GitHub Stars

I’ll triple down on the link-blog chain here, see this one going around all over this week and finally had time to read through when it hit my rss reader via Chris.

It should come as no surprise that nearly every vibe-coded app on the Internet struggles with security issues; look no further than the vibe-coded recipe app that leaks its OpenAI keys. Every time one generates code by prompt, they create a new stillborn program; vibe coding is the art of stitching together their corpses into Frankenstein’s monster.

Damn, that is a strong statement, stitching together the corpses, strong statement here. The OpenAI key thing feels kind of obvious to me, every set of docs, blogs and examples on the internet need to be runnable for people to learn and try out new tech easy, putting secrets in the wrong place is easy, putting them somewhere that you can decode them without sharing them is hard team specific, app specific, and so nuanced to your architecture that its rarely...

...

Under 2000 everything is happy, green field. Any decision you have made is relatively easy to back out of (barring you making a library with downstream users), but as you go, regret kicks in. Regret we didn’t make that pydantic 2 upgrade earlier, as new features become more apealing. Regret that we chose sqlite for simplicity, speed, agility, and now we might need robust and distributed. Regret that you chose a front end framework, or to have a front end at all to a backend problem. Regret that you put 6 layers of abstraction on your db early on and now that you understand the problem you want different abstractions, but all of your endpoints deeply depend on the current one.

Vibe coding will not save you, it will only make these wrong decisions for you without the context that you have. You will hate it’s decisions more because you had no input into some of them.

“Gradually roll out your releases to a small group of people”

~ roughly what prime said (I’m listening live)

This really hit home with me, tests can be so good at making sure that we dont repeat bugs and that laser focused things work, tests are generally small and focused, but this does not replace some sort of integration testing. These days very few things are written as a monolith, and hence there are a lot of interactions that really need to play well together accross various systems.

They call out Crowdstrike here, which took down the world blue screening critical windows systems everywhere in 2024. It was revealed that a small changed was rushed through and skipped critical rollout paths since it seemed like a small change. Crowdstrike also runs at a super low kernel level of access and a small memory bug can kill the system.

I’m trying to level up my sre game. I’m trying to set up grafana dashboards for everything and it is such a wide surface area. It’s never just one thing you have to have 3 or more things hooked together in order for the data to flow.

I’m really getting not invented here vibes, and thoughts that I can just build this myself. Not grafana and it’s scalability necessarily, but small components of observability.

This is a really great guide to setting up kubernetes monitoring with helm, it uses loki as a log datasource and alloy as a collector of kubernetes logs, events, and nodes. The charts are setup really well to start collecting logs from all your kubernetes pods.

Really helpful article to getting tempo datasource setup in grafana, this enables you to see span and trace data within grafana. This data helps debug and work through issues that you might come into with performance and need to see the timing of requests along with logs.

I’m trying to learn proper logs, monitoring, otel, and grafana. Today I imported a bunch of pre-made k8s dashboards and made a few of my own for specific apps, and it made me want to know how I can turn my own custom dashboards into infrastructure as code. Turns out grafana makes it pretty easy to do this, if you have the grafana dashboard sidecar running. It will pick up any ConfigMap with the grafana_dashboard label and import it.

Go to Dashboards -> Pick a Dashboard -> Export -> JSON.

Just starred postiz-app by gitroomhq. It’s an exciting project with a lot to offer.

📨 The ultimate social media scheduling tool, with a bunch of AI 🤖

I recently discovered wezterm by wezterm, and it’s truly impressive.

A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust

Steve is such a great listen, the neurospicy 🌶️ rambles this episode goes on is so relatable. I feel like I really missed out on some great takes on intellij vs neovim, but got some really great knowledge about vector db’s, embedding, text compression, similarities to vector algegra like infinite craft.

Just popped open infinitecraft and I’ve definitely played this with my kids before, super fun, just could not remember the name of this one. I do remember an android one as well that is alchemist or something like that, which we have also played a lot.

This episode really got me thinking about the difference between HA and DR and my approach to each one. They talk about it from the perspective of a cach cow kind of app rather than a homelab or internal tooling, but think of HA as 9’s how many 9s are we willing to pay for, tink of DR as dollars how many dollars will we loose during the period of recovery. So much more in the episode, a lot of talk around cloud vendors and what they give you vs a purpose build platform with HA and DR in mind.

Just starred kubero by kubero-dev. It’s an exciting project with a lot to offer.

A free and self-hosted PaaS alternative to Heroku / Netlify / Coolify / Vercel / Dokku / Portainer running on Kubernetes

I’ve been using ruff to lint my python code for quite awhile now, I was pretty early to jump on it after release. Some of my projects have had a nice force-single-line setting and some have not. I dug into the docs and it was not clear what I needed to make it work.

[tool.ruff] select = ['I'] # you probably want others as well [tool.ruff.isort] force-single-line = true

Turns out I was missing Isort in the select list.

Astral is doing great things in the python industry. They are disrupting entire categories of tools with extremely fast, easy to use, and feature rich alternatives that make it really hard to keep using the incumbent. So far I am seeing no signs of evil, sometimes with such a disrupter there is some sort of downside that make it hard to want to do the switch. In the interview they even mention things like leaning on lsp so that it works across all editors rather than building out vscode integrations that work for most developers. As a neovim user I greatly apreciate this.

ty, has a playground running at types.ruff.rs. You can edit code in there and see what the type checker results would be in browser. This looks good, excited to see it running in my lsp.

Here is an example where a Optional may not be defined.

Checking for existance before using it resolves the issue.

I was looking back at my analytics page today and wondered what were my posts about back at the beginning. My blog is managed by markata so I looked at a few ways you could pull those posts up. Turns out it’s pretty simple to do, use the markata map with a filter.

from markata import Markata m.map('title, slug, date', filter='date.year==2016', sort='date')

Result #

[ ('⭐ jupyterlab jupyterlab',...

...