The main system that I am concerned about is my arch BTW machine. I found a
great article [1]
from the official archlinux site covering it.
For my machine I am concerned with this line.
The xz packages prior to version 5.6.1-2 (specifically 5.6.0-1 and 5.6.1-1)
contain this backdoor.
I checked my xz package with AUR [2].">paru, and I am good.
paru -Qii zx
References:
[1]: https://archlinux.org/news/the-xz-package-has-been-backdoored/
[2]: /aur/
Publishing rhythm
AUR [1].">paru has some nice features that I rarely use, and hav to look up when I need
them. Here are two commands to help with dependency management.
❯ paru -Qii nodejs
Name : nodejs
Version : 21.7.2-1
Description : Evented I/O for V8 javascript
Architecture : x86_64
URL : https://nodejs.org/
Licenses : MIT
Groups : None
Provides : None
Depends On : icu libuv libnghttp2 libnghttp3 libngtcp2 openssl zlib brotli c-ares
Optional Deps : npm: nodejs package manager [installed]
Required By : node-gyp nodejs-nopt npm semver
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 46.86 MiB
Packager : Felix Yan <[email protected]>
Build Date : Thu 04 Apr 2024 05:11:09 AM CDT
Install Date : Mon 15 Apr 2024 07:27:02 AM CDT
Install Reason : Installed as a dependency for another package
Install Script : No
Validated By : Signature
Backup Files : None
Extended Data : pkgtype=pkg
You can check all the packages depended on by nodejs by running the following.
This is everything from all of the repos you have configured, not what you have
installed.
❯ pactree --reverse --sync --depth 1 nodejs
nodejs
├─acorn
├─ansible-language-server
├─asar
├─babel-cli
├─babel-core
...
Changelog Master Feed
Your one-stop shop for all Changelog podcasts.
Changelog · changelog.com [1]
Jerod (It’s ya boi) and Adam are my favorite tech news nerds, and have the sickest podcasts in tech. Yes plural podcasts they run seven podcasts maybe more. If you want it short and sweet they got the best 15 minutes of tech news each week this is it. My favorite is Ship it, sad to see Gerhard go, but Justin and Autumn are crushing it. Every episode is highly polished and surrounded by the sickest beats in podcasting.
Subscribe to one pod if you want, but I recommend collecting them all with the master feed.
⭐⭐⭐⭐⭐
Note
This post is a thought [2]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://changelog.com/master
[2]: /thoughts/
MarkdownDown
Convert any webpage to a clean markdown w/ images downloaded.
MarkdownDown · markdowndown.vercel.app [1]
Small web app to convert html [2] into markdown. Pretty cool idea. I actually want to look into this for reader and see how well it would work. Right now I am just pulling descriptions, but maybe I can pull full web pages, and keep the full intent of the first 200 words or so in the cards.
Note
This post is a thought [3]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://markdowndown.vercel.app/
[2]: /html/
[3]: /thoughts/
Boston Dynamics’ new humanoid moves like no robot you’ve ever seen
All-electric, 360° joints give the new Atlas plenty of inhuman movements.
Ars Technica · arstechnica.com [1]
Award for the creepiest way to stand up a robot from lying flat.
Note
This post is a thought [2]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://arstechnica.com/gadgets/2024/04/boston-dynamics-debuts-humanoid-robot-destined-for-commercialization/
[2]: /thoughts/
Rug pull, not cool! (Changelog & Friends #40)
If Changelog News had an extended edition, this might be it! Jerod & Adam discuss Hashicorp's Cease and Desist letter, Redis getting forked, Boston Dymanics' scary cool new robot, Justin Searls' ex...
Changelog · changelog.com [1]
Five star episode with Jarod and Adam shootin the crap.
The massive Cease and Desist [2]
Sucks that the guest had to back out, what a wild world 2024 is. Filled with license and pricing changes.
From Vim to Zed [3]
Interesting to hear the journey into zed, way to go Thorston diving all the way into working at zed.
Boston Dynamics’ new Atlas [4]
I later saw this through a YT short, and man does it hold up to the creepy level that they described.
MarkdownDown [5]
This is a legit cool service, that converts html [6] into markdown
Note
This post is a thought [7]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://changelog.com/friends/40
[2]: https://opentofu.org/blog/our-response-to-hashicorps-cease-and-desist/
[3]: https://registerspill.thorstenball.com/p/from-vim-to-zed
[4]: https://arstechnica.com/gadgets/2024/04/boston-dynamics-debuts-humanoid...
I recently had to update my copier-gallery command to trust my own templates
because some of them have shell scripts that run afterwards. Be warned that
this could be a dangerous feature to run on random templates you get off the
internet, but these are all mine, so if I wreck it its my own fault.
copier copy --trust <template> <destination>
All the the copier copy api can be found with help.
