Trust in Nix with Martin Schwaighofer
https://fulltimenix.com/episodes/martin-schwaighofer-steering-committee-candidate
https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
https://github.com/NixOS/nixpkgs
https://oxide.computer/
https://github.com/nix-community/lanzaboote
https://en.wikipedia.org/wiki/UEFI#Secure_Boot
NixCon2024 rebuilding builders instead of trusting trust
https://youtu.be/UlJUpUQc9Lc?si=_EebfQszx062M2mR
Extending cloud build systems to eliminate transitive trust:
https://discourse.nixos.org/t/extending-cloud-build-systems-to-eliminate-transitive-trust/50841
https://scored.dev/
https://reproducible-builds.org/
Build systems à la carte: Theory and practice
https://www.cambridge.org/core/journals/journal-of-functional-programming/article/build-systems-a-la-carte-theory-and-practice/097CE52C750E69BD16B78C318754C7A4?utm_campaign=shareaholic&utm_medium=copy_link&utm_source=bookmark
Implementing a content-addressed Nix, 2 December 2021 — by Théophane Hufschmitt
https://www.tweag.io/blog/2021-12-02-nix-cas-4/
https://github.com/nix-community/trustix
https://nixos.org/research/
00:00 Introduction and Background
01:28 Martin's Journey in Computer Science
02:57 Compiler Construction Course Insights
04:20 The Concept of Self-Compiling Compilers
07:10 Hiding stuff in the compiler
08:47 Trusting Trust: Compiler Security Issues
09:58 Nix and Build Process Management
12:09 Bootstrapping and Auditing in Nixpkgs
13:21 Trust in Software and Hardware Security
18:01 Secure Boot and Its Implications
20:39 Scenario: Government Agency Targeting
22:15 More on boot security
28:09 The Role of Secure Boot and Measured Boot
29:52 Measured boot
35:13 Democratizing Trust with Remote Attestation
36:11 Raising the bar on security
39:31 Research Directions in Supply Chain Security
47:34 Enhancing Nix for Security and Efficiency
50:20 Understanding Reproducibility in Build Processes
53:13 Navigating Trust and Threat Models in Nix
53:22 Identifying Gaps in Nix's Trust Mechanisms
56:48 Attribution and Trust in Build Systems
01:05:35 Distinguishing Between Input and Content Addressing in Nix
01:06:38 Nix store hashes
01:12:52 The Challenges of Content Addressing
01:14:04 Self-References and Their Implications
01:20:24 Trust and Attribution in Build Processes
01:24:31 Future Directions for Nix and Content Addressing
01:30:00 Sponsoring opportunity
Sponsor:
https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
https://github.com/NixOS/nixpkgs
https://oxide.computer/
https://github.com/nix-community/lanzaboote
https://en.wikipedia.org/wiki/UEFI#Secure_Boot
NixCon2024 rebuilding builders instead of trusting trust
https://youtu.be/UlJUpUQc9Lc?si=_EebfQszx062M2mR
Extending cloud build systems to eliminate transitive trust:
https://discourse.nixos.org/t/extending-cloud-build-systems-to-eliminate-transitive-trust/50841
https://scored.dev/
https://reproducible-builds.org/
Build systems à la carte: Theory and practice
https://www.cambridge.org/core/journals/journal-of-functional-programming/article/build-systems-a-la-carte-theory-and-practice/097CE52C750E69BD16B78C318754C7A4?utm_campaign=shareaholic&utm_medium=copy_link&utm_source=bookmark
Implementing a content-addressed Nix, 2 December 2021 — by Théophane Hufschmitt
https://www.tweag.io/blog/2021-12-02-nix-cas-4/
https://github.com/nix-community/trustix
https://nixos.org/research/
00:00 Introduction and Background
01:28 Martin's Journey in Computer Science
02:57 Compiler Construction Course Insights
04:20 The Concept of Self-Compiling Compilers
07:10 Hiding stuff in the compiler
08:47 Trusting Trust: Compiler Security Issues
09:58 Nix and Build Process Management
12:09 Bootstrapping and Auditing in Nixpkgs
13:21 Trust in Software and Hardware Security
18:01 Secure Boot and Its Implications
20:39 Scenario: Government Agency Targeting
22:15 More on boot security
28:09 The Role of Secure Boot and Measured Boot
29:52 Measured boot
35:13 Democratizing Trust with Remote Attestation
36:11 Raising the bar on security
39:31 Research Directions in Supply Chain Security
47:34 Enhancing Nix for Security and Efficiency
50:20 Understanding Reproducibility in Build Processes
53:13 Navigating Trust and Threat Models in Nix
53:22 Identifying Gaps in Nix's Trust Mechanisms
56:48 Attribution and Trust in Build Systems
01:05:35 Distinguishing Between Input and Content Addressing in Nix
01:06:38 Nix store hashes
01:12:52 The Challenges of Content Addressing
01:14:04 Self-References and Their Implications
01:20:24 Trust and Attribution in Build Processes
01:24:31 Future Directions for Nix and Content Addressing
01:30:00 Sponsoring opportunity
Sponsor:
---
Ad transcript:
Adopting an unfamiliar technology such as Nix usually comes at a cost. Productivity takes a hit, some of the team find themselves preoccupied providing Nix support, anti-patterns emerge increasing technical debt and morale is affected.
Founded by my friend and mentor Jacek Galowicz, Nixcademy have brought hundreds of individuals up to speed with Nix.
Prevent technical debt, liberate your Nix experts and get on top of Nix and back to work early. Visit nixcademy.com.
Jacek tells me that most Nixcademy clients returned their investment in training in under three months.
They also provide free educational content that I recommend and a Nix newsletter that I subscribe to.
nixcademy.com.
Ad transcript:
Adopting an unfamiliar technology such as Nix usually comes at a cost. Productivity takes a hit, some of the team find themselves preoccupied providing Nix support, anti-patterns emerge increasing technical debt and morale is affected.
Founded by my friend and mentor Jacek Galowicz, Nixcademy have brought hundreds of individuals up to speed with Nix.
Prevent technical debt, liberate your Nix experts and get on top of Nix and back to work early. Visit nixcademy.com.
Jacek tells me that most Nixcademy clients returned their investment in training in under three months.
They also provide free educational content that I recommend and a Nix newsletter that I subscribe to.
nixcademy.com.
