Today I Learned

Supply chain attacks are so big these days engineers definitely need to take these into consideration. It’s wild that such a simple attack vector hit some really big applications. This particular vector is so easy to avoid. You are already hosting web content, just curl the file and self host the script, then you own it. That eliminates this attack vector all together, but doesn’t completely remove supply chain attacks, the js file can still hit external apis internally.

What I see has happened in this case is that the owner of the domain polyfill.io changed. so anyone who directly linked to them got a malware injected script used.

I can only imagine the number of applicatons that are not even being maintained anymore getting hit by this. TLDR, if you are taking something to production, where you are goind to deploy it and let it run, host the js yourself. these cdns are great for prototyping, but tread with caution.

Well spoken prime. Co-pilot is a fantastic tool for templating, boilerplate, or just getting something done that is just outside your knowledge or care to know. Bit if you really want to learn something, you need to use your hands. Reading the solution only gives you the happy path. This does not give you that path that most people would take, and completely misses debugging. If you are very new and learning it’s unlikely that you can write large blocks of code without running a test or a script to try it. Taking these shortcuts will hinder your ability to do it yourself.

If I were to devils advocate here, copilot is still not the greatest at the big picture, you still have to drive, and tell it I want to use python, fastapi, I want to load settings from .env. taking these shortcuts can help you move quick and get the big picture. This is especially helpful for someone who might know one language or framework and is trying a different one, but at some point you need to do...

pyannotate is a tool that uses runtime types to suggest type annotations to use. Test runners such as pytest can be used to generate the types.

Interesting, linux supports 32 programmable buttons, special buttons that do nothing that hotkey programs like xbindkeys can pick up and run things, seems like it would be very intersting to use on a macro pad. You could easily do dynamic and complex tasks without clashing that keybinding with something else.

I’m going to look into this for my next obs setup. No matter what I try to do with the hyper key it always tends to do odd things depending on the application I am in. typically its tmux, and it starts trying to do something I don’t want it to.

Create virtual environments for any Python version, without needing Python installed.

Love how Daniel just brushed off the number of netflix tv installs as small beans for curl installs. overall great episode on open source, owning a major component to technology with such a small team.

I’ve long had issues with my qmk keyboard media keys on my arch install, I always thought it was on the keyboard end. Today I learned that playerctl fixes this.

paru -S playerctl

Once it is installed all of my media keys started working right away.

I played around with it a bit more and came up with a way to display the current playing title in my notifictations.

Great keyboard design guide for all the different mounting options that are normal for keyboards with pros and cons of each.

Super cool idea, kinda breaking the rules by talking about it here, but Its a cool idea to throw out posts to the core audience. Apparently its been around for quite while Dave started in 2018.

A linter for linting kubernetes manifests and help charts.

Full reference to all of the qmk keycode list. Handy reference to refer to all of the keycodes that qmk has.

Fantastic guide to building handwried keyboards. I used this guide to build my first hand-wired macro pad.

Just starred TinyLlama by jzhang38. It’s an exciting project with a lot to offer.

The TinyLlama project is an open endeavor to pretrain a 1.1B Llama model on 3 trillion tokens.

Just starred packaged by tusharsadhwani. It’s an exciting project with a lot to offer.

The easiest way to ship python applications.

Two inspirational people in one podcast, its cool to see how adam thinks about code, css, webdev, and building businesses.

Great listen for anyone interested in productionizing python code with docker. Itamar brings up some

Don’t trust base images for security, upgrade your packages. Vulnerabilties become published and solved giving the bad guys istructions how to wreck your day and these fixes wont come to your docker application for up to two weeks due to image build tatency.

For job based containers pre-compile your pyc for faster startup.

Alpine linux is probably not what you want for python. Many packages such as postgres ship pre-copiled binaries that work for most linux distributions wich use glibc, but alpine uses musl so the binaries will be incompatable requiring you to need to install a bunch of build dependencies.

Homelabbers have been some of the best co-workers I have ever had. Typically have a get shit done, If there’s a way I will find it kind of mentality. If you are struggling to get a job in tech right now its tough. Starting a homelab on a pc you pull out of the trash is a good way to get some experience that you can talk about in interview questions.

Linked video has some great points!

podman requires qemu-system on

❯ podman machine init Looking up Podman Machine image at quay.io/podman/machine-os:5.1 to create VM Extracting compressed file: podman-machine-default-amd64.qcow2: done Error: exec: "qemu-img": executable file not found in $PATH

The fix to this for me was to install qemu-system before podman machine init.

svgbackgrounds is a really awesome resource for svg things recently featured on https://shoptalkshow.com/618/

Currently Posting is a super early postman like tui (terminal user interface). It looks so good. Darren is really getting into a groove, and textual is getting to a place that is allowing him to really make these beautiful.

I am so impressed with the progress that he has made so early, it looks so close to postman in the freaking terminal, and the ui is so good. He already has think like jump that give you a way to around the ui like easymotion plugins. Theres themes and a command line, oh man its so good. star it.