❯ copier copy --help
copier copy 8.3.0
Copy from a template source to a destination.
Usage:
copier copy [SWITCHES] template_src destination_path
Hidden-switches:
-h, --help Prints this help message and quits
--help-all Prints help messages of all sub-commands and quits
-v, --version Prints the program's version and quits
Switches:
-C, --no-cleanup On error, do not delete destination if it was
created by Copier.
--UNSAFE, --trust Allow templates with unsafe features (Jinja
extensions, migrations, tasks)
-a, --answers-file VALUE:str Update using this path (relative to
`destination_path`) to find the answers file
-d, --data VARIABLE=VALUE:str Make VARIABLE available as VALUE when rendering the
template; may be given multiple times
-f, --force Same as `--defaults --overwrite`...
![[none]]
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: kanboard
namespace: argocd
spec:
project: default
destination:
namespace: kanboard
server: 'https://kubernetes.default.svc'
source:
path: kanboard
repoURL: 'https://github.com/waylonwalker/homelab-argo'
targetRevision: HEAD
syncPolicy:
automated:
prune: true
Note
This post is a thought [1]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: /thoughts/
Manual Upgrades | K3s
You can upgrade K3s by using the installation script, or by manually installing the binary of the desired version.
docs.k3s.io [1]
You can give k3s an install channel to install stable, latest, or specific versions like 1.26. This is handy to make sure that you install the same version on all of your workers.
curl -sfL https://get.k3s.io | INSTALL_K3S_CHANNEL=latest <EXISTING_K3S_ENV> sh -s - <EXISTING_K3S_ARGS>
Note
This post is a thought [2]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://docs.k3s.io/upgrades/manual
[2]: /thoughts/
Today I accidentally ran f2 in ipython to discover that it opens your $EDITOR!
I use this feature quite often in zsh, it is bound to <c-e> for me, and since
I have my environment variable EDITOR set to nvim it opens nvim when I hit
<c-e>. Today I discovered that Ipython has this bound to F2. If you know
how to set it to <c-e> let me know I’ve tried, a lot.
export EDITOR=nvim
ipython
<F2>
better yet add export EDITOR=nvim to your .zshrc
# ~/.zshrc
export EDITOR=nvim
Devin's Upwork "side hustle" exposed (Changelog News #90)
YouTuber "Internet of Bugs" breaks down why AI "software engineer" Devin is no Upwork hero, Redka is Anton Zhiyanov's attempt to reimplement Redis with SQLite, OpenTofu issues its response to Hashi...
Changelog · changelog.com [1]
Damn 2024 is such a shit show, now Devin seems to be out as a complete scam. It’s really teaching us to have skepticism for what you find on the internet. Turns out that when broken down frame by frame much of the description in the video was a straight up lie. Personally it seemed quite plausible that it was percentage points better than the competition, but I was not holding my breath for it to be a hands off engineer.
Note
This post is a thought [2]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://changelog.com/news/90
[2]: /thoughts/
External Link
stackoverflow.com [1]
I learned about the sqlite_master table from this stack overflow answer. This helps make a lot of sense to how sqlite works. The master table contains all the sqlite objects and the sql to create them.
The .tables, and .schema “helper” functions don’t look into ATTACHed databases: they just query the SQLITE_MASTER table for the “main” database. Consequently, if you used
sqlite3 database.db "SELECT * from sqlite_master;"
Note
This post is a thought [2]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://stackoverflow.com/questions/82875/how-can-i-list-the-tables-in-a-sqlite-database-file-that-was-opened-with-attach#answer-83195
[2]: /thoughts/
I’ve really been enjoying using sqlmodel for my projects that need a database.
One thing that I definitely lacked on for too long was indexing my database. I
hit a point with one database where it was taking 7s for pretty simple
paginated queries to return 10 records.
For every field that you will be querying on, you can create an index, by
setting it equal to Field(index=True)
class Hero(SQLModel, table=True):
id: int | None = Field(default=None, primary_key=True)
name: str = Field(index=True)
secret_name: str
age: int | None = Field(default=None, index=True)
example courtesy of the docs
Note
primary keys are indexed by default.
The docs cover this pretty well, and in quite depth - Optimizing Queries [1]
References:
[1]: https://sqlmodel.tiangolo.com/tutorial/indexes/
Redirecting
15r10nk.github.io [1]
This is a cool snapshot testing tool that automatically creates, and updates test values for you.
