jdsalaro's recent activity
-
Comment on British Columbia to recriminalize use of drugs in public spaces in ~news
-
Comment on Install asdf: One Runtime Manager to Rule All Dev Environments in ~comp
jdsalaro LinkGreetings folks, I wrote a tutorial on how to manage the dumpster fire that arises whenever one has to contribute to projects with very diverse stacks using asdf.vm. It's been a highly debated...Greetings folks, I wrote a tutorial on how to manage the dumpster fire that arises whenever one has to contribute to projects with very diverse stacks using asdf.vm. It's been a highly debated topic, so I figured y'all might be interested :D
As usual, feel free to ask away! -
Install asdf: One Runtime Manager to Rule All Dev Environments
5 votes -
Comment on On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths in ~comp
jdsalaro Link ParentInteresting, I had fixed it! Thanks for the heads up, edited and resubmitted. It looks correct now. Yes, that's the one.Just a heads up, your link goes to localhost
Interesting, I had fixed it!
Thanks for the heads up, edited and resubmitted. It looks correct now.
Yes, that's the one. -
Comment on British Columbia to recriminalize use of drugs in public spaces in ~news
jdsalaro Link ParentIn Germany we are just starting to have this debate.In Germany we are just starting to have this debate.
-
Comment on British Columbia to recriminalize use of drugs in public spaces in ~news
jdsalaro Link ParentI wasn't aware it was this bad; that's truly unfortunate.I wasn't aware it was this bad; that's truly unfortunate.
-
Comment on On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths in ~comp
jdsalaro Link ParentInteresting initiative, thank you for sharing it! Why do you think so? I think there is certainly hope, the conversation around supply-chain resilience in tech as well as dependency creep is very...I mostly agree with your points on code review and want to point to efforts like the crev project which try and make the implicit trust explicit based off social code review.
Interesting initiative, thank you for sharing it!
Another thing we ought to be doing is making our tech less complex so things like review are more tractable but I suspect that's basically impossible now
Why do you think so? I think there is certainly hope, the conversation around supply-chain resilience in tech as well as dependency creep is very much alive. That doesn't mean much, but there is will there's a way, I suppose.
-
Comment on On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths in ~comp
jdsalaro (edited )Link ParentI fully agree, I've started curating a list of my favorite initiatives whose aim is supporting OSS/FOSS. It seems like every once in a while such an event is necessary to keep us on our toes and...I fully agree, I've started curating a list of my favorite initiatives whose aim is supporting OSS/FOSS.
It seems like every once in a while such an event is necessary to keep us on our toes and remember that we ought to provide a support system; be it through monetary, work or other contributions.
-
Comment on On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths in ~comp
jdsalaro Link ParentEven this stance is becoming increasingly untenable, as it brings with it unnecessary risk general users are neither informed nor probably capable of assessing and much less mitigating.I love being at the bleeding edge for my personal stuff
Even this stance is becoming increasingly untenable, as it brings with it unnecessary risk general users are neither informed nor probably capable of assessing and much less mitigating.
-
Comment on British Columbia to recriminalize use of drugs in public spaces in ~news
jdsalaro Link Parentabsolutely, what folks do in their private life is none of other people's business. However, when the behaviors they exhibit in public have the potential to be emulated by others prone to social...this is a step in the right direction IMO
absolutely, what folks do in their private life is none of other people's business. However, when the behaviors they exhibit in public have the potential to be emulated by others prone to social pressure, it becomes a matter of public health.
-
Comment on Why you can't stay focused (and how to fix it) in ~health.mental
jdsalaro Link ParentAfter watching the video, this is a wonderful and succinct representation of her points. Highly appreciated and will share it with some friends who might profit from it.After watching the video, this is a wonderful and succinct representation of her points. Highly appreciated and will share it with some friends who might profit from it.
-
Comment on On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths in ~comp
jdsalaro LinkHey folks! Many of us, probably almost everyone by now, have been following the XZ Utils situation. There have been many takes on how this was possible at all, both from the technical and the...Hey folks!
