linsomniac (u/linsomniac)

linsomniac commented on SSL certificate requirements are becoming obnoxious chrislockard.net/posts/ss... · Posted by u/unl0ckd

jraph · 2 days ago

Why or in which cases is opening a dedicated port better than publishing challenges under some /.well-known path using the standard HTTP port?

(You say hijacking the HTTP port, but I don't let the ACME client take over 80/443, I make my reverse proxy point the expected path to a folder the ACME client writes to, I'm not asking for a comparison with a setup where the acme client takes over the reverse proxy and edits its configuration by itself, which I don't like)

linsomniac · a day ago

The case for it is where it's not easy to plop a file in a .well-known path on port 80/443. If you have a reverse proxy that is easy to set up to publish that, that makes it easier. I guess I could have used different wording, I do consider making the .well-known available a subset of hijacking the port, but can see why it would be confusing. ACME setup can still be trickier to set up, but is definitely a good solution if it fits in your environment.

linsomniac commented on SSL certificate requirements are becoming obnoxious chrislockard.net/posts/ss... · Posted by u/unl0ckd

azeemba · 2 days ago

I think a large enough org that needs many different certificates should have an internally-trusted CA. That would then allow the org to decide their own policy for all their internal facing certificates.

Then you only have to follow the stricter rules for only the public facing certs.

linsomniac · 2 days ago

We make extensive use of self-signed certificates internally on our infrastructure, and we used to manually manage year-long certs. A few months ago I built "LessEncrypt", which is a dead simple ACME-inspired system for handing out certs without requiring hijacking the HTTP port or doing DNS updates. Been running it on ~200 hosts for a few months now and it's been fantastic to have the certs manage themselves.

https://github.com/linsomniac/lessencrypt

I've toyed with the idea of adding the ability for the server component to request certs from LetsEncrypt via DNS validation. Acting as a clearing house so that individual internal hosts don't need a DNS secret to get certs. However, we also put IP addresses and localhost on our internal certs, so we'd ahve to stop doing that to be able to get them from LetsEncrypt.

linsomniac commented on We put a coding agent in a while loop github.com/repomirrorhq/r... · Posted by u/sfarshid

VincentEvans · 2 days ago

I assume you have some software engineering fundamentals training.

linsomniac · 2 days ago

Training? Not a lick. I took AP Pascal back in High School...

linsomniac commented on We put a coding agent in a while loop github.com/repomirrorhq/r... · Posted by u/sfarshid

VincentEvans · 3 days ago

There will be a a new kind of job for software engineers, sort of like a cross between working with legacy code and toxic site cleanup.

Like back in the day being brought in to “just fix” a amalgam of FoxPro-, Excel-, and Access-based ERP that “mostly works” and only “occasionally corrupts all our data” that ambitious sales people put together over last 5 years.

But worse - because “ambitious sales people” will no longer be constrained by sandboxes of Excel or Access - they will ship multi-cloud edge-deployed kubernetes micro-services wired with Kafka, and it will be harder to find someone to talk to understand what they were trying to do at the time.

linsomniac · 2 days ago

>it will be harder to find someone to talk to understand what they were trying to do at the time.

IMHO, there's a strong case for the opposite. My vibe coding prompts are along the lines of "Please implement the plan described in `phase1-epic.md` using `specification.prd` as a guide." The specification and epics are version controlled and a part of the project. My vibe coded software has better design documentation than most software projects I've been involved in.

linsomniac commented on All managers make mistakes; good managers acknowledge and repair terriblesoftware.org/2025... · Posted by u/matheusml

yakkomajuri · 6 days ago

This is not just about management but life overall. You will mess up with the people you love -- and repair is the way to go there as well.

linsomniac · 6 days ago

Absolutely, EVERYONE needs to figure out how to benefit from their mistakes rather than try to sweep them under the rug. This is one recurring theme I bring up with my kids: If you don't learn from your mistakes, you've made two mistakes. It is really hard to say "I messed up", but you can't live your life acting like you don't make mistakes. Learn from your mistakes, and then move on.

linsomniac commented on Why Nim? undefined.pyfy.ch/why-nim... · Posted by u/TheWiggles

linsomniac · 10 days ago

>typos no longer crash in production because the compiler checks everything.

Gentle correction: Python is typed now too and you can get the benefits of typing both in your IDE (via LSP) and before deploying to production (via mypy and the like). This happens both by type inference as well as explicit type annotations.

linsomniac · 9 days ago

What percentage of typing features does a language need to have to be "good enough"? Because I'm gaining benefits of typed languages in Python, but responses to this thread are, literally: You aren't a programmer.

linsomniac commented on Why Nim? undefined.pyfy.ch/why-nim... · Posted by u/TheWiggles

nazgul17 · 10 days ago

That's the dream. Reality is very different. Mypy presents numerous false negatives and false positives. Useful to screen for some bugs, but definitely far from giving guarantees.

Not to mention, if a library does not or does sloppily use type annotations, you would not get reliability even with a perfect type checker.

linsomniac · 10 days ago

I'm sure you're right that there are situations where mypy or ty or LSP give false positives/negatives, but in my use of them over the last ~6 months I really haven't run into many of those situations, or at least none come to mind. Libraries without type annotations do reduce the effectiveness to just what can be inferred by the type checker.

linsomniac commented on Why Nim? undefined.pyfy.ch/why-nim... · Posted by u/TheWiggles

treeform · 10 days ago

I feel like Nim made me fall in love with programming again.

Nim fixes many of the issues I had with Python. First, I can now make games with Nim because it’s super fast and easily interfaces with all of the high performance OS and graphics APIs. Second, typos no longer crash in production because the compiler checks everything. If it complies it runs. Finally, refactors are easy, because the compiler practically guides you through them. The cross compiling story is great you can compile to JS on the front end. You can use pytorch and numpy from Nim. You can write CUDA kernels in Nim. It can do everything.

See: https://www.reddit.com/r/RedditEng/comments/yvbt4h/why_i_enj...

linsomniac · 10 days ago

>typos no longer crash in production because the compiler checks everything.

Gentle correction: Python is typed now too and you can get the benefits of typing both in your IDE (via LSP) and before deploying to production (via mypy and the like). This happens both by type inference as well as explicit type annotations.

linsomniac commented on Customizing tmux evgeniipendragon.com/post... · Posted by u/EPendragon

linsomniac · 23 days ago

I've largely given up using tmux in favor of wezterm: wezterm has the ability to remote connect to a persistent terminal running on another machine, and has native window objects so things like mouse support and copy/paste work out of the box. It also has a kind of mosh-like support, though not quite as good at persisting connections over bad networks or network disconnections as mosh+tmux.

The down side is that it's really sensitive to versions, right now I'm struggling to get it to work on NixOS in the version that I have running on my Ubuntu dev box and MacOS laptop.

linsomniac commented on NixOS on a Tuxedo InfinityBook Pro 14 Gen9 AMD Laptop fnune.com/hardware/2025/0... · Posted by u/brainlessdev

linsomniac · a month ago

I'm traveling for the next couple weeks and don't want to take my home or work laptop, so I'm setting up a nice, old Chromebook with NixOS. I've dabbled with NixOS before. But this time I have been using Claude Code to set it up, and it's really good at it. Makes it painless, even without being very experienced with NixOS.