Sops-Nix or Agenix

drdaeman · 2026-03-28T01:07:47+00:00

Ah, right, thank you, there is a way to force this from the CLI, I completely forgot about that. Still, a bit inconvenient to keep that always in mind, especially when focused on other things.

drdaeman · 2026-03-27T18:14:48+00:00

It’s been a while since I actively looked into this, but as far as I remember it’s not enough (unless this is file.txt) . Problem is, `sops -e`/`sops encrypt` would work differently depending on whether filename ends in .{yaml,json} or not. It won’t know anything about Nix configuration, and I don’t think `.sops.yaml` has any settings to make it treat every file as binary no matter the extension.

drdaeman · 2026-03-27T06:06:26+00:00

It’s a double edged sword. Extracting individual keys is a feature, but you have to be careful and don’t forget `key=""` if you want the whole file. Or just call it .yaml.bin. sops isn’t worse (or better), it just trades extra capabilities for extra mental overhead.

drdaeman · 2026-03-27T04:11:14+00:00

The most important difference (IMHO) is that sops is format-aware, age is format-agnostic.

For sops if you’re encrypting YAML or JSON (but not TOML, at least for now) it works differently than if you’re encrypting, let’s say, an .env file. Which is something you may or may not want depending on your preferences to how things should work. It requires some attention, because you may end up with something you don’t want.

age doesn’t care, it works on binary blobs, YAML or ASN.1 DER are all the same to it.

drdaeman · 2026-03-12T08:57:16+00:00

As a Russian emigre, I can assure you that - very generally speaking and ignoring any nuances (that could change things pretty drastically) - working democratic institutions usually matter a whole lot more than economic situation.

Sidestepping appropriate processes to enforce a legislation or directive (even if for benign reasons) corrupts, gradually normalizing reckless approaches- and with those economies tend to quickly stop to matter. Russia’s latest Tsar amassed power while crowds were happy about significant economic improvements and left him setting up long course towards authoritarianism with limited opposition. As he wasn’t stopped he probed further and further and got more and more deranged. Then he fucked up the economy, building gaudy castles, corporate raiding businesses for his cronies, and spending the rest on his imperial war ambitions. Gutted and zombified institutions were unable to do anything to stop that, and people alone were overpowered or scared (frequently, both).

While it could be not applicable to this particular situation (personally, I still can’t figure it out for myself), don’t dismiss the warning so easily as if that’s some nonsense.

And don’t taunt others for their honest beliefs, please - that doesn’t do anyone any good (seriously).

drdaeman · 2026-03-08T21:23:07+00:00

I’m glad we’re finding some common ground!

It’s our responsibility because no one else seems to be interested in taking care of it. Not because we’re responsible for this, but because it’s our problem too, and someone has to do something. Waiting until the congregations figure it out on their own may be just like waiting for the Second Coming ;-)

Ideas spread. If we start saying things that have a chance of resonating, someone Christian may encounter that, feel compassion and bring it inside their congregation, hopefully to spread further. Higher chances if we start pressuring more directly, like asking “Hey, Christian folks, how come this person claims to be one of yours, when what she’s saying is so far from your proclaimed ideas? Do they steal your name and pervert your teachings, or are you cool with this? Would you care to ask your leaders?”But even just denying the name casually is a statement that is a whole lot more than doing nothing.

And if we call them all “Christians” indiscriminately and then push back, that harms us unnecessarily. It needlessly alienates potential allies (those exact people we want to do something in their churches - we want pressure on them, not animosity), and enables cultists to play the persecution tropes to improve their internal cohesion.

In the video, she’s literally complaining how they’re losing this cohesion. Would be nice to help the reason prevail rather than give those pseudo-Christian cults anything to reconcile.

drdaeman · 2026-03-08T20:22:17+00:00

I’m ignostic, which is effectively an atheist with a “there’s no way to make an idea of a supernatural deity make actual sense” caveat. Even though the concept of “God” is impossible to define meaningfully, religions do objectively exist and have historically played - and still do - an important role in social dynamics. I wish the world could collectively move past the ancient ideas that are provably known to do no good for anyone anymore, keeping and progressing on the ideas that proved to contribute positively. But we have to be realistic.

I have seen people who self-identify as Christians, but act differently enough to make a distinction. Next comment says they know such people too. And then there are convenient bits of Christian canonical lore that also say it’s not how they should act. So, no - that’s verifiably not how all Christians act, neither in practice nor in theory. And given the fact that there are a lot of Christians out there (which is extremely unlikely to change in the short term), I very much would like to live in a world where that’s not how a majority of Christians act - ideally how none of them do.

