 and he's Redon. We usually hang out at the local haggar space in Albania, which is a country in the Western Balkans. We have helped co-organize open source conference, Albania, for the previous editions. In 2017, we did our first crypto party together with Arjen Kampouis, and we managed to, with the help of the municipality of Tirana, publish on OpenStreetMap a lot of geographical data regarding the city of Tirana. We also helped them migrate to NextCloud, which is an open source solution for managing your files, and it's a solution they are using to this day. So before going into our little project, it's very important to give some context about... So it's a lot of different people here, so it's a bit important to also know the local context where we come from. Apologies for the Albanian, but I will explain. These are news from some articles that are related to this talk as well. So in 2009, in Albania, we had the first known data leak that happened, and all the data from the civil registry, which means names, surnames, IDs, they were leaked, and you can find them also today, unfortunately. And this was the first known case. We don't know if there are other cases as well. And basically, after this, in 2013, this was between the changes of the government. We had elections that year, and what happened is that people went to the central tax office in the physical servers, and they were caught on video, and they stayed there for a night. They went out and lots of data were deleted, which was pretty big. Until this day, for both these cases, we don't know if there are prosecutions in people that are other than the IT specialists that were working there, unfortunately. And in 2016, another interesting case of, you know, not respecting the digital rights was an MS Catcher's hardware and software package were sent to Albania from the Italian government to support the Ministry of Internal Affairs on how to do proper surveillance in cases the police needs to investigate. But what happened is that the Ministry of Internal Affairs kept the hardware and everything with it for one year, and it was suspected that it was also used without any notification of anyone other than the Ministry of Internal Affairs at the time. And also, this was a big scandal, but for us, unfortunately, it was very sad because in the public discussion, this was not debated at all. It was just a political issue, and nobody was talking about digital rights and how bad this was at the time. So we were frustrated that this was not being discussed at the time. And of course, the same situation happened in Descalade in 2021 with more data leaks. Yeah, so ever since 2021, we've been getting a few more data leaks and these ones have been far more comprehensive. The first example happened in April of 2021 where the data of 910,000 voters was exposed to the public. And we're talking stuff like social security number, your living address, your phone number, the license plate of your vehicle, and also later, more data leaks came. So it's the one-third of the population, basically, because Albania has 3 million people, so approximately. And if you look at the collection of the data, it's pretty clear that these data have gotten out from governmental services. So in summer of 2021, it turns out that one of the parties in Albania was using this data as a way to study, let's say, the voters and see how they could turn this into their advantage. So for each person who had a name, surname, all the ID and some comments, for example, Redon, he is affiliated with our party, or he's not. If he's not affiliated with our party, we need to talk to him so that we change. So it was a proper database, but the data were from different governmental agencies in one. Yeah. Which was pretty... And this was the first time that the concern about digital rights was when big in Albania, which made us happy and sad at the same time for obvious reasons. Normally, the leak of such data, because you can't really change your social security number, for example, is that it really shocks you. And it takes some time for you to process what happened. However, what happened in Albania was in summer of 2021, these data came out, and then less than six months in December, our salaries became public. So all of the salaries of everybody who's working anywhere were now open for the entire public, and at least the data set was free. You could download it for free, so there's that. Okay, you seem shocked. Okay, there is more. We have 10 more minutes, so no worries. So in May 2022, which is some months before, our government decided pretty fast that every governmental services, 95% of governmental services will go through a governmental portal. So whatever you need as a paperwork, you have to go through there, which might be a good idea or bad, but if you do it fast, bad things usually happen as we all know. So for more context, a lot of the population in Albania is not very tech literate, and most of them don't have the tools to access this interface. So another phenomenon that usually happens is people go to internet cafes and ask people there to sign up their account, which when we're talking about the account to interact with your government, that might not be the greatest idea out there. And also it's not only this that people don't know how to use it. It's also that my parents, for example, they're old. My mom has a burner phone. Last time it was charged, it was 2008 probably, and it's not a smartphone, so it's very hard. So everyone is trying to help their families to get into this. And because this went on very fast, it was launched very fast, before us coming here one week or 10 days before, it was hacked. So until now, what hacked means nobody knows because there is not a proper report right now