jdsalaro's recent activity

  1. Comment on Help: Similar songs to Back to Black? Funk, pain and bravery. in ~music

    jdsalaro
    Link Parent
    This is breathtaking, amazing cover!

    This is breathtaking, amazing cover!

    1 vote

  2. Comment on Help: Similar songs to Back to Black? Funk, pain and bravery. in ~music

  3. Comment on Help: Similar songs to Back to Black? Funk, pain and bravery. in ~music

    jdsalaro
    Link Parent
    "Something's Got A Hold On Me" was from Etta James?! :D

    "Something's Got A Hold On Me" was from Etta James?! :D

    1 vote

  4. Comment on Help: Similar songs to Back to Black? Funk, pain and bravery. in ~music

    jdsalaro
    Link Parent
    Thank you, I will do some spelunking and see what I find under those genres. I've always been fond of Soul and so-called Slave Music such as Field Hollers and Work Songs. What I like about Back to...

    IMO, the obvious place to start is with the R&B, Vocal Jazz, and Soul music that clearly inspired Winehouse.

    Thank you, I will do some spelunking and see what I find under those genres. I've always been fond of Soul and so-called Slave Music such as Field Hollers and Work Songs.

    What I like about Back to Black though is how Jazzy, in an old way, and modern it feels!

    E.g. I suspect these three artists in particular were a huge influence on her: Etta James - I'd Rather Go Blind

    I'm digging this one, though it's a tad too slow and melancholic. It's beautiful, it truly is, but lacks a bit on the powerful and "no fucks given" side of things :)

    Nina Simone - I Put A Spell On You
    Billie Holiday & Her Orchestra - Strange Fruit

    Have loved those two since forever !

    I'll keep listening to Etta James !

    1 vote

  5. Help: Similar songs to Back to Black? Funk, pain and bravery.

    ~music Ask (recommendations)
    Hey peeps ! Having quite an Amy Winehouse phase right now :) The vibe of Back to Black is just phenomenal! Can y'all recommend similar songs? With similar I mean raw in their portrayal of pain,...

    Hey peeps !
    Having quite an Amy Winehouse phase right now :)
    The vibe of Back to Black is just phenomenal!
    Can y'all recommend similar songs? With similar I mean raw in their portrayal of pain, funky and enjoyable musically while at the same time remaining hopeful and powerful due to the sheer honesty and "few amount of fucks given" :D
    Thanks !!

    10 votes

  6. Comment on Install asdf: One Runtime Manager to Rule All Dev Environments in ~comp

    jdsalaro
    Link Parent
    I appreciate the feedback! You and me both, but it's the deck of cards I've been dealt :D If that gives you the heebie-jeebies, check this comment on HackerNews out: To be honest, this has only...

    This is interesting.

    I appreciate the feedback!

    I have to confess the idea of having so many versions of things installed gives me the heebeejeebies.

    You and me both, but it's the deck of cards I've been dealt :D

    If that gives you the heebie-jeebies, check this comment on HackerNews out:

    Whish there were some CLI to speed up this process actually. Just cd:ing into a folder should pull everything down for you to run iex/irb/node/etc as if it was native but running through the container.

    But if one must live in that environment, this seems like a useful tool
    I can't emphasize enough how many headaches I've solved or altogether prevented from arising by relying on this setup.

    I'm curious how often the tool dependencies (like library paths) get snarled up when switching environments.

    To be honest, this has only ever happened to me a couple of times (two?) in five years and it was due to brew and how opinionated and careless with its changes it is.

    Does the tool only shim the binaries, or does it have a provision to set up environment variables as well?

    Each plugin is different, since each language runtime operates differently. For example, for Java environment variables such as JAVA_HOME are set. I'll delves bit deeper into astd.vm internals in a future post.

    One problem that I see is that the global config has the potential to hide dependencies. Have you considered the ability to add a "no-globals" option to the local config files, so that users must explicitly choose a version for that context?

    Wouldn't explicitly stating the desired version for the given local repo and pushing it suffice in this case? A no globals with known or customary expected values seems equivalent to a set and pushed local .tool-versions, or am I missing something?