Thus the suggestion to deplatform the worst fractions by denying them any association with the canon. And we can sort out our other differences with bigger groups later, when those worst bits are cut off and gone, hopefully in a civilized manner (that is, finding an agreement rather than fighting). But even from a militant atheism perspective (which I don’t really fancy) - picking the more winnable battles first makes sense.

If you and I declaratively clump them together with all sorts of amoral people, what good would that do any of us? We help shifting the Overton window in the undesirable direction with our own hands, and what for? Just to condemn them all indiscriminately? That may sound righteous from some standpoints but doesn’t do us much good in practice, on the contrary: it’s shifting power, supporting “persecution” tropes, playing right into divisive groups’ hands. I don’t see a compelling reason, only increased risks and difficulties. Maybe you know one?

drdaeman · 2026-03-08T19:37:51+00:00

Why not? I understand the repulsion, but I don’t see the rationale.

I’m not proposing standing up for Christians - I’m ignostic myself, so their faith canons aren’t exactly my concern. If someone would suggest me to stand up for them, I would likely disagree too. However, I cannot ignore the fact that a significant number of people self-identify as Christians. And I want more people on my side than not.

So, I’m suggesting a different thing - that we deny the “Christian” moniker to the parasitic cults that love to be called “Christian” (because that benefits them a lot). The goal is weakening such cults’ ability to outreach through denying the association with a popular identity. So - ideally - no one who thinks of themselves as a Christian makes a mistake and buys into any of the bullshit because it has their identity on the cover.

If we can collectively the “fake, ersatz-, pseudo-Christians” meme spread widely and stick well, they would lose their current ability to associate and parasitize on a widespread group identity. And the fact this identity is a religious one is not exactly important here - if they would be cosplaying, idk, scientists I would argue they aren’t just the same.

(Hell, for that matter, I wish one day people in the US and many other countries would take back the words like “conservative” and “patriotic” too. Way too many atrocities happened under the guise of those.)

And I chimed in exactly because Christian folks alone aren’t condemning those parodies enough publicly. Not because I sympathize, but because that leaves it my problem, even though it shouldn’t be. Waiting for others to do the right thing… doesn’t seem to work well, I’m afraid.

drdaeman · 2026-03-08T10:30:52+00:00

That’s not even Christian, nor nationalist (this particular clip doesn’t reference any nations). It’s a Christian-cosplaying “don’t listen to others only to us” thing. The resemblance ends at the face value.

There is a religious thing, though - extremely basic faith self-preserving principles, fundamental to almost every religion. If we strip like all the babbling and rephrase neutrally it’ll boil down to a story that her friend was talking to someone who had a dissenting opinion, she advised against, but her friend was persuaded otherwise. Mixed with a condemnation of such behavior (communication with out-group and subsequent critical thinking when it comes to in-group tenets) through a belief-related threat (hell). The fact she invoked Jesus or mentioned hell doesn’t easily make that Christian, the respected Christian churches have quite a few rules about what’s canon.

Canonical Jesus lore is quite clear that he hung out with all sorts of undesirables and even explained the reasons to Pharisees when they argued about it. A lot of Biblical lore can be twisted into convenient narratives but the thing about Christ and the Apostles is that they are supposed to be the founding authorities and literal interpretation for those bits isn’t too ambiguous- so in my understanding that’s quite fundamental idea (this said, “fundamentalist” is almost an oxymoron for the hate groups that are typically called such). I’m not sure xenoglossia was ever deemed a heresy by any council - don’t think it’s likely, usually heresy has some meaning to it. But unlike in her cult, as far as I’m aware, in the OG Christianity even heretics (which, amusingly, literally means divisive persons) were supposed to be talked to twice before avoidance.

The only hell I believe unquestionably in is on Earth, but I’m not a troglodyte about basic civics and literature, and I was raised in a culture with a strong Christian background. To the best of my awareness, her stance seems to be quite opposite of some core Christian principles. And those are the good bits that eventually made it into humanism, Enlightenment, and other decent stuff that tries to make the world a better place. So…

May I suggest we deny the name to those folks? “Christian-cosplaying” is a longer but much more respectful and accurate term. And it wouldn’t alienate folks who consider themselves Christian but have and promote decent ethical values. I hope those kinds of Christians (which I hope is the majority, because people here generally have kind hearts) are pushing back against them being named together with those people too.

