Readit News logoReadit News
flakes commented on Bubblewrap: A nimble way to prevent agents from accessing your .env files   patrickmccanna.net/a-bett... · Posted by u/0o_MrPatrick_o0
flakes · a month ago
I find it better to bubblewrap against a full sandbox directory. Using docker, you can export an image to a single tarball archive, flattening all layers. I use a compatible base image for my kernel/distro, and unpack the image archive into a directory.

With the unpack directory, you can now limit the host paths you expose, avoiding leaking in details from your host machine into the sandbox.

bwrap --ro-bind image/ / --bind src/ /src ...

Any tools you need in the container are installed in the image you unpack.

Some more tips: Use --unshare-all if you can. Make sure to add --proc and --dev options for a functional container. If you just need network, use both --unshare-all and --share-net together, keeping everything else separate. Make sure to drop any privileges with --cap-drop ALL

flakes commented on Total monthly number of StackOverflow questions over time   data.stackexchange.com/st... · Posted by u/maartin0
flakes · a month ago
Maybe it's a mix of me using the site less, or questions I previously answered not being as relevant anymore, however as it stands, it's just not fun to visit the site any more.

I have about ~750 answers and 24K rep after almost 12 years of being a member. The site was a great way to spend some free cycles and help people. My favorite bounty answer lead to me finding a bug in the Java compiler! I even got recruited into my current role from the old Stack Overflow Jobs board.

With AI, not only did the quality and frequency of posts go down, but the activity on my existing posts are basically zero now. I used to have a few notifications a week with either comments on my past answers/questions or a few upvotes (for those fun little serotonin boosts). Looking at my past stats.. in 2023 I had ~170 notifications, in 2024 that dropped to ~100, and in 2025 it went down to ~50 (with only 5 notifications since September).

I don't feel engaged with the community, and even finding new questions to answer is a struggle now with (the unanswerable) "open-ended questions" being mixed into the normal questions feed.

flakes commented on Deliberate Internet Shutdowns   schneier.com/blog/archive... · Posted by u/WaitWaitWha
modeless · 2 months ago
I thought this would be advocating "chaos monkey" style intentional shutdown to test institutions for resiliency in an outage situation. Might not be a bad idea. Maybe once every four years on leap day or something.
flakes · 2 months ago
> Maybe once every four years on leap day or something.

Advantage: You no longer need to fix that leap day bug on your website.

flakes commented on Show HN: Shittp – Volatile Dotfiles over SSH   github.com/FOBshippingpoi... · Posted by u/sdovan1
Y_Y · 2 months ago

  tmp="$(mktemp -d)" && rsync -a --exclude='.ssh' user@host:~/.[!.]* "$tmp"/ && HOME="$tmp" exec "$SHELL"

flakes · 2 months ago
I do the same, but I skip rsync for git.

    git clone $uri dotfiles; export HOME=$(pwd)/dotfiles
These days, my laptop acts as a dumb SSH gateway for Linux VMs. No configuration or setup, aside from VS code connecting to VMs. Any server that I would want to load my dotfiles onto will almost always have git installed.

Rant (not directed at any comment here): If it's a production server without git, then please do not run scripts like this. Do not create junk directories on (or ideally any modifications to) secure machines. It inevitably causes new and uninteresting puzzles for your colleagues. Create documented workflows for incident responses or inspection.

flakes commented on How well do you know C++ auto type deduction?   volatileint.dev/posts/aut... · Posted by u/volatileint
flakes · 2 months ago
Auto has really made c++ unapproachable to me. It's hard enough to reason about anything templated, and now I frequently see code where every method returns auto. How is any one supposed to do a code review without loading the patch into their IDE?

Deleted Comment

flakes commented on Google unkills JPEG XL?   tonisagrista.com/blog/202... · Posted by u/speckx
m348e912 · 2 months ago
A full-resolution, maximum-size JPEG XL image (1,073,741,823 × 1,073,741,824):

Uncompressed: 3.5–7 exabytes Realistically compressed: Tens to hundreds of petabytes

Thats a serious high-res image

flakes · 2 months ago
A selfie at that resolution would be some sort of super-resolution microscopy.
flakes commented on The HTTP Query Method   ietf.org/archive/id/draft... · Posted by u/Ivoah
vbezhenar · 2 months ago
You can just use body with GET. QUERY is redundant.
flakes · 2 months ago
You can, and that is mentioned in RFC 9110... along with the cons for doing so.

> Although request message framing is independent of the method used, content received in a GET request has no generally defined semantics, cannot alter the meaning or target of the request, and might lead some implementations to reject the request and close the connection because of its potential as a request smuggling attack (Section 11.2 of [HTTP/1.1]). A client SHOULD NOT generate content in a GET request unless it is made directly to an origin server that has previously indicated, in or out of band, that such a request has a purpose and will be adequately supported. An origin server SHOULD NOT rely on private agreements to receive content, since participants in HTTP communication are often unaware of intermediaries along the request chain.

QUERY is a new option to help avoid some of those downsides.

https://www.rfc-editor.org/rfc/rfc9110.html#section-9.3.1

flakes commented on Bazzite: Operating System for Linux gaming   bazzite.gg/... · Posted by u/doener
mikepurvis · 2 months ago
Even better, doing so allows GitHub to insert a source snippet if you paste a link like that into an issue or comment.
flakes · 2 months ago
Yeah, I just always used the context windows to set permalink. Saves me a step now!
flakes commented on The HTTP Query Method   ietf.org/archive/id/draft... · Posted by u/Ivoah
arp242 · 2 months ago
The situations where I've wished for GET to be able to have a (typically JSON) body were all in situations where the request isn't "user visible" in the first place. That is: API calls, SPA apps, ajax requests, that sort of thing. Not something people are really supposed to bookmark or call directly.

If today you're doing some JS-fu to make an ajax GET request then you already need to do something to have permalinks (if desired).

Completely worth bringing up and thinking about, but unless I'm missing something I don't think a QUERY verb will change all that much here?

flakes · 2 months ago
> unless I'm missing something I don't think a QUERY verb will change all that much here?

The semantics are important. GET APIs are expected to be safe, idempotent, and cache-friendly. When you are unable to use GET for technical reasons and move to POST, suddenly none of the infrastructure (like routers, gateways, or generic http libs) can make these assumptions about your API. For example, many tools will not attempt to put retry logic around POST calls, because they cannot be sure that retrying is safe.

Having the QUERY verb allows us to overcome the technical limitations of GET without having to drop the safety expectations.

f

u/flakes

KarmaCake day679August 11, 2023View Original