Pre-roll transcript:Before you is an episode of the Full Time Nix podcastFor silence skipping and other useful features consider using a podcast app---https://fulltimenix.com/episodes/martin-schwaighofer-steering-committee-candidatehttps://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdfhttps://github.com/NixOS/nixpkgshttps://oxide.computer/https://github.com/nix-community/lanzabootehttps://en.wikipedia.org/wiki/UEFI#Secure_BootNixCon2024 rebuilding builders instead of trusting trust https://youtu.be/UlJUpUQc9Lc?si=_EebfQszx062M2mRExtending cloud build systems to eliminate transitive trust:https://discourse.nixos.org/t/extending-cloud-build-systems-to-eliminate-transitive-trust/50841https://scored.dev/https://reproducible-builds.org/Build systems à la carte: Theory and practicehttps://www.cambridge.org/core/journals/journal-of-functional-programming/article/build-systems-a-la-carte-theory-and-practice/097CE52C750E69BD16B78C318754C7A4?utm_campaign=shareaholic&utm_medium=copy_link&utm_source=bookmarkImplementing a content-addressed Nix, 2 December 2021 — by Théophane Hufschmitthttps://www.tweag.io/blog/2021-12-02-nix-cas-4/https://github.com/nix-community/trustixhttps://nixos.org/research/00:00 Introduction and Background01:28 Martin's Journey in Computer Science02:57 Compiler Construction Course Insights04:20 The Concept of Self-Compiling Compilers07:10 Hiding stuff in the compiler08:47 Trusting Trust: Compiler Security Issues09:58 Nix and Build Process Management12:09 Bootstrapping and Auditing in Nixpkgs13:21 Trust in Software and Hardware Security18:01 Secure Boot and Its Implications20:39 Scenario: Government Agency Targeting22:15 More on boot security28:09 The Role of Secure Boot and Measured Boot29:52 Measured boot35:13 Democratizing Trust with Remote Attestation36:11 Raising the bar on security39:31 Research Directions in Supply Chain Security47:34 Enhancing Nix for Security and Efficiency50:20 Understanding Reproducibility in Build Processes53:13 Navigating Trust and Threat Models in Nix53:22 Identifying Gaps in Nix's Trust Mechanisms56:48 Attribution and Trust in Build Systems01:05:35 Distinguishing Between Input and Content Addressing in Nix01:06:38 Nix store hashes 01:12:52 The Challenges of Content Addressing01:14:04 Self-References and Their Implications01:20:24 Trust and Attribution in Build Processes01:24:31 Future Directions for Nix and Content Addressing01:30:00 Sponsoring opportunitySponsor: ---Nixcademy ad transcript:Statistically speaking, Nix is a novel technology.As such, adoption comes at an immediate cost of productivity.Team members who know Nix find themselves preoccupied providing supportand the emergence of anti-patterns adds technical debt.What's worse; morale is affected.But, with training, these costs can be all but elimitated.Founded by my friend and mentor Jacek Galowicz,Nixcademy have brought hundreds of team members up to speed with Nix.It's what they do.So, liberate your Nix experts,prevent technical debtand get on top of Nix and back to work better and sooner.Visit nixcademy.com.Jacek tells me that most Nixcademy clients returned their investment in training in under three months.They also provide free educational content that I recommend and a newsletter that I subscribe to.nixcademy.com.Mentoring ad transcript:Commercial breakOne on one mentoring sessions with Full Time Nix host DawnThat's meTo get me started on the Codementor platform I'm offering an unusual sale priceOnly 3 dollars for every 15 minutesFor first time Codementor users, first 15 minutes free!You want to get to know Nix better? NixOS? Flakes? flake-parts? Dev-shells? Packaging? home-manager? Nixvim?Grab this opportunity before prices increase.Go to fulltimenix.com, click "mentoring".Post-roll transcript:For past and future episodes search “Full Time Nix” on a podcast app or visit fulltimenix.comI am pleased to be of service to the Nix ecosystem,but that doesn't pay the bills.So please sponsor me. Even a little bit helps.fulltimenix.com