I’m going to write some tools in order to be able to sync the current environment back to ‘something’. Something can be a cmdb or yaml files in this case. This is the first step in working the other way around, so this has a lot of potential!
Meetings and helping colleagues. Lately it’s getting harder and harder to get a decent amount of work done. People seem to think not being able to see one-another face to face must be ‘fixed’ by holding meetings or sending IM’s every 10minutes. It’s pretty tiresome to be honest.
Personal:
I did some work on trying dwm, but it’s more work than I anticipated. Remembering the shortcuts is also kind of hard after using other ones for so long, so I’m going to invest some more time in it
Hopefully do some more walks, if the weather allows it. There are a lot of thunderstorms predicted, but I hope not all of them will happen.
Waiting for my new keyboard to arrive, it should be here this week so probably spending some time working with a 60% for the first time ever.
I compared a lot of models, including the ones suggested and made a spreadsheet of my hard requirements, nice to have’s and don’t want. I compared 6 keyboards and tried to find the best price for them and in the end the RK61 was actually the only one checking most boxes and at a reasonable price. And it’s shipped from inside the EU so I won’t have to pay extra tax, once I took that into account prices went up really hard for the others…
Wow, I really like the position of the arrow keys on that keyboard. I have a Poker 3, and the arrow key locations are.. awkward at best. I don’t use them often (even before this keyboard), but it’s one of the only things I dislike about this keyboard.
RK61 is nice, probably the best when it comes to price/quality. Only think I dislike is that the arrows mode is on by default and hitting “/” triggers up arrow.
Yeah, I’m probably going to rebind some other combination to the arrow keys with xkb or whatever today’s tool for rebinding is. Since I’m using Linux and there is always a tmux session open I’ll need the /.
I’m trying to relaunch my own SaaS product – https://ashop.co , it got “sidetracked” by sudden Amazon API update (with months notice). I also added all the features my previous clients asked for. Exciting and nerv-wrecking at the same time.
I received a dead tree copy of SICP for my birthday, half of which I had already read as an e-book, so I’ll be reading that for a while. Looking for a job during the COVID recession is making things tough but I’m trying to consider it an opportunity to go back to working on my silly side-projects. My newest side-project is rewriting the infamous Snoopy calendar Fortran program in Scheme, but with a twist — to give it a feeling of nostalgia, it calculates a year in the past century with an identical calendar set up as the current year and displays that. (eg It displays the calendar of 1964 in 2020.)
Release documentation, and helping fix up the last few remaining edges in our installation process.
Personal:
I’d suggested I could put up a e-commerce website for my wife’s various crafty/DIY creations, and she took me up on the offer this weekend. I’m using this as the reason to finally buckle down and learn Elixir and Phoenix, so this week will involve working on getting familiar with all of the moving parts involved there. We have a backup plan if the project gets to be too overwhelming, but I’ve wanted to see what happens on the other side of actually learning Elixir and Phoenix, rather than just giving up after 2 hours of not quite getting it. I plan on using Stripe for payment processing.
If anyone has any advice on pitfalls to avoid when building an e-commerce site, I’d be interested in hearing them.
I picked up Godot again, after having been away from it for a while. Other than one person having a bug with key mapping or something, it seems to have a really nice HTML 5 game export with WASM. I’m considering making a game gallery as one of the ramp-up projects in Elixir. (I plan on building multiple smaller projects before I attempt to take on the e-commerce site. I want to have my sea legs before I take on that complicated of a project).
If anyone has any advice on pitfalls to avoid when building an e-commerce site, I’d be interested in hearing them.
My best advice is - don’t [1]. There are many security issues that may arise developing custom e-commerce website for the complexity which it requires. My best advice is to fork a stable, mature & open-source e-commerce and build it from such base.
I pwned a few ECMS (Ebay//OLX to name a few) [2]; if those large in-house developed ECMS websites are vulnerable, so will be yours. The vulnerabilities will probably be logic-based; and framework won’t protect you from those.
Do you have any recommendations as to which open source projects to use?
I think I stand a hope of building an E-commerce site that is at least not vulnerable to script kiddies (aka safe from SQL injection, CSRF and XSS). I also hopefully can keep the feature set small enough that it doesn’t have too many issues (the idea being that keeping the feature set smaller should hopefully keep the potential interactions under control, and make securing it easier).
