HackerTrans
トップ新着トレンドコメント過去質問紹介求人

rigid

no profile record

コメント

rigid
·2 年前·議論
a decent syslog daemon will stream it anywhere you like
rigid
·2 年前·議論
you mean, something like a new FOSS project called "OpenEye"? :-)
rigid
·2 年前·議論
> I wish Python had static builds!

while unusual in the "python world", there are more or less well supported ways: https://www.askpython.com/python/examples/compiling-applicat...

i'm sure go will support dynamic linking aswell sooner or later
rigid
·2 年前·議論
They suck to maintain.

I love the fact that you can just update one single openssl lib and all installed apps use the updated version after a restart.

Static builds have their legitimate use-cases so maybe change that to "mandatory static builds". (iirc go support for dynamic linking is worked on and will become stable eventually)
rigid
·2 年前·議論
https://textualize.io for python isn't bad either. (In case you don't like static builds like me.)
rigid
·2 年前·議論
> where the maintainers of F-Droid can intervene and prevent an update to an app from reaching users if it's deemed to be malicious

That sounds like a feature you want when using FOSS.

Imagine distros wouldn't have been able to intervene quickly and malicious xz would be still deployed through their channels just because the authors want to.
rigid
·2 年前·議論
That's not true tho. f-droid supports (true) https://f-droid.org/en/docs/Reproducible_Builds/ for quite some time now. Those are signed by both, f-droid and the author.
rigid
·2 年前·議論
Hm f-droid provides privacy friendly https://fdroid.gitlab.io/metrics/ for some time now.

I'm not sure what sort of "control" they have over the Play Store compared to f-droid, but I'd rather have a trusted 3rd party do the building transparently and verifyable.
rigid
·2 年前·議論
Signal has reproducible builds for android now? Why not f-droid then, too?
rigid
·2 年前·議論
yep. android 13
rigid
·2 年前·議論
mobile users should tap the canvas for the particles to move.
rigid
·2 年前·議論
Hence "hack". It needs keys for administration but at a first glance, I see no reason why a git-anon user couldn't be part of gitolite's git user.
rigid
·2 年前·議論
ledger-cli is rock solid but it lacks a decent TUI.

Really all I want is an 80s TUI accounting app that "just works" as ledger does but with a menu driven interface with keyboard shortcut support.

Modern stuff like multi-user capabilities, plugins, templates, API etc. wouldn't hurt.
rigid
·2 年前·議論
For a single author you don't necessarily need any server at all. A cloud directory or zip files work well.

But gitolite is so easy to setup & maintain, it's not a big difference and for r/w-access management within teams, it's priceless.

I guess one could even hack anonymous access with "PermitEmptyPasswords yes" and "AuthenticationMethods none"
rigid
·2 年前·議論
not sure how lightweight any of these are, but https://gitolite.com/gitolite/ just needs git and ssh deployed. And it works like a charm.
rigid
·2 年前·議論
...at least you weren't looking for any references to "mifflin" functions.
rigid
·2 年前·議論
I bet in the majority of cases, there's no need to pressure for merging.

In a big company it's much easier to slip it in. Code seemingly less relevant for security is often not reviewed by a lot of people. Also, often people don't really care and just sign it off without a closer look.

And when it's merged, no one will ever look at it again, other than with FOSS.
rigid
·2 年前·議論
I kinda miss the curiosity show.

It was a bit more science leaning but got kids to awe just the same way.
rigid
·2 年前·議論
> it enabled it in the first place

it took roughly two years including social engineering.

I'd say the same approach is much easier in a big software company.
rigid
·2 年前·議論
> where no auditor ever looks

Well, software supply chains are a thing.

"where no auditor ever is paid to look" would be more correct.