HackerTrans
TopNewTrendsCommentsPastAskShowJobs

eddythompson80

2,456 karmajoined 3년 전

comments

eddythompson80
·3일 전·discuss
But they explicitly setup the permissions this way.
eddythompson80
·5일 전·discuss
Which developmental indicators are you referring to? Almost all economical numbers mean nothing if the country is a dictatorship because the admin can straight up fabricate all of them. Administrations in democracies have to manipulate the numbers, introduce new ones, etc while dictatorships can just say "Nah, make that number 20% higher". You can look at the EGP exchange rate over the last 10 years and tell me if that chart looks organic to you.
eddythompson80
·8일 전·discuss
I meant hosting such instance with the bare minimum privacy considerations. Otherwise you would have to be honest with them that you’ll have complete access to all their photos and make sure they understand it. People’s camera roll is often akin to their text history or email. It can contain plenty of personal and private things. Just because we’re friends, or even siblings, it doesn’t mean it’s free-for-all access to everything.

Agreed on the difficulty of implementing server side features though, especially all the things people expect from a Google Photos alternative.
eddythompson80
·8일 전·discuss
Normally I either encrypt a non-boot drive (if the VPS provider offers such a thing) or use gocryptfs. It’s still a pain though when reboots happen, unless you also put your key there. Application layer encryption makes it easier.
eddythompson80
·8일 전·discuss
E2EE means the keys are on your own computer (or device or brain etc). The “someone else’s” computer is just hosting encrypted blobs.
eddythompson80
·8일 전·discuss
It would make hosting a "Family and/or friends" instance possible.

I do go back and forth on the accessibility tradeoffs of E2EE for average people though. In this scenario, lose or forget your key/password and you lose ALL of your photos which are very important to some people. Losing them is pretty catastrophic. Google Photos or iPhotos really gives people a sense of security about their photos.

ps: It would also make it easier to host cloud instances for Immich without encrypting the file system of a remote server/VPS. Especially when renting servers from small-time sellers, I'm always weary about how much I can really trust their employees access control. I know some level of trust is unavoidable with physical access, but how do they handle those disks during maintenance would also be relevant.
eddythompson80
·11일 전·discuss
> The strange thing is that we are at the mercy of 3 corps.

Wait until you discover TSMC, ASML, Carl Zeiss, Intel and AMD, or even Nvidia.
eddythompson80
·15일 전·discuss
It's only confusing because of the terms the industry uses to describe it.

To achieve the task, i.e: a GitHub being able to update an AWS Lambda without storing a secret/key/certificate you minimally need:

1. A way for GitHub to sign a request before calling AWS with it.

2. A way for AWS to verify this request was signed with GitHub.

3. A way to tell AWS what actions a valid GitHub request is authorized to do.

#1 is very easy with a public/private key signature. For #2 OIDC standardizes this part. Every IdP publishes their public keys in a standardized way. For #3 AWS already has a full permissions/roles system, so it makes sense to use that for this. Then you can get a GitHub action to do anything an AWS account can.

To string 1, 2, and 3 together you end up with the confusing flow you described.
eddythompson80
·17일 전·discuss
Well not Go's package manager, right? Go modules came out 2019, Swift 2015?

I wasn't arguing against Swift needing a default package manager, I agree with that. Just the examples you picked to compare with are odd in context. You could compare Swift to its contemporaries like Rust or Zig and come to the same conclusion.
eddythompson80
·17일 전·discuss
I find your choice of examples (dotnet and go) baffling to me. Both enjoyed a very long life (8-10 years) past “1.0” before getting a standard package manager. The other examples, Java, python and JS are significantly older than Go (and even dotnet). Python and JS also had a significantly different intended use (scripting) than where they ended. Expectations of a language and its ecosystem changed. The compiler, linker, build system, package manager, LSP, linter, formatter, debugger, and plenty more are expected of any new language now.
eddythompson80
·18일 전·discuss
Apple has something with Swift similar to what Google has with Go. The language has a lot of desirable features for server development very much like Go and Rust. Especially when compared to Java and C#.

It makes sense for them to build their services using Swift instead of something like Go and the Swift-on-server team has been doing a lot of work to get swift in a usable state on Linux. Having a thriving opensource (starting with a package index) makes a lot of sense to them for that.

