The first UNIX account I ever got was on a BSD, and the first thing I saw in the first file I learned how to open was:
# A righteous umask
umask 22
I'll never forget those lines because they seemed so mysterious and cool. And they informed my philosophy on how the internet should be. People should be able to see other people's stuff by default. It's nice for us to be able to learn from one another. It's harder to rely on the honor system for privacy nowadays, but I still think "share by default" is a noble ideal.
That said, I also am unsure how best to overlap aliases and configs that are sensitive to my workplace with my everywhere config. Maybe I should have a .employer file that I source if it's there, but something about including that into my everywhere config feels decidedly not righteous.
Not just the internet but communities too. High trust societies are great to live in, digitally and physically. Leave the doors unlocked, leave keys in the ignition, leave valuables on the table when you walk away.
But high trust societies only work when the price of ongoing admission is not violating that trust.
When you accept/tolerate/expect the violation of trust the doors lock.
I actually do this somewhat frequently at my local game shop. Thousands of dollars' worth of Magic: The Gathering cards (because I bring multiple decks instead of just the one I'm playing) in my backpack left behind as I go to get some water or something.
> high trust societies only work when the price of ongoing admission is not violating that trust
Indeed, the reason I feel comfortable doing that is I know that nobody wants to be banned from going to that store (and they would be). In this context, the community is small enough that rumors would likely circulate at other local shops and they might also become a bit of a pariah at those other places they could play.
> unsure how best to overlap aliases and configs that are sensitive to my workplace
I have a .zshrc that sources .zshrc_mh, .zshrc_$employer, etc. That way my .zshrc is always a shareable config of sane defaults, and weird/opinionated aliases can go in my _mh, stuff particular to my employer goes in the other one, so forth.
In the past I had a more complex loading system I used (and made) that worked out of ~/.zsh.d/, but I no longer bother with all of that.
Installing a (read: many) custom vim plugins and color scheme and screen version and etc… stops being fun about the third time you have to log into a nameless server. That being said, there are some settings that I absolutely cannot live without; `j=gj` being a good example in vim.
IMO your dot files are only useful to share if they are usable with the default software of the place you’ve shared them to. Otherwise they become a prison that forces you to install all your special versions and plugins and scripts and etc. on the other hand, I felt like making my dotfiles easy to share forced me to use as many default settings as possible, which in the long run saves me a lot of time and energy.
“The only zen you’ll find on a mountain top is the zen you brought with you” is one of my favorite sayings, and in a weird way I find it fitting here. If you learn to love the default settings then every server feels like home.
It completely depends on your work environment. My experience has been doing a lot of admin work and working with distributed databases. I probably spend a third of my day in servers that are not mine. So for me it just doesn’t make sense to make a lot of configuration changes, especially changes that will end up in my muscle memory.
Now my personal computer does have much nicer color schemes and a few plugins for code dev that I don’t carry around. But even then I try to use the defaults in my IDEs and browsers, because at this point I’m on work computer number.. 11? Configuring it is starting to get old
It's also super weird when people say this and then switch to another editor, then switch to something like vscode, which ignores the fact that using a souped-up local Vim and a minimal remote one is the same situation... you're getting a different experience local and remote.
If the claim these folks make is "time spent struggling through a default config on an unfamiliar machine" > "time saved by crafting an workshop to fit your mind", then we are not the same.
(Probably, the dividing line here is time spent coding vs time spent managing infra.)
Also, if you have useful nice shelves that make your fridge aka postgres run better, why shouldn't we work on putting that on servers to make all fridges run better? Also, having a comparable and shared admin experience is a big deal in a team.
Like sure, if you need to quibble about red or yellow prompts, eh. But if there is a good log colorizer or analyzer that makes an expert better at handling the system, or some aliases that make a system easier to manage - I want this deployed for _all_ admins on _all_ relevant systems.
And sure, all code running on a server is a security topic. But then let's figure out a way to run your favorite tools through the software security pipeline and then deploy it to systems. Sure, I dislike installing the latest js-based npm fad on a database for a minor advantage, but if there is some well-aged tool from the postgres space... I'd probably rather work to have it.
Using something like astrovim provides a very nice framework for declaratively bringing in and bringing together a very nice environment too. Great start, good patterns, the impressive `lazy` managing plugins under the hood.
Mason is one other core bedrock components of good neovim dx. It's the main library in the neovim galaxy for bringing in lsp servers and debug adapter protocols. It mostly just works, gives great out of box debug-ability. There's like a mini `mise` running, powering the plugins you bring in.
