No, I'm not concerned about a lawsuit. It's something that I want to do because I think that it is important. If I want to share tools with non-tech savvy people who are unable to build them from source, I want to be able to share these without anyone needing to "trust" me. The reproducible builds standards are a very nice idea, and I will learn how to implement them.

But I still wonder whether my approach is valid or not - is printing the hash of the output executable during Github's build process, such that it is visible in the workflow logs, very strong evidence that the executable in the release with the same hash was built by github through the transparent build process? Or is there a way a regular user would be able to fake these logs?

Ooh, I think I found the paper!

Oof:

The actual bug I planted in the compiler would match code in the UNIX "login" command. The re- placement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user

I think that any step that facilitates verifying the build is great. If trust is required, then I should simply not release any executables if I want to remain anonymous. I would like to be able to release executables without needing to ask people to blindly trust me. I would like to be able to show them reasonably good evidence that the program is built from the source that I say it is.

If I understand this correctly, signify would allow someone to verify that the executable was built by me. But then they would still have to trust me, because I can also sign the malicious executable.

Finally. Someone noticed 🥹

The creator of the tool is the admin of lemmings.world, and the tool is hosted at schedule.lemmings.world. So, if you have a user at lemmings.world, you can use this tool without having to trust a third-party.

If you don't have a user there, you can create a user in that instance for the purpose of creating scheduled posts. Removing the need to trust two parties rather than one.

And, of course, since the source code is open anyone else can attach this to their own instance! Pretty cool.

Ah, do you mean "hate speech"?

Thanks! It is some consolation. 🫂

PhD thesis! 😅

Gluing my ass to the chair won't be sufficient. I think I have some form of computer distraction addiction or undiagnosed ADHD, because when I am sitting at the computer I find it really hard to do what I need to do. I am able to find a universe of distractions by slightly moving my fingers, and I have an inordinate ability to psychologically (not rationally!!!) justify it as being somewhat useful. The only thing that saves me is that I can be very efficient when I do focus, but this has become more difficult as the complexity of the work increases, and so many different figures, tables, and concepts have to coalesce together to tell a story that I genuinely believe...

I would probably have a better chance trying to write with pencil and paper in an isolated island than with LaTeX in my computer....

Aah, ok! That at least explains what they could have been thinking.

But, of course, this is a terrible idea!!

Both sides? "Oh yeah, the front looks a lot like the ID I lost, but can you please send me the back side too so that I can confirm?"

Some virus managed to wreck inflammatory havoc around some of my nerves and the right side of my head has been numb since Thursday, my ear in pain, and a zoo of sporadic symptoms come and go 😅 So I have been in the computer a lot. I've been working on setting up a lemmy instance and I also played in the canvas.

As for the rest of the week... I have been procrastinating on thesis writing, and I need to be done before September, so I am trying to find a source of will-power to force myself to write. But this infection is not helping me 😬