I already barely touch the cache because I rebuild all my software with zen4 optimizations but this article has convinced me to go all-the-way and disable the upstream nix cache completely. Even if it doesn't save me from a hypothetical cache poisoning attack that may never happen, I'll barely notice the change anyway since I'm already compiling all of my software, and it'll put less strain/cost on the nix cache servers.
The trend in geopolitics is one of increased conflict, war, economic warfare, and cyberespionage. Particularly with China-Russia-India-US becoming a sort of four way geopolitical competition, US increased isolationism, demographic disruption, and who knows what with climate change stresses.
I fear that open source repositories and similar infrastructure fundamentally based on idealistic cooperation will be so comprehensively targeted by these competing entities that they won't be able to function.
That their existence relies on a degree of international cooperation that is now effectively a bygone era. Without multi-governmental funding for diligent curation of these repositories, things might be looking dark.
The funding should be there. These repositories power the fundamental software not only of defense departments (sorry, it's WAR Department now ...), but of economic vitality.
I'm bringing this up here mostly because I thought of it while reading this. Nix isn't particularly vulnerable to this, actually since it uses some degree of immutable sets for reliable reproduction of builds/configuration, its approach is probably fundamental to addressing what I detailed above.
I already barely touch the cache because I rebuild all my software with zen4 optimizations but this article has convinced me to go all-the-way and disable the upstream nix cache completely. Even if it doesn't save me from a hypothetical cache poisoning attack that may never happen, I'll barely notice the change anyway since I'm already compiling all of my software, and it'll put less strain/cost on the nix cache servers.
Yeah, I heard Jane Street disables even cache.nixos.org, and I think that's very sensible (but a pity...).
The trend in geopolitics is one of increased conflict, war, economic warfare, and cyberespionage. Particularly with China-Russia-India-US becoming a sort of four way geopolitical competition, US increased isolationism, demographic disruption, and who knows what with climate change stresses.
I fear that open source repositories and similar infrastructure fundamentally based on idealistic cooperation will be so comprehensively targeted by these competing entities that they won't be able to function.
That their existence relies on a degree of international cooperation that is now effectively a bygone era. Without multi-governmental funding for diligent curation of these repositories, things might be looking dark.
The funding should be there. These repositories power the fundamental software not only of defense departments (sorry, it's WAR Department now ...), but of economic vitality.
I'm bringing this up here mostly because I thought of it while reading this. Nix isn't particularly vulnerable to this, actually since it uses some degree of immutable sets for reliable reproduction of builds/configuration, its approach is probably fundamental to addressing what I detailed above.