Notices by muesli (fribbledom@mastodon.social), page 31

@Cedara

Definitiv! Es existiert eigentlich schon, ich muss nur noch die hellen Grafiken (Reply Button & Co) gegen dunklere austauschen. Weiss auf weiss sieht sonst doof aus 😆

@Cedara

Ja, das ist leider ein Problem mit dem statischen Binary. Ohne jetzt zu sehr ins technische einzusteigen: mit nem richtigen Telephant Ubuntu Paket geht das dann natuerlich! 😊

Das mit den Browser Cookies ist komisch - klingt aber nach nem server-seitigem Problem. Mal schaun ob ich dazu was finde.

@Cedara

Ne, nur downloaden und starten.

@murks No, that's a collective effort. You don't have to do this alone. Trust the public consensus, not a single entity.

@Cedara Ach ja, falls du's verpasst hast: https://github.com/muesli/telephant/releases/download/v0.1/telephant_0.1pre_Linux_64bit

Als executable setzen (chmod +x telephant...) und einfach starten.

Ist noch lang nicht fertig, aber ich freu mich jederzeit ueber dein Feedback!

@vanicpanic I love Pascal, haha...

@CalmByte In all honesty though: there was a time and place for PHP. I would never regret learning it and it certainly affected a lot of people's opinion about programming.

@CalmByte Gotta develop a taste in programming languages somehow... :D

@matrixsasuke Oh well, C affected me in all kinds of ways. And it most certainly changed the way I think about programming.

"A language that doesn't affect the way you think about programming is not worth knowing"

-- Alan J. Perlis

@fmartingr

Verifying the sources is a separate (yet connected) issue indeed, but it's useless if you don't know whether the sources you're verifying are the ones that have been packaged.

As a developer you should never blindly trust any dependencies. If you depend on some code, you will inherit all its flaws and issues, as well. That's your responsibility.

Luckily you're not alone and it's a collective process. The same needs be achieved for verifying build integrity.

@Eidon

In that case I probably do not...

@jazzyeagle

If just one entity did that, it would indeed be useless. The point is that this can be done collectively. Anyone can run such a system and verify the packages themselves.

Legend has it that Douglas Engelbart invented the mouse in 1968.

But did you know that German television manufacturer Telefunken released a "rolling-ball" device just a few months earlier?

From a technical perspective it actually closely resembles the kind of mouse that we ended up using until the late 90s.

The German patent office declined a patent due to a "lack of inventive step".

https://en.wikipedia.org/wiki/Computer_mouse#Rollkugel

@jazzyeagle

You're not supposed to do that yourself and alone. The point is that we need to set up systems that let us verify integrity collectively. Reproducible builds are just one step towards that. Only once we achieve that, we can actually rest assured, that the source code we're verifying is actually the code we're running. And again, that's a collective process with open source.

@murks

Of course I'm not suggesting that it'll ever be zero.

Clearly those are connected, but separate issues. However, without reproducible and verified builds, you don't even know if the source code you're reading is actually the source code used to generate the build you're running.

It's an important step in the right direction.

@felix

This.

@tom79

@rixx

Without deps reproducible builds are pretty much worthless indeed.

You will have to include them, and you will have to keep in sync with their releases and changes. As a developer that's one of the jobs you sign up for when picking a dependency. You inherit their issues and it's in your responsibility to act upon now.

So far packagers are doing the job for you, but should they really? Clearly nobody should know your own dependencies better than you, right?

@lachs0r

That's a bold claim that doesn't quite live up to my personal experience with C development.

However, you can try and enforce using the same upstream dependency & version for your project and all of _its_ dependencies in Go, as well. It certainly makes reviewing your deps a lot easier, I give you that.

Thanks for the video, Zig sounds intriguing!

@lachs0r

...and C, C++, Java and every other language in existence. I'm really not sure what's the point you're trying to make?