Skip to content

From a work conversation:

I wouldn't trust Google with my calendar, even if it only has 0.75 meetings a week.

Webmention counters:

  • 0
  • 💬0
  • 🔄0
  • 🔖0

Ooh, what's that, a new profile pic?!

(finally got to updating it on my website. machine learning for avatars is so late 2010s, not trendy rn, besides, a friend drew it for me!)

Webmention counters:

  • 0
  • 💬0
  • 🔄0
  • 🔖0

Cryptocurrency-adjacent projects are sometimes inconsistent as fuck.

I tried to register on Farcaster, and tried to use the network creators' official app, Warpcast.

Okay, one needs to pay for storage on the network... but why is the only option to pay on the official app is fiat money?! isn't cryptocurrency supposed to replace fiat money?

Cryptocurrency-adjacent projects are too inconsistent sometimes.

Webmention counters:

  • 0
  • 💬0
  • 🔄0
  • 🔖0

Something must be horribly wrong with me if the first tool I reach for to edit a post is psql.

I should really design a proper Micropub client designed for editing, incl. editing HTML.

Webmention counters:

  • 0
  • 💬0
  • 🔄0
  • 🔖0

Watching a good video about GitHub Actions by fasterthanli.me got me thinking: What is CI?

To me, CI is a thing that builds my things, runs my tests and deploys my things.

To build and test, I use Nix. To deploy, I copy the software that I've built using Nix to a server and run it (simplified; I actually use NixOS, but it's pretty much equivalent to running a script on a server that installs my software).

Therefore, a build step is a simple nix build. A deploy step could therefore potentially be a nix run .#deploy in a clean, semi-isolated environment (deploys are an effect so we can't have a pure environment) that has some sort of secret defined so nobody else can deploy except my CI runner.

Could I potentially create something like this? Maybe. Could I also use it for my own purposes? Also maybe. Would it be secure? ...probably? As long as I do a good job at isolating things and not running untrusted code (such as deploying from branches that I do not control), it should be. I mean, GitHub Actions is attacked by cryptominers occasionally as a result of PRs running CI.


Nix has timeouts, so jobs can't run forever. Also Nix isolates builds from networking, so a cryptominer would be rather useless in such an environment.

Deploy steps are trickier to secure. But on the other hand, you don't really want to deploy from an untrusted branch that you don't even know about, right? One usually deploys from main, and this simplifies things — you just have to make sure you don't fuck up your main branch. So I guess security becomes a matter of code review. And also keeping your deploy secrets a secret.

I think I should try my hand at this someday.

Webmention counters:

  • 0
  • 💬0
  • 🔄0
  • 🔖0

Scrolling through TikTok, I find some crazy news about Alabama.

Looking at the authorship... thankfully it's The Onion.

Dang, I almost believed it.

Webmention counters:

  • 0
  • 💬0
  • 🔄0
  • 🔖0

Today I realized that a function that always returns true can technically be considered a bloom filter with a false-positive rate of one. If you're willing to stretch your definition of bloom filter, of course.

The best thing about this bloom filter is its memory usage. It uses zero memory.

Webmention counters:

  • 0
  • 💬0
  • 🔄0
  • 🔖0

TIL that ip rule supports a uidrange condition that allows to route traffic for specific users. This is useful in combination with Tailscale exit nodes or other VPNs to allow setting a different default route per-service (you do run your services as separate UIDs, right?)

Webmention counters:

  • 0
  • 💬0
  • 🔄0
  • 🔖0

Somehow I ended up playing with SIMD and I wrote an IPv6 96-bit prefix comparison function that's 250 picoseconds faster than doing lhs.segments()[0..6] == rhs.segments()[0..6].

I have no idea what to do with these 250 picoseconds I am saving every time I need to compare 96-bit IPv6 prefixes.

Webmention counters:

  • 0
  • 💬0
  • 🔄0
  • 🔖0