That notion probably sounds like lunacy to you, tho.
I’m not sure I’m adequate enough to answer your first question. Magento comes to my mind but if I was, I’d do some comparison between choices. One with strict control, a lot of source reviews, and decomplexity (one which allows you to turn options on or off) would be a great fit. This would minimize your attack surface.
As for the notion, again, be very careful. ECMS is both a target to gray hats and black hats for the juicy details they may find. Sometimes, script kiddies can make a bigger damage then professional infosec person.
I’m finishing up some articles for a client so that I can get back at building PLUMA as soon as possible. I’m now working on the rich text editor using ProseMirror + Svelte.
Apparently I’m making a programming language. Partly for fun, partly because I want to see what it looks like when you make a borrow-checked language but make different design decisions than Rust does. Polymorphic generics, more RTTI, stable ABI, that sort of thing. I just more or less finished a “spike” implementation that has a parser, type-checking, and basic code generation (targetting webassembly), so you can actually evaluate a function that does some math and have it output a real result. Very satisfying, so we’ll see how long it takes to become Turing complete.
Oh, and somewhere in the cracks there I’m doing the work I get paid for.
I’m trying to do something useful around climate change. Working on the solar system at our cabin highlighted some utility in tooling for finding solar equipment that fit $SPEC ORDER BY price; the space is moving super quickly.
This weekend I put up https://www.analyzesolar.com/. It lets people that are into this stuff describe their storage needs, and then it’ll generate possible configurations from real inventory and price lists at major vendors.
It looks like garbage, but it works! So this week, my intent is to add copy text, make the form friendly, and if I have time wrap the React app in a Hugo website. So the app does this dynamic stuff, Hugo does the main site, content management etc.
–
Would be interested in UI feedback and ideas from people here. Not so much on the current “design”, but rather if you have tips of websites to borrow ideas from. I was considering copying the form you get if you pick “tabular view” on the Swedish price comparison site Price Runner, here: https://www.pricerunner.com/ct/38/Computer-Memory-(RAM)
Also.. the tech stack is interesting; it’s a set of python crawlers that output timestamped JSON files directly into the source repo. Those JSON files are combined into a single master JSON file that a React app consumes. So there’s no backend, but it is.. dynamic. You run a single make command to run the crawlers, re-generate the site, push it to S3 and invalidate the CloudFront distribution.
I’m currently revising my book on Python regular expressions. Between last year’s release and now, I have written more books and improved my own understanding of regular expressions. Plus, feedback from readers have helped me to get a glimpse from the other side. I still have a lot to learn as a writer, but I’m pleased with the updates I’ve finished so far. Hoping to publish the new version by end of this month.
I read a lot of fantasy books and this year am participating in a challenge where you could read 5-25 books to complete a bingo. I’m currently reading Baker Thief which has a aromantic protagonist.
2D C99 Game Engine. Working on the player input -> abstract player action pipeline to allow input button remapping. I’m working on supporting chords, repeated tapping, and button sequence combinations. Right now actions support a cancellable wind-up period and a cooldown period which might require a forced reset to be usable again.
Figuring out management of real-time view of data from Haskell in the browser. From postgres notifications to UI update in browser, all done in Haskell.
At work: Preparing two presentations. A workshop on regular expressions that I will hold twice this week, and a presentation on general concepts for enterprise software updates, that I will hold twice more this week.
No code this week :(
At home: I hate to admit it. But some friends convinced me to start playing World of Warcraft Classic. So… well. That’s quiet some hours right there.
Among other things, I’m optimizing and simplifying my pytest suites. Around 1000 tests across 10+ repos, 80% written by me. A web of fixtures to disentangle, some bottlenecks to remove, adding markers for fine-grained control. It gives you a visceral sense on cleanliness that is hard to achieve otherwise.
I got a 3D printer that I’ve been playing with the last few weeks. I started printing some mini’s for a new TRPG campaign, as well as an Iron Man Arc Reactor that I want to do some circuitry work with (lighting and sound).
At work, I’m putting my sysadmin hat back on for a few weeks to cover for a colleague who is taking a little paternity leave. It’s a bit of an interruption to my usual projects, but totally worthwhile to ensure the cluster in question runs smoothly and my colleague gets to take care of his family.
