Thoughts

Supply chain attacks are so big these days engineers definitely need to take these into consideration. It’s wild that such a simple attack vector hit some really big applications. This particular vector is so easy to avoid. You are already hosting web content, just curl the file and self host the script, then you own it. That eliminates this attack vector all together, but doesn’t completely remove supply chain attacks, the js file can still hit external apis internally.

What I see has happened in this case is that the owner of the domain polyfill.io changed. so anyone who directly linked to them got a malware injected script used.

I can only imagine the number of applicatons that are not even being maintained anymore getting hit by this. TLDR, if you are taking something to production, where you are goind to deploy it and let it run, host the js yourself. these cdns are great for prototyping, but tread with caution.

Well spoken prime. Co-pilot is a fantastic tool for templating, boilerplate, or just getting something done that is just outside your knowledge or care to know. Bit if you really want to learn something, you need to use your hands. Reading the solution only gives you the happy path. This does not give you that path that most people would take, and completely misses debugging. If you are very new and learning it’s unlikely that you can write large blocks of code without running a test or a script to try it. Taking these shortcuts will hinder your ability to do it yourself.

If I were to devils advocate here, copilot is still not the greatest at the big picture, you still have to drive, and tell it I want to use python, fastapi, I want to load settings from .env. taking these shortcuts can help you move quick and get the big picture. This is especially helpful for someone who might know one language or framework and is trying a different one, but at some point you need to do...

pyannotate is a tool that uses runtime types to suggest type annotations to use. Test runners such as pytest can be used to generate the types.

Interesting, linux supports 32 programmable buttons, special buttons that do nothing that hotkey programs like xbindkeys can pick up and run things, seems like it would be very intersting to use on a macro pad. You could easily do dynamic and complex tasks without clashing that keybinding with something else.

I’m going to look into this for my next obs setup. No matter what I try to do with the hyper key it always tends to do odd things depending on the application I am in. typically its tmux, and it starts trying to do something I don’t want it to.

Create virtual environments for any Python version, without needing Python installed.

Love how Daniel just brushed off the number of netflix tv installs as small beans for curl installs. overall great episode on open source, owning a major component to technology with such a small team.

Great keyboard design guide for all the different mounting options that are normal for keyboards with pros and cons of each.

Super cool idea, kinda breaking the rules by talking about it here, but Its a cool idea to throw out posts to the core audience. Apparently its been around for quite while Dave started in 2018.

A linter for linting kubernetes manifests and help charts.

Full reference to all of the qmk keycode list. Handy reference to refer to all of the keycodes that qmk has.

Fantastic guide to building handwried keyboards. I used this guide to build my first hand-wired macro pad.

Two inspirational people in one podcast, its cool to see how adam thinks about code, css, webdev, and building businesses.

Great listen for anyone interested in productionizing python code with docker. Itamar brings up some

Don’t trust base images for security, upgrade your packages. Vulnerabilties become published and solved giving the bad guys istructions how to wreck your day and these fixes wont come to your docker application for up to two weeks due to image build tatency.

For job based containers pre-compile your pyc for faster startup.

Alpine linux is probably not what you want for python. Many packages such as postgres ship pre-copiled binaries that work for most linux distributions wich use glibc, but alpine uses musl so the binaries will be incompatable requiring you to need to install a bunch of build dependencies.

Homelabbers have been some of the best co-workers I have ever had. Typically have a get shit done, If there’s a way I will find it kind of mentality. If you are struggling to get a job in tech right now its tough. Starting a homelab on a pc you pull out of the trash is a good way to get some experience that you can talk about in interview questions.

Linked video has some great points!

podman requires qemu-system on

❯ podman machine init Looking up Podman Machine image at quay.io/podman/machine-os:5.1 to create VM Extracting compressed file: podman-machine-default-amd64.qcow2: done Error: exec: "qemu-img": executable file not found in $PATH

The fix to this for me was to install qemu-system before podman machine init.

svgbackgrounds is a really awesome resource for svg things recently featured on https://shoptalkshow.com/618/

Currently Posting is a super early postman like tui (terminal user interface). It looks so good. Darren is really getting into a groove, and textual is getting to a place that is allowing him to really make these beautiful.

I am so impressed with the progress that he has made so early, it looks so close to postman in the freaking terminal, and the ui is so good. He already has think like jump that give you a way to around the ui like easymotion plugins. Theres themes and a command line, oh man its so good. star it.

Oh I kinda like the name blogmark, as opposed to thoughts like I have chose for the same thing. Aparantly Simon beat me to the punch by 20 years on this one.

