Here’s how Tom Payne describes his project:

chezmoi is a popular dotfile manager (currently over 4.5K stars on GitHub and increasing quickly). chezmoi helps you get your prefered environment synchronized across multiple machines (e.g. your home desktop, your work laptop, and a temporary development container in the cloud) while easily coping with differences from machine to machine and keeping all your secrets safe either with your password manager or encryption. Using chezmoi feels very much like using git (and indeed it builds on git). chezmoi is easy to install, quick to start with, runs everywhere, and scales from managing a handful of files on one machine to complex multi-machine set-ups with hundreds of dotfiles and plugins.

Getting a new machine set up looks like:

$ sh -c "$(curl -fsLS git.io/chezmoi)" -- init --apply <github-username>

My dotfiles “manager” is just a combination of git clone and setup.sh, but if I used many machines I’d probably reach for something more robust like this. If you’re already using a manager for yours, here’s a comparison guide of how chezmoi stacks up to other popular options.

I read about KDL (pronounced “cuddle”) over the weekend. Color me impressed!

Kat (and others) put a lot of thought into this.

KDL is a document language with xml-like semantics that looks like you’re invoking a bunch of CLI commands! It’s meant to be used both as a serialization format and a configuration language, much like JSON, YAML, or XML.

Check out the FAQ for all the common objections (like why not YAML or TOML or ETC) as well as a note about the XKCD comic you’re probably thinking about. Here’s hoping it catches on. 🤞

This looks great for those of us who haven’t memorized the command-line flags yet.

htmlq uses CSS selectors to extract bits of content from HTML files. Mozilla’s MDN has a good reference for CSS selector syntax.

This looks super handy. Examples!

// Find part of a page by ID
curl --silent https://www.rust-lang.org/ | htmlq '#get-help'

// Find all links in a page
curl --silent https://www.rust-lang.org/ | htmlq --attribute href a

// Get the text content of a post
curl --silent https://nixos.org/nixos/about.html | htmlq  --text .main

Problem: TODOs as comments are too often forgotten or neglected

Solution: TODOs as code that triggers compile errors based on set criteria

// trigger a compile error if we're past a certain date
todo_or_die::after_date!(3000, 1, 1); // its the year 3000!

// or a GitHub issue has closed
todo_or_die::issue_closed!("rust-lang", "rust", 44265); // GATs are here!

// or the latest version of a crate matches some expression
todo_or_die::crates_io!("serde", ">1.0.9000"); // its over 9000!

This is an article about exploring Inlets, a cloud native tunnel, with various use cases (including the Apple Silicon RC version of inlets-pro) in my home lab along with its surrounding open source ecosystem. Also some tips about using inlets-operator and MetalLB at the same time, and what could be done in a Kubernetes cluster.

In the recent months there’s been a lot of noise in the area of supply chain security because of increase in attacks, with notable ones like Microsoft Exchange Server or SolarWinds breach. These attacks could have been prevented with proper tools in place, yet finding the right tool for the job might be difficult as this area is hard to navigate and most of us - developers - aren’t security experts. There’s however a project that can solve this. Its name is sigstore and in this article we will look at what it does, why we need it and how it fits into landscape of existing tools in this area.

Ain was born out of the frustration of working with many API endpoints in GUI clients.

While pretty, I could’t use any shell-scripts or commands such as uuidgen as input to the endpoints without copy pasting from a terminal. And I had to copy-paste the resulting output back into the terminal to further slice and dice it.

I had become a human pipe and my ctrl+c, ctrl+v fingers were hurting. By using curl and/or httpie for the heavy lifting, Ain removes you from the piping of input and output. With Ain, you can:

• Organize API endpoints using files and folders
• Use shell-scripts and executables anywhere
• Put things that change in environment-variables or .env files
• Share the resulting curl or http(ie)-call with friends and foes
• Pipe any output for further processing

This one is for Jerod since he’s such a Nick Miller fan 🤣

Miller is like awk, sed, cut, join, and sort for name-indexed data such as CSV, TSV, and tabular JSON

This comment on HN does a great job summarizing Bashly.

…think of this as an argparse equivalent for Bash. You provide a YAML file listing commands, subcommands, arguments, and flags, and it automatically generates a Bash script that can parse and validate them, provide help messages, and run your code for each command.

It also lets you keep the actual code for each command and subcommand in separate files, which are merged together into one distributable Bash script at generation time. It’s basically a templating system to auto-generate argument parsing so you don’t have to solve that again or deal with things like optparse.

Static analysis is a powerful technique for finding vulnerabilities in source code. However, the approach has suffered from being noisy - that is, many static analysis tools find quite a few “vulnerabilities” that are not actually real. This has led to developer friction as users get tired of the tools “crying wolf” one time too many.

The motivation for GoKart was to address this: could we create a scanner with significantly lower false positive rates than existing tools? Based on our experimentation the answer is yes.

See also: npm audit and the shortcomings of security-focused static analysis tools.

Peanut provides a REST API, Admin Dashboard and a command line tool to deploy and configure the commonly used services like databases, message brokers, graphing, tracing, caching tools … etc. It perfectly suited for development, manual testing, automated testing pipelines where mocking is not possible and test drives.

Under the hood, it works with the containerization runtime like docker to deploy and configure the service. Destroy the service if it is a temporary one.