of how many data, what happened, and et cetera, et cetera. What we do know is that our state was offline for two weeks. For two weeks. And when we were at the plane coming here, like switching airports, the people that did this, they started leaking also whatever they have found gradually. So anyway, this is sorry about this, but it's important to have a lot of context. And one last case, I will not talk about any breaches. We will not talk about breaches anymore. So in 2009, it was introduced a law that said, it was a very vague law that said that the police has the right to do surveillance without any request to a prosecution, to a prosecutor. Which in, I'm not a legal person, but we know that it's anti-constitutional in the first case, so there need to be checks and balances, right? Yeah, there tends to be a little pattern going on with how our digital rights are being respected. And he's into memes because he's younger than me. Yeah, I'm an internet kid, so. So the public rhetoric always was, we don't know about this tech thing. Also journalists that we talked all the time, they said we don't know, like it's very complicated to us, we don't understand. And also the general argument from the governments, not only one, but in general is that these things happen to every government. Even the ones that we think that are more, have more bigger budgets, they happen all the time. This was the first argument, and it still is today. And the second was, you've heard this before, well, you have nothing to fear if you have nothing to hide. And I'm not mentioning who started saying this first. See, this saying is quite controversial, but I think it's kind of right because if the government has nothing to fear, they also should have nothing to hide. Well, what this means, as I mentioned before, the general rhetoric is, this is okay, it's normal, it happens. And we say, yes, okay, but we need to raise awareness about this. And also as Boris mentioned, these things should apply transparency and having nothing to hide should apply to the governments too. So we teamed up with a group of people that are artists, a collective of artists, and they were doing this project called Manifesto, hijacking. And the reason they mentioned the hijacking there is because we want to change the rhetoric of the whole situation. So the collective is talking about other issues that are concerning Albanian society, and our focus here is what's happened with surveillance and the digital rights in Albania as well. So that's why we launched Nothing to Hide, dot-the-bapticcenter.net, which is a map of mapping points of surveillance in Albania, starting from Tirana. This is the map. Yeah, so this is Tirana right here, and if you see this little area right there, it has 62 cameras surveilling public area. So if you open one of them up, you can see more info on that. One important point, we are not mapping all the cameras, we are only mapping cameras that are pointing in the public space. And these are business cameras because they need by law to have, which is also vague law, which says that you need to monitor your business if you are in the city center or anywhere else, but they don't specify that you need only to map your business, your property. So these are only cameras that are in the public area, and also these are done in a few amount of time, which means we're gonna do this until September, right? The most outrageous thing I've seen so far, I was in the seaside, and this is, what's the name? It's a mole, like it goes in the sea and it has this wooden thing that you walk. Structure, and a hotel that is really far away from this had put monitoring cameras there, and when asked around why this is happening, the answer was like, I don't know, because nobody told us that we cannot do this, right? So you go to the beach, the beach is public space by this definition. So if you go to the open street map, it's right there. And if you cannot see from the distance, it's not just a camera, it's two and actually more that are hitting. More cameras that go along the way. So that's a fun spot. And so it's a combination of governmental practices going bad, but also not having awareness of what you need to respect in terms of, other people's privacy and digital space. So I'll go really quickly into the tech behind it. We are running Ushahidi, which is a platform for crowdsourcing data, so it was perfect for this fit. We are hosting in a very stable data center called My Bedroom. It's usually open nine to five. For the base map, we use open street map and we just render the additional points on top. For the license, we wanna have this under public domain because it's crowdsourced data, but this might be tricky, so there is still discussion going on. One important thing about this is that we, after we launched this, two things happened. People started, like we did some workshops in the city telling people how to do it. It's very easy. We're gonna have some screenshots. You just take a photo, geolocation and... So here is the form where you're filling the data. It says geodata, a photo and a short description. And the idea is that we are trying to make it easy for people to do this, but going back to the public domain thing, people were saying, oh, this is super nice. It's like Pokemon Go, which also is funny, but also very concerning at the same time because it's being gamified. But we also got some researchers saying that, hey, can you give us this data because we need to do some more research and also some people that know the context of the law so that we can have even more outcomes out of this. So, yeah, this is the project. And... Faluminderid, as we say here. Faluminderid. No, it's on time. Well, thank you so much. I've never heard of this, and it's not amazing. Obviously it's awful, but it's such an interesting subject and I think it's amazing what you've done. If there are any questions, there are mics in the middle. Oh, we're gonna get questions? If you're comfortable with that. We didn't do it. That's the answer for all the questions. We are not the ones to do it. No, I'm joking. No, they didn't do anything. Like what? Yeah, we're innocent. No, obviously not. They didn't do anything, just so you know. Well, thank you then. Okay, thanks. And another applause. No, if there are questions, I was joking before. Oh, okay. So I just heard from an anonymous source that if there are questions, you can ask them. Thank you. So when did you launch the app? Was that this year? Yeah, that happened this year. Two months ago. Yeah, how popular did it get? So as of right now, we have around 100 data points. 