Tooling Icon

Tooling

Tooling and apps used to create and deliver awesome software.
188 Stories
All Topics

Tom Payne github.com

Easy, secure dotfiles management with chezmoi

Here’s how Tom Payne describes his project:

chezmoi is a popular dotfile manager (currently over 4.5K stars on GitHub and increasing quickly). chezmoi helps you get your prefered environment synchronized across multiple machines (e.g. your home desktop, your work laptop, and a temporary development container in the cloud) while easily coping with differences from machine to machine and keeping all your secrets safe either with your password manager or encryption. Using chezmoi feels very much like using git (and indeed it builds on git). chezmoi is easy to install, quick to start with, runs everywhere, and scales from managing a handful of files on one machine to complex multi-machine set-ups with hundreds of dotfiles and plugins.

Getting a new machine set up looks like:

$ sh -c "$(curl -fsLS git.io/chezmoi)" -- init --apply <github-username>

My dotfiles “manager” is just a combination of git clone and setup.sh, but if I used many machines I’d probably reach for something more robust like this. If you’re already using a manager for yours, here’s a comparison guide of how chezmoi stacks up to other popular options.

Kat Marchán kdl.dev

The KDL document language

I read about KDL (pronounced “cuddle”) over the weekend. Color me impressed!

Kat (and others) put a lot of thought into this.

KDL is a document language with xml-like semantics that looks like you’re invoking a bunch of CLI commands! It’s meant to be used both as a serialization format and a configuration language, much like JSON, YAML, or XML.

Check out the FAQ for all the common objections (like why not YAML or TOML or ETC) as well as a note about the XKCD comic you’re probably thinking about. Here’s hoping it catches on. 🤞

HTML github.com

A tool like jq, but for HTML

htmlq uses CSS selectors to extract bits of content from HTML files. Mozilla’s MDN has a good reference for CSS selector syntax.

This looks super handy. Examples!

// Find part of a page by ID
curl --silent https://www.rust-lang.org/ | htmlq '#get-help'

// Find all links in a page
curl --silent https://www.rust-lang.org/ | htmlq --attribute href a

// Get the text content of a post
curl --silent https://nixos.org/nixos/about.html | htmlq  --text .main

Rust github.com

These TODOs will self-destruct in 10... 9...

Problem: TODOs as comments are too often forgotten or neglected

Solution: TODOs as code that triggers compile errors based on set criteria

// trigger a compile error if we're past a certain date
todo_or_die::after_date!(3000, 1, 1); // its the year 3000!

// or a GitHub issue has closed
todo_or_die::issue_closed!("rust-lang", "rust", 44265); // GATs are here!

// or the latest version of a crate matches some expression
todo_or_die::crates_io!("serde", ">1.0.9000"); // its over 9000!

Martin Heinz martinheinz.dev

A solution to software supply chain security

In the recent months there’s been a lot of noise in the area of supply chain security because of increase in attacks, with notable ones like Microsoft Exchange Server or SolarWinds breach. These attacks could have been prevented with proper tools in place, yet finding the right tool for the job might be difficult as this area is hard to navigate and most of us - developers - aren’t security experts. There’s however a project that can solve this. Its name is sigstore and in this article we will look at what it does, why we need it and how it fits into landscape of existing tools in this area.

Jonas Lundberg github.com

Ain is a terminal API client (alternative to Postman, Paw, Insomnia)

Ain was born out of the frustration of working with many API endpoints in GUI clients.

While pretty, I could’t use any shell-scripts or commands such as uuidgen as input to the endpoints without copy pasting from a terminal. And I had to copy-paste the resulting output back into the terminal to further slice and dice it.

I had become a human pipe and my ctrl+c, ctrl+v fingers were hurting. By using curl and/or httpie for the heavy lifting, Ain removes you from the piping of input and output. With Ain, you can:

  • Organize API endpoints using files and folders
  • Use shell-scripts and executables anywhere
  • Put things that change in environment-variables or .env files
  • Share the resulting curl or http(ie)-call with friends and foes
  • Pipe any output for further processing

Command line interface github.com

Bashly - Bash CLI Framework and Generator

This comment on HN does a great job summarizing Bashly.

…think of this as an argparse equivalent for Bash. You provide a YAML file listing commands, subcommands, arguments, and flags, and it automatically generates a Bash script that can parse and validate them, provide help messages, and run your code for each command.

It also lets you keep the actual code for each command and subcommand in separate files, which are merged together into one distributable Bash script at generation time. It’s basically a templating system to auto-generate argument parsing so you don’t have to solve that again or deal with things like optparse.

Go github.com

GoKart – a static analysis tool for securing Go code

Static analysis is a powerful technique for finding vulnerabilities in source code. However, the approach has suffered from being noisy - that is, many static analysis tools find quite a few “vulnerabilities” that are not actually real. This has led to developer friction as users get tired of the tools “crying wolf” one time too many.

The motivation for GoKart was to address this: could we create a scanner with significantly lower false positive rates than existing tools? Based on our experimentation the answer is yes.