At home, I’m trying to focus on disconnecting from technology in my off hours. I’ve got a few baking projects planned, and I’m doing a re-read of a dead-tree copy of SPQR, Mary Beard’s short history of the Roman Republic and Empire.
At work I’m doing a bunch of small~ish stuff this week. I need to split up some components in our long term storage solution for our metrics pipeline (M3DB). I also need to fix a couple of bugs in our logging pipeline and refresh a PR for filebeat that has been sitting there for a while due to my lack of time. Because of this, there are now a bunch of things to fix due to changes in the interfaces.
Personally I’m working on a small side-project to scratch my itch of totally removing Google Analytics from by blog. I’m replacing it with a small tool that I’m building that doesn’t require any script to be added into the web page. Currently I can track referers, geolocation and normal stats. On the plus side I’ve found out (thanks to this) that a lot of script kiddies really try to find a vulnerable wordpress/joomla setup on my blog 🤷♂️. Related to this also working on a small auth proxy for Grafana to integrate with Cloudflare Access.
I also have made “my own Google Analytics” recently but took a different approach. On the page(s) in question I include a small JS snippet that will fire a XHR request to some endpoint where there is a Quart app running with a “catch all” route handler.
This way, I figured, ill only get the stats from visitors that have javascript enabled (read: real browsers). Every 5 min the data (IP, Referer, geo) is synced to some database.
It’s a very simple program really, and prevents the use of Google Analytics. I can query my database and easily get, for example, a listing of most popular pages for my site in a certain time period.
Well … almost 🙂. My blog is statically hosted in Github pages with my personal domain, so no server access logs. What I’m doing is relying on an edge worker running on Cloudflare to collect the data, including referrers and geolocation. Visualization is handled by Grafana.
@work I’m still working on STIG issues. We also have a release coming up, so I’ll be helping with that.
@home
The other day “The Book of Shaders” was posted on HN, and I’ve been wanting to learn more about GLSL, so I’ve been reading it and following along with the examples using my Lisp OpenGL library here.
I’ve also been reading “Algorithms, Graphs, and Computers.” I picked it up at a used bookstore a while back, and I’m finally getting around to reading it.
Lots of infrastructure, build pipeline work, writing some distributed services using Rust and a lot of kubernetes.
On the side, liasing with my brother who is on the other side of the world to figure out a plan to start getting equipment and gear together to start doing Enduro motorcycle rallies (some in US, some in EU and Africa) once the competitions start opening up with the ultimate goal of eventually attempting Dakar. Just getting to grips with all the costs, equipment needs, how to find sponsors and all that fun stuff.
I have this week off work. I have no idea what I’m going to do, but I’m probably gonna be coding more in Rust.
$work:
Personal:
Which keyboard did you get?
I compared a lot of models, including the ones suggested and made a spreadsheet of my hard requirements, nice to have’s and don’t want. I compared 6 keyboards and tried to find the best price for them and in the end the RK61 was actually the only one checking most boxes and at a reasonable price. And it’s shipped from inside the EU so I won’t have to pay extra tax, once I took that into account prices went up really hard for the others…
Wow, I really like the position of the arrow keys on that keyboard. I have a Poker 3, and the arrow key locations are.. awkward at best. I don’t use them often (even before this keyboard), but it’s one of the only things I dislike about this keyboard.
RK61 is nice, probably the best when it comes to price/quality. Only think I dislike is that the arrows mode is on by default and hitting “/” triggers up arrow.
Yeah, I’m probably going to rebind some other combination to the arrow keys with xkb or whatever today’s tool for rebinding is. Since I’m using Linux and there is always a tmux session open I’ll need the /.
This is probably the most altered part of my dwm config. I even swap mod1 and mod4 in my config to stick with my previous muscle memory.
I’m trying to relaunch my own SaaS product – https://ashop.co , it got “sidetracked” by sudden Amazon API update (with months notice). I also added all the features my previous clients asked for. Exciting and nerv-wrecking at the same time.
I received a dead tree copy of SICP for my birthday, half of which I had already read as an e-book, so I’ll be reading that for a while. Looking for a job during the COVID recession is making things tough but I’m trying to consider it an opportunity to go back to working on my silly side-projects. My newest side-project is rewriting the infamous Snoopy calendar Fortran program in Scheme, but with a twist — to give it a feeling of nostalgia, it calculates a year in the past century with an identical calendar set up as the current year and displays that. (eg It displays the calendar of 1964 in 2020.)