    I am all-in on containerized development, especially if the app itself will eventually be deployed in containers. For sure, there is a learning curve, but the ability to precisely control the environment seems worth the cost to me.

    I certainly agree, with the big plus than by the time you have your environment setup properly sorted out you also have a Dockerfile ready for deployment. However, and this is a big issue, exploring the solution space of challenges and experimenting within Docker containers is a pain in the butt! For that alone I always want to setup a local, native development environment. Also because I feel that if I've set it up locally, in a reproducible manner, I truly understand it and can port it anywhere. Nevertheless, I do agree with you in principle.

    For my dev setups, I like having task as the bootstrap dependency.

    Interesting, this is the second simpler version of make I learn about today ( the second being just )

    From there, a task setup-env and a task check-env can check for or install run time dependencies (mainly things like docker, k3d, helm, etc). Then I usually have a task build-dev-env for the dev docker file and task run-dev-env to launch a shell in it. The task file is a great resource for people on the team who don't understand the containerization to use it in a repeatable way.

    This sounds really cool, do you have one such speced-out task file public somewhere? I'd like to dive into it.

    Debugging remote apps is one of the hardest part of working this way, but debug servers running in the container are pretty well supported by things like vscode.

    It wasn't always the case, but I do agree that they've come a long way. Nevertheless, nothing approaches the ease with which you can debug and continue down the dependency tree when your languages runtime environment is just yet another directory within ~/.asdf/language/version/package

    1 vote

  7. Comment on Install asdf: One Runtime Manager to Rule All Dev Environments in ~comp

    jdsalaro
    Link Parent
    Hey there ! I'm a fellow infosec/automation/backend and product guy! Let me know in case you have free cycles and want to collaborate on research, I've got some ideas :) It's been crazy lately...

    Wow! I'm not really a dev (sysadmin/labber and infosec)

    Hey there ! I'm a fellow infosec/automation/backend and product guy! Let me know in case you have free cycles and want to collaborate on research, I've got some ideas :)

    so I don't normally need to contend with this, but man.

    It's been crazy lately because I'm testing other people's environment and code and without the setup described in the OP I'd had gone crazy by now.

    I can't tell you how many times I've tried install some tool from GitHub and tried installing modules and other components only for it to turn into a huge mess.

    An absolute shit show, I hear you.

    On Reddit someone was complaining that asdf.vm environments cannot be deployed and therefore are not useful, not as Docker containers, well if every project just came with a Dockerfile or docker-compose.yml

    'asdf' looks like it will be super helpful absolutely adding it to my Desktop anisble script.

    Is your desktop ansible script on a public repo somewhere? Curious to cross-checks notes!

    Bonus for such a well written and visually supported tutorial

    Thanks mate! I appreciate it, feel free to stay in the loop via the mailing list or socials, my resolution for this year is to be more active :D I love explaining stuff and teaching, so it really motivates me how good the reception has been; although the debate has been intense as hell.

  8. Comment on British Columbia to recriminalize use of drugs in public spaces in ~news

    jdsalaro
    Link Parent
    I agree, but I do have to wonder whether a Germany without public drinking is even plausible. It seems disingenuous to advocate for the prohibition of one without doing so for the other as well.

    Of course it's a little harder to use "treat it like alcohol" as an argument against public smoking in Germany, given that public alcohol consumption is legal and quite common here

    I agree, but I do have to wonder whether a Germany without public drinking is even plausible. It seems disingenuous to advocate for the prohibition of one without doing so for the other as well.

  9. Comment on Install asdf: One Runtime Manager to Rule All Dev Environments in ~comp

    jdsalaro
    Link
    Greetings folks, I wrote a tutorial on how to manage the dumpster fire that arises whenever one has to contribute to projects with very diverse stacks using asdf.vm. It's been a highly debated...

    Greetings folks, I wrote a tutorial on how to manage the dumpster fire that arises whenever one has to contribute to projects with very diverse stacks using asdf.vm. It's been a highly debated topic, so I figured y'all might be interested :D
    As usual, feel free to ask away!

    6 votes

  11. Comment on On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths in ~comp

    jdsalaro
    Link Parent
    Interesting, I had fixed it! Thanks for the heads up, edited and resubmitted. It looks correct now. Yes, that's the one.

