Brain Phrye
code cooking diy fiction reviews personal politics tools

Zip Slip

While looking into something else I came across the Zip Slip vulnerability. Kind of annoying since it’s nearly a year old and I’ve only heard of it now. Every now and then I keep thinking a neat tool would be something that would run over a project, track every dependency it has and then alert you when there’s a a security issue. However it seems like one of those things people would want but not pay for. Read more

A month of blogging

I still use a feed reader and I follow a blog by a U. Toronto sysadmin. He posts pretty much every day and goes after some pretty meaty topic or another. I’ve been wondering how hard that is and what’s to be gained by it so this January I decided to give it a go. It’s been interesting. I’ve missed a few days - and this weekend diverted into recipes which are kind of technical but not quite. Read more

git filter-branch

I’m working on converting two large svn repos to git. Both have large binary files stored in them so I’m using git lfs to make them more manageable. However the repos are large enough that the normal tools don’t work so I’m using the BFG repo cleaner to do the lfs migration. And this, plus the subgit migration tool leave loads of .gitattributes files laying around. They’re easy to remove, but I need . Read more

Chromebook as dev machine

On Monday I discovered that an old Chromebook I have can now support “LinuxApps”. These are a VM + containers that one can use to run straight Linux programs. They descibe using GUI apps, but I just want compilers, vim, my shell, git and the regular crew of dev tools. And they’re here. Is it the fastest thing ever? No. As I type this I’m having vague flashbacks to connecting up to a shell account via a 9600 baud modem. Read more

Trying tmux

One of the nice things about unix is that a lot of your learning is additive. Learning one tool usually doesn’t replace another. Learning perl didn’t mean I stopped using awk for example. The time spent into learning the various tools on unix is therefore pretty well spent - you’ll get a lot of use from what you’ve learned. However I can think of two circumstance where that didn’t work out. Read more

3blue1brown: The weird way to pi

YouTube sadly has some horrible bits, but there’s a subset of it that has loads of fascinating math videos. Last week there was a great one which showed a bizarre way to calculate pi using a physics thought experiment. He left the actual equations that explained why this happens to a later video. Happilly it came out today. What it boils down to is an interaction between the equations for conservation of energy and the conservation of momentum. Read more

Python vs shell

One of the nice parts about shell is that you can quickly prototype things. But eventually they become too brittle or limited or complex and you need to switch to a better langauge. Pipelines are powerful, but real data structures are better. The brevity is nice though. From the ia-save script, these four lines of shell… 1 2 3 4 find posts -name '*.md' -print0 \ | xargs -0 awk '/^\[[^]]*\]: / && $2 ~ /^http/ {print $2}' \ | sed 's/#. Read more

Ticket home

A weird side-effect of putting my home dir in vcsh is that I can write tickets for it. So mild annoyances that can’t be fixed right get a ticket. That way if I have time later I’ll have a better sense of the issue. You can set up “a git server” with just an ssh account on a server that has git on it. Nowadays though most people run something like Gitlab or Gogs or one of the hosted services like Gitlab, Github or Bitbucket. Read more

Secrets in git repos

One issue with infrastructure sorts of repositories is what to do with sensitive data. Keys, tokens and other secrets shouldn’t be committed to git repos, but they have to go somewhere. In some cases you can put them in your CI/CD system and import them as variables. But that gets complicated quickly. One way to address it is to use git crypt. It’s not a standard git extension, but it’s been around for a fair bit of time. Read more