I hear CVS is hiring
I will add some features to my current side project https://github.com/rmpr/atbswp and compose two posts for my newly created blog https://rmpr/xyz
You mistyped the link: https://rmpr.xyz/
Thanks for pointing this 😅
Work:
Personal:
If anyone has any advice on pitfalls to avoid when building an e-commerce site, I’d be interested in hearing them.
My best advice is - don’t [1]. There are many security issues that may arise developing custom e-commerce website for the complexity which it requires. My best advice is to fork a stable, mature & open-source e-commerce and build it from such base.
I pwned a few ECMS (Ebay//OLX to name a few) [2]; if those large in-house developed ECMS websites are vulnerable, so will be yours. The vulnerabilities will probably be logic-based; and framework won’t protect you from those.
[1] https://twitter.com/0xduraki/status/1108908794208239616
[2] https://duraki.github.io/reports.html
Do you have any recommendations as to which open source projects to use?
I think I stand a hope of building an E-commerce site that is at least not vulnerable to script kiddies (aka safe from SQL injection, CSRF and XSS). I also hopefully can keep the feature set small enough that it doesn’t have too many issues (the idea being that keeping the feature set smaller should hopefully keep the potential interactions under control, and make securing it easier).
That notion probably sounds like lunacy to you, tho.
I’m not sure I’m adequate enough to answer your first question. Magento comes to my mind but if I was, I’d do some comparison between choices. One with strict control, a lot of source reviews, and decomplexity (one which allows you to turn options on or off) would be a great fit. This would minimize your attack surface.
As for the notion, again, be very careful. ECMS is both a target to gray hats and black hats for the juicy details they may find. Sometimes, script kiddies can make a bigger damage then professional infosec person.
Best of luck with the development! :-)
Probably adding a few more bookmarking features to https://github.com/jonschoning/espial , just added firefox bookmark imports.
I’m finishing up some articles for a client so that I can get back at building PLUMA as soon as possible. I’m now working on the rich text editor using ProseMirror + Svelte.
Apparently I’m making a programming language. Partly for fun, partly because I want to see what it looks like when you make a borrow-checked language but make different design decisions than Rust does. Polymorphic generics, more RTTI, stable ABI, that sort of thing. I just more or less finished a “spike” implementation that has a parser, type-checking, and basic code generation (targetting webassembly), so you can actually evaluate a function that does some math and have it output a real result. Very satisfying, so we’ll see how long it takes to become Turing complete.
Oh, and somewhere in the cracks there I’m doing the work I get paid for.
I’m trying to do something useful around climate change. Working on the solar system at our cabin highlighted some utility in tooling for finding solar equipment that fit
$SPEC ORDER BY price; the space is moving super quickly.This weekend I put up https://www.analyzesolar.com/. It lets people that are into this stuff describe their storage needs, and then it’ll generate possible configurations from real inventory and price lists at major vendors.
It looks like garbage, but it works! So this week, my intent is to add copy text, make the form friendly, and if I have time wrap the React app in a Hugo website. So the app does this dynamic stuff, Hugo does the main site, content management etc.
–
Would be interested in UI feedback and ideas from people here. Not so much on the current “design”, but rather if you have tips of websites to borrow ideas from. I was considering copying the form you get if you pick “tabular view” on the Swedish price comparison site Price Runner, here: https://www.pricerunner.com/ct/38/Computer-Memory-(RAM)
Also.. the tech stack is interesting; it’s a set of python crawlers that output timestamped JSON files directly into the source repo. Those JSON files are combined into a single master JSON file that a React app consumes. So there’s no backend, but it is.. dynamic. You run a single make command to run the crawlers, re-generate the site, push it to S3 and invalidate the CloudFront distribution.
2D C99 Game Engine. Working on the player input -> abstract player action pipeline to allow input button remapping. I’m working on supporting chords, repeated tapping, and button sequence combinations. Right now actions support a cancellable wind-up period and a cooldown period which might require a forced reset to be usable again.
Figuring out management of real-time view of data from Haskell in the browser. From postgres notifications to UI update in browser, all done in Haskell.
