mdheller mdheller

Reproducible Builds for macOS

There's a neat writeup I stumbled across recently titled "Reproducible codesigning on Apple Silicon" from Keith Smiley about some gotchas when it comes to compiling a binary in a way that's repeatable and always generates the exact same byte output (which would then checksum to the exact same hash) - even if compiled on a different Mac.

In applying the suggestions I found in the blog post, I found a few other corner cases that I just wanted to get documented more explicitly somewhere.

Tools Matter

Footnote 2 from that blog post is important:

Stevey's Google Platforms Rant

I was at Amazon for about six and a half years, and now I've been at Google for that long. One thing that struck me immediately about the two companies -- an impression that has been reinforced almost daily -- is that Amazon does everything wrong, and Google does everything right. Sure, it's a sweeping generalization, but a surprisingly accurate one. It's pretty crazy. There are probably a hundred or even two hundred different ways you can compare the two companies, and Google is superior in all but three of them, if I recall correctly. I actually did a spreadsheet at one point but Legal wouldn't let me show it to anyone, even though recruiting loved it.

I mean, just to give you a very brief taste: Amazon's recruiting process is fundamentally flawed by having teams hire for themselves, so their hiring bar is incredibly inconsistent across teams, despite various efforts they've made to level it out. And their operations are a mess; they don't real

	# Make a self-signed private/public keypair usable for HTTPS, including SAN / Subject Alternative Name and CN / Common Name, non-interactively and without additional files

	# Parentheses around the command spin it up in a subshell so that the FQDOMAIN variable is local to execution and doesn't persist after it's created
	(FQDOMAIN="example.local" && openssl req -x509 -nodes -newkey rsa:4096 -keyout server_key.pem -keyform PEM -days 365 -subj "/CN=${FQDOMAIN}" -addext 'basicConstraints=CA:FALSE' -addext "subjectAltName=DNS:${FQDOMAIN}" -addext 'keyUsage=digitalSignature' -addext 'extendedKeyUsage=serverAuth' -out server_cert.pem -outform PEM 2>/dev/null)

	# Alternatively, if you're setting FQDOMAIN somewhere else, you can just run directly:
	openssl req -x509 -nodes -newkey rsa:4096 -keyout server_key.pem -keyform PEM -days 365 -subj "/CN=${FQDOMAIN}" -addext 'basicConstraints=CA:FALSE' -addext "subjectAltName=DNS:${FQDOMAIN}" -addext 'keyUsage=digitalSignature' -addext 'extendedKeyUsage=serverAuth' -out server_

	from dataclasses import dataclass
	from typing import Any
	from sage.all import *

	n = 4

	# A guillotine partition is a binary tree of horizontal and vertical cuts.
	# In our problem each leaf node is a horizontal or vertical rectangle.
	# For example, 3 vertical cuts and 4 vertical rectangles produce [ \| \| \| ]

	/*
	* Serverless Geolocation Service, hosted on Cloudflare Workers.
	*
	* Learn more at https://maxkostinevich.com/blog/serverless-geolocation
	*
	* (c) Max Kostinevich / https://maxkostinevich.com
	*/


	// https://gist.github.com/maephisto/9228207

	# Path to your oh-my-zsh installation.
	export ZSH=/Users/dimitar.danailov/.oh-my-zsh

	# Set name of the theme to load.
	# Look in ~/.oh-my-zsh/themes/
	# Optionally, if you set this to "random", it'll load a random theme each
	# time that oh-my-zsh is loaded.
	# ZSH_THEME="robbyrussell"
	ZSH_THEME="agnoster"