danielquinn
GIMP is alright. Mostly I stick to it because Krita's dependency on QT means it looks and works differently from everything else in my GNOME environment.
I rather like the directory structure change of placing the project "app" separate from the other apps, and am a big supporter of using just or task over make for a variety of reasons, but I'm going to push way back on two fronts: multiple configurations & settings files and secrets in the repo.
Your configuration & settings should be identical between environments. Otherwise you're injecting surprises into your project that only happen in certain environments. If your local development operates differently from production, how exactly to do expect to find & fix problems that only occur in production? I wrote a whole rant on this a couple weeks ago, so my frustration on this front is rather fresh. I see it all the time and it's always a problem I need to un-break when I start a new job. Your environment can change, but the code executing within it should not. See the 12-factor app for further discussion on this topic.
As for secrets in the repo (encrypted or not) I've seen this before at a previous job and while it works rather handily, I really don't recommend it. It introduces a needless amount of complexity, can potentially leak production credentials, and requires a code change (+CI run, +deploy) to change any of the values.
Think about all the places your source code goes:
- Your (likely 3rd-party external) git host
- Your (also likely 3rd-party external) CI runner
- Every developer's company laptop
- Potentially many developer's personal devices when they "just want to work on that thing"
- Any copies they might keep for personal reference after they quit or are fired
- Any computer or phone that was used to look at the code in a browser
- ...and any plugins that browser might be running
Now consider how many of them likely have had access to the keys to decrypt certain values over time, how they might have stored the keys in plain text on their machine, or even been Super Careful with everything but were nonetheless compromised by a virus/hack because their kid used their computer that one time.
All that might be acceptable if the benefits were high, but they aren't. Now, instead of just one environment to configure, you have potentially dozens: production, staging, testing, and one for every developer who's ever worked there. Each one with different values, only some have been updated. When Steve gets fired, how many files do you have to decrypt, edit, and re-encrypt to rotate the secrets? This replaces a small headache with a migraine.
I address this in the post above as well, but the TL;DR is that you can bake known, insecure values into your project (in my case, in compose.yaml) and share any remaining actual secrets required for development sparingly via back-channels. When in staging or production, Compose isn't in use, so your project will die unless these values are set in the environment -- values which should be provided by whatever means that environment favours. Personally, I'm rather fond of tools like Secrets Manager & Vault because they offer an audit trail and a means to alter values without a code change, but a lot of companies prefer to use things like Kubernetes secrets. Whatever it is, it should not be a file in the repo.
One last note about the license: I love the GPL, but you should know that under this license, anyone using your template in their project necessarily must license that project under the GPL. Your description suggests that it's enough to say that any modifications to the template must be shared, but that's not how the GPL works. If I were to use your template in a project about cats, I'd be creating a "derivative work" based on your template which, under the terms of the license means my cat project must also be GPL-licensed.
What you perhaps could get away with would be treating this like documentation, and licensing it under something like the Creative Commons Attribution-ShareAlike license, where you provide it as a sort of guideline for other projects, but not as code upon which you'd base a project of your own.
The very existence of that scathing fact check document should have ensured that this episode was never published.
Five bucks says that this has nothing to do with general energy for the grid and everything to do with powering the fossil fuel extraction and processing industry in that region.
To be fair, you have alternatives.
I've been self-hosting my blog for 21years if you can believe it, much of it has been done on a server in my house. I've hosted it on everything from a dusty old Pentium 200Mhz with 16MB of RAM (that's MB, not GB!) to a shared web host (Webfaction), to a proper VPS (Hetzner), to a Raspberry Pi Kubernetes cluster, which is where it is now.
The site is currently running Python/Django on a few Kubernetes pods on a few Raspberry Pi 4's, so the total power consumption is tiny, and since they're fanless, it's all very quiet in my office upstairs.
In terms of safety, there's always a risk since you're opening a port to the world for someone to talk directly to software running in your home. You can mitigate that by (a) keeping your software up to date, and (b) ensuring that if you're maintaining the software yourself (like I am) keeping on top of any dependencies that may have known exploits. Like, don't just stand up an instance of Wordpress and forget about it. That shit's going to get compromised :-). You should also isolate the network from the rest of your LAN if you can. Docker sort of does this for you (though I hear it can be broken out of), but a proper demarcation between your laptop and a server on the Open web is a good idea.
The safest option is probably to use a static site generator like Hugo, since then your attack surface is limited to whatever you're using to serve the static sites (probably Nginx), while if you're running a full-blown application that does publishing etc., then that's a lot of stuff that could have holes you don't know about. You may also want to setup something like Cloudflare in front of your site to prevent a DOS attack or something from crippling your home internet, though that may be overkill.
But yeah, the bandwidth requirements to running a blog are negligible, and the experience of running your own stuff on your own hardware in your own house is pretty great. I recommend it :-)
Canadaland recently did an episode on this very subject and as a once-supporter of these sites, I found it eye-opening.
Oh boy are you going to love-to-hate this then. It's best viewed on a proper computer, but you'll get the gist on mobile too.
To be clear, I'm not throwing shade. That's an impressive piece of software. It's just, given the number of stories I've heard (and experienced) about Bash's tricky syntax leading to Bad Things, I'm less comfortable with running this than I would be with something in a language with fewer pitfalls.
But if others take the chance and it sticks around a bit, I'll come around ;-)
Thanks for the contribution! It's a great idea, and with Google fucking about with blocking things like NewPipe, a project like this is a great answer to that.
That looks really impressive, but at nearly 1000 lines of Bash, I'm afraid I'm not comfortable running it on my machine. My Bash-foo isn't strong enough to be sure that there isn't a typo in there that could nuke my home folder.
The former.
Responsible journalism is more than simply showing up for an interview and broadcasting whatever lie the subject wants you to share for them. If he's not going to fact-check the ambassador immediately, then he's operating as a defacto mouthpiece for his subject. Attaching a fact-checking document, after the fact, in an entirely different medium that outlines just how much of the interview was obvious propaganda is not journalism.
The worst part is that Jesse has levelled this very criticism in the past against other journalists! Specifically in reference to how Trump is covered, but others as well. You can't just hand your mic, your platform over to a 3rd party and claim that you're doing journalism when you're really being complicit in the distribution of propaganda.