This is the main reason that, even though I know I'd enjoy zsh, I stubbornly stick with bash. It's because I know that I will be extra frustrated when I have to log into any of the number of machines that I have to do real work on that don't have it already set up.
That’s like saying: “This is the main reason that, even though I know I’d enjoy a nice car, I stubbornly stick with a run-down PT Cruiser without radio and air conditioning. It’s because I know that I will be extra frustrated when I have to take an Uber.”
I personally use zsh and do not want to miss it on my own machines. I however do log in onto machines that sometimes do not even have bash (yeah it’s rare nowadays, but it exists), and I adapt just fine. It’s not super pleasant, but not using zsh on my machines would be less pleasant.
I have some variant of this where I mostly refuse to use shell aliases, since I come from a time when you might be remoted somewhere and not have your shell available and I want the muscle memory in the middle of a fire. People look at me like I'm crazy for typing the longer commands out.
I thought the appeal of vi was it can mostly be used "as is" vs emacs being infinitely customizable? The folks I know who use vi do so because they are at their core, sysadmins, and something simple and consistent is valued.
Vim and Neovim are pretty close to being infinitely customizable, but vi is a different story. Likewise, Emacs can be used as is. If anything, the difference was in the core audience. A sysadmin is more hesitant about customizing their tools because they tend to deal with many different systems. It's also the main reason why they use vi (Vim and Neovim are simply substitutes), because it is always available. Emacs tended to attract people who customized their tools.
These days, things are a bit different. Vim and Neovim are more easily customized, and have gained a following because it is more finger friendly (even if it is harder to learn).
does the same .bash_profile/.bashrc work on different linux versions? what about macos? and now macos no longer uses bash. And what about saving .bash_history? and on and on.
there is a whole industry of shell scripts that try to help with this.
It's not a question of share everything or share nothing - with https://chezmoi.io you can choose exactly what you want to share:
* You can keep your entire dotfile repo secret by using any private git hosting, including your own git hosting or a private GitHub repo.
* You can keep individual files secret by using age or gpg encryption. If you repo is public, this only reveals the existence of the file, not its contents.
* You can keep individual parts of your dotfiles secrets, e.g. API keys, by encrypting them or storing them in your password manager. All popular password managers are supported.
Chezmoi has been a blessing to use. It is one of the only tools I've used that had been able to survive me neclecting it for months and then getting back to it. I'd love a more interactive diff when my dotfiles have driften too much. But otherwise it is perfect for my needs.
Meta had an internal tool called "dotsync". It persisted multiple revisions of dotfiles across multiple machines associated with a particular user's account. It supported ignoring history and secret files by patterns. This is a superset of simply storing all dotfiles in a single git repo. This unmaintained project seems suspiciously similar including the name: https://dotsync.org
I feel similarly. For me it’s less about my unique customizations and more about this paranoia of there being something remotely sensitive in my ssh configs or something… the idea of hostnames, ips, domains, etc “leaking” worries me.
I use chezmoi to manage my dotfiles, if anyone has any advice on how to handle these worries I am all ears. I would love to share mine, even to just be able to point coworkers at my config.
chezmoi includes secret scanning from https://gitleaks.io/ by default to catch when you accidentally add a file with a secret in it. To be even more confident, you should add gitleaks as a git hook to your repo however.
How do you automatically set up the hooks, e.g. when you clone the repo on a new computer?
Also, is there a way to automatically edit a chezmoi managed file in the chezmoi directory? I accidentally type stuff like "nvim .bashrc" way too often and then forget I never added the changes to chezmoi. It would be neat if there was a vim plugin or something that just opened the chezmoi file instead if it's managed.
Too personal to share, but maybe too personal and important to share even with the members of the cloudy cartel, i.e. the Providers. Is exactly why I wrote myba that does full contents and paths encryption before syncing with the lapsable remotes ...
The moment I started syncing dotfiles between my work and personal computers, I know it was an error because very different reasons. Difficulty of maintaining different OS details (Linux vs MacOS). What if leaked a private key or a sensible path. What if a pushed to the wrong place or somebody made public the wrong repository...
