Readit News logoReadit News
lilyball commented on Nested code fences in Markdown   susam.net/nested-code-fen... · Posted by u/todsacerdoti
yencabulator · 19 days ago
There's not much reason to be anything else than CommonMark + extensions.
lilyball · 18 days ago
For new implementations, sure. But it's harder to change existing implementations (anything not already CommonMark-compatible will introduce unexpected changes to existing content if you switch to CommonMark), and especially for anything that's not being actively developed it's unlikely to ever change.
lilyball commented on Nested code fences in Markdown   susam.net/nested-code-fen... · Posted by u/todsacerdoti
yencabulator · 19 days ago
The CommonMark spec even has an example test case! The excuses for poor implementations are pretty thin.
lilyball · 19 days ago
Not all markdown implementations are CommonMark
lilyball commented on Tailscale state file encryption no longer enabled by default   tailscale.com/changelog... · Posted by u/traceroute66
0cf8612b2e1e · a month ago
The big providers only want themselves to be able to backup passkeys. I do not want to handover my secrets to Apple/Microsoft/Google.
lilyball · a month ago
Apple Keychain syncing is end-to-end encrypted, Apple cannot see the contents of your synced keychain.
lilyball commented on Self-hosting my photos with Immich   michael.stapelberg.ch/pos... · Posted by u/birdculture
Dedime · 2 months ago
My problem with NixOS is the second you try to go "outside the guardrails", the difficulty increases 100x
lilyball · 2 months ago
Is it? Why? If a NixOS module doesn’t support what you need, you can just write your own module, and the module system lets you disable existing modules if you need to. Doing anything custom this way still feels easier than doing it in an imperative world.
lilyball commented on Patterns for Defensive Programming in Rust   corrode.dev/blog/defensiv... · Posted by u/PaulHoule
lilyball · 2 months ago
In Pattern: Defensively Handle Constructors, it recommends using a nested inner module with a private Seal type. But the Seal type is unnecessary. The nested inner module is all you need, a private field `_private: ()` is only settable from within that inner module, so you don't need the extra private type.
lilyball commented on Homebrew no longer allows bypassing Gatekeeper for unsigned/unnotarized software   github.com/Homebrew/brew/... · Posted by u/firexcy
pxc · 3 months ago
> Most people I know are not installing too many casks

Casks are the only things Homebrew does that some other package manager available on macOS doesn't reliably do better. Nix, Pkgsrc, MacPorts, and (and now Spack) all have better fundamental designs; sane, multi-user-friendly permissions; and enough isolation from the base system that they break neither each other nor manually-installed software.

I use Homebrew exclusively tucked away in isolated prefixes, only to install casks, and without ever putting any binaries it installs along the way on my PATH. I don't remember which programs it is, exactly, but I do use a few that are unsigned.

It also doesn't seem to me that the signing process is as vital in determining actual risk as the curation and moderation processes involved in maintaining "third-party" software distributions like Homebrew or Debian or whatever.

`--no-quarantine` in particular is one of the conveniences that makes Homebrew casks useful. If I have to give my consent anew for each app update, I might as well install the apps manually and live in the usual auto-update pop-up hell.

lilyball · 3 months ago
I haven't used Homebrew in a long time, but if I ever did it would be in the way that you describe (so far I've always found reasonable alternatives for the software I want). What I'm wondering is if this is entirely to support unsigned casks, why does Homebrew not simply resign the software itself at install time with an adhoc signature as though it had just built it?
lilyball commented on The AirPods Pro 3 flight problem   basicappleguy.com/basicap... · Posted by u/andrem
thenobsta · 3 months ago
:( I recently lost my APP1 and was going to buy new airpods this week. I guess I'm going to look elsewhere until Apple improves their quality. I'm one of the few that are bothered by ANC, so I don't use it. But I also don't want to buy/support a subpar product release.
lilyball · 3 months ago
If you don't use ANC, then why is an ANC issue that only appears on flights a reason for you to not buy a product? If someone said they have weird ears and the AirPods Pro 3 simply doesn't fit their ears, would that be a reason for you to not buy it even though it fits yours?
lilyball commented on I spent a year making an ASN.1 compiler in D   bradley.chatha.dev/blog/d... · Posted by u/BradleyChatha
lilyball · 4 months ago
I'm fascinated by ASN.1, I don't know why it appeals to me so much but I find working with it oddly fun. I've always wanted to find the time to write an ASN.1 compiler for Rust, because for some reason all of the Rust implementations I've seen end up just either being derive macros on Rust structs (so going the other direction), or even just providing a bunch of ASN.1 types and functions and expecting you to manually chain them together using nom.
lilyball commented on Apple: SSH and FileVault   keith.github.io/xcode-man... · Posted by u/ingve
kylehotchkiss · 5 months ago
Can LaunchDaemons spin up after this initial unlock? I'm trying to get my Mac Mini server to run things regardless of my login status. It would be great to get FileVault enabled on the server with this. I'm OK to manually login whenever the power goes out.
lilyball · 5 months ago
LaunchDaemons don't rely on GUI login state so they should come up. If you use LaunchAgents then they won't start this way, but LaunchDaemons should be enabled once the data volume is unlocked and booting finishes.
lilyball commented on Apple: SSH and FileVault   keith.github.io/xcode-man... · Posted by u/ingve
Cu3PO42 · 5 months ago
Neat. Though I wonder if this suffers from the same race condition that the graphical session does when your shell is stored on a data volume.

Specifically, if you restart and opt to restart apps, they can come up before all volumes have been decrypted and mounted. If your shell is on one such volume, your terminal emulator may fail to start, for example. This can happen when using Nix to install your shell, for example.

I imagine this may be even easier to hit over SSH unless the underlying problem was resolved.

lilyball · 5 months ago
Unlock over SSH terminates the connection after unlocking the data volume, so it doesn't even attempt to start the shell until you reconnect after it's fully booted up.

FWIW you can fix the shell issue by wrapping your shell in a shim that essentially runs wait4path on the nix store before exec'ing your real shell. I set up my environment to install that shim binary directly onto the data volume at a known path so it can be used as my login shell.

l

u/lilyball

KarmaCake day19285May 8, 2009
About
My opinions are my own and do not reflect those of my employer

[ my public key: https://keybase.io/lilyball; my proof: https://keybase.io/lilyball/sigs/okmRsMzqujmfu5cZO3uh8L1hmbSarnLcQJTjev7R60c ]

View Original