Security: Reproducible Builds, FUD, and more
- 
            More on Differential Reproducible Builds: Devuan is 46% reproducible!After fixing some quirks, building Devuan GNU+Linux 4.0 Chimaera was fairly quick since they do not modify that many packages, and I’m now able to reproduce 46% of the packages that Devuan Chimaera add/modify on amd64. I have more work in progress here (hint: reproduce/pureos), but PureOS is considerably larger than both Trisquel and Devuan together. I’m not sure how interested Devuan or PureOS are in reproducible builds though. 
- 
            This Bay Area prosecutor wants to help police nationwide take on ‘pig butchering’ scamsSanta Clara County Deputy District Attorney Erin West's "Operation Shamrock" isn't relying on luck to take down the worst criminals. 
- 
            Matthew Garrett: PSA: upgrade your LUKS key derivation functionHere's an article from a French anarchist describing how his (encrypted) laptop was seized after he was arrested, and material from the encrypted partition has since been entered as evidence against him. His encryption password was supposedly greater than 20 characters and included a mixture of cases, numbers, and punctuation, so in the absence of any sort of opsec failures this implies that even relatively complex passwords can now be brute 
- 
            Report finds software supply chains are being compromised by popular open-source products [Ed: Distracting from vastly worse problems in proprietary software]A new report from software supply chain management startup Lineaje finds an inherent risk of software supply chains being compromised when using the most popular open-source products and dependencies.