, etc), or even ban/regulate crypto that allows users to make their own keys.
At one point the US gov was building their own crypto currency, and I'm sure it wasn't because they felt the existing options weren't private enough from oversight.
You can say cryptocurrency is failed, but adult entertainers heavily rely on it because they have been censored by payment processors basically forever.
Censorship has a way of pushing people to learn inconvenient technology, just like how most Chinese citizens know how to use VPNs.
Data enrichment brokers cross index purchase times with other data from legal factory installed spyware found in cash registers, analytics tools in proprietary software you already have on your computer, etc etc.
Every time you buy an over the counter medication at the pharmacy with a credit card, the data brokers know by combining information sources, and sell it to insurance companies.
But it still doesn't apply here. At most they could cross-reference it with a public Steam profile that has the game listed as owned after the purchase (actually, I doubt they would have the account ID to prove it for sure, but with enough purchases they could likely figure it out), but by then you've already sort of revealed to the world you bought whatever embarrassing title yourself.
No Steam API access or public data needed. Major game studios include analytics suites (bspyware) which also tend to collect information on what other software you have installed, can harvest data from Steam client side, etc etc.
Hmm, unfortunately, the URL is broken. "Safari can't open the page because the address is invalid." Couldn't get it to show in the internet archive, either. _puts on tinfoil hat._
It does not even try to be a workstation distro so we can get away with a small number of packages, focusing on building software with high accountability.
Thankfully OCI build tooling is mature enough now that we can build using standards and do not need a custom build framework and custom languages like nix/guix does anymore.
reply