i want to be clear that my tweet shouldn't be considered a call out. actually i think they need an entirely new category of award for this. we don't even know what award it would be, we don't have words to describe it yet. absolutely mind-boggling
-
-
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
okay so if I'm getting this right: 1) nix OS uses 'derivations' as a system of package management. these use a SHA-1 hash of the request URL for security 2) chrome has non-deterministic request URLs 3) therefore, nix OS exploits a collision in its OWN hashing to bypass it
-
doesn't this inherently mean that this security control in Nix OS is useless anyway?
- Još 8 drugih odgovora
Novi razgovor -
-
-
for the curious the reason this whole hack is needed is because being able to see if downloads fail allows impurities to be introduced at build time. so I don’t think this will change soon. cures vs diseases, etc
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Tweet je nedostupan.
-
yeah. right now Nix hashes the inputs to a build, not the output of the build. so if you can get all the inputs ready, and run the build, and the build is non-deterministic: then different builds will get the same hash. that's basically what it comes down to.
- Još 3 druga odgovora
-
-
-
-
it took some time but I’m glad we’re doing our part for computer security by replacing insecure algorithms
- Još 1 odgovor
Novi razgovor -
-
-
Oh it has a long history it seemshttps://github.com/NixOS/nixpkgs/commit/ed8f3b5fa3cebfc3662ad5fff098567616220cf8 …
-
i gotta say: aszlig kicks tons of ass for committing these sorts of crimes on our behalf. a true hero
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.