My only problem with Swift is personal taste and experience. I tried it on linux few times (admittingly few years ago now) and generally I wasn't a fan. Go and Rust solve all the problems that Swift could have solved for me, so I didn't bother. But just like node got an entire class of developers into server side programming, Swift could be apples approach to get their iOS and MacOS developers a way to easily write server side code in swift as well
eddythompson80
·지난달·discuss
Never ever use Azure Cosmos DB. The entire point is to lock you in. This isn’t some paranoid shit either. We use azure a lot, and I have worked with many people designing systems on Azure. Always avoid cloud providers lock in services. That’s their bread and butter. They want you to use them. They want you using Azure Cosmos DB, Azure Event Hubs, Azure Apps, Azure DataLake, etc. Same with AWS. Don’t be naive. Use Azure VMs, Azure Postgres, Azure Redis. Those are fine. You’re just paying someone for the operational cost of a service, but you can migrate of. There is no migration from Cosmos or DataLake. They tell you you can abstract your code, but that never works. They know you will be locked in. That’s the entire business model. Also resist the temptation of the offers they’ll through at you to link those services with all their other crap. Don’t be naive.
eddythompson80
·지난달·discuss
Pure slopium. I love it
eddythompson80
·지난달·discuss
I agree that virtualization has seen great advances. Kata containers on k8s are almost (not quite 100%) drop in replacement. Regardless those last 10% remain a problem.

I run a personal server for few open source applications for personal use. I was thinking with all the supply chain attacks, and how carelessly I run `docker pull`s to update things I should probably consider hardening things a bit. I thought before jumping to full virtualization with Kata I can easily try gvisor/runsc first. Only to realize that DNS resolution is completely different with runsc vs runc and had to switch back.

Another sticking issue with virtualization is resource allocation. With namespace docker you can easily oversubscribe each container CPU/memory and rely on the single kernel letting individual containers burst as needed. With full virtualization this is still a big problem. Even with balloon devices and dynamic memory and CPU etc, the resource allocation is still not optimal. On a basic 8 core/16GB machine you can run 1 or 2 dozen services and things generally workout fine. Trying to run each of those in a virtualized VM you suddly can maybe run 6 or 7 maybe. There is no way to tell VM 3 kernel to drop its file system cache because VM 6 needs to load a large file in memory. Even if you script it out, now VM 3 is slow because it dropped all its cache while VM 6 finished processing 3 hours ago. These are not unsolvable problems, but despite how far virtualization has come, are still friction points.

Not to mention issues like sharing hardware devices (GPUs, disks, USB devices etc) between multiple VMs
eddythompson80
·지난달·discuss
Its the now-classic "Sorry I drowned little Timothy. Here is a breakdown of what happened" followed by "Let me try to respawn little Timothy on a new map"
eddythompson80
·지난달·discuss
Exactly. We have about 6 new repos for new green-field projects each with 700+ auto-generated issues so far. No one is looking at them, but we do have them tracked so "Mission Accomplished" GWB-style.
eddythompson80
·지난달·discuss
> This might be as easy as a directive to populate a .md file.

It probably is. But do you really think anyone is gonna bother with the multiple daily (or hourly for green field projects) `+8,234/-3,734` PRs everyone is submitting?

The joke I was referring to is the common

     // ksmith (3/23/1997): This is a temporary hack for now. Find a better way to do this asap.
eddythompson80
·지난달·discuss
It would be cooler if the llm said something like:

> I noticed the machine doesn't have copy-fail patched, here is a quick workaround for not having root access for now.

> // TODO: find a better way to do this in the future.
eddythompson80
·지난달·discuss
I don't really know of any distro that doesn't do that. All of Docker Inc. default installs and all of distros I know of don't automatically add you to the docker group. docker.com instructions has the infamous "linux post-install instructions" that explain and walk you though it.

The tragedy is of course that when security and usability collide, 80/20 rule will apply where 80% of people will pick usability over security. I have worked with many with the title >= "Senior Engineers" who saw that page, read the explanation, and still had no idea what the ramifications of their changes were. "Yeah sure it said any user in the docker group will be able to get root on the host, but aren't containers isolated?"
eddythompson80
·지난달·discuss
> Kotlin <-> Java interop is a totally optional topic you could have skipped over

This is the same place F# has been stuck in. It’s a great language on its own, but you can’t just use F#. Every F# must also do C# interop. It’s too 100% optional in theory, but never in practice. The best CLR/JVM libraries for anything are Java/C# ones. You need to interop with them to develop practical Kotlin/F# applications. You can limit yourself to the Kotlin/F# ones, but then you’re artificially limiting yourself to experimental libraries at best. You will find yourself needing a charting library, a DNS library, an SMTP library, an AWS SDK or a rabbitmq SDK. The best ones are gonna be Java/C#. Yes, you can always find a random GitHub repo for a “Kotlin-native X”, but the Java X library is a thousand times more mature, stable, performant, feature rich, etc. Same problem with F#. And the “glue” code is so “straight forward”, why would any one bother?