96 of them are just in Tirana. Sorry, it's up to 106 right now. Last night it was 100 though. So yeah. But I think from what we've observed, these are only a few of them. And until September, we expect to have more people and what we're doing right now is doing some workshops so that people understand how they can contribute there. But we're expecting, based on what we see around, there are many, many more cameras that we can see. And not only in Tirana, in other cities in Albania as well. See, the thing when you start mapping here is you know there's a lot of public cameras around, but you never really think about how much there are and how much on the street you're on right now. So this project really helps. It helped me as well with putting that into perspective. Thank you. Great question. If there are any other questions? Oh, one more. Thank you for this talk. If you could lower the mic. Have you thought about maybe rolling this out in other cities in other countries? I'm sure there will be quite some animus and enthusiasm for it. I know in my city I would like to replicate this. So I know after we started this, we understood that there are also some other cities doing this. So New York has, people in New York have done this. And in London, which I think we know that it's very, has lots of cameras. But if we are, once we do all the gathering of the data in Tirana, we'll start documenting the process of how we can replicate this. Because it's, but also it's very important to document the, to have in on board, if you want to replicate this, to have on board also people that know about the local, law context of what's happening. So again, we are, in Albania, we are just monitoring cameras that are monitoring public areas. That might not be lawful in whatever country or city you are living. So we will document this so that everybody can replicate it after. Great, thanks. Hi, so two questions. First, have you thought about, I guess maybe, I don't know, depends on the trust that you have in government for people to register, they have to register these cameras themselves so you can get like a public register that you can ask for. And the second thing is, there's companies like Ring that make private people do this. Yeah, right. Are you also tracking those, well Ring holes? Can I get the first question for sure? So for the first question, okay, go the second one because I want to... Okay, so in regards to the Ring cameras, what we really want to map is just cameras that face public areas. So for example, views of the street. Ring cameras, for example, are not popular in Albania at all. We have the manual version where you have to stand behind the door to see who's on the other side. So we haven't come across that issue but it's quite an interesting one. But again, it's about what the law says. So if you can do it in your city or country, we shouldn't monitor it because it's part of the law, let's say, if you trust your government. But in our case, it's not. It's very vague. We don't understand what you can monitor or not and we're trying to raise awareness with it. So even if it's a Ring camera in your city and it's your private property, as long as you're monitoring me passing as a pedestrian outside your door, that shouldn't be the case because that's not loud. There's also when you're, for instance, when you have a job where you have to go to, like the newspaper boy, you're 16 years old and you have to go to somebody's door and you get filmed. Right. In whatever state you are at six o'clock in the morning. I could personally object to that. I wouldn't bring papers to such a person if I were a paper boy. Yeah, here in the Netherlands it's actually illegal to film people in public spaces, I believe, without their permission. So cameras that are on public street, you can, if you have a personal camera, you can only do it on your personal property. So let's say I have a house I wanna protect with a camera. I can't put it at the front of my garden and film the entire street. I can only film my garden and my front door. Exactly, but one of the problems is that, for instance, if you're a 16 year old paper boy, you actually have to subject yourself to this without permission because you are going on the person's premises. You get filmed, you get sent to, don't know which data center, and you cannot approve or disapprove. And the same goes for people that are in their official capacity. So people visiting your house and being able to film that actually has boundaries that are trading on other people's rights. And if the door is facing the street, then all bets are off. And that's why these things are very important because we feel, again, we have the local context of Albania. We think that digital literacy is at a very low point, very low at a worldwide level. So people don't, what we're discussing right now, they don't understand that this is important or whatever. And that's why we all need