When reading your comment something and idea came to mind about using something like sops to encrypt paths, passwords and keys. But I'll check yours first, so to avoid to construct a bunch of stuff that you've already done :D
I can no longer edit my original dot manager comment so to add some context: I developed an allergy for the term "vibe-coding" (and made a joke on the selection of OPs words), AI won't turn a lazy unskilled inexperienced person into John Carmack, lazy person + AI still equals to a lazy person. With that being said, most of you may have already experienced a divide between the above empirical truth and management decisions across your favorite corporate environments. So, the race is on, AGI-level agentic frameworks may be here soon enough to mitigate the above, then again, in the end isnt the enduser of most of our economic production directly or indirectly a human? Can a synthetic immortal system really cater for human needs? There is a reason why big deals are always negotiated in-person
I think the key is that dotfiles are a different genre of (code) writing than production code, with different investment, different motivations, different pain points and histories, and a sensitivity to the author that's not required when analyzing production code. You're looking into someone's daily writings, not their polished releases.
I think the fear is scrutiny, rejection, mockery for something that clearly works for you and you don't ever expect anyone else to use. But also partly that it's exposure without much reward in return. All these feelings are normal and it's fine to share or not share them. Just please honour the authors of the dotfiles you read even if you wouldn't ever think to use code in the way they do!
I'm sure I have stupid and weird stuff in my dotfiles. At one point I had bash set up so if I typed something like "gi tlog" it would fix it for me; this is obviously not something that everybody needs because it's due to my idiosyncratic typing-too-fast.
I've been using Unix systems since last century; my standard way to do a find-and-replace in a file is still 'perl -pi -e s/foo/bar/ filename.txt'; I've been writing that for 25 years and I'm unlike to stop any time soon unless perl stops working. I'm sure there's a better way to do this, but :shrug:?
I truly appreciate people sharing their dotfiles, I learned so much about vim and zsh just by reading other people's configuration alone (and the occasional comments there).
Also, the quality of life improvements like `alias ..='cd ..'`, or mapping `l` such that it either opens a pager or lists a dir, depending on the argument. I'd never come up with those, and they're beyond useful.
My dots are open to anyone who cares to view my GitHub. I do tend to keep employer specific aliases/stuff in an `.employer.zsh` file that is sourced by my main `.zshrc`. But my NeoVim config is completely open for inspection. I'm not doing anything all that extraordinary though. I don't share my dots on Reddit simply because I don't feel like using my real identity on that platform.
When it comes to consuming the dots of others, I just switched to AxOS for Linux... and am auditioning Celestia (https://github.com/caelestia-dots/shell). This means that in 3 months, my desktop will likely look like everyone else's. I probably won't even commit any of this as it's not really my stuff.
Readit News
That said, I also am unsure how best to overlap aliases and configs that are sensitive to my workplace with my everywhere config. Maybe I should have a .employer file that I source if it's there, but something about including that into my everywhere config feels decidedly not righteous.
But high trust societies only work when the price of ongoing admission is not violating that trust.
When you accept/tolerate/expect the violation of trust the doors lock.
I actually do this somewhat frequently at my local game shop. Thousands of dollars' worth of Magic: The Gathering cards (because I bring multiple decks instead of just the one I'm playing) in my backpack left behind as I go to get some water or something.
> high trust societies only work when the price of ongoing admission is not violating that trust
Indeed, the reason I feel comfortable doing that is I know that nobody wants to be banned from going to that store (and they would be). In this context, the community is small enough that rumors would likely circulate at other local shops and they might also become a bit of a pariah at those other places they could play.
I have a .zshrc that sources .zshrc_mh, .zshrc_$employer, etc. That way my .zshrc is always a shareable config of sane defaults, and weird/opinionated aliases can go in my _mh, stuff particular to my employer goes in the other one, so forth.
In the past I had a more complex loading system I used (and made) that worked out of ~/.zsh.d/, but I no longer bother with all of that.
IMO your dot files are only useful to share if they are usable with the default software of the place you’ve shared them to. Otherwise they become a prison that forces you to install all your special versions and plugins and scripts and etc. on the other hand, I felt like making my dotfiles easy to share forced me to use as many default settings as possible, which in the long run saves me a lot of time and energy.
“The only zen you’ll find on a mountain top is the zen you brought with you” is one of my favorite sayings, and in a weird way I find it fitting here. If you learn to love the default settings then every server feels like home.
To me it feels like getting told to not put nice shelves in my home because other buildings don't have them.