See also: npm audit and the shortcomings of security-focused static analysis tools.

Ahmed github.com

Deploy databases and services easily for dev and testing pipelines

Peanut provides a REST API, Admin Dashboard and a command line tool to deploy and configure the commonly used services like databases, message brokers, graphing, tracing, caching tools … etc. It perfectly suited for development, manual testing, automated testing pipelines where mocking is not possible and test drives.

Under the hood, it works with the containerization runtime like docker to deploy and configure the service. Destroy the service if it is a temporary one.

Technically you can achieve the same with a bunch of yaml files or using a configuration management tool or a package manager like helm but peanut is pretty small and fun to use & should speed up your workflow!

Deploy databases and services easily for dev and testing pipelines

Productivity github.com

A Unix-style personal search engine and web crawler for your digital footprint

Apollo is a different type of search engine. Traditional search engines (like Google) are great for discovery when you’re trying to find the answer to a question, but you don’t know what you’re looking for.

However, they’re very poor at recall and synthesis when you’ve seen something before on the internet somewhere but can’t remember where. Trying to find it becomes a nightmare - how can you synthezize the great material on the internet when you forgot where it even was? I’ve wasted many an hour combing through Google and my search history to look up a good article, blog post, or just something I’ve seen before.

If you scan Apollo’s README, you’ll know the author has put a lot of thought into this project. The more I grokked it, the more I thought of Monocle (which we’re doing an episode about soon). Turns out, it’s a direct inspiration (along with Serenity OS for the design).

Tom MacWright macwright.com

The return of fancy tools

Tom MacWright on the pendulum swinging back and forth between simple and “fancy”

Technology is seeing a little return to complexity. Dreamweaver gave way to hand-coding websites, which is now leading into Webflow, which is a lot like Dreamweaver. Evernote give way to minimal Markdown notes, which are now becoming Notion, Coda, or Craft. Visual Studio was “disrupted” by Sublime Text and TextMate, which are now getting replaced by Visual Studio Code. JIRA was replaced by GitHub issues, which is getting outmoded by Linear.

Cloudflare Icon Cloudflare

Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness

Thibault Meunir writing on Cloudflare’s blog:

Based on our data, it takes a user on average 32 seconds to complete a CAPTCHA challenge. There are 4.6 billion global Internet users. We assume a typical Internet user sees approximately one CAPTCHA every 10 days.

This very simple back of the envelope math equates to somewhere in the order of 500 human years wasted every single day — just for us to prove our humanity.

They aren’t just doing napkin math, they’re also trying to fix things:

We want to get rid of CAPTCHAs completely. The idea is rather simple: a real human should be able to touch or look at their device to prove they are human, without revealing their identity. We want you to be able to prove that you are human without revealing which human you are! You may ask if this is even possible? And the answer is: Yes!

I held off on having a CAPTCHA on our site for as long as I could, but the spammers are relentless (did you know they’ll even click on email confirmations now?!) so I finally gave in.

I’d do darn near anything to be rid of ‘em again (any ideas?), but it seems the alternative that Cloudflare is pursuing requires hardware security keys. Interesting stuff, and definitely worth a read, but it’s all experimental for now and I don’t know if/when we’ll be able to put it in practice.

Tooling sli.dev

Slidev – presentation slides for developers

The motivation for building Slidev:

I always found myself spending too much time styling and layouting slides when using apps like PowerPoint / Keynote / Google Slides. Whenever I need to share code snippets, I would also need to use other tools to generate the highlighted code as images over and over again.

So as a frontend developer, why not solve it the way that fits better with what I am good at?

Looks slick: themeable, hackable, and you write your slides in Markdown. 👌

Feross Aboukhadijeh wormhole.app

Wormhole – Simple, fast, private file sharing ✨

Wormhole lets you share files with end-to-end encryption and a link that automatically expires. So you can keep what you share private and make sure your stuff doesn’t stay online forever.


Our #1 goal is speed – you should be able to get a share link in less than 2 seconds with the absolute minimum number of clicks.

That’s why Wormhole supports instant file streaming. There’s no need to wait for your files to finish uploading before you can copy the link and send it to your recipient. The recipient can start downloading even before the files have finished uploading.

Wormhole uses super fast peer-to-peer transfer to send files directly to the recipient when possible. This improves speed and security – especially when transferring files over a local network, like when you just want to get a file from your phone onto your computer.

In addition, Wormhole stores your encrypted files on cloud servers for 24 hours so the share link will keep working for your recipient even after you close the Wormhole site.

Awesome Lists github.com

A collection of services with great free tiers for developers on a budget

This repository offers a collection of services with great free tiers for developers on a budget. Because not everyone has 20$ per month to spend on app or database hosting for every single side-project.

Nowadays, a lot of services are offering really good free tier more than enough for testing small apps and even put them in production. They are just waiting to be used by you.

I got a kick out of their FTDD acronym: Free Tier Driven Development

0:00 / 0:00