Hi friends, I develop and maintain the komorebi tiling window manager and have been posting live coding videos documenting its development for just over a year now....
Sharing some numbers on what people can realistically expect with GitHub Sponsors on a moderately popular project without any external / VC / corporate backing.
In this video I discuss the trade-offs of building on top of unstable reverse-engineered private APIs, why I decided against it, and compare to similar software that chose to use them....
Thank you! Though please keep in mind this part of the README 😅
While Satounki is currently in a functional state, there are no documented steps for deployment and I don’t recommend that anyone use this software for anything mission-critical just yet.
Depending on how badly my current job search goes (lol) I’m hoping to have this in an easily deploy-able format for both NixOS and Kubernetes, but it’s not too difficult to get up and deployed if you follow the development instructions and provision the credentials in the relevant places 🤞
tl;dr all the same caveats with self-hosted software apply; don’t do anything you wouldn’t do with a self hosted database or monitoring stack.
Well the actual rules — who gets access to what
The rules themselves are the same public rules in the IAM docs on AWS, GCP etc., while the collections of these public rules (eg. the storage_analytics_ro example in the README) defined at the org level will likely be stored in two ways: 1) in a (presumably private) infra-as-code repo most probably using the Terraform provider or a future Pulumi provider, 2) the data store backing the service which I talk about more below.
“Who received access to what” is something that is tracked in the runtime logs and audit logs, but as this is a temporary elevated access management solution where anyone who is given access to the service can make a request that can be approved or denied, this is not the right place or tool for a general long-lived least-privilege mapping of “this rule => this person/this whole team”.
where is that stored and how is it secured, to what standards?
This is largely up to the the team responsible for the implementation and maintenance, just like it would be for a self-hosted monitoring stack like Prom + Grafana or a self-hosted PostgreSQL instance; you can have your data exposed through public IPs, FQDNs and buckets with PostgreSQL or Prom + Grafana, or you can have them completely locked down and only available through a private network, and the same applies with Satounki.
Is there logging, audit, non-repudiation, tamper-proof, time-stamping etc.
Yes, yes, yes, yes and yes, though the degree of confidence in each of these depends to some degree on the competence of the people responsible for the implementation and the maintenance of the service as is the case with all things self-hosted.
If deployed in an organization which doesn’t adhere to at least a basic least-privilege permissions approach, there is nothing stopping a bad internal actor with Administrator permissions wherever this is deployed from opening up the database directly and making whatever malicious changes they want.
This (Windows employing different methods to prevent users from writing programs that programmatically change application focus) has been an ongoing struggle for me for the better part of 3 years....
I spent 8 years doing Java development, layoffs are coming soon (my second time this year! 😊), I know how hard it is to get a job out there, and I’m tired of Java. So I was wondering if anyone had any advice for pointing my career in a new direction. I’d like there to be some technical aspect to it still, which is why I...
I wish I had more advice, but I’m in a similar boat, just got laid off earlier this month after being with the same company from Series A in 2018 all the way until today. I’m sending job applications and trying to get interviews, but it’s hard to get past the resume screening stage, even with 8+ years of experience.
I’ve mainly been working in DevOps/SRE/Platform Infrastructure, but I am also an accomplished developer with a pretty thick portfolio of widely used open source projects, though it doesn’t seem to matter.
There are so many applicants for every single job now that it feels hopeless, and of course every single opening wants you to waste your time on multiple asinine LeetCode gotcha questions.
If I lived somewhere with a public health system I’d love to take what money I have saved up and open a traditional middle eastern bakery, but I need to do something that will bring health coverage for myself and my family. Who knows, I might just end up working at Trader Joe’s. 🤷♀
Tryna get back to RSS. I currently love reading tonsky.me but that’s about it, and it’s not uhhh devopsy. So I’m all ears for anything interesting that you all like!