    Just a heads up, your link goes to localhost

    Interesting, I had fixed it!
    Thanks for the heads up, edited and resubmitted. It looks correct now.
    Yes, that's the one.

  12. Comment on British Columbia to recriminalize use of drugs in public spaces in ~news

  13. Comment on British Columbia to recriminalize use of drugs in public spaces in ~news

    jdsalaro
    Link Parent
    I wasn't aware it was this bad; that's truly unfortunate.

    I wasn't aware it was this bad; that's truly unfortunate.

    4 votes

  14. Comment on On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths in ~comp

    jdsalaro
    Link Parent
    Interesting initiative, thank you for sharing it! Why do you think so? I think there is certainly hope, the conversation around supply-chain resilience in tech as well as dependency creep is very...

    I mostly agree with your points on code review and want to point to efforts like the crev project which try and make the implicit trust explicit based off social code review.

    Interesting initiative, thank you for sharing it!

    Another thing we ought to be doing is making our tech less complex so things like review are more tractable but I suspect that's basically impossible now

    Why do you think so? I think there is certainly hope, the conversation around supply-chain resilience in tech as well as dependency creep is very much alive. That doesn't mean much, but there is will there's a way, I suppose.

    2 votes

  15. Comment on On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths in ~comp

    jdsalaro
    (edited )
    Link Parent
    I fully agree, I've started curating a list of my favorite initiatives whose aim is supporting OSS/FOSS. It seems like every once in a while such an event is necessary to keep us on our toes and...

    I fully agree, I've started curating a list of my favorite initiatives whose aim is supporting OSS/FOSS.

    It seems like every once in a while such an event is necessary to keep us on our toes and remember that we ought to provide a support system; be it through monetary, work or other contributions.

    1 vote

  16. Comment on On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths in ~comp

    jdsalaro
    Link Parent
    Even this stance is becoming increasingly untenable, as it brings with it unnecessary risk general users are neither informed nor probably capable of assessing and much less mitigating.

    I love being at the bleeding edge for my personal stuff

    Even this stance is becoming increasingly untenable, as it brings with it unnecessary risk general users are neither informed nor probably capable of assessing and much less mitigating.

    2 votes

  17. Comment on British Columbia to recriminalize use of drugs in public spaces in ~news

    jdsalaro
    Link Parent
    absolutely, what folks do in their private life is none of other people's business. However, when the behaviors they exhibit in public have the potential to be emulated by others prone to social...

    this is a step in the right direction IMO

    absolutely, what folks do in their private life is none of other people's business. However, when the behaviors they exhibit in public have the potential to be emulated by others prone to social pressure, it becomes a matter of public health.

    2 votes

  18. Comment on Why you can't stay focused (and how to fix it) in ~health.mental

    jdsalaro
    Link Parent
    After watching the video, this is a wonderful and succinct representation of her points. Highly appreciated and will share it with some friends who might profit from it.

    After watching the video, this is a wonderful and succinct representation of her points. Highly appreciated and will share it with some friends who might profit from it.

    1 vote

  19. Comment on On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths in ~comp

    jdsalaro
    Link
    Hey folks! Many of us, probably almost everyone by now, have been following the XZ Utils situation. There have been many takes on how this was possible at all, both from the technical and the...

    Hey folks!

    Many of us, probably almost everyone by now, have been following the XZ Utils situation.

    There have been many takes on how this was possible at all, both from the technical and the community point of view. The most security conscious have been overtaken by a sense of unease, especially as the most obvious question is posed: "how many times has this happened?".

    This level of paranoia is certainly warranted, it always was as some are coming to realize, but I would like us all to remind people that systems are not only valuable due to their inherent robustness. Systems and software are also valuable, robust as well as secure due to the checks and balances within the processes that create them and act as fail-safes when said robustness is compromised.

    Some are looking for culpability in FOSS, but a point I feel we should echo louder is that although FOSS might have delivered on its weaknesses it also, and most importantly, delivered on its strengths.

    I'd be happy to hear your thoughts.

    14 votes