HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rigid

no profile record

comments

rigid
·2 yıl önce·discuss
a decent syslog daemon will stream it anywhere you like
rigid
·2 yıl önce·discuss
you mean, something like a new FOSS project called "OpenEye"? :-)
rigid
·2 yıl önce·discuss
> I wish Python had static builds!

while unusual in the "python world", there are more or less well supported ways: https://www.askpython.com/python/examples/compiling-applicat...

i'm sure go will support dynamic linking aswell sooner or later
rigid
·2 yıl önce·discuss
They suck to maintain.

I love the fact that you can just update one single openssl lib and all installed apps use the updated version after a restart.

Static builds have their legitimate use-cases so maybe change that to "mandatory static builds". (iirc go support for dynamic linking is worked on and will become stable eventually)
rigid
·2 yıl önce·discuss
https://textualize.io for python isn't bad either. (In case you don't like static builds like me.)
rigid
·2 yıl önce·discuss
> where the maintainers of F-Droid can intervene and prevent an update to an app from reaching users if it's deemed to be malicious

That sounds like a feature you want when using FOSS.

Imagine distros wouldn't have been able to intervene quickly and malicious xz would be still deployed through their channels just because the authors want to.
rigid
·2 yıl önce·discuss
That's not true tho. f-droid supports (true) https://f-droid.org/en/docs/Reproducible_Builds/ for quite some time now. Those are signed by both, f-droid and the author.
rigid
·2 yıl önce·discuss
Hm f-droid provides privacy friendly https://fdroid.gitlab.io/metrics/ for some time now.

I'm not sure what sort of "control" they have over the Play Store compared to f-droid, but I'd rather have a trusted 3rd party do the building transparently and verifyable.
rigid
·2 yıl önce·discuss
Signal has reproducible builds for android now? Why not f-droid then, too?
rigid
·2 yıl önce·discuss
yep. android 13
rigid
·2 yıl önce·discuss
mobile users should tap the canvas for the particles to move.
rigid
·2 yıl önce·discuss
Hence "hack". It needs keys for administration but at a first glance, I see no reason why a git-anon user couldn't be part of gitolite's git user.
rigid
·2 yıl önce·discuss
ledger-cli is rock solid but it lacks a decent TUI.

Really all I want is an 80s TUI accounting app that "just works" as ledger does but with a menu driven interface with keyboard shortcut support.

Modern stuff like multi-user capabilities, plugins, templates, API etc. wouldn't hurt.
rigid
·2 yıl önce·discuss
For a single author you don't necessarily need any server at all. A cloud directory or zip files work well.

But gitolite is so easy to setup & maintain, it's not a big difference and for r/w-access management within teams, it's priceless.

I guess one could even hack anonymous access with "PermitEmptyPasswords yes" and "AuthenticationMethods none"
rigid
·2 yıl önce·discuss
not sure how lightweight any of these are, but https://gitolite.com/gitolite/ just needs git and ssh deployed. And it works like a charm.
rigid
·2 yıl önce·discuss
...at least you weren't looking for any references to "mifflin" functions.
rigid
·2 yıl önce·discuss
I bet in the majority of cases, there's no need to pressure for merging.

In a big company it's much easier to slip it in. Code seemingly less relevant for security is often not reviewed by a lot of people. Also, often people don't really care and just sign it off without a closer look.

And when it's merged, no one will ever look at it again, other than with FOSS.
rigid
·2 yıl önce·discuss
I kinda miss the curiosity show.

It was a bit more science leaning but got kids to awe just the same way.
rigid
·2 yıl önce·discuss
> it enabled it in the first place

it took roughly two years including social engineering.

I'd say the same approach is much easier in a big software company.
rigid
·2 yıl önce·discuss
> where no auditor ever looks

Well, software supply chains are a thing.

"where no auditor ever is paid to look" would be more correct.