to do more about explaining why this is okay or it's not okay. Like putting things into perspective. Just like, for example, this shows how surveilled you are at the moment. Regarding your first question, quick answer, it seems like we don't trust the government where we live. The thing is that we just wanted to work properly. That's nothing against them. But they are now introducing a law that will put all the cameras from businesses to in one directory. So basically store everything. So the government will have access, immediate access to all the cameras. First of all, it's impossible technically because you need all the cameras have different software and setup, et cetera, et cetera. And the second, only the thought of it, it's like cringy, right? But, and that's very, the police should go after the bad people, the bad guys. But right now we'd have no, after all the cases that we've shown, we have no indication that the data are handled properly. And we've had more time, we can go on and have more cases where the data in Albania are not handled properly by government officials. So it's not about, as I mentioned before, we don't have anything about trusting, but we have all the indications in the world that they either don't know what they're doing or they're doing this on purpose or even worse the combination of both. And there's another factor on top of that which is we don't have an indication that the government knows where these cameras are either. So really the only option to go forward would be to crowdsource that data. So we allow people to submit either anonymously or with their profile, because we wanna respect their right. But it seems like there is no other way to have such information. Okay, thank you. Thank you, thanks. Then another big applause. Thank you so much. Thank you. Then the next speaker, I don't know if he's here, his name is Matthew, ah, there you are. Well, I came in a little late because I thought it was a two, it was a one, so it was like running. That's why I have a fork in my pocket. I was eating. So I asked what is it about and I didn't really understand, but that actually made me super excited for the talk because now I have no idea yet what it's about and the more I can learn. So I believe it's about software. Is that correct, Matthew? Yes, I know something. But he's going to tell so much more about it. So give a big applause for Matthew and his talk. Are you ready? Or should I keep talking? Yeah, keep talking. I just heard that they're still setting something up. So in the meantime, we're going to play a little game I heard of yesterday. So I need you for that. So everyone's attention, yeah, great, thank you. So this is how the game goes. I start with the number one and then someone yells two, then someone else yells three. But you can't say a number at the same time. So if I say one, someone else can say one as well. Any questions? Okay, so one. Oh, again. No, we need to start at one. One, six. Okay, one last time and we were ready to go then? Almost, okay. One. Zero. Okay, he's ready. Well, thank you and a big applause for Matthew. So who here has heard of Docker? Wow, that's amazing. I thought I was gonna have to explain what Docker is, but you all know what it is, right? Great. So this talk is called useflake.nix, not Dockerfile. This is, I don't know if I'm preaching to the choir. Maybe you know what the issues are with building software with Docker. Maybe you don't. But I'm gonna try and explain why it's not really that reproducible and why you can use Nix instead. So why use Dockerfiles? Well, I don't know, but why use flake.nix? Because build via Dockerfiles aren't reproducible, but they are repeatable. So that means that you can run the same instructions, but it does not mean that you'll get the same result. So what is Nix? Nix is an expression language. It's a domain-specific language, which was invented by ElcoDulstra and his PhD thesis in 2003. And it's lazily evaluated, which means it's more performant for doing package management. It's a purely functional programming language, which means it's not procedural. So the order in which you define things does not matter. It's declarative rather than imperative, so things are defined as an expression rather than as a sequence of events that you want to occur, much like in a Dockerfile. And yeah, in that way, everything is an expression and there are no side effects. So here's a basic abstract example. This is called an attribute set. In this example, X is equal to a list, which has a string inside of it, Y. Y is equal to one, and Z is equal to the expression one plus one. So let's evaluate what X would have been. So X is a string Y inside of a list. And the same for Y, it's just one. And Z is one plus one, which is two. So here's a basic concrete example of me compiling Hello World from GNU, source code. So I'm gonna cat the examples, Hello World.Nix, this is the Nix expression, which defines how to compile the software. And then I'm gonna Nix build it, I'm gonna look at the result that it creates. The result is a sim link to this object store called slash Nix slash store, where the immutable software packages live. All right. We can see that it's dynamically linked X86 executable with its interpreter patched to the correct interpreter and then I run it at the end. So you see Hello World is there. So what is the expression at the top where it says let packages import Nix packages, et cetera. So that is a function call to standard m.mkderivation. The first argument is name, which is a string. So I'm gonna call this package Hello World. And the source code is gonna come from GNU's FTP server. And we're gonna hash this, and this is really important. We're gonna say what the char256 sum is ahead of time. Now this way, if anyone