HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rigid

no profile record

comments

rigid
·2 lata temu·discuss
a decent syslog daemon will stream it anywhere you like
rigid
·2 lata temu·discuss
you mean, something like a new FOSS project called "OpenEye"? :-)
rigid
·2 lata temu·discuss
> I wish Python had static builds!

while unusual in the "python world", there are more or less well supported ways: https://www.askpython.com/python/examples/compiling-applicat...

i'm sure go will support dynamic linking aswell sooner or later
rigid
·2 lata temu·discuss
They suck to maintain.

I love the fact that you can just update one single openssl lib and all installed apps use the updated version after a restart.

Static builds have their legitimate use-cases so maybe change that to "mandatory static builds". (iirc go support for dynamic linking is worked on and will become stable eventually)
rigid
·2 lata temu·discuss
https://textualize.io for python isn't bad either. (In case you don't like static builds like me.)
rigid
·2 lata temu·discuss
> where the maintainers of F-Droid can intervene and prevent an update to an app from reaching users if it's deemed to be malicious

That sounds like a feature you want when using FOSS.

Imagine distros wouldn't have been able to intervene quickly and malicious xz would be still deployed through their channels just because the authors want to.
rigid
·2 lata temu·discuss
That's not true tho. f-droid supports (true) https://f-droid.org/en/docs/Reproducible_Builds/ for quite some time now. Those are signed by both, f-droid and the author.
rigid
·2 lata temu·discuss
Hm f-droid provides privacy friendly https://fdroid.gitlab.io/metrics/ for some time now.

I'm not sure what sort of "control" they have over the Play Store compared to f-droid, but I'd rather have a trusted 3rd party do the building transparently and verifyable.
rigid
·2 lata temu·discuss
Signal has reproducible builds for android now? Why not f-droid then, too?
rigid
·2 lata temu·discuss
yep. android 13
rigid
·2 lata temu·discuss
mobile users should tap the canvas for the particles to move.
rigid
·2 lata temu·discuss
Hence "hack". It needs keys for administration but at a first glance, I see no reason why a git-anon user couldn't be part of gitolite's git user.
rigid
·2 lata temu·discuss
ledger-cli is rock solid but it lacks a decent TUI.

Really all I want is an 80s TUI accounting app that "just works" as ledger does but with a menu driven interface with keyboard shortcut support.

Modern stuff like multi-user capabilities, plugins, templates, API etc. wouldn't hurt.
rigid
·2 lata temu·discuss
For a single author you don't necessarily need any server at all. A cloud directory or zip files work well.

But gitolite is so easy to setup & maintain, it's not a big difference and for r/w-access management within teams, it's priceless.

I guess one could even hack anonymous access with "PermitEmptyPasswords yes" and "AuthenticationMethods none"
rigid
·2 lata temu·discuss
not sure how lightweight any of these are, but https://gitolite.com/gitolite/ just needs git and ssh deployed. And it works like a charm.
rigid
·2 lata temu·discuss
...at least you weren't looking for any references to "mifflin" functions.
rigid
·2 lata temu·discuss
I bet in the majority of cases, there's no need to pressure for merging.

In a big company it's much easier to slip it in. Code seemingly less relevant for security is often not reviewed by a lot of people. Also, often people don't really care and just sign it off without a closer look.

And when it's merged, no one will ever look at it again, other than with FOSS.
rigid
·2 lata temu·discuss
I kinda miss the curiosity show.

It was a bit more science leaning but got kids to awe just the same way.
rigid
·2 lata temu·discuss
> it enabled it in the first place

it took roughly two years including social engineering.

I'd say the same approach is much easier in a big software company.
rigid
·2 lata temu·discuss
> where no auditor ever looks

Well, software supply chains are a thing.

"where no auditor ever is paid to look" would be more correct.