Latest Shots #
Latest Blog Posts #
aur-packages-jun-2026" class="card-title p-name">Malicious Aur Packages Jun 2026 #
-
AUR is not the official package repo
-
The AUR is community driven
-
AUR packages are not always safe
The first thing I’m doing to stop myself from running any aur updates automatically is removing any arch helper.
sudo pacman -Rns yay paru paru-bin Currently the reported vulnerabilities are supply chain attacks limited to the aur, keep your arch system up do date, BUT do not update packages from the AUR right now. In fact I’m auditing my aur usage and removing anything I have not used in awhile.
Here is a nice script I’m using to walk through my packages and get rid of things I installed and probably don’t need anymore.
pacman -Qemq | fzf -m –preview ' echo " package " pacman -Qi {} 2>/dev/null echo echo " required by " pacman -Qi {} 2>/dev/null | grep "Required By" ' | xargs -r -o sudo pacman -Rns Supply chain attacks are getting real scary in 2026, maybe we should listen to Ginger Bil…
agents are never done #
This part of software engineering has always been here, its the root of the never complete 200 side projects. But now it feels like fuel has been poured on the fire, like we can get more done than ever. But we are tricking ourselves, these projects will never be “done”. There’s always more to add. Without feeling any of the pain of implementing it yourself, why not just keep adding new features forever. This is the mentality that is crushing me right now.
It pulls at your token anxiety like crazy. You look at the usage board and you are almost cooked so y…
/carry/ #
I try to keep a pretty light every day carry, but it never works out, keyfobs and headphone cases end up causing more bulk than I’d like, but My EDC is no where near the bulk I had as a kid with my cargo pants decked out with everything I could possibly need.
I hold no attachment to anything in my EDC. Nothing on my person has sentimental value. Anything I carry can be lost, stolen, or destroyed at any point in time. I pick things of sufficient usable, utilitarian, quality sufficient to work. No extra fluff.
-
Google Pixel 6
-
Ridge Wallet
-
Olight Perun - Since April 2022
-
Civivi Qubit - Since March 2024 after my last one was donated to the Indianapolis Stadium
-
OpenFit Shokz
Rules
-
lightweight
-
replacable
-
no emotional attachments
-
utilitarian
-
everything serves a purpose
My kit
Photo taken March 2023
Phone
Google Pixel 6
I will not get finance a new phone for the foreseeable future again. The last time I feel like I got a phone that felt lik…
I Built A Tmux Session Switcher #
The Design
harpoon for tmux
press a hotkey followed by one more keystroke, currently any left hand letter SIMPLE, FAST, thats of utmost importance, what I want are sessions that I can can be assigned in order of importance from middle row, top row, bottom row.
I added this binding to my tmux config. Now I can press c-a a to go to the first session, c-a s to go to the second session. c-a and pause to think j/k to navigate, space to pick up a session and move it, x to kill it.
bind-key -n c-a popup -E '~/go/bin/tgo' Enter the agents
…
/verify #
-
My Website: waylonwalker.com [3]
-
YouTube: Waylon Walker [4]
-
YouTube Gaming: Waylon Walker Gaming [5]
-
Twitch: Waylon Walker [6]
-
Twitter: @_WaylonWalker [7]
-
LinkedIn: Waylon Walker [8]
-
GitHub: WaylonWalker [9]
-
Dev.to: Waylon Walker [10]
-
Bluesky: @waylonwalker.com [11]
References: [1]: https://mollywhite.net/verify/ [2]: https://slashpages.net [3]: https://waylonwalker.com [4]: https://youtube.com/waylonwalker [5]: https://www.youtube.com/channel/UCHuxc1HRsd3aRjvL6C817tQ [6]: https://www.twitch.tv/waylonwalker [7]: https://twitter.com/_WaylonWalker [8]: https://www.linkedin.com/in/waylonwalker [9]: https://github.com/WaylonWalker [10]: https://dev.to/waylonwalker [11]: https://bsky.app/profile/waylonwalker.com
Recent TIL #
I’ve been deploying my site old school for most of this year, rsync to a volume mounted to nginx. I ran into an issue today where I updated my site and all of the pages updated first, followed by upload. The issue this created was that the new cache busted css files were not up yet and the site had no styles for a brief period during upload.
I found that delaying updates and delaying deletes until the new content exists first solves this problem pretty well. Theres still possiblility of jank while uploading to a live directory and not doing some sort of hot swap, but I’m good with this low budget option for now.
sync:
rsync -rlt --delete --omit-dir-times \
--info=progress2 \
--delay-updates \
--delete-delay \
./output/ \
server:/mnt/mysite
dickover n. : a modal panel, popover, or curtain presented by a website or app, deliberately obscuring its own content to frustrate the user with an unwanted, unnecessary, mandatory interaction; e.g. asking the user to accept “cookies”, subscribe to a newsletter, install the website’s mobile app, agree to terms of service, or anything else that the user couldn’t give two shits about.