THIS! is the same reasons that I built thoughts{.hoverlink}. Simon has bee a big inspiration along the way. He defintely changed the format of my posts as I watched him build out his quote posts.

Link blogging is a pleasantly low-pressure way of writing online. Found something interesting? Post a link to it, with a sentence or two about why it’s worth checking out.

Ditto! just make a post.

Kellan brings some interesting thoughts on where the internet is headed in 2024. Interestingly I see myself headed in a similar direction. Feeling like I know just enough to say fuck it and build my own platform for me to me me, from thoughts{.hoverlink} where I link and make thoughts on posts like this, to reader{.hoverlink} which is my rss reader replacement that I wanted in 2013 when it was killedbygoogle

And particular with the collapse of the social spaces many of us grew up with, I feel called back to earlier forms of the Internet, like blogs, and in particular, starting a link blog.

Ai has really had quite the two sided effect since...

Setting up DNS overTLS in opnsense has made my dns just a bit more secure and reliable. I recently had an outage of half the internet within my house. This also hit some of my friends and not some. It did not hit my mobile network. What seems to have happened is a dns issue with my isp not resolving some domains. This setup corrected my issue and I was back online more securely.

Argo events is an event driven automation framework for kubernetes that can create kubernetes objects among other things based on events. I’ve been using native kubernetes cronjobs to kick off jobs based on a cron trigger.

For instance I am running reader.waylonwalker.com every hour, to rebuild the site and re-deploy it. It takes about two minutes to fetch every rss feed, so this is a nice application of a job compared to a web server fetching the feeds live. Now my posts may be up to an hour stale but they load fast.

Argo events takes event drien architecture to the next level allowing to be triggered by many more things, and do many more things than creating a cron job. I’m definitely thinking about dropping this in my homelab.

I am using this theme for Ulauncher in arch and it looks fantastic! One line install (read it first).

Just discovered this really cool launcher from the DHH distro omakub. github.com/omakub{.hoverlink}.

Ulauncher comes out of the box looking good, supports extensions, and shortcuts like I have a lot of mac launchers have. I installed it plus a theme and in no time It was looking good and launching applications.

In the past I have leaned in on rofi for task launching, it is good. I just felt it was harder to configure to get right or look good.

This is a sick steam deck dock! With a corne built in laptop style.

This is DHH’s linux startup script. Call it a distro if you want, but he doesn’t. It’s made to take a vanilla ubuntu install and configure everything the way he likes it. There’s a number of great nuggets in here to pick up on.

No need to write bespoke configs for every essential tool just to get started or to be up on all the latest command-line tools. Omakub is an opinionated take on what Linux can be at its best.

Check it out and give it a ⭐ basecamp/omakub{.hoverlink}.

This is a really cool animated visual representation of how sine waves work, how they relate to circles, pi, rad, and how to add up a series of waves to make square and sawtooth waves.

This looks like a sweet tui postman clone. Darren is really rolling with these tui’s. Cant wait to see where this one goes.

Sometimes I struggle to get my os to report dark mode to chrome, luckily there is a way to force chrome to always use dark mode.

I’ve never really gotten into dark reader and extensions like this. For some reason they all make websites look really weird to me and I don’t really care for it. What I want is websites designed to be in dark/light to always go dark, if the designer didn’t design dark just let it be light.

xxHash is an extremely fast non-cryptographic hash algorithm, working at RAM speed limit. It is proposed in four flavors (XXH32, XXH64, XXH3_64bits and XXH3_128bits). The latest variant, XXH3, offers improved performance across the board, especially on small data.

I hit an issue with markata where even though a bunch of articles were cached, the site build was still slow because I was hitting hashlib.sha256 so hard for cache keys. I was shocked when this popped up in my profiler as a significant portion of the time spent. I swapped out for xxhash and that issue completely went away.

This is so easy compared to self hosting stable diffusion yourself. It even has a nice api that you can hit with curl or python. The pricing seems competitive as well. Bookmarking this to try next time I need something like it.

Great set of tips here!

No waiting. No “waiting until tomorrow” or “It’s Friday, let’s wait until Monday” to deploy. If your deploys are so slow that deploying an hour before the end of the day is a risk, that’s a separate problem. If you’re afraid of a Friday deploy, your system is too brittle, or you don’t have foolproof rollback procedures, or you don’t have people you trust on call to resolve it. Each of these is a problem that you can fix.

