Progress on securing our distribution against supply chain attacks: The Debian testing/trixie release on amd64 is now reproducible for over 95%, and counting. You can use the new debian-repro-status package to query the reproducibility status of your installed Debian packages. See https://reproduce.debian.net/ #debian #reproducible-builds

@achilleas

Alternatively;
Professional high stakes better claims high stakes betting machines won't take his job.

Job that requires having a bunch of money and a RNG safe from being replaced by a money-burning RNG, says person with bunch of money known for playing the RNG.

https://gizmodo.com/marc-andreessen-says-one-job-is-mostly-safe-from-ai-venture-capitalist-2000596506

We need your help, the future of the OSU Open Source Lab is in jeopardy

https://osuosl.org/blog/osl-future/

https://osuosl.org/blog/osl-future/

Please help out @osuosl they provide support to so many software freedom communities.

https://osuosl.org/communities/

For Sourceware this would impact https://snapshots.sourceware.org the arm64 CI builders and serveral of our x86_64 container builders.

@gromit
I did my master thesis while only running testing repos.

Yolo!

Getting visitors from far away this weekend, so I'm making them feel welcome by showing them the sleeping arrangements.

sbctl got a new release to ensure we bundle the new and updated 2023 certificates from Microsoft.

https://github.com/Foxboron/sbctl/releases/tag/0.17

#SecureBoot #sbctl #Security #Golang

Lots of people have been asking myself and Mike for a statement on the recent drama surrounding Fosstodon. This is **MY** statement.
https://kevquirk.com/blog/my-thoughts-on-the-fosstodon-drama

@jonty
Hm, 148 irssi buffers.

I should clean that up.

Boost if you want less generative AI in your tech in 2025.

If Backblaze is your poison of choice for your backups, this text might be frightening/interesting for you:

"Backblaze: A Loss-Making Data Storage Business Mired in Lawsuits, Sham Accounting, and Brazen Insider Dumping" https://www.morpheus-research.com/backblaze/

Regardless of PewDiePie’s personal #politics (which clearly, at the very least are problematic), it is fairly well known by anyone who has been following him for any number of years that the vast majority of his fan base are enthusiastic fascists.

Now #PewDiePie , who’s content centers around PC gaming and Windows, has decided to switch to #Linux and published a video encouraging his followers to do the same. This means a very large number of his #fascist fan base is going to be switching to Linux.

Now many Linux communities are going to be forced to more explicitly choose their politics. Like the parable of the Nazi bar, if the community remains politically neutral, it will become fascist in short order.

A few things to be wary of:

• People asking you not to be “too political” or to “focus on the technology, not the politics” is a classic and highly effective fascist ruse to get moderators to lighten up on fascist elements posting in their community.
• People complaining about free speech rights. The #Internet and the #Fediverse is already a domain where people can speak freely about their politics by running their own server and building their own community with few to no government constraints. You don’t need to compromise on whether fascists have the right to free speech in your community.
• Arguments over your code of conduct (CC) and “safe spaces.” Keep them up-to-date. Research other people’s CCs, learn about the history of why these CCs came to be, learn about what the function of each clause of the code is included and phrased the way it is. These were usually designed to make explicit the fact that a community wants to be a safe space where underprivileged people can feel comfortable expressing themselves, and it is very easy to make people afraid to express themselves. Fascists understand these CCs and the concept of “safe spaces” were explicitly designed to exclude them, and often attack these ideas.

Buy books. But not from Amazon. Buy them from Bookshop.org, the independent site. This move by Amazon is shameful.

Here is a link to my book on Bookshop.org.

https://bookshop.org/p/books/the-three-ages-of-water-prehistoric-past-imperiled-present-and-a-hope-for-the-future/18943639

Made up a new Linux slogan: "Don't encrypt /boot, secure boot"

glad we're at the stage of our cyberpunk hell-timeline that we have corporate botnets DDoSing the free software communities that they rely on, leading to an arms race between the biggest companies in the world and a virtual anime person developing a proof-of-work proxy with an anime girl mascot that's now deployed by the united nations

@mxshift
Right! Sorry, I was assuming Linux.

The underlying TPM code supports Windows so in theory it should be doable. Some of the Linux sandboxing and security features would need to be nulled out though.

It should not be hard, but I personally don't have a Windows machine with a TPM nor a lot of motivation for it 🙃

@mxshift
Could use a TPM bound ssh key?

https://github.com/Foxboron/ssh-tpm-agent

@soatok
Google Assured Open Source Software™️

Today i learned CAMT 53 is a thing, and had to pull out xsltproc.

I'm not happy right now.