Hacker News new | ask | show | jobs
by dongcarl 992 days ago
Disclaimer: I'm making Obscura

True. This is why all client side source code will be released and reproducible builds offered on platforms that support it.

If you don't know what code you're running, yeah you're screwed either way.
2 comments
ds 992 days ago
You could have no auto-update functionality, and that would go a long way. But then, you are severely crippling your product by doing that. Releasing clientside sourcecode doesnt mean much if the NSA forces you to give everyone else a different binary and sourcode than your target. It means nothing.

Look- the point is, you will go down a endless rabbithole of trying to appease everyone with "bulletproof" security. And the more you go, the more functionality and usefulness you will give up.

The best solution is to be realistic and not make defacto claims. Even things like TOR, which have been open source and audited from day one have had serious issues, and I am sure many TOR developers parroted the "you cant be tracked using us" only to have exploits and code issues pop up multiple times.

link
HeartStrings 992 days ago
NSA is not the world. They don’t have to comply with NSA, just don’t have US as jurisdiction.
link
ds 992 days ago
Its where the author/founder lives. So, yes its applies pretty much exactly.
link
CommitSyn 991 days ago
NSA doesn't typically hack and persist to watch the devices of US citizens.
link
anotherhue 992 days ago
> reproducible builds

Nixpkgs please! It's the most successful reproducibility experiment I know of.

link
dongcarl 992 days ago
Absolutely!

Fun fact: all of the current website's infra is NixOS-based

Fun fact #2: I overhauled Bitcoin Core's reproducible build system to use Guix (a Nix-inspired functional package manager)

link
joshspankit 992 days ago
Side quest: Would you share the infra stack and how it’s set up?
link
dongcarl 992 days ago
It's mostly bash scripts (I know I have stockholm syndrome there) and nixos-rebuild: https://www.haskellforall.com/2023/01/announcing-nixos-rebui...

All the nix deployment tools had too much magic and broke, but nixos-rebuild always works and it's part of Nix!

Disko was great for bootstrapping servers: https://github.com/nix-community/disko

link