I use Starship

Do you have anything to check whether the current directory is under /media/ or /mnt/ so that you can change the drive letter according to a deterministic assignment?

/s

It seems to me that you’re asking about two different things: zero-knowledge authentication, and public key authentication. I think you’d have a much easier time using public key auth. And tbh I don’t know anything about the zero-knowledge stuff. I don’t know what reading resources to point to, so I’ll try to provide a little clarifying background instead.

The simplest way to a authenticate a user if you have their public key is probably to require every request to be signed with that key. The server gets the request, verifies the signature, and that’s it, that’s an authenticated request. Although adding a nonce to the signed content would be a good idea if replay attacks might be a problem.

If you want to be properly standards-compliant you want a standard “envelope” for signed requests. Personally I would use the multipart/signed MIME type since that is a ready-made, standardized format that is about as simple as it gets.

You mentioned JSON Web Tokens (JWTs) which are a similar idea. That’s a format that you might think you could use for signing requests - it’s sort of another quasi-standardized envelope format for signed data. But the wrinkle is that JWTs aren’t used to sign arbitrary data. The data is expected to be a set of “claims”. A JWT is a JSON header, JSON claims, and a signature all of three which are serialized with base64 and concatenated. Usually you would put a JWT in the Authorization header of an HTTP request like this:

Authorization: Bearer $jwt

Then the server verifies the JWT signature, inspects the “claims”, and decides whether the request is authorized based on whether it has the right claims. JWTs make sense if you want an authentication token that is separate from the request body. They are more complicated than multipart/signed content since the purpose is to standardize a narrow use case, but to also support all of the features that the stakeholders wanted.

Another commenter suggested Diffie-Hellman key exchange which I think is not a bad idea as a third alternative if you want to establish sessions. Diffie-Hellman used in every https connection to establish a session key. In https the session key is used for symmetric encryption of all subsequent traffic over that connection. But the session key doesn’t have to be an encryption key - you could use the key exchange to establish a session password. You could use that temporary password to authenticate all requests in that session. I do know of an intro video for Diffie-Hellman: https://youtu.be/Ex_ObHVftDg

The first two options I suggested require the server to have user public keys for each account. The Diffie-Hellman option also requires users to have the server’s public key available. An advantage is that Diffie-Hellman authenticates both parties to each other so users know they can trust the server. But if your server uses https you’ll get server authentication anyway during the connection key exchange. And the Diffie-Hellman session password needs an encrypted connection to be secure. The JWT option would probably also need an encrypted connection.

My conclusion after researching this a while ago is that the good options are Borg and Restic. Both give you incremental backups with cheap timewise snapshots. They are quite similar to each other, and I don’t know of a compelling reason to pick one over the other.

Always a good one! It seems overdue for an update to include Clojure, Go, Rust, Typescript, Swift, and Zig.

Are you using swayidle? It’s supposed to automatically keep the screen on when there is full-screen video playing. It’s the same in Gnome: you generally don’t need caffeine if a full-screen video is going.

How are you playing videos? Maybe the player doesn’t correctly implement the idle inhibit protocol. Or if you’re using sway bindings to make the window fullscreen instead of using the app’s own fullscreen mode then maybe the player doesn’t know it’s fullscreen, and doesn’t set up the idle inhibit.

If you do want manual idle inhibit control, if you use Waybar it has an idle inhibitor module that mimics caffeine. If you don’t use Waybar there is a little Python script you can run. Kill it when you want to stop inhibiting idle. actually wib looks like a better option

This seems like a restatement of X. We still don’t understand Y. I’m especially confused about:

• Why are SHA-256 and friends ok, but IPFS CIDs are not? They have basically the same functionality.
• Do you need a distributed network, or is a single server ok?

There was some hint that maybe you’re concerned about reproducibility for CIDs? If you fix the block size, hash algorithm, and content codec you’ll get consistent results. SHA-256 also breaks data into chunks of 64 bytes as it happens.

Anyway Wikipedia has a list of content-addressable store implementations. A couple that stand out to me are git and git-annex.

