-
Not Synced
I'm here today to talk to you about
diffoscope
-
Not Synced
and how you can use it as a better diff
-
Not Synced
or for Quality Assurance, etc., things
like that.
-
Not Synced
Moin!
-
Not Synced
Apparently that's like a north german
thing to say "welcome".
-
Not Synced
North german, north Denmark, Scandinavia,
that kind of thing, I'm told.
-
Not Synced
People are shaking their head, so I'm
going to assume that's true.
-
Not Synced
This is my first PC, an IBM 5155.
-
Not Synced
Sometimes, when you rebooted it, it would
launch into, it would somehow revert
-
Not Synced
from booting from the hard disk to booting
from a basic ROM,
-
Not Synced
as in the programming language ROM.
-
Not Synced
It was on my motherboard for some reason.
-
Not Synced
So, randomly, you just get a chance to
program in basic and then,
-
Not Synced
sometimes you wouldn't, I don't know why,
but… yeah.
-
Not Synced
It's quite fun with this kind of clicky
keyboard, and that folded in
-
Not Synced
and it was this kind of big desk thing.
-
Not Synced
Anyway…
-
Not Synced
This is my first Debian.
-
Not Synced
At the time it was already old.
-
Not Synced
What's this one? Is this Slink? 2.2?
Yeah.
-
Not Synced
And this is when we had US and non-US,
so that's really dating if you remember that.
-
Not Synced
This is my first contribution to Debian,
19th December 2006,
-
Not Synced
sending a patch to lillypond which is kind
of interesting
-
Not Synced
and the response was "Oh yeah, rock on,
many thanks. I'll upload this and
-
Not Synced
it'll be landing to Etch".
-
Not Synced
And this was super motivating because
Etch was just coming out and it was like
-
Not Synced
"Great, I've got let one line of tiny patch
in a release. This is super cool."
-
Not Synced
Thomas' response was super motivating.
-
Not Synced
So, after that, like that Christmas
basically spent ???
-
Not Synced
Debian webpages and stuff.
-
Not Synced
Very well timed.
-
Not Synced
That's kind of a good…
-
Not Synced
You know, someone sends a patch, be like
"Cool, thanks"
-
Not Synced
Like a little notice in the changelog.
-
Not Synced
It was, you know, so stupid but…
Yeah, do that kind of thing.
-
Not Synced
So, moving on.
-
Not Synced
Why diffoscope?
Why did we write diffoscope?
-
Not Synced
What's the background here?
-
Not Synced
It comes from reproducible builds.
-
Not Synced
The very quick outline is that once you
get the source code for free software,
-
Not Synced
you download the source code for nginx
or whatever,
-
Not Synced
pretty much everyone just runs binaries
on their servers or their systems.
-
Not Synced
You know, "apt install bla", "yum install",
whatever.
-
Not Synced
Android Playstore, whatever.
-
Not Synced
Can you actually trust whether these two
things correspond with each other?
-
Not Synced
You've gotten the source code, it looks
alright, and then you install this binary,
-
Not Synced
yeah…
-
Not Synced
Who generated that? Can you trust that
???
-
Not Synced
Can you trust who generated it?
-
Not Synced
Even if you could trust them, could you
trust them not to be exploited? Etc.
Debconf