else sees the expression in the future and they build it and that tarball has changed, well we'll know about it because the char256 won't match. So this data is really important for reproducibility and security. So by comparison, let's see what a Docker file would look like. So from Ubuntu latest, there's two problems here, right? Ubuntu, even if we could find the original Docker files for Ubuntu, could we reproduce it or do they have many steps inside of it that aren't reproducible? Like apt install this, apt install that. Because every time you do apt install, you've lost the reproducibility because it's gonna give you a different result the next time it runs. Latest, latest when? When I run the Docker build. So the Docker files are not intrinsically attached to the results. So the result of a Docker file is basically like a binary, you give that binary to people and you may never see the Docker file ever again. And that's not quite true for Nix expressions. So apt get update, it's gonna resolve a different package list the next time it runs. So the next time I run Docker build, hello might just not be there. So we've got to run it five times and then hopefully Debian servers are up again rather than down. And yeah, but that's not the only problem. Every time we do apt get install, hello, it's gonna create a package database and this package database is gonna have timestamps in it. There's gonna be tons of reproducibility issues just at every level in this Docker file. And then last offender is cmd hello. This assumes that the hello package actually puts a binary called hello on the path. So maybe hello is not the name, maybe it's hello-world. So there's nothing but assumptions in this Docker file. And indeed, if we use this method here where we save the results of building it into a table and then we look at the table, the table is different. Now this isn't the full story, this is a bit of a cheat, right? As a matter of fact, if you extract this, you'll get another table and inside of that is a layer and a file system hierarchy like slash user slash bin, et cetera. So we'd have to inspect that with Difascope to understand the true reason that this is not reproducible. But I mean, this is a nice example because it shows that even when they package the table for the OCI image, this table, this image that we're gonna load into Docker, even that step is not necessarily reproducible because tables pack and unpack, serialize and deserialize in a different order every time operations are performed. So how do we do this with a Nixflake instead? So there's a function someone made called, I only wrote this presentation this morning, so I missed that out, but it's called Docker Tools Build Layered Image, right? So someone in Nix packages, which is a library of 80,000 software packages and Nix expressions and functions and things, they made this function called Build Layered Image and this is essentially a reproducible bash script for producing container images, right? So my container image equals running that function with the first argument name, my container image, the tag, latest. Content is a list of things that I want to be in the container and config.cmd is the entry point that we saw in the Docker file earlier, which was hello. So let's just have a look here. So this hello here, that's what we're gonna map to in the Nix expression, config.cmd equals hello. So this is the first thing that's gonna run on the container boots. So this is in a data structure called a flake. So a flake has inputs and outputs. We say inputs.nixpackages.url equals this GitHub repo and whenever we run a Nix command on this, it's actually gonna generate a flake.lock. So I'd just like to show you that before I get too far in. So flake.lock. So we no longer have that problem of like latest being latest when I run the command because it creates a lock file and tells you what it was when I run the command and this is immutable and stored in the Git repo where I provide these expressions or tell you to run it from. So yeah, let's build it. So we're gonna build my container image. We're gonna look in the result, then we're gonna load that result into Docker and then we're gonna run it with Docker and this has all been done, like the container image has been built with Nix reproducibly and then ran with Docker. So I'm just gonna run that. Oh dear. All right, there we go. I got scared there for a moment. Okay, so it created a result, put it in the Nix store where it lives reproducibly and it loaded it into Docker and then it ran it. So there you go. Much more reproducible than the Docker file, right? So why is this the case? So Docker is repeatable but not reproducible to find instructions, but it trusts the internet unconditionally and it doesn't perform any hashing or at least it doesn't encourage people to do that. Docker files do not provide you with a tool set for performing reproducible builds and Nix is basically a C++ binary written by Elko Dulsher which implements the Nix expression language which gives you a tool set for implementing reproducible builds. So what does Nix guarantee? So it guarantees that we're gonna get the same input from the internet every time and we're gonna perform the build process inside of a sandbox and hopefully the result is deterministic. It guarantees that, but it does not guarantee that the build process in fact is deterministic. An example of this would be the Java compiler. The Java compiler will put timestamps into every jar file it creates every piece of Java source code. Now of course we're not gonna get rid of the system call that allows the process to gather the time at this point in time. But that was a decision because it broke a lot of build processes. So instead we have to do things like touch 1970 at