Starting with some test code.
from inline_snapshot import snapshot
def something():
return 1548 * 18489
def test_something():
assert something() == snapshot()
now if I run pytest my tests will fail because my assert will fail, but if I run pytest --inline-snapshot=create it will fill out my snapshot values and the file will then look like this.
from inline_snapshot import snapshot
def something():
return 1548 * 18489
def test_something():
assert something() == snapshot(28620972)
Note
This post is a thought [2]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://15r10nk.github.io/inline-snapshot/
[2]: /thoughts/
inline-snapshot is a new tool that I am trying out for python testing. It
takes snapshots of your outputs and places them inline with the test.
Here is the most basic starter.
import inline_snapshot
def test_one():
assert 1 == snapshot()
Now when I run pytest my tests will fail because my assert has no value, but if I
run pytest --inline-snapshot=create it will fill out my snapshot values and the
file will then look like this.
import inline_snapshot
def test_one():
assert 1 == snapshot(1)
It also works with pydantic models.
class MyModel(BaseModel):
name: str
age: int
nickname: str | None = None
def test_my_model_instance():
assert MyModel(name="Waylon", age=1) == snapshot(MyModel(name="Waylon", age=1))
def test_my_model_fields():
me = MyModel(name="Waylon", age=1, nickname='Waylon')
assert me.name == snapshot("Waylon")
assert me.age == snapshot(1)
assert me.nickname == snapshot("Waylon")
nalgeon [1] has done a fantastic job with redka [2]. Highly recommend taking a look.
Redis re-implemented with SQLite
References:
[1]: https://github.com/nalgeon
[2]: https://github.com/nalgeon/redka
GitHub - nalgeon/redka: Redis re-implemented with SQL
Redis re-implemented with SQL. Contribute to nalgeon/redka development by creating an account on GitHub.
GitHub · github.com [1]
Redka a sick new redis compatable api, that uses sqlite as its backend datastore. It feels lightweight to use as it is a single small binary. Data does not have to fit into memory as it uses sqlite to store data.
Note
This post is a thought [2]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://github.com/nalgeon/redka
[2]: /thoughts/
Today I learned how to VACUUM a sqlite database and cut its size in about half.
It’s a database that I have had running for quite awhile and has some decent
traffic on it.
Why is it important to do a VACUUM? In short its becuase the file system gets
fragmented with as data is updated. On delete the files are removed from the
database and marked as available for reuse in the filesystem, but the space is
not reclaimed.
To VACUUM a database, run the following sql command. You can do it right form
the sqlite shell by running sqlite3.
You will need about double the current size of the database as free space to
do the VACUUM, you need space for a full copy, journaling or write ahead
logs, and the existing database.
VACUUM;
The docs are fantastic for vacuum [1].
References:
[1]: https://www.sqlite.org/lang_vacuum.html
Arch Linux - News: The xz package has been backdoored
archlinux.org [1]
Check your system to see if you are vulnerable to the xz backdoor.
I found this line most pertanent to me.
The xz packages prior to version 5.6.1-2 (specifically 5.6.0-1 and 5.6.1-1) contain this backdoor.
Also it appears that arch is not vulnerable as it does not directly link openssh to liblzma, so the known attack vecotor is not possible. read to the end of the linked article for more.
Note
This post is a thought [2]. It’s a short note that I make
about someone else’s content online #thoughts
References:
[1]: https://archlinux.org/news/the-xz-package-has-been-backdoored/
[2]: /thoughts/
![[None]]
Install it
{
"ThePrimeagen/harpoon",
branch = "harpoon2",
dependencies = { "nvim-lua/plenary.nvim" },
config = function()
require("waylonwalker.plugins.harpoon").setup()
end,
},
harpoon config
local harpoon = require("harpoon")
M = {}
M.setup = function()
-- REQUIRED
harpoon:setup()
-- REQUIRED
vim.keymap.set("n", "<F10>", function() harpoon:list():append() end)
vim.keymap.set("n", "<F9>", function() harpoon.ui:toggle_quick_menu(harpoon:list()) end)
vim.keymap.set("n", "<F1>", function() harpoon:list():select(1) end)
vim.keymap.set("n", "<F2>", function() harpoon:list():select(2) end)
vim.keymap.set("n", "<F3>", function() harpoon:list():select(3) end)
-- these are cnext/cprev
-- vim.keymap.set("n", "<F4>", function() harpoon:list():select(4) end)
-- vim.keymap.set("n", "<F5>", function() harpoon:list():select(5) end)
vim.keymap.set("n", "<F6>", function() harpoon:list():select(6) end)
-- Toggle previous & next buffers stored within Harpoon list
vim.keymap.set("n", "<F7>", function() harpoon:list():prev() end)
vim.keymap.set("n", "<F8>", function() harpoon:list():next() end)
-- basic telescope configuration
local conf = require("telescope.config").valu...