Threads for alb

  1. 2
    alb avatar alb 2 years ago | link | on: Automate dependency updates anyone?

    FWIW, I do the first part (CI run against the latest version of dependencies, both on each commit and weekly) on a couple of open source projects, to help detect incompatibility issues early.

    I don’t auto-update. I usually update shortly after a release to give the new dependencies more exposure, in case something unexpected comes up.

    Auto-updating is interesting. I can see how it could work for some specific projects/work environments, but I’d be very weary of too much churn/inconsistency, especially if they are external dependencies you don’t control (as opposed to internal ones which are within your project/company/etc. to manage and update).

    1. 1
      Isammoc avatar Isammoc 2 years ago | link

      Same here. We run scala-steward each hour for our different projects. Tests run automatically and we have a test harness (even if we should improve it, another story) But we don’t automatically merge the PRs. We want to be in control, more when we are close to a release date. But usually, we just check CI is green and the library involved in the update is not criticaland we merge it.

    1. 2
      alb avatar alb 3 years ago | link | on: Where do you host your back ups?

      A home NAS (HP microserver) via rsync, and from there I use duplicity to upload to google cloud storage (multi-regional coldline). The latter is ~€ 10 per 1 TiB.

      I like having a copy at hand for ease and speed of recovery, but if I had to choose only one, I’d go for the cloud one since it’s off-site.

      1. 2
        jmtd avatar jmtd edited 3 years ago | link | on: You should not run your mail server because mail is hard

        Food for thought because my default position has been “don’t run your own mail server” until now.

        The “proof of work” take is interesting. Although I’ve never bothered with SPF or DKIM and don’t have deliverability problems. I might look at DKIM one day (but SPF is, imho, a total waste of time).

        I’m not sure if the “programming” tag is appropriate

        1. 2
          alb avatar alb 3 years ago | link

          For what is worth, my experience is that SPF configured with “-all” does work pretty effectively, and is much more useful these days than it was in the past. It’s also quite easy to set up.

          1. 2
            roshan avatar roshan 3 years ago | link

            Googling “proof of work email spam” actually revealed that solving this problem originally with HashCash is what has led to the big cryptocurrency revolution!

          1. 2
            phaer avatar phaer 3 years ago | link | on: kxd: Key exchange daemon

            Reminded me of https://wiki.recompile.se/wiki/Mandos, the meain difference seems that kxd uses x509 certificates while mandos utilizes gpg?

            1. 1
              alb avatar alb 3 years ago | link

              Yes, there are many differences, but at a high level I agree that’s the main difference.

            1. 3
              gcupc avatar gcupc 3 years ago | link | on: chasquid: SMTP server with a focus on simplicity, security, and ease of operation

              It seems like today is a day for SMTP servers in the news! This one seems interesting mainly for being “easy to configure, hard to misconfigure in ways that are harmful or insecure”.

              1. 1
                alb avatar alb 3 years ago | link

                Thanks! If you want to know anything specific or have any questions about that, feel free to ask :)