every build step so that we get rid of the timestamp and the intermediate steps when we compile things. So yeah, there's lots of reasons that a build may not be deterministic and Nix can't help with that. But what it can do is perform the same build with the same inputs every single time and hope that the output's deterministic which is a lot more than many other tools can do. So, do I have any extra time? Do I have? Yes, we have enough time for questions. Oh yeah, I didn't wanna go to question straight away. I just wanted to show three really cool things. So Nix shell is a way of trying things before you buy. So I'm gonna SSH into my server because the internet here might just drop out. So I'm gonna Nix build, oh sorry, Nix shell. Nix packages, hashtag, I don't know, Python three. And the reason I'm gonna do that is because I have Python three now. But if I get out of the Python three interpreter and try and run Python three again after exiting out of this temporary shell, I don't have Python three. I don't have Python on any of my systems installed globally, right? It's just, I install it when I need it and only when it's necessary. Now, because it's an expression language, if I go through the REPL, I can say something like let's load Nix packages and then Python three has a member function inside of it with packages. And I can say inside of P, put all of the whatever it is, 20,000 Python libraries that exist in the world from PyPy. And I'm gonna give it a list of Python libraries that I want for this particular instance of Python. P dot, I don't know, NumPy. It's gonna evaluate that and create a derivation and then I'm gonna build that derivation. And it's gonna do all of this reproducibly. So if you evaluated this expression, you get the same path, you get the same output path on your machine. And then I can LS in there and see that we've got bin and we've got Python interpreter. And if we run that, we'll have a Python three that can import NumPy. Oh, but if I exit this and exit again, you know, I don't have Python anymore. Going to a next rep on say I want Python three. Oh, gotta load next packages. Gonna build Python three. Notes that I'm not defining a function. I just want Python three. I don't want Python three with NumPy. Let's take a look in the output. This Python cannot import NumPy because there is no such thing. It's not global. There is no global state. There's no global thing that's being modified. Everything is a copy every single time with something added or without something added. Another thing that you can do is you can cross compile using Nix. So in Nix packages, there is a package set called packages cross, which is all of the 80,000 Nix packages that you can get. Whoops. Yeah, so like, I don't know, Python's there. We've got NumPy and we've got Firefox and we've got, you know, a set of 80,000 packages which we can do what we want with. So what do we want to cross compile all those 80,000 packages? Well, packages cross has any if we tap complete all of the architectures we want. So let's say risk five, 64 bit and then, I don't know, hello world. Now I think I've done this and this is another benefit of reproducible builds is that things are cached. I did this last month. It puts something in my slash Nix slash store. It's still, it's not going away. I haven't garbage collected it yet and that's another concept that Nix has is garbage collection. The file system is memory is what they call it in the thesis. So I did this last month, so it's still there. So that's why it completed. But if I want to rebuild it just to show up, it can do this. And this is reproducibly cross compiling hello world for risk five, 64 bit. And it's done. And in slash bin, we have a dynamically linked risk five binary. And the fun part is despite the fact that I'm actually running on an X86 kernel, I can still, I can still actually execute this because I have something called bin FMT registrations enabled on my system. And the way that that's done is also very easy. Thanks to Nix. Because Nix OS of course has many options. I can just say, okay, bin FMT registrations. Yeah, I want to be able to run Windows binaries or ARM binaries. I can do that on my X86 system just by putting a list of emulated systems in this option. So that should convince you to use Nix OS if nothing else does. Yeah, I think I just showed off those three points. So any questions if I have time, if not, then that's my talk. Yeah, if there are any questions, the mics are still in the middle. If you walk the mic, otherwise the video doesn't have audio. So we all can hear you, but the people rewatching can't. In Dockerfile, you have a little bit closer to the mic, please. Yeah, thank you. In Dockerfiles, you have latest and that's great. You don't have to upgrade it. In half a year. Is there something like Nix, maybe specifiable latest up to this timestamp? Yeah, so I mean, Docker could if it wanted to, probably like implement a lock file. Although I haven't seen that. So the benefit of Nix here, right, is that you can't do such a thing as latest. It doesn't exist. And that's a good thing for reproducibility. So we take a look at this Dockerfile, right? It says latest. Now there's no, when you run the command, it's going to go and fetch the latest. And everyone that runs the Docker build command, every single person on the planet will get a very different result, right? There is no guarantee. So I have to target, I have to say like 2004, right? But that 2004 could still change technically. If I want it to be really reproducible and Docker does do this, you can specify a hash, right? And so, you know, there is a way around that, but it's the least of Docker's issues, right? So this is just one. No, well, the question would be, is there a Nix