Oddbean new post about | logout
Dr. Hax | 7 months ago (raw) | root | parent | reply | flag 
 Yeah reproducable builds are good at making sure the code matches the executable, but it says nothing about the quality of the code.

That's where reviews come in. It doesn't even have to be human review, although the automated review systems are frequently abled to be gamed.

An example: if I attested that my CI process compiled a library without any warnings using `gcc -Wall`, it means something. Maybe it means the developer put inline compiler warning suppressions all over the place, or maybe they fixed up all the things the compiler was warning about.

Now if that same library also had stats about warning suppressions, that might be interesting too. The same could be done with automated test suites passing, code coverage, operating sysyem compatibility, static and dynamic security tools, and a bunch of other things.

If a person I know reviewed it, that would likely have more influence over me in terms of whether I'd want to use it, as it's harder for developers to undermine a manual review. Humans can frequently spot sketchy heuristic bypasses of the automated checks. And they can find things like logic errors, which scanners can almost never find.
Vic | 7 months ago (raw) | root | parent | reply | flag 
 agreed
Dr. Hax | 7 months ago (raw) | root | parent | reply | flag 
 FWIW, I would set up some CI jobs to make these types of attestations if there were a place I could post them and software to search for them and use them.

If someone wanted to write some code, it seems like #nostr could solve this. Post attestations in a specific format (they're already signed), and make sure they are searchable and machine readable. Then write a client that can find such events.

nostr:nevent1qqsd6l5cjkd4p83zcgpclfwzugnvvzwm8gngj4w28wwd77am68rds9cpz3mhxue69uhhyetvv9ujumn0wd68ytnzvupzp5cw4x82vh5487g6hylkkv82284n83gxlp75nasq5yu6auq249g3qvzqqqqqqyvj52cz
LynAlden | 7 months ago (raw) | root | parent | reply | flag 
 Remember back in Aug - Sept at $25ks how it felt like it couldn’t go up but down only right?

Now it also feels like #Bitcoin    can’t breakdown but up only right? Yes, The market is simply following it’s usual pattern

If you haven't join our vip group yet you are missing out

Join now: https://t.me/rebelcapitalistshow 🔥 🚀  gain more insight  from expertise on demystifying biases in #Bitcoin and learn how to 1000x for long term adoption  and bringing clarity to controversies,