Reading about Go modules since I’m behind the times.
At work: Preparing two presentations. A workshop on regular expressions that I will hold twice this week, and a presentation on general concepts for enterprise software updates, that I will hold twice more this week. No code this week :(
At home: I hate to admit it. But some friends convinced me to start playing World of Warcraft Classic. So… well. That’s quiet some hours right there.
Nice, which tool or programming language? Any resources you are referring for material?
[Comment removed by author]
Among other things, I’m optimizing and simplifying my pytest suites. Around 1000 tests across 10+ repos, 80% written by me. A web of fixtures to disentangle, some bottlenecks to remove, adding markers for fine-grained control. It gives you a visceral sense on cleanliness that is hard to achieve otherwise.
I got a 3D printer that I’ve been playing with the last few weeks. I started printing some mini’s for a new TRPG campaign, as well as an Iron Man Arc Reactor that I want to do some circuitry work with (lighting and sound).
At work, I’m putting my sysadmin hat back on for a few weeks to cover for a colleague who is taking a little paternity leave. It’s a bit of an interruption to my usual projects, but totally worthwhile to ensure the cluster in question runs smoothly and my colleague gets to take care of his family.
At home, I’m trying to focus on disconnecting from technology in my off hours. I’ve got a few baking projects planned, and I’m doing a re-read of a dead-tree copy of SPQR, Mary Beard’s short history of the Roman Republic and Empire.
Things I’ve already started doing this week:
Things to be done:
I am taking a plane to Madrid and bumming around Europe for a while. Right now I’m in a hostel exploring Miami. I’m a USA national.
At work I’m doing a bunch of small~ish stuff this week. I need to split up some components in our long term storage solution for our metrics pipeline (M3DB). I also need to fix a couple of bugs in our logging pipeline and refresh a PR for filebeat that has been sitting there for a while due to my lack of time. Because of this, there are now a bunch of things to fix due to changes in the interfaces.
Personally I’m working on a small side-project to scratch my itch of totally removing Google Analytics from by blog. I’m replacing it with a small tool that I’m building that doesn’t require any script to be added into the web page. Currently I can track referers, geolocation and normal stats. On the plus side I’ve found out (thanks to this) that a lot of script kiddies really try to find a vulnerable wordpress/joomla setup on my blog 🤷♂️. Related to this also working on a small auth proxy for Grafana to integrate with Cloudflare Access.
Guessing you are parsing access logs :)
I also have made “my own Google Analytics” recently but took a different approach. On the page(s) in question I include a small JS snippet that will fire a XHR request to some endpoint where there is a Quart app running with a “catch all” route handler.
This way, I figured, ill only get the stats from visitors that have javascript enabled (read: real browsers). Every 5 min the data (IP, Referer, geo) is synced to some database.
It’s a very simple program really, and prevents the use of Google Analytics. I can query my database and easily get, for example, a listing of most popular pages for my site in a certain time period.
Well … almost 🙂. My blog is statically hosted in Github pages with my personal domain, so no server access logs. What I’m doing is relying on an edge worker running on Cloudflare to collect the data, including referrers and geolocation. Visualization is handled by Grafana.
@work I’m still working on STIG issues. We also have a release coming up, so I’ll be helping with that.
@home The other day “The Book of Shaders” was posted on HN, and I’ve been wanting to learn more about GLSL, so I’ve been reading it and following along with the examples using my Lisp OpenGL library here.
I’ve also been reading “Algorithms, Graphs, and Computers.” I picked it up at a used bookstore a while back, and I’m finally getting around to reading it.
Attempting to interact with a customer’s AMQP endpoint. I hope it won’t take all week, but these things tend to drag on.
Waiting for the print version of How to design programs to arrive in the mail. Racket has been on my radar for a while, and I’d like to read up on it.
Lots of infrastructure, build pipeline work, writing some distributed services using Rust and a lot of kubernetes.
On the side, liasing with my brother who is on the other side of the world to figure out a plan to start getting equipment and gear together to start doing Enduro motorcycle rallies (some in US, some in EU and Africa) once the competitions start opening up with the ultimate goal of eventually attempting Dakar. Just getting to grips with all the costs, equipment needs, how to find sponsors and all that fun stuff.