Pre-roll transcript:Before you is an episode of the Full Time Nix podcastFor silence skipping and other useful features consider using a podcast app---https://fulltimenix.com/episodes/martin-schwaighofer-steering-committee-candidatehttps://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdfhttps://github.com/NixOS/nixpkgshttps://oxide.computer/https://github.com/nix-community/lanzabootehttps://en.wikipedia.org/wiki/UEFI#Secure_BootNixCon2024 rebuilding builders instead of trusting trust https://youtu.be/UlJUpUQc9Lc?si=_EebfQszx062M2mRExtending cloud build systems to eliminate transitive trust:https://discourse.nixos.org/t/extending-cloud-build-systems-to-eliminate-transitive-trust/50841https://scored.dev/https://reproducible-builds.org/Build systems à la carte: Theory and practicehttps://www.cambridge.org/core/journals/journal-of-functional-programming/article/build-systems-a-la-carte-theory-and-practice/097CE52C750E69BD16B78C318754C7A4?utm_campaign=shareaholic&utm_medium=copy_link&utm_source=bookmarkImplementing a content-addressed Nix, 2 December 2021 — by Théophane Hufschmitthttps://www.tweag.io/blog/2021-12-02-nix-cas-4/https://github.com/nix-community/trustixhttps://nixos.org/research/00:00 Introduction and Background01:28 Martin's Journey in Computer Science02:57 Compiler Construction Course Insights04:20 The Concept of Self-Compiling Compilers07:10 Hiding stuff in the compiler08:47 Trusting Trust: Compiler Security Issues09:58 Nix and Build Process Management12:09 Bootstrapping and Auditing in Nixpkgs13:21 Trust in Software and Hardware Security18:01 Secure Boot and Its Implications20:39 Scenario: Government Agency Targeting22:15 More on boot security28:09 The Role of Secure Boot and Measured Boot29:52 Measured boot35:13 Democratizing Trust with Remote Attestation36:11 Raising the bar on security39:31 Research Directions in Supply Chain Security47:34 Enhancing Nix for Security and Efficiency50:20 Understanding Reproducibility in Build Processes53:13 Navigating Trust and Threat Models in Nix53:22 Identifying Gaps in Nix's Trust Mechanisms56:48 Attribution and Trust in Build Systems01:05:35 Distinguishing Between Input and Content Addressing in Nix01:06:38 Nix store hashes 01:12:52 The Challenges of Content Addressing01:14:04 Self-References and Their Implications01:20:24 Trust and Attribution in Build Processes01:24:31 Future Directions for Nix and Content Addressing01:30:00 Sponsoring opportunitySponsor: ---Nixcademy ad transcript:Adopting an unfamiliar technology such as Nix usually comes at a cost.Productivity takes a hit,some of the team find themselves preoccupied providing Nix support,anti-patterns emerge increasing technical debt and morale is affected.Founded by my friend and mentor Jacek Galowicz,Nixcademy have brought hundreds of individuals up to speed with Nix.Prevent technical debt,liberate your Nix expertsand get on top of Nix and back to work early.Visit nixcademy.com.Jacek tells me that most Nixcademy clients returned their investment in training in under three months.They also provide free educational content that I recommend and a Nix newsletter that I subscribe to.nixcademy.com.Mentoring ad transcript:Commercial breakOne on one mentoring sessions with Full Time Nix host DawnThat's meTo get me started on the Codementor platform I'm offering an unusual sale priceOnly 3 dollars for every 15 minutesFor first time Codementor users, first 15 minutes free!You want to get to know Nix better? NixOS? Flakes? flake-parts? Dev-shells? Packaging? home-manager? Nixvim?Grab this opportunity before prices increase.Go to fulltimenix.com, click "mentoring".Post-roll transcript:For past and future episodes search “Full Time Nix” on a podcast app or visit fulltimenix.comI am pleased being in full time service of the Nix ecosystem.Should your budget permit supporting open source,consider sponsoring me. Thank you!fulltimenix.com