Now my personal computer does have much nicer color schemes and a few plugins for code dev that I don’t carry around. But even then I try to use the defaults in my IDEs and browsers, because at this point I’m on work computer number.. 11? Configuring it is starting to get old
If the claim these folks make is "time spent struggling through a default config on an unfamiliar machine" > "time saved by crafting an workshop to fit your mind", then we are not the same.
(Probably, the dividing line here is time spent coding vs time spent managing infra.)
Like sure, if you need to quibble about red or yellow prompts, eh. But if there is a good log colorizer or analyzer that makes an expert better at handling the system, or some aliases that make a system easier to manage - I want this deployed for _all_ admins on _all_ relevant systems.
And sure, all code running on a server is a security topic. But then let's figure out a way to run your favorite tools through the software security pipeline and then deploy it to systems. Sure, I dislike installing the latest js-based npm fad on a database for a minor advantage, but if there is some well-aged tool from the postgres space... I'd probably rather work to have it.
That's my style
Howdy-do me?
Watch me smile
But fare-the-well me
After a while
'Cause I gotta roam
And any place I hang my hat is home"
Mason is one other core bedrock components of good neovim dx. It's the main library in the neovim galaxy for bringing in lsp servers and debug adapter protocols. It mostly just works, gives great out of box debug-ability. There's like a mini `mise` running, powering the plugins you bring in.
Anybody who would like a decent text editor around vim key-bindings uses Emacs in evil-mode already.
I personally use zsh and do not want to miss it on my own machines. I however do log in onto machines that sometimes do not even have bash (yeah it’s rare nowadays, but it exists), and I adapt just fine. It’s not super pleasant, but not using zsh on my machines would be less pleasant.
These days, things are a bit different. Vim and Neovim are more easily customized, and have gained a following because it is more finger friendly (even if it is harder to learn).
does the same .bash_profile/.bashrc work on different linux versions? what about macos? and now macos no longer uses bash. And what about saving .bash_history? and on and on.
there is a whole industry of shell scripts that try to help with this.
* You can keep your entire dotfile repo secret by using any private git hosting, including your own git hosting or a private GitHub repo.
* You can keep individual files secret by using age or gpg encryption. If you repo is public, this only reveals the existence of the file, not its contents.
* You can keep individual parts of your dotfiles secrets, e.g. API keys, by encrypting them or storing them in your password manager. All popular password managers are supported.
Disclaimer: I'm the author of chezmoi.
I use chezmoi to manage my dotfiles, if anyone has any advice on how to handle these worries I am all ears. I would love to share mine, even to just be able to point coworkers at my config.
Also, is there a way to automatically edit a chezmoi managed file in the chezmoi directory? I accidentally type stuff like "nvim .bashrc" way too often and then forget I never added the changes to chezmoi. It would be neat if there was a vim plugin or something that just opened the chezmoi file instead if it's managed.
https://kernc.github.io/myba/
Some things are better public. Some are not ...
The moment I started syncing dotfiles between my work and personal computers, I know it was an error because very different reasons. Difficulty of maintaining different OS details (Linux vs MacOS). What if leaked a private key or a sensible path. What if a pushed to the wrong place or somebody made public the wrong repository...
When reading your comment something and idea came to mind about using something like sops to encrypt paths, passwords and keys. But I'll check yours first, so to avoid to construct a bunch of stuff that you've already done :D
yes, complicated, probably hard to comprehend/reason about, work in progress
same issue of intimacy, the paths aren't encrypted.
[1] https://www.passwordstore.org/
Dead Comment
I think the fear is scrutiny, rejection, mockery for something that clearly works for you and you don't ever expect anyone else to use. But also partly that it's exposure without much reward in return. All these feelings are normal and it's fine to share or not share them. Just please honour the authors of the dotfiles you read even if you wouldn't ever think to use code in the way they do!
I've been using Unix systems since last century; my standard way to do a find-and-replace in a file is still 'perl -pi -e s/foo/bar/ filename.txt'; I've been writing that for 25 years and I'm unlike to stop any time soon unless perl stops working. I'm sure there's a better way to do this, but :shrug:?
Also, the quality of life improvements like `alias ..='cd ..'`, or mapping `l` such that it either opens a pager or lists a dir, depending on the argument. I'd never come up with those, and they're beyond useful.
When it comes to consuming the dots of others, I just switched to AxOS for Linux... and am auditioning Celestia (https://github.com/caelestia-dots/shell). This means that in 3 months, my desktop will likely look like everyone else's. I probably won't even commit any of this as it's not really my stuff.
Somehow, 11 people have starred my public ones on GitHub.