Many of us, probably almost everyone by now, have been following the
XZ Utilssituation.There have been many takes on how this was possible at all, both from the technical and the community point of view. The most security conscious have been overtaken by a sense of unease, especially as the most obvious question is posed: "how many times has this happened?".
This level of paranoia is certainly warranted, it always was as some are coming to realize, but I would like us all to remind people that systems are not only valuable due to their inherent robustness. Systems and software are also valuable, robust as well as secure due to the checks and balances within the processes that create them and act as fail-safes when said robustness is compromised.
Some are looking for culpability in FOSS, but a point I feel we should echo louder is that although FOSS might have delivered on its weaknesses it also, and most importantly, delivered on its strengths.
I'd be happy to hear your thoughts.
-
On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths
26 votes -
Comment on ‘We’re hemorrhaging money’: US health clinics try to stay open after unprecedented cyberattack in ~health
jdsalaro Link ParentCan you elaborate as to why you think this is the case?Let's also call it a horrible system
Can you elaborate as to why you think this is the case?
-
Comment on Folder-Dependent Git Configurations Using Conditional Includes in ~comp
jdsalaro Link ParentI might be missing something, but in this regard you could apply the same approach if you structure you minimally order your repositories: . ├── github │ ├── gitconfig │ ├── ID01 │ │ ├── gitconfig...I need multiple identities for the same remote hostname
I might be missing something, but in this regard you could apply the same approach if you structure you minimally order your repositories:
. ├── github │ ├── gitconfig │ ├── ID01 │ │ ├── gitconfig │ │ └── repo │ ├── ID02 │ │ ├── gitconfig │ │ └── repo │ ├── ID03 │ │ ├── gitconfig │ │ └── repo │ └── repo ├── gitlab │ ├── gitconfig │ └── repo ├── gitlab-university └── gitconfigAny repo you clone into
ID01will use the identity inID01/gitconfig. You can, of course, clone the same repo toID01,ID02andID03and you will use the corresponding identity seemlesly without needing to do anything.Which is basically just a slightly more sophisticated way of doing:
I ended up settingly on keeping a collection of small .gitconfig files that each configure an identity (name, email, and sshCommand if needed).
git clone -c include.path=/path/to/identity.gitconfigUnless your number of identities is unknown and quite large, and without knowing the specifics of your usecase, the approach I propose seems to work here and actually, fundamentally, reflects what you've already achieved.
-
Comment on Folder-Dependent Git Configurations Using Conditional Includes in ~comp
jdsalaro Link ParentA backhanded compliment if I ever saw one! Thank you for the kind feedback, though, I appreciate it!But I think I’m glad it’s not something I’ll ever need to know!
A backhanded compliment if I ever saw one!
Thank you for the kind feedback, though, I appreciate it!
-
Comment on Folder-Dependent Git Configurations Using Conditional Includes in ~comp
jdsalaro LinkHey there folks! I finally decided to finish a short tutorial I've been wanting to put out there about how to best structure and handle git repositories which are spread throughout different Git...Hey there folks!
I finally decided to finish a short tutorial I've been wanting to put out there about how to best structure and handle git repositories which are spread throughout different Git backends as well as how to selectively configure them using conditionally included git configurations.
Let me know what you think (Y)! -
Folder-Dependent Git Configurations Using Conditional Includes
5 votes -
Comment on People who manage small websites, how much does it cost you in time (and finances)? in ~comp
jdsalaro Link ParentIf it's a static website you may use GitLab or GitHub pages; I do so for mine. For domain names I've always enjoyed working with Namecheap; never had a problem.If it's a static website you may use GitLab or GitHub pages; I do so for mine.
For domain names I've always enjoyed working with Namecheap; never had a problem.
-
Comment on Comingle, an app to provide a small weekly UBI for its users, by its users in ~finance
jdsalaro Link ParentMay I ask where ? Would it be possible for me to ask you a couple of questions in this regard? I think this fascinating!May I ask where ?
Would it be possible for me to ask you a couple of questions in this regard? I think this fascinating!
I agree, but I do have to wonder whether a Germany without public drinking is even plausible. It seems disingenuous to advocate for the prohibition of one without doing so for the other as well.