Tristan Ross 😺❄️

I write posts and try to do them daily or at least weekly. Check out my site (tristanxr.com) for my latest posts. I often write about topics like ARM, RISC-V, NixOS, and things I am interested in or involved in.

@anthrofract @hetmehtaa 1. Roll back is easy with generations 2. Reproducible builds 3. Declarative setups makes replicating things easy

@RossComputerGuy @hetmehtaa Because you can roll back versions on failure, or is there some sort of way to hot swap the kernel?

there's a zero-day being actively exploited i need to patch the system the patch requires a reboot the system hasn't been rebooted since 2019 nobody is sure it will come back up it has achieved a kind of digital immortality that we are all afraid to disturb we decided to leave the zero-day unpatched the system is both the most vulnerable and most resilient thing in our network

Determinate Nix 3.19.1 fixes the latest round of Nix CVEs and is fully available through all channels. status.determinate.systems/incidents/41b9…

@MaxKorbel1 It is hard, it's going well. The parser was failing with ROHD but it seems to be happy now. Sema is failing to pick up on the types correctly. That should be fixed soon. I've been having a lot of time waiting for tapeout & DRC of Aegis.

@RossComputerGuy Wow sounds really hard haha, how is it going?

Working on making Quart work with ROHD. Hoping it can reduce the amount of memory needed to generate the RTL for Aegis.

@MaxKorbel1 It's an implementation of Dart I'm working on that's written in Rust. It uses Cranelift and compiles down straight to an ELF. It skips things like the AOT runtime because it can be truly native.

@RossComputerGuy What's Quart?

@zipcpu Claude seems to do better than ChatGPT

ChatGPT can't even design a working AXI-Lite slave. Think it'll realize the bug if I point it out?

GitHub if it was designed by Google.

@RealDrJaneRuby There's so many around where I live.

🚨ALERT‼️ There are over 100,000 Flock Cameras In the United States as of today. BTW each one contains 3 g of gold, almost $100 worth of silver, and enough copper wire to choke a horse. 🤔🤔 Learn everything you can about them: deflock.org

@SamDickins34es AI

This powerful U.S. Veteran 250th Anniversary Commemorative Coin unites faith

@LeroyChest58es AI

This powerful U.S. Veteran 250th Anniversary Commemorative Coin unites faith

@glcst It's like Gurren Lagann

Do they just kill someone if the 10M+1 person is born ?

@rywiggs That's what it was like when I got my first debit card in like high school. Mercury made is so easy, literally less than 20 minutes to have an account and everything.

Remember when you had to drive to a bank branch?

DetSys is announcing long-term support for Determinate Secure Packages 25.11 through May 2028 🎉🛡️📦 Based on the nixos-25.11 branch of Nixpkgs but with an SLA for CVEs, SBOMs, all covered packages built on SOC 2 Type II infra and cached in FlakeHub Cache, and all with a one-line change in your flakes. Read today's blog post for more at the link in thread 👇🧵🔗

@mercury's profile says "apply in 10 minutes" but they need to also say that you can be verified in 5. I set up Mercury for @MidstallSW today, it literally took them 5 minutes to verify me. I've never seen anyone verify that quickly.

@RossComputerGuy Fixes this but also somehow makes it worse at the exact same time

say it... say it...

@GrapheneOS SELinux certainly helps but having more layers of security doesn't hurt. And when 1 vulnerability exists, multiple can still exist. There's always the chance of there being a vulnerability. Exploits could always use multiple vulnerabilities until they take over a system.

GrapheneOS is immune to the Copy Fail vulnerability due to the deep integration of SELinux in the Android Open Source Project (AOSP). AOSP only permits using specific types of sockets throughout the OS. It only permits the dumpstate process used to create bug report zips to access AF_ALG sockets. SELinux is based on explicitly listing out everything that's permitted and anything not listed isn't allowed. AOSP uses strict, fine-grained SELinux policies for the whole OS. Instead of simply permitting everything that's used in a fine-grained way, the rest of the OS is developed with it in mind.

Tracking: CVE-2026-31431 "Copy Fail", a local privilege escalation in the kernel that is exploitable from within the Nix sandbox. We're preparing to ship the patch via Determinate Secure Packages channels shortly. Subscribe for details: rootly.com/teams/determin…

@ludwigABAP lol yeah, I saw this yesterday and imo it's a bad sign

cant make this shit up