wbolster

Born on May 17, 2012•33 Karma

on May 5, 2023

•on: Gitlab 15.11.2 – Important notice – Critical secur...

the git repo has more info about the 15.11.2 release: https://gitlab.com/gitlab-org/gitlab/-/commit/d5dc7d794ce2fc...

- Only maintainers of projects should be able to assign runners to them (gitlab-org/security/gitlab@c52abfffad2c06c2a49788e3db473f14923c3926), merge request (gitlab-org/security/gitlab!3234)

- Authorize access to vulnerabilitiesCountByDay resolver (gitlab-org/security/gitlab@8e78aecb9a6c248099a043f181de3c8f6d4417ce)

and a bit of further digging shows the commit for the first issue mentioned above, adding a permission check: https://gitlab.com/gitlab-org/gitlab/-/commit/c52abfffad2c06...

wbolster•

on Jan 13, 2022

•on: Parcel CSS: A new CSS parser, compiler, and minifi...

i doubt there's a noticeable difference after applying any "dumb" file compression scheme, e.g. brotli/gzip

wbolster•

on Dec 23, 2021

•on: How IPFS is broken

this can be solved on the file system layer below.

on my laptop with btrfs this requires no special effort: simply copying the files and renaming them suffices. nautilus (gnome file manager) uses copy on write, and coreutils "cp" also defaults to "reflink" these days.

captn3m0•

on Dec 23, 2021

Doesn't work for torrents with RAR/ZIP files. The ref-link is also one-way. If I have existing content on my disk, and want to (partially) seed a torrent - can't do that easily.

I'd like a way to say: "Everything inside /public is public-domain content, seed it against any valid torrent if someone shows up with a valid hash"

wbolster•

on Nov 9, 2019

•on: We do not use foreign keys (2016)

not sure about mysql, but in postgresql an update on a table with a foreign key will take 'FOR KEY SHARE' locks on the referenced table, which is a weaker type of lock. updates on the referenced table that do not update (primary) key columns (changing a pk is very uncommon anyway) will suffice with a 'FOR NO KEY UPDATE' lock, which does not get blocked by 'FOR KEY SHARE' locks. in fact, the main reason postgresql has these weaker 'FOR KEY SHARE' and 'FOR NO KEY UPDATE' lock types is for handing of foreign keys.

Volundr•

on Nov 9, 2019

Also worth noting here, if you ARE updating the primary key on the referenced table, then locks MUST be taken to ensure data consistency. If that PK isn't locked, than by the very problem definition you have open transactions relying on the original PK value.

Those locks would be very challenging to accomplish at the application level.

wbolster•

on Oct 15, 2019

•on: On the way to being the most downvoted post ever o...

nit: the suffix -um in latin typically indicates a neuter grammatical gender. -us is usually masculine, and only in its accusative form it becomes -um. there are exceptions though, e.g. feminine 'manus' (hand). https://en.m.wikipedia.org/wiki/Latin_declension

wbolster•

on May 10, 2018

•on: Glom – Restructured Data for Python

in a similar spirit, i wrote "sanest", sane nested objects, tailored specifically for json fornats: https://sanest.readthedocs.io/

it does not have the exact same feature set though. my focus was mostly on both reading and modifying nested structures in a type safe way.

wbolster•

on Dec 31, 2017

•on: Keybee: a new keyboard layout designed specificall...

thank you, random stranger, for sharing your gnu/extremism.

while i am in no way defending software patents (which I don't like at all), i find the full-frontal attack attitude that you and many other gnu/zealots exhibit towards random strangers on the internet so infuriating that i am writing this comment here to let you know that people like you are exactly what prevents me (and many others) from getting involved in some free (libre) software projects.

thanks so much for your contribution to the advancement of libre software.

yuck.

_n2s9•

on Dec 31, 2017

My comment has absolutely nothing to do with preaching free software or even trying to push people to make their software available under a free license. You could even take out the word "libre" from my comment, if it irks you that much. The meaning is the same. And the meaning is simply my interpretation of that sentence. After having read that sentence, the last thing I expected was for it to be patented and I was so sure of that, that I did also feel it was dishonest to put that sentence on the webpage.

Yes, I generally would prefer for people to publish their software as libre, especially if it does not interfere with their way of making money as is the case here, yes, I was somewhat annoyed that I could not actually try this keyboard out, since yes, I am enough of a free software zealot for my personal use that I only have F-Droid installed and yes, I do actually find it unacceptable for a keyboard app on Android to not at least allow its source code to be inspected, as once enabled it can read everything you type from personal conversations down to passwords and Android does fuckall to prevent a keyboard app from just sending all of that to somewhere on the internet, but none of that was expressed in my previous comment.

wbolster•

on Dec 31, 2017

•on: Keybee: a new keyboard layout designed specificall...

this is a very important point. i tried swiping in my phone using the colemak keyboard layout which i use on normal keyboards, and found it utterly unusable because the prediction quality dramatically goes down. this is most likely caused by the lack of shapes made with the swiping gestures: colemak has the most common letters on the home row so on practice you're mostly swiping left/right.

wbolster•

on July 21, 2017

•on: Emacs and Magit

thanks for writing this down. i completely agree with you.

i am a happy emacs and magit user. i contribute to emacs packages, and maintain a few myself (emacs-direnv, evil-swap-keys, evil-colemak-basics, evil-text-object-python).

i do all this DESPITE emacs being a fsf/gnu project. i strongly dislike the old-fashioned processes, the extreme stances on things that i do not consider problems, and last but not least, the very negative and non-inclusive community.

the remarks by rms that a magit alternative/competitor would be welcome is POISONOUS. advocating for an unnecessary community divide is destructive for the goodwill of many (potential) contributors to the emacs ecosystem (myself included).

wbolster•

on Dec 13, 2016

•on: Why do we all still use Qwerty keyboards?

keep in mind that normal keyboard activity is completely different than typing a piece of text from the first letter to the last letter in one go. being efficient with navigation, moving text around, and so on, is just as important, so invest in learning vim, emacs or any other editor that makes sense for you. unfortunately keyboard layout analysers do not capture those key presses, making the results very skewed.