Technically you can achieve the same with a bunch of yaml files or using a configuration management tool or a package manager like helm but peanut is pretty small and fun to use & should speed up your workflow!

Apollo is a different type of search engine. Traditional search engines (like Google) are great for discovery when you’re trying to find the answer to a question, but you don’t know what you’re looking for.

However, they’re very poor at recall and synthesis when you’ve seen something before on the internet somewhere but can’t remember where. Trying to find it becomes a nightmare - how can you synthezize the great material on the internet when you forgot where it even was? I’ve wasted many an hour combing through Google and my search history to look up a good article, blog post, or just something I’ve seen before.

If you scan Apollo’s README, you’ll know the author has put a lot of thought into this project. The more I grokked it, the more I thought of Monocle (which we’re doing an episode about soon). Turns out, it’s a direct inspiration (along with Serenity OS for the design).

k6 describes itself as “like unit testing, for performance.” It’s an open source tool that can be run locally or on their cloud. The company behind the tool was recently acquired by Grafana, so the project is now a Grafana Labs thing. You write your scripts in JavaScript and they run on a Go backend engine.

Cakebrew is a Mac App (GUI) that lets you do most of the useful tasks you need in Homebrew. Including updating and finding problems with brew doctor!

Installs via Homebrew too - brew install --cask cakebrew

A while ago I did a blog post about using fzf in Vim, so this is a nice complementary post on how to use fzf in the terminal. It should be super useful to folks who dwell inside the command-line on a day-to-day basis.

You’ve probably seen many of these commands hit Changelog News over the years, but now you can see them all again in one hand-curated place. Who knows, maybe one or two will be new to you. I hadn’t heard of curlie previously, which looks like a nice merging of cur and httpie.

Prestige rivals rich HTTP clients such as Postman and Insomnia by being… less rich. BUT. All you have to do is fire it up in your browser and type out some plain text. So straight forward!

Tom MacWright on the pendulum swinging back and forth between simple and “fancy”

Technology is seeing a little return to complexity. Dreamweaver gave way to hand-coding websites, which is now leading into Webflow, which is a lot like Dreamweaver. Evernote give way to minimal Markdown notes, which are now becoming Notion, Coda, or Craft. Visual Studio was “disrupted” by Sublime Text and TextMate, which are now getting replaced by Visual Studio Code. JIRA was replaced by GitHub issues, which is getting outmoded by Linear.

Thibault Meunir writing on Cloudflare’s blog:

Based on our data, it takes a user on average 32 seconds to complete a CAPTCHA challenge. There are 4.6 billion global Internet users. We assume a typical Internet user sees approximately one CAPTCHA every 10 days.

This very simple back of the envelope math equates to somewhere in the order of 500 human years wasted every single day — just for us to prove our humanity.

They aren’t just doing napkin math, they’re also trying to fix things:

We want to get rid of CAPTCHAs completely. The idea is rather simple: a real human should be able to touch or look at their device to prove they are human, without revealing their identity. We want you to be able to prove that you are human without revealing which human you are! You may ask if this is even possible? And the answer is: Yes!

I held off on having a CAPTCHA on our site for as long as I could, but the spammers are relentless (did you know they’ll even click on email confirmations now?!) so I finally gave in.

I’d do darn near anything to be rid of ‘em again (any ideas?), but it seems the alternative that Cloudflare is pursuing requires hardware security keys. Interesting stuff, and definitely worth a read, but it’s all experimental for now and I don’t know if/when we’ll be able to put it in practice.

Syncthing synchronizes files between two or more computers. Its goals are to be:

1. Safe From Data Loss
2. Secure Against Attackers
3. Easy to Use
4. Automatic
5. Universally Available
6. For Individuals
7. Everything Else (!)

There’s a Goals document where these ideas are explained and expanded upon, which is neat.

The motivation for building Slidev:

I always found myself spending too much time styling and layouting slides when using apps like PowerPoint / Keynote / Google Slides. Whenever I need to share code snippets, I would also need to use other tools to generate the highlighted code as images over and over again.

So as a frontend developer, why not solve it the way that fits better with what I am good at?

Looks slick: themeable, hackable, and you write your slides in Markdown. 👌

Wormhole lets you share files with end-to-end encryption and a link that automatically expires. So you can keep what you share private and make sure your stuff doesn’t stay online forever.

Our #1 goal is speed – you should be able to get a share link in less than 2 seconds with the absolute minimum number of clicks.

That’s why Wormhole supports instant file streaming. There’s no need to wait for your files to finish uploading before you can copy the link and send it to your recipient. The recipient can start downloading even before the files have finished uploading.

Wormhole uses super fast peer-to-peer transfer to send files directly to the recipient when possible. This improves speed and security – especially when transferring files over a local network, like when you just want to get a file from your phone onto your computer.

In addition, Wormhole stores your encrypted files on cloud servers for 24 hours so the share link will keep working for your recipient even after you close the Wormhole site.

This repository offers a collection of services with great free tiers for developers on a budget. Because not everyone has 20$ per month to spend on app or database hosting for every single side-project.

Nowadays, a lot of services are offering really good free tier more than enough for testing small apps and even put them in production. They are just waiting to be used by you.

I got a kick out of their FTDD acronym: Free Tier Driven Development

This article provides an in-depth view and comparison on modern regular expression engines. Hyperscan and RE2 come out on top and offer great scalability for large scale regex applications.