This one I find interesting I think there are some industries where customers come in large waves over the weekend, and a weekend bug can not only ruin someones day off, take longer to fix, but also cost a lot of money.

Not deploying on Friday is totally what that team should be doing.

...

Be Fast, Practice, Hone your craft. There’s a lot to be said here about honing your craft for editing text, picking up a few extra WPM, learning vim shortcuts.

Also just build shit. The more you build new and different things the more not only your text editing will just roll out, your skills to see patterns in code and architecture will flourish.

Read their bios, and the answer is always no. They loved to play, sure. They had some base talent, typically. But they also invested an absurd amount of time into that skill set.

This! is actually what turned me on to Post Malone. I remember hearing his story in how he was just known as the guy with a guitar because he was always playing it between class and everything.

This one is too funny. opening a sixel image in the terminal when logging into prod.

Tailwind calls strikethrough line-through. This caught me off guard and took me a minute to find.

Control how text is decorated with the underline, no-underline, and line-through utilities.

Maggie is a fantastic proponent to the digital gardening movement. In this article she proposes 3 ways for someone to start their own digital garden with low friction and no code.

This is one of my favorite changelog episodes of all time. I had no idea all the work that has gone into the right to repair and ifixit. They talk a lot about apple and its trend to be less repairable from unservicable air pods to serialized components within iphone.

A lot of legal talk that was far more interesting that I thought it would be. Recently winning the right to repair case against John Deere, and creating repairability scores for devices to be placed in stores like energy guide is.

Get gnome running in distrobox.

This is a pretty nice gear generator. I printed a few gears today and it worked great so far.

This is kinda sick, its a tool to clean up container images in a k8s cluster.

distrobox gives you distrobox-host-exec to run commands on the host. This is handy to get access to host level clis that you probably wouldn’t want to run from the container like podman, docker, flatpak.

DESCRIPTION distrobox-host-exec lets one execute command on the host, while inside of a container.

Under the hood, distrobox-host-exec uses host-spawn a project that lets us execute commands back on the host. If the tool is not found the user will be prompted to install it.

A comprehensive community built index of anti-cheat support for linux very similar to proton, but specific to anticheat support.

ublue-os makes a github template for making your own git repo with actions that build out your own personal ublue iso.

Distrobox is so interesting and cool, I’ve only recently started realizing how much it can do especially related to hardware and graphics, this is quite an example that runs obs in a distrobox. I had no idea distrobox would let you connect to cameras and gpus so seemlessly, and give you a gui to work from. And with distrobox you can export so that it just looks like an app on your system.

2024 has been a wild year for infra with going “back” to on prem being made popular by @dhh. Well it looks like ahrefs saw right through the cloud trends an decided to ride the anti cloud train until it came back around to the station.

Being just a bit critical of the article it is impossible to get an apples to apples without actually running something of this scale and spending too much to find out. I cant imagine raw ec2 and ebs being the cheapest route into aws. They used no serverless tech in their article, but I digress, because I like this own your shit and build good product train.

What about People?!

This follow up does dive into the typical gut reaction that people cost a lot of money, you must account for them. You see when you hire people who are actually good at what they do, and run lean a lot of cost goes away, you have levels of management that disappear, levels of tooling that don’t need to exist, departments of IT don’t need to exist.

...

When using justfiles each line is ran separately from the last, unless you specify the file to be ran by something other than just such as bash. If you want variables to persist you need to set a shebang.

Also if you are using your script i a way that you want it to exit when it fails you need to set -e and -o pipefail. This is critical if you are thinking about using just for production scripts like ci/cd. I’ve hit too bugs where ci passes, but no artifacts were created issues for this exact reason.

This is a dope ass cheat sheet for justfiles. It’s filled with good examples that are short and to the point, probably all from the docs, but anyways I need to do some like this for myself.

Damn this Tim Paul quote finishes hard and such a good point. None of the stuff around llms just work. Good ui’s, front end, back end, infrastructure, product. All these things still need to exist, and in fact for ai to be good we need to still go hard on them otherwise everything will die in a heaping pile of ai slop

I’m no developer, but I got the AI part working in about an hour.

What took longer was the other stuff: identifying the problem, designing and building the UI, setting up the templating, routes and data architecture.

It reminded me that, in order to capitalise on the potential of AI technologies, we need to really invest in the other stuff too, especially data infrastructure.

...

PopSql looks like a very innovative product to bring collaboration to data exploration and visualization in a way you would expect from something like vscode liveshare. This looks far more appealing than a traditional BI data tool.