upgrade? Yes, indeed. So let's say flake.loc, flake.nix here has Nixos 20205. This is a tag, right? So it changes. So if I want to see what that is, I go into the flake.loc and we see that indeed it's the E3583 revision of Nix packages. Whoops. And if I go to Nix packages on GitHub and I go to that, that hash. What I'm saying, it's a lot of steps to keep your system up to date. No, it's not. I'm just showing you the full path as to how it's reproducible. So if we go to that commit, we'll see that that commit exists and this commit was made a few days ago, four days ago. So in four days, a lot might have happened. So we want to go on and we want to advance from this hash, this revision here. So all we have to do is Nix Lake update and it will go and find what the latest hash is. Looks like D1CA4EA, right? And so this is the steps that you do to update the lock file. And once that's done, right now it's extracted. It actually went and fetched the latest Nix packages and it's extracting the tarball on my laptop. So it's a bit slow because my laptop disk is a bit slow but that lock file will be updated. That was great. Okay, I think we need to be rounding up the questions. Do we have time for one more? Or should be, we've got one more speaker. So if you, the other questions, I think they can approach you afterwards because we really got to move it along. Sorry. Yep. Thank you so much. You know the question with the one sentence. If you go to repology.org, you will find of all the distros on the planet, all their versions and you will find that Nix packages has the most recent of any distro, beats the pants of anything. Top right, Nix packages unstable. It's the most fresh. It's the largest size. So it's got more packages than Arch. They're fresher than Arch. They're more up to date than Arch. They're more maintained than a lot of other distributions too. Thank you. Thank you so much. So for the next speaker, I learned what a subject was and I was like, I know nothing about that because his speech or talk is on the good old times. I wasn't born during those. I'm 15. I'm way too young for that. So I'm really, I'm really looking forward to hear what your generation know. I will be nice. What he has to say about the good old times. Thank you. Yay. Thank you. Yeah, this is going to be completely ad-lib. I didn't know I was going to do a talk until, I don't know, 20 minutes ago. So I'll just make it up completely. Oh, there's no time as well. So you'll just have to flag me because I want to keep track of the time. I don't know if it's that, but I will start from the point when I went over to the retro tent and I was with some people and they asked me about the machines there and somewhere I was familiar with, in particular, the Amiga, the Commodore Amiga computer. And it took me back to when, well, I suppose I lived through the 80s, but not the 70s. I missed the 70s. My first computer was a green monitor computer, eight-bit Commodore PET and then my family got an Amstrad CPC that had color and I could load games. I think my friends had games from cassette and after which then, my third computer was the Amiga 500 and I absolutely loved it. And it could do things that you just could not do on other systems at the time. So even basic concepts like what, how would it connect to the internet? And where would the internet run if I booted it up and tried to use the internet? What did the internet look like back then? Well, I don't know, I wasn't on it, but I'd read articles in magazines and the way we got software for the computer was just simply we could buy magazines or we could wait until we saved enough to go and buy some software from the, I don't know, Smith's or wherever the sales were at the time or even mail order. And one popular thing we used to do was order software from magazines where they would list like one pound per disc or alternatives as well. So yeah, before we had the internet, before a lot of my friends got maybe a computer with Windows in the mid-90s, people still had modems and they could dial up into, they could dial other machines that also had a modem on the phone line. So you couldn't tell the computer where to go and the computer would it be able to automatically route its way to its destination? You had to manually dial the number and download packages or files and you had the limitations of the size of the floppy disk so you had to split, if maybe your disk format wasn't big enough to contain the file, you had to split it up into pieces. Just out of interest, how many of you had an 8-bit micro back in the day? No, no one had an 8-bit micro back in the day. 16-bit micro, early games console, no. So yeah, what was that? MSX basic. MSX basic, excellent, nice. Someone else shouted? Yeah, I'd say earliest, yeah, the earliest, yeah. So yeah, it was interesting times and I think a lot of things were taken for granted, like how long things took, but when I look back now and I see the machines in the retro tent, a lot of them have been upgraded, they have SD cards, so you can load almost any package from that ever existed is on that one SD card because it's been scaled up so vastly and the packages are now tiny in comparison. And it really put things into perspective and occasionally I look back and I'll run an emulator and I'll forget how difficult things were and tricky and I'll forget, I might forget, oh, it really did take that long, oh, it didn't seem, I mean it wasn't such a big deal to put in a cassette, load a new game in from cassette or floppy disk, but yeah, we wrote it really cushy these days, we've got a really easy, we don't realize how convenient it is to have the facilities we've got on disk. I didn't have a hard disk drive, so a lot of things ran off ROM or from floppy disk. But yeah, it was a good memory