To ignore commands that start with a space character, use the
HIST_IGNORE_SPACE option in bash or zsh.
setopt HIST_IGNORE_SPACE
I just learned that forgejo has a push to create repo feature and it is a gamechanger. Upon first try it didn’t work, with just a couple of environment variables I was up and running with push to create.
notify.wayl.one on main is 📦 v0.1.62 v3.14.4 NO PYTHON VENV SET USING SYSTEM NVIM
❯ git remote add origin https://git.waylonwalker.com/waylon/notify.wayl.one
notify.wayl.one on main is 📦 v0.1.62 v3.14.4 NO PYTHON VENV SET USING SYSTEM NVIM
❯ git push
remote: Push to create is not enabled for users.
fatal: unable to access 'https://git.waylonwalker.com/waylon/notify.wayl.one/': The requested URL returned error: 403
So I added the following environment variables.
Author: Waylon S. Walker <[email protected]>
Date: Wed May 6 21:56:53 2026 -0500
enable push to create
diff --git a/k8s/forgejo/deployment.yaml b/k8s/forgejo/deployment.yaml
index d77daab..9346763 100644
--- a/k8s/forgejo/deployment.yaml
+++ b/k8s/forgejo/deployment.yaml
@@ -91,6 +91,10 @@ spec:
value: "0.0.0.0"
- name: FORGEJO__server__HTTP_PORT
value: "3000"
+ - name: FORGEJO__repository__ENABLE_PUSH_CREATE_USER
+ value: "true"
+ - name: FORGEJO__repository__ENABLE_PUSH_CREATE_ORG
+ value: "true"
- name: FORGEJO__database__DB_TYPE
value: postgres
- name: FORGEJO__database__HOST
https://github.com/WaylonWalker/homelab-argo/commit/b2e953bc12
Tried again, and it just worked!
notify.wayl.one on main is 📦 v0.1.62 v3.14.4 NO PYTHON VENV SET USING SYSTEM NVIM
❯ git push
Enumerating objects: 171, done.
Counting objects: 100% (171/171), done.
Delta compression using up to 12 threads
Compressing objects: 100% (169/169), done.
Writing objects: 100% (171/171), 176.22 KiB | 16.02 MiB/s, done.
Total 171 (delta 99), reused 0 (delta 0), pack-reused 0 (from 0)
remote: Resolving deltas: 100% (99/99), done.
To https://git.waylonwalker.com/waylon/notify.wayl.one
* [new branch] main -> main
nless is a seriously sick tui for exploring streaming data. It makes it seriously simple to pivot (U), drill in (Enter), sort (s). It leave breadcrumbs as you go and you can press q to back out.
Play with your kubernetes events. Ya, my homelab is far from perfect, dont judge.
kubectl get events -A -w | uvx --from nothing-less nless
markata-go now has web awesome integration for image compare. It renders a
nice web component with a slider to compare two images.
It’s done with a class wrapper around the image components.
::: wa-comparison
:::
Without markata-go’s web awesome integration, the above would look like:
<script type="module">
import 'https://ka-f.webawesome.com/[email protected]/components/comparison/comparison.js';
</script>
<wa-comparison>
<img
slot="before"
src="https://dropper.wayl.one/file/d628ffba-de18-4fff-91a8-700f037df119.webp"
alt="Grayscale version of kittens in a basket looking around."
/>
<img
slot="after"
src="https://dropper.waylonwalker.com/file/ca30665f-1a15-453e-aab8-221901c7df99.webp"
alt="Color version of kittens in a basket looking around."
/>
</wa-comparison>
Today I found a way to test model syntax, cause the clankers always get the exact model name that copilot wants wrong.
copilot --model claude-sonnet-4.5 -p "Reply with OK" --allow-all --no-ask-user -s
copilot --model gpt-5.4 -p "Reply with OK" --allow-all --no-ask-user -s
An ai model created by Anthropic was announced as a closed preview on April 7, 2026 for critical security research and evaluation with its close partners with critical software such as operating systems and browsers. Anthropic claims that mythos is able to reason through so much more context that any model ever before. This enables it to find bugs that are 25 years old in the BSD, considered one of the most secure operating systems we have. Once it finds these zero day bugs never discovered before its able to use them together in malicious ways never expected. In ways the world is not ready for. At the time of writing these are claims without proof. It remains scary to know the potential this has and that there is only a few companies with this potential that will gatekeep who gets access.