1 99:59:59,999 --> 99:59:59,999 I'm here today to talk to you about diffoscope 2 99:59:59,999 --> 99:59:59,999 and how you can use it as a better diff 3 99:59:59,999 --> 99:59:59,999 or for Quality Assurance, etc., things like that. 4 99:59:59,999 --> 99:59:59,999 Moin! 5 99:59:59,999 --> 99:59:59,999 Apparently that's like a north german thing to say "welcome". 6 99:59:59,999 --> 99:59:59,999 North german, north Denmark, Scandinavia, that kind of thing, I'm told. 7 99:59:59,999 --> 99:59:59,999 People are shaking their head, so I'm going to assume that's true. 8 99:59:59,999 --> 99:59:59,999 This is my first PC, an IBM 5155. 9 99:59:59,999 --> 99:59:59,999 Sometimes, when you rebooted it, it would launch into, it would somehow revert 10 99:59:59,999 --> 99:59:59,999 from booting from the hard disk to booting from a basic ROM, 11 99:59:59,999 --> 99:59:59,999 as in the programming language ROM. 12 99:59:59,999 --> 99:59:59,999 It was on my motherboard for some reason. 13 99:59:59,999 --> 99:59:59,999 So, randomly, you just get a chance to program in basic and then, 14 99:59:59,999 --> 99:59:59,999 sometimes you wouldn't, I don't know why, but… yeah. 15 99:59:59,999 --> 99:59:59,999 It's quite fun with this kind of clicky keyboard, and that folded in 16 99:59:59,999 --> 99:59:59,999 and it was this kind of big desk thing. 17 99:59:59,999 --> 99:59:59,999 Anyway… 18 99:59:59,999 --> 99:59:59,999 This is my first Debian. 19 99:59:59,999 --> 99:59:59,999 At the time it was already old. 20 99:59:59,999 --> 99:59:59,999 What's this one? Is this Slink? 2.2? Yeah. 21 99:59:59,999 --> 99:59:59,999 And this is when we had US and non-US, so that's really dating if you remember that. 22 99:59:59,999 --> 99:59:59,999 This is my first contribution to Debian, 19th December 2006, 23 99:59:59,999 --> 99:59:59,999 sending a patch to lillypond which is kind of interesting 24 99:59:59,999 --> 99:59:59,999 and the response was "Oh yeah, rock on, many thanks. I'll upload this and 25 99:59:59,999 --> 99:59:59,999 it'll be landing to Etch". 26 99:59:59,999 --> 99:59:59,999 And this was super motivating because Etch was just coming out and it was like 27 99:59:59,999 --> 99:59:59,999 "Great, I've got let one line of tiny patch in a release. This is super cool." 28 99:59:59,999 --> 99:59:59,999 Thomas' response was super motivating. 29 99:59:59,999 --> 99:59:59,999 So, after that, like that Christmas basically spent ??? 30 99:59:59,999 --> 99:59:59,999 Debian webpages and stuff. 31 99:59:59,999 --> 99:59:59,999 Very well timed. 32 99:59:59,999 --> 99:59:59,999 That's kind of a good… 33 99:59:59,999 --> 99:59:59,999 You know, someone sends a patch, be like "Cool, thanks" 34 99:59:59,999 --> 99:59:59,999 Like a little notice in the changelog. 35 99:59:59,999 --> 99:59:59,999 It was, you know, so stupid but… Yeah, do that kind of thing. 36 99:59:59,999 --> 99:59:59,999 So, moving on. 37 99:59:59,999 --> 99:59:59,999 Why diffoscope? Why did we write diffoscope? 38 99:59:59,999 --> 99:59:59,999 What's the background here? 39 99:59:59,999 --> 99:59:59,999 It comes from reproducible builds. 40 99:59:59,999 --> 99:59:59,999 The very quick outline is that once you get the source code for free software, 41 99:59:59,999 --> 99:59:59,999 you download the source code for nginx or whatever, 42 99:59:59,999 --> 99:59:59,999 pretty much everyone just runs binaries on their servers or their systems. 43 99:59:59,999 --> 99:59:59,999 You know, "apt install bla", "yum install", whatever. 44 99:59:59,999 --> 99:59:59,999 Android Playstore, whatever. 45 99:59:59,999 --> 99:59:59,999 Can you actually trust whether these two things correspond with each other? 46 99:59:59,999 --> 99:59:59,999 You've gotten the source code, it looks alright, and then you install this binary, 47 99:59:59,999 --> 99:59:59,999 yeah… 48 99:59:59,999 --> 99:59:59,999 Who generated that? Can you trust that ??? 49 99:59:59,999 --> 99:59:59,999 Can you trust who generated it? 50 99:59:59,999 --> 99:59:59,999 Even if you could trust them, could you trust them not to be exploited? Etc.