My "production stuff" is listed at https://github.com/alexpdp7/alexpdp7/blob/master/README.md#other-usable-projects-of-mine
Maybe not worth poking into confidential computing... yet.
https://discuss.linuxcontainers.org/t/confidential-computing-support/25765/3
Hmmm, apparently QEMU has support for the confidential computing extensions from Intel/AMD. So maybe you would be able to run a tilde and enable people to run small VMs that could not be snooped/tampered with even with root on the host.
I think no one cares about this, but I think it's pretty cool and it would expand what one can do in a tilde.
@technomancy @davidgerard @david_chisnall unfortunately, I don't think you can block users (you can of course use user scripting to do so).
I haven't seen that much of AI boosters spilling outside the vibecoding tag.
But yeah, my love of Lobsters has dampened a bit. But I cannot think of any other measure to fix this (other than the tag) that would feel "right".
I wish people would stop engaging. I think they'd get tired quite soon.
@ripienaar try https://delta.chat/
It's true what they just tooted:
https://chaos.social/@delta/115810251249820004
, if you are a geek and start thinking it's based in email, it will drive you insane. But it's uber-usable. And apparently their security is well-audited. (They participated at 39C3.)
Exactly one year ago, on 30th December 2024, I laid the foundation of FediMeteo.
I took a VM, installed FreeBSD, and set up the first jail to support Italy. The goal was to create a tool for my own use, support a few countries, and announce it.
Unexpectedly, the enthusiasm was incredible. That pushed me to keep going, support more countries and cities, and turn it into what it is today.
FediMeteo now supports 38 countries and 2,937 cities, with more than 7,700 followers in the Fediverse alone, not counting the many people who follow via RSS feeds or visit the web pages.
If you are curious to read the story and some technical details, you can find it here:
https://it-notes.dragas.net/2025/02/26/fedimeteo-how-a-tiny-freebsd-vps-became-a-global-weather-service-for-thousands/
Today is also Tuesday, a #ThankYouTuesday, so I want to say thanks to:
* OpenMeteo - @openmeteo - for providing accurate, high quality data, without which FediMeteo would be far less useful
* @grunfink - creator of snac, who made all of this possible using very few resources, on a 4 euro per month VM
* FreeBSD, which thanks to the efficiency of the OS and its jail implementation made it possible to run this service in a stable and efficient way with minimal effort
* FediFollows - @FediFollows - that periodically spreads the word about cities, countries, and the enthusiasm around the project
*All of you*, who suggested, encouraged, corrected, and celebrated this project
And forward toward supporting more countries and other interesting features already in the works.
Happy birthday, FediMeteo! 🎉
#FediMeteo #HappyBirthday #Meteo #Weather #FreeBSD #snac #snac2 #OpenMeteo #Fediverse
In a previous job, I joked about people wanting to increase Nagios check_ping thresholds to over five seconds to reduce the volume of alerts.
I replaced Tinc with Wireguard, and I think *I* misconfigured something, but I am seeing some bizarre ping metrics from check_ping, I think the biggest one has been 17.5 seconds.
(Running check_ping in a Germany datacenter to a wireless access point in Barcelona in a domestic ISP connection through Wireguard.)
@tonofcrates haha, that is awesome, I'm very intrigued by Typst, but I think the repo is private :D
Oh, nice, seems that @tonofcrates started working on Bene again two months ago!
Demo: https://nota-lang.github.io/bene/?preload=portable-epubs.epub
As I'm against paged documents, glad to see this moving forward!
@nelson I am blind. Seeing people who think I'm not worth the effort fill my timeline with AltBot generated AI stuff that isn't even accurate in lots of cases.
Human alt text is always better, because it doesn´t focus on ocular seeing. Seeing people think, and AltBot was designed around that notion, that blind people must compensate for missing "eye-seeing", but that's not the case. I am interested in the meaning of an image to you, its maker or publisher.
Again, human alt text is better, also because it strengthens reciprocity between seeing and blind people. AltBot doesn't but it makes seeing people believe they have done their bit for accessibility. In actuality, the reverse is often true.
!!!!!!!!!
Having some thoughts about coercing PostgreSQL logical replication into a system for real-time UIs:
https://gist.github.com/alexpdp7/af4cadef3a27bbae7827b4884aed1242
(Curious about "provable" reasons why this is a horrible idea.)
RE: https://infosec.exchange/@tychotithonus/115789615747200172
Raskin’s First Law (emphasis mine):
A program may not harm a user’s data or, through inaction allow a user’s data to come to harm.
If you want people to trust your software, read that law and fully internalise it.
