HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rigid

no profile record

comments

rigid
·2 anni fa·discuss
a decent syslog daemon will stream it anywhere you like
rigid
·2 anni fa·discuss
you mean, something like a new FOSS project called "OpenEye"? :-)
rigid
·2 anni fa·discuss
> I wish Python had static builds!

while unusual in the "python world", there are more or less well supported ways: https://www.askpython.com/python/examples/compiling-applicat...

i'm sure go will support dynamic linking aswell sooner or later
rigid
·2 anni fa·discuss
They suck to maintain.

I love the fact that you can just update one single openssl lib and all installed apps use the updated version after a restart.

Static builds have their legitimate use-cases so maybe change that to "mandatory static builds". (iirc go support for dynamic linking is worked on and will become stable eventually)
rigid
·2 anni fa·discuss
https://textualize.io for python isn't bad either. (In case you don't like static builds like me.)
rigid
·2 anni fa·discuss
> where the maintainers of F-Droid can intervene and prevent an update to an app from reaching users if it's deemed to be malicious

That sounds like a feature you want when using FOSS.

Imagine distros wouldn't have been able to intervene quickly and malicious xz would be still deployed through their channels just because the authors want to.
rigid
·2 anni fa·discuss
That's not true tho. f-droid supports (true) https://f-droid.org/en/docs/Reproducible_Builds/ for quite some time now. Those are signed by both, f-droid and the author.
rigid
·2 anni fa·discuss
Hm f-droid provides privacy friendly https://fdroid.gitlab.io/metrics/ for some time now.

I'm not sure what sort of "control" they have over the Play Store compared to f-droid, but I'd rather have a trusted 3rd party do the building transparently and verifyable.
rigid
·2 anni fa·discuss
Signal has reproducible builds for android now? Why not f-droid then, too?
rigid
·2 anni fa·discuss
yep. android 13
rigid
·2 anni fa·discuss
mobile users should tap the canvas for the particles to move.
rigid
·2 anni fa·discuss
Hence "hack". It needs keys for administration but at a first glance, I see no reason why a git-anon user couldn't be part of gitolite's git user.
rigid
·2 anni fa·discuss
ledger-cli is rock solid but it lacks a decent TUI.

Really all I want is an 80s TUI accounting app that "just works" as ledger does but with a menu driven interface with keyboard shortcut support.

Modern stuff like multi-user capabilities, plugins, templates, API etc. wouldn't hurt.
rigid
·2 anni fa·discuss
For a single author you don't necessarily need any server at all. A cloud directory or zip files work well.

But gitolite is so easy to setup & maintain, it's not a big difference and for r/w-access management within teams, it's priceless.

I guess one could even hack anonymous access with "PermitEmptyPasswords yes" and "AuthenticationMethods none"
rigid
·2 anni fa·discuss
not sure how lightweight any of these are, but https://gitolite.com/gitolite/ just needs git and ssh deployed. And it works like a charm.
rigid
·2 anni fa·discuss
...at least you weren't looking for any references to "mifflin" functions.
rigid
·2 anni fa·discuss
I bet in the majority of cases, there's no need to pressure for merging.

In a big company it's much easier to slip it in. Code seemingly less relevant for security is often not reviewed by a lot of people. Also, often people don't really care and just sign it off without a closer look.

And when it's merged, no one will ever look at it again, other than with FOSS.
rigid
·2 anni fa·discuss
I kinda miss the curiosity show.

It was a bit more science leaning but got kids to awe just the same way.
rigid
·2 anni fa·discuss
> it enabled it in the first place

it took roughly two years including social engineering.

I'd say the same approach is much easier in a big software company.
rigid
·2 anni fa·discuss
> where no auditor ever looks

Well, software supply chains are a thing.

"where no auditor ever is paid to look" would be more correct.