trip. It must be still up, I don't know if there's dismantling it, but yeah, it'll be still up. Retro tent, so yeah, have a good look at all the machines in that retro tent and ask around, there's gonna be some guys that had old systems that love to talk about those things and just enjoy them as much as I did. Got me interested, I was interested from just a hobbyist perspective because I liked calculators and they were very simple devices. Bit more than a glorified calculator, bit less than a 3D graphics rendering engine, so PlayStations came out in 95-ish, something like that, is that right? No, it was earlier than that, I think it was 92, 93. Yeah, it all just went to PC, so yeah, definitely check out the retro tent. Yeah, good times for me and yeah, have fun. Hi. Thank you. Ah, it works. Well, thank you, I learned a lot because I wasn't there. And it's really, really, it's surprising that my dad talks about it sometimes. It's still, oh, there goes my fork, it still surprises me how far we've come in such a short time, like 20 years ago and now, yesterday I walked through an entire different world while shooting robots and 20 years ago my dad was like loading a file and it would take an hour. So it's amazing and you talk about it really lovely. Now, there's a question, so fired on. Hiya, that was cool. Thank you. Do you still have, like, cassettes or floppies? Yeah, we had a number six basics and it loaded things of cassettes and I remember having to reload games because the cassette would be a bit stuck. Have you had any issues with that too? Do you remember anything? That's right, that did happen some of the reasons, well, one of the common reasons for that, there's a few, could be that the tape head, I've experienced it, the tape head can become clogged over time, you get these cassettes that like clean ahead cassette tapes, but I would just simply get some, get a little drop of isopropyl alcohol on a Q-tip and just rub the head and that cleans it up nicely, it dries out quickly. So if you just want a quick fix to that, that's one try. Another try is, well, a slightly trickier one is the head alignment, there is a screw and you can get calibration tapes where you can align the head and you need to, maybe, I don't know, do you need an oscilloscope? I don't, yeah. You'd need to have a way of balancing that head so that there's a few ways and then you might even be able to load the tapes in and archive some, if they don't exist on the internet, you might be able to contribute to the archive. You might have some rare tapes, yeah. Okay, the last question for now and then I assume they can ask any other things that's fine. Yeah, it's not a question, I just wanted to mention my story about this. So, yeah, it's a question, actually. So, did you also exchange cassettes with your, like Game Boy cassettes or even console cassettes because I was living in a block apartment and we were, because we couldn't afford each one of us, like we were 10 friends, we couldn't afford each one of us to buy all the cassettes we wanted. So, one month, one of us, buy one and we exchanged it and it was also a game, like you were very good if you finished the game first and you could go in your face, everyone. Yeah, yeah. So, this is one of the first questions and the second I wanted to say is that I have a story with my dad. He came, I remember this very clearly, he came in my, I was playing a game and actually what happened is that he said, did you do your homework? I said, yes. He said, did you clean up your room? He said, yes. So, your mom wanted to help, did you? I said, yes, I did it. Okay, now go out because I want to play, I'm your father. So, he ran out of excuses, I just wanted to share because... Yeah, yeah, all these good old, yeah, thanks for that, yeah. Well, we did share some disks that were, a lot of the time, you get free games off the magazines, maybe we couldn't even buy the game so we'd all get the cover disks and the cover disks for that. Sometimes they'd have a full game, sometimes they had PD games, sometimes they'd have different types of games and some friends, if they were lucky enough to have modems, I didn't actually have a cassette player but my friends did, I was spoiled, I had a disk drive. So, but even the disk drives as well, people would, if they were lucky as well to have a modem which I didn't have, they could get onto the bulletin boards and get software from them and yeah. Well, you mentioned that it's, everything, you mentioned that it's everything goes slow but I think doing these exchanges was a very nice way of socializing and getting your friends and it was like a social network. Yeah, oh, they would leave the name in the intro. Yes. And it would, a scroller, a tech scroller and it'll put the number, yeah, that's good. That's amazing, I loved hearing the stories and it's so funny because I remember when I was a little smaller that we had a Wii and obviously that's way more advanced but we had to like, this thing got stuck and then you had to take it out and blow on the CD to clear off all the dust and then only then it will work. Which was one of my earliest tech memories that we were like, it just, to make it work but it's really nice to hear. Back in the day when Nintendo and I asked you to do the same with the cartridge, it was famous and people just go like a harmonica. Yeah, well, another big applause for. Thank you. And then that is Mark's the end of the lightning talks. I want to thank all of you and this is my last shift as a Herald so I really enjoyed having you as a public. Yeah, thank you, thank you. And I hope to see you all in three years at the next event. Bye bye. Yay. That also, I don't know if I'm going, but yeah. And also a big, big thanks to the organizer of all the lightning talks.