I’ve mainly worked as an employee so I don’t have as much experience with freelance gigs. But nearly every job I’ve had in 18 years has been through networking. Organizing and speaking at programming meetups opened a lot of doors for me. It gets a lot of attention on me while I get a chance to present myself as an expert.

Eventually I’d worked with enough people that when I’ve been looking for work I find I know people who’ve moved to new companies that are hiring.

I’m gonna take a couple of stabs in the dark.

According to this Stack Overflow answer using tee can prevent the prompt from drawing which makes it appear that a script has not terminated. The answerer’s workaround is to put a very short sleep command after the tee command.

If this is what happened to you maybe the reason the script works in bash but not in zsh is because you have different prompts configured in those two shells.

Another idea is to replace tee with sponge from moreutils. The difference is that sponge waits for the end of stdin before it starts writing which can avoid problems in some situations.

I’ve been using nushell as my shell for a long while. Completions are not as polished as zsh - both the published completions for each program, and the UX for accepting completions. But you get some nice things in exchange.

I LOVE using nushell for scripting! CLI option parsing and autocompletions are nicely built into the function syntax. You don’t have to use the shell for this: you can write standalone scripts, and I do that sometimes. But if you don’t use it as your shell you don’t get the automatic completions.

Circling back to my first point, writing your own completions is very easy if you don’t like the options that are out there. You write a function with the same name as the program you want completions for, use the built-in completions feature, and it’s done.

If the return type of a function is NonEmpty the value returned is guaranteed to be non-empty because it is not possible to construct an empty NonEmpty value. That’s the “make illegal states unrepresentable” mantra in action.

At runtime you might get a list from an API response or something, and it might be empty. At that point you have a regular list. Following the advice from the article you want to parse that data to transform it into the types representing your legal states. So if the list is not supposed to be empty then somewhere you have a function that takes the possibly-empty list, and returns a value of type NonEmpty. But if the list actually is empty that function will fail so it has to be able to return or throw an error. The article uses the Maybe type for that which is one of the Haskell types for functions that can fail.

Once you have parsed the input list, and successfully gotten a NonEmpty value the rest of your code can safely access the first element of the list because a value of that type is guaranteed to have at least one value.

Hey I had this post in mind just yesterday when I was working on some Mastodon client code to show comments on my static-site blog. Typescript is especially well-suited for deriving types from parsers. I also enjoyed brushing up on how to use JSDoc annotations and ES modules to publish what is effectively Typescript that runs in the browser without a build step.

Probably not very similar, but Git Butler is very interesting. It adds its own layer of management so that you can have multiple branches “applied” to your working tree simultaneously. It’s helpful when you have multiple changes that should go into different branches, and some that shouldn’t be committed - it has a system of lanes that help keep track of all that. Or you can test how changes from two branches interact.

Last time I used it, maybe 6 months ago, it was rough around the edges so I didn’t stick with it. But they’ve done lots of work since then so I’m thinking of giving it another go. It is (last I checked) an all-in tool. When you’re using Butler on a project you probably won’t be able to use other git tools.

I think it depends. Lua is great for scripting - like when X happens do Y. I agree that makes sense for a case like Home Assistant. Sometimes you really want the result to be a data structure, not an interactive program, in which case I think more sophisticated configuration (as opposed to scripting) languages might be better.

Yes, there’s a good example. Ansible would make more sense if its configuration language was Nix…

Oh, thanks for calling that out. I think I may have mixed up some of the frustrations I experienced at an old job.

I agree - YAML is not suitable for complex cases that people use it in, like Terraform and Home Assistant. My pet peeve is a YAML config in a situation that really calls for more abstraction, like functions and variables. I’d like to see more use of the class of configuration languages that support that stuff, like Dhall, Cue, and Nickel.

There is another gotcha which is that YAML has more room for ambiguity than, say, JSON. YAML has a lot of ways to say true and false, and it’s implicit quoting is a bit complex. So some values that you expect to be strings might be interpreted as something els.

Zed invented tree-sitter which is a great feature. But since tree-sitter is open source it’s also available in neovim and helix.

I think this is good advice. Don’t over-think it!

Modern frameworks like Playwright do a good job of avoiding those waits. So the tests are less flaky, and are faster.