RE: https://hachyderm.io/@fasterthanlime/115730529166857536
For a little bit of historical context: the GitHiub Actions Runner is a fork of the Azure Pipelines Agent. The back-end infrastructure is similar. Azure Pipelines had some nice features that GitHub lacks, such as the ability to trivially connect an Azure Scale Set to dynamically control runners, but it also charged you for self-hosted and hosted runners.
The simpler (and cheaper) pricing was a big part of the reason that even internal teams moved off Azure Pipelines and onto GitHub.
GitHub Actions charging per build minute for *self-hosted-runners*? Shit's about to hit the fan lol
Self-hosted GitHub Runners were too good to be true. One of my main reasons to defend GitHub usage is gone. https://github.blog/changelog/2025-12-16-coming-soon-simpler-pricing-and-a-better-experience-for-github-actions/
It has been zero (0) days since trying to use my Google Titan security key with Google Chrome to access Google Meet has locked me out of a therapy call because the "device is not supported".
As a security nerd I really, really want to be on board with extensive 2FA and passkeys, but as an actual human being who is constantly getting locked out of their accounts because of totally inscrutable 2FA errors, I honestly want to go back to Just Long Passwords, Please.
@technomancy @aphyr this is one of my obsessions as well. Let me talk to you about Nextcloud.
I started to create a "package tracker" for self-hosting solutions. I got it working for YunoHost (it produces a website that shows the timeline of app releases vs. YunoHost package releases), because I think making self-hosting easier is a very good objective.
@aphyr after swearing off being a sysadmin for like a decade and then relapsing a couple years ago I've really been surprised how much it varies from one service to another; like the overhead of hosting soju or gotosocial is pretty close to zero but some bigger web apps can be a real headache
Going to all the effort to MITM an Android app and then discovering it's just a webview and I can just get everything I need from Chrome devtools
IncusOS lifted three weeks ago the main limitation I found in my initial exploration: the first ZFS pool can only use one drive, which made using the cheapest Hetzner servers a pain.
It is still limited compared to Proxmox; Proxmox claims to handle any drive failure easily, IncusOS recovers easily from failure of the "B" drive, but if the "A" drive fails, you need to install IncusOS to the new "A" drive.
Incus is amazing and I'm seriously considering IncusOS for my next iteration.
I started up Zoom this morning and it gave me the message
"It looks like we are unable to connect. Please check your network connection and try again."
But my network connection was fine. The problem was at Zoom's end, or more precisely, Cloudflare's. (And it seems OK now.)
I'm beginning to be annoyed by this reflexive "please check _your_ network connection" coda in these messages. What it is, is victim blaming. And possibly gaslighting too. _Their_ network connection went wrong, and their immediate response is to tell all of us users that _we_ must have done something wrong. It makes us all do lots of pointless work checking things that don't need checking, and it probably makes half of us feel inadequate when we can't find any problem.
If you're _going_ to advise users to check their own network connection, take reasonable steps first to ensure the problem really does look like being at the local end. Try pinging a few other independently run well-known sites; try some DNS lookups; if you can't do _anything_, suggest the user checks their connection, but if the rest of that stuff works and only your own server can't be reached, maybe redirect to your application's status webpage instead?
Sweet next year letsencrypt will support a persisting DNS record so these tools don’t need access to DNS for renewal
„The features matter a lot less than the people who are using the platform. […]
It can sometimes be a bit misleading when you get a lot of ideas and feature requests in a community, and the conversations become, ‘We definitely need feature X to grow because that’s what’s stopping people from using the platform.‘ While that’s true in some cases, the sad reality is that any flaw can be overlooked as long as the people you want to reach are there.“
This feels true for #Conversations_im as well.
Even more insidious: LLM editing & "vibe coding" is itself gatekeeping! 100%!
It's telling people they're too weak-minded to learn how to program and accomplish meaningful work using their own brains, so they need Big Tech to (expensively) do it for them! In addition, it means Fancy Clever 10X Programmers (lol) can *avoid* making programming a whole hell of a lot easier because that notion "doesn't matter" anymore!
It's all so completely backwards and absurd! @sue https://glasgow.social/@sue/115633253930152970
Hello, computer.
Leonard Nimoy's Star Trek IV: The Voyage Home (aka The One With the Whales!) was released 39 years ago today.
One of the most popular Trek films, the Whale Movie is indeed one of my fav. Fresh, funny, with a fine environmental message, it completes an overall successful trilogy.
@ripienaar sometimes I think of standardizing some JSON-in/JSON-out idempotent executable API for managing resources. Terraform, Puppet... many do this, but it's unfortunate everything is an isolated ecosystem.
Separating the resource managers from the "orchestration" part would be awesome.
And likely adapters for existing Puppet modules or Terraform providers could be built.
(I'd also love to $ firefox-config <config.json and stuff like that.)