> I wanted my builds to work with Nix, and the existing cross-compilation infrastructure for OpenBSD didn't seem to work properly on OpenBSD 7.7.
As the main author of that, please talk to me! I just did a hello world build of whatever version we have in there today (7.5). I would be happy to assist with getting 7.7 and 7.8 in.
Also #nix-openbsd:tapenet.org is matrix channel that can be good for this stuff.
it would be good to analyze which of those .text/data sections are actually visited - i recall someone running the Vivado FPGA toolset, that is notoriously massive (90GB+) over a special FUSE fs that tells you which files were accessed, and then stripping out the ones that weren't, leading ot substantial wins.
to be honest, it is surprising that a toolchain could be 350MB - that is a lot of code, if thats what it is.
122 MB of it is Wasm machine code of a MinSizeRel LTO build of LLVM; it is compressed to 23 MB by Zstandard when your HTTP client supports that. That is about as small as you can get an LLVM/Clang/LLD bundle to be, and I put a lot of effort into making it smaller.
248 MB of it is an OpenBSD sysroot; it is compressed to 45 MB by Zstandard when your HTTP client supports that. I have not used OpenBSD and have no particular insight into what's inside.
"The moral is obvious. You can't trust code that you did
not totally create yourself. (Especially code from com-
panies that employ people like me.) No amount of
source-level verification or scrutiny will protect you
from using untrusted code."
One of the horrible consequences of the last 20 years of web (there are so many, not sure where to start!) that every person with an access to a computer thinks that they have every right to upload a humongous blob of binary to your computer without needing to ask. Thanks to silicon valley I suppose.
> I wanted my builds to work with Nix, and the existing cross-compilation infrastructure for OpenBSD didn't seem to work properly on OpenBSD 7.7.
As the main author of that, please talk to me! I just did a hello world build of whatever version we have in there today (7.5). I would be happy to assist with getting 7.7 and 7.8 in.
Also #nix-openbsd:tapenet.org is matrix channel that can be good for this stuff.
A word of warning - this appears to download 350MB right away after you visit.
If your browser has Zstandard support, it downloads only 100MB. But yes, this is a proof-of-concept that needs some fixes.
it would be good to analyze which of those .text/data sections are actually visited - i recall someone running the Vivado FPGA toolset, that is notoriously massive (90GB+) over a special FUSE fs that tells you which files were accessed, and then stripping out the ones that weren't, leading ot substantial wins.
to be honest, it is surprising that a toolchain could be 350MB - that is a lot of code, if thats what it is.
122 MB of it is Wasm machine code of a MinSizeRel LTO build of LLVM; it is compressed to 23 MB by Zstandard when your HTTP client supports that. That is about as small as you can get an LLVM/Clang/LLD bundle to be, and I put a lot of effort into making it smaller.
248 MB of it is an OpenBSD sysroot; it is compressed to 45 MB by Zstandard when your HTTP client supports that. I have not used OpenBSD and have no particular insight into what's inside.
Thanks. That may well be enough to trash firefox all day.
> "Reflections on trusting trust"
Obligatory link to the unspecified-at-the-time Air Force critique of Multics with the introduction of a Trojan horse:
https://csrc.nist.gov/files/pubs/conference/1998/10/08/proce...
That's a good one from Ken Thomson.
One of the horrible consequences of the last 20 years of web (there are so many, not sure where to start!) that every person with an access to a computer thinks that they have every right to upload a humongous blob of binary to your computer without needing to ask. Thanks to silicon valley I suppose.
It’s wasm. If you object to wasm then you should object to javascript, its predecessor
Can you disable javascript on an iPhone? I certainly use NoScript add-on on my PC’s. Very few domains get the go ahead to run JS for me.