It’s not exactly a traditional RSS feed, but I run a feed of my highlights on all things related to software development, and I’m an experienced DevOps engineer so a lot of my highlights are coloured by that experience.
If you come across a highlight that is interesting you can click to go and read the whole source article or comment. You can check out a HTML version before you decide if you wanna subscribe to the RSS feed.
It currently requires some extra steps to get Nitter up and running on NixOS as I found out yesterday. I documented the process for anyone else who might be looking to run their own Nitter instance between now and the trunk branch of Nitter being functional again.
Found some time this past weekend to work on a little “passion feature” that I’ve been wanting to implement for a while now; sharing the technical write-up for anyone else who is interested in automating headless screenshots with these tools or with others (the knowledge is pretty transferable!)
I think it’s a stack that really pays off in the long run for solo projects. After a long week of work the last thing I want to do is go tracking down runtime errors (undefined is not a function, my old friend) or messing around with Docker containers and Kubernetes clusters. It also doesn’t hurt that once you throw away the costly deployment abstractions, the operating expenses turn out to be a lot cheaper.
Building a GUI for my Tiling Window Manager in Pure Rust with egui and eframe (www.youtube.com)
Hi friends, I develop and maintain the komorebi tiling window manager and have been posting live coding videos documenting its development for just over a year now....
Open Source Financial Sponsorship Breakdown for 2023 (lgug2z.com)
Sharing some numbers on what people can realistically expect with GitHub Sponsors on a moderately popular project without any external / VC / corporate backing.
Selectively Using Service Modules from NixOS Unstable (lgug2z.com)
cross-posted from: lemmy.world/post/13113247...
Why Komorebi Can't Use Windows Virtual Desktops (www.youtube.com)
In this video I discuss the trade-offs of building on top of unstable reverse-engineered private APIs, why I decided against it, and compare to similar software that chose to use them....
Building and Privately Caching x86 and aarch64 NixOS Systems with Github Actions (lgug2z.com)
Satounki - Temporary elevated access management as a self-hosted service (github.com)
cross-posted from: lemmy.world/post/9143654...
Win32 Window Focus Prevention Deep Dive (www.youtube.com)
This (Windows employing different methods to prevent users from writing programs that programmatically change application focus) has been an ongoing struggle for me for the better part of 3 years....
It's Pretty Easy to Build Your Own LinkTree with Analytics Using Hugo and Cloudflare Pages (www.youtube.com)
I got laid off this month and have a lot of time on my hands while I’m looking for new jobs 😅...
Any recommendations for a career change?
I spent 8 years doing Java development, layoffs are coming soon (my second time this year! 😊), I know how hard it is to get a job out there, and I’m tired of Java. So I was wondering if anyone had any advice for pointing my career in a new direction. I’d like there to be some technical aspect to it still, which is why I...
Any interesting blogs to follow?
Tryna get back to RSS. I currently love reading tonsky.me but that’s about it, and it’s not uhhh devopsy. So I’m all ears for anything interesting that you all like!
Handling Secrets in NixOS: An Overview (git-crypt, agenix, sops-nix, and when to use them) (lgug2z.com)
cross-posted from: lemmy.world/post/8269080...
Providing Runtime Secrets to NixOS Services with Agenix (lgug2z.com)
A Working Instance of Nitter on NixOS (lgug2z.com)
It currently requires some extra steps to get Nitter up and running on NixOS as I found out yesterday. I documented the process for anyone else who might be looking to run their own Nitter instance between now and the trunk branch of Nitter being functional again.
Using Rust, Chrome and NixOS to Take Headless Screenshots for Social Sharing (lgug2z.com)
Found some time this past weekend to work on a little “passion feature” that I’ve been wanting to implement for a while now; sharing the technical write-up for anyone else who is interested in automating headless screenshots with these tools or with others (the knowledge is pretty transferable!)
Setting Up a NixOS 23.05 Development VM on Hetzner Cloud with nixos-anywhere (www.youtube.com)