fishinthecalculator
@fishinthecalculator@lemmy.ml
- Comment on Bonfire & Guix, a love story -- fishinthecalculator 1 week ago:
I think it’s worth the effort since it prevents numerous risks at the root, for sure it’s not enough. I agree that bootstrapping wouldn’t necessarily solve the XZ attack, but I think that should be solved by big tech paying FOSS maintainers enough or at all to prevent them from burning out.
About the BSD experience that looks like a big amount of work but definitely worth it, I’m sure they didn’t ship many packages as Guix ships but I guess the projects have different goals and requirements.
- Comment on Bonfire & Guix, a love story -- fishinthecalculator 1 week ago:
My point on binaries was not really about reproducibility as nowadays most distro have reproducible builds: Arch, Debian, RHEL, SUSE and probably more. My point is that packages in Guix are bootstrapped from a very small binary seed, something like 357 bytes, which highly mitigates the risk of Trusting Trust attacks
- Comment on Bonfire & Guix, a love story -- fishinthecalculator 1 week ago:
I find Guix far better on almost every remark, in no particular order:
- as you said some part of the Nix community is made of techbros (even if Guix attracts some fossbros as well)
- the way governance is structured in the Nix community is brittle, just see the drama from which all the new Nix forks spawned
- better documentation. The doc for Nix is scattered, the Guix manual, albeit not perfect, is much more complete
- the Guile language is far clearer than Nix, also you don’t have to use it only for package recipes, you can build full applications with it
- the Guix story around trustability of binaries is far better (checkout how Guix boostrapps everything), entires classes of vulnerabilities are prevented by design
- the Guix UX is far better designed imho, the command line is intuitive and well documented and features are easily composable
- the community is not diverging, as is the case for Nix flakes
- Submitted 1 week ago to fediverse@lemmy.world | 7 comments
- Submitted 1 week ago to selfhosting@slrpnk.net | 0 comments
- Submitted 1 week ago to selfhosted@lemmy.world | 0 comments
- Comment on 🐌 Slow Software for a Burning World 🔥 1 month ago:
This. Thank you. @PotatoesFall you can check out my personal instance to see the microblogging flavour in action: bonfire.fishinthecalculator.me
- Comment on 🐌 Slow Software for a Burning World 🔥 1 month ago:
It’s already someplace, not sure if that is the place you expect them to be but check out my personal instance bonfire.fishinthecalculator.me .
- Comment on 🐌 Slow Software for a Burning World 🔥 1 month ago:
Can someone explain how this can/would work for a Lemmy user?
Very similarly to how you now can interact with Mastodon instances
could this connect to Lemmy somehow, or would that require an integration between bonfire and Lemmy?
It could, maybe it already somewhat can . It shouldn’t require now nor never an explicit integration as they should be able to speak the same language (ActivityPub) . you can try interacting with my personal instance bonfire.fishinthecalculator.me .
How would instances of bonfire decide whether to connect or federate with Lemmy or vice versa?
I don’t know about Lemmy but bonfire can have block list both at the instance and the user level, so the admin can provide defaults but then each user is able to customize them
- Submitted 1 month ago to technology@lemmy.world | 4 comments
- Submitted 1 month ago to fediverse@lemmy.world | 5 comments