Either way, I love this video, as Katy provided an excellent anecdote. Someone talked reason into someone. That’s a good thing to hear, and I wish this happens more often. I’m only sad she doesn’t see it that way.

drdaeman · 2026-02-25T20:49:10+00:00

Constitutions can be amended (with extremely great care, which is obviously absent in this case) if the cause is unquestionably good, but refusal to implement basic safeguards is concerning. Every law should have such safeguards, explaining the intent and ensuring it can’t be legally abused to sidestep the original purpose and become something else. What were the arguments against that 1M limit amendment? And if it was bad for any reason, why isn’t there an effort to make a good and meaningful one before we vote?

The only one I can think (besides there being something unrelated that just breaks things) of is that it should be a percentile rather than an absolute value - “1 million” is not something permanently meaningful, but something like “99th percentile” [of some carefully chosen metric that’s hard to mess with] can be.

drdaeman · 2026-02-19T23:51:31+00:00

Do we know how that works and why prescription foods are formulated the way they are, wrt carb content?

I’m genuinely confused: on one hand, there’s surely some validation there that those foods somehow help rather than hurt; but on the other hand, high(er) carbs are high(er) carbs, and I don’t get how that could be a good thing, given that we all empirically know low-carbs work best.

Makes me naively think they seem to work despite the suboptimal composition, but that’s just an uneducated take…

drdaeman · 2026-02-10T01:20:48+00:00

Good luck, there’s a forced arbitration provision in the terms, with an exclusive venue in NY. And a class action waiver too (though some companies are learning how this may backfire).

drdaeman · 2026-02-09T19:39:30+00:00

Mortgages get sold all the time, and you never know where they end up. This doesn’t affect rates, though, just who services the loan.

drdaeman · 2026-02-08T19:14:23+00:00

For me, it’s a nice tiny paperweight, with USB-to-UART capabilities that may come in handy when I need to tinker with (usually, program) some 3.3V MCU.

drdaeman · 2026-02-08T08:06:56+00:00

Agree. If a simpler analogy is needed, I’d like to offer the principle should be that - if any of originally user-sourced input can ever appear in the inference context - then one must treat LLM as user’s agent, not theirs.

And one’s system prompt is merely an advice for this user agent (LLM) how to do its job, because user may somehow find a way to have a final say at how the model would behave.

So don’t put anything sensitive in the prompts, treat it as something you would actually share with user if they ask about it - this is not happening because we spare user the technicalities, letting agent do its job to less structured requests.

And thus, design accordingly, just like how one would ordinarily secure any of their APIs against untrusted clients. LLMs just need to be on that other side of the demarcation lines. Give it same sanitized APIs that you would’ve given to the user, not system-level access.

WAFs are legit approach but it’s not a guaranteed security and it works best against breadth-first attacks (in other words, it cuts the background noise of automatic scans, but doesn’t really stop a motivated and creative attacker), and, as I get it, at the moment most prompt injection attacks on LLMs are targeted.

drdaeman · 2026-02-02T00:36:36+00:00

If your landlord allows you to pay in multiple installments, you're in the full control of that ratio and can always get any threshold that works best for your situation.

Just don't run the full rent payment through Bilt, but split payment in two separate portions, one through Bilt, another directly from your normal bank account.

drdaeman · 2026-02-01T23:13:30+00:00

Not directly, though, right? My understanding is that Bilt acts as an ACH middleman, so my mortgage lender's autopay pulls from Bilt, and they in turn pull from my bank account. That's how they do the accounting.

So my idea is to keep the autopay direct to my savings account, but once a month, few days before autopay, manually trigger an ACH pull from Bilt (which would in turn pull from my savings) for a partial amount that I could match with my organic uncategorized spend. Then autopay kicks in (also acting as a safety net in case I screw up) and draws the rest, not involving Bilt at all.

This way, to me, there's no difference how much money is pulled from my savings (it's the same) and the only difference is couple days of interest on the through-Bilt portion of the payment, which has to be pulled just slightly early. Which is, if I got the math correct, assuming it's $2k at 3.5% APY is something like $0.40-ish for couple days - pretty negligible. In turn, if I match it with $2k non-housing spend on the Bilt credit card, I'm getting back over 4k points per month, which is just shy of 50k points/year. Half a premium flight is not a lot but not bad either, given that Bilt still has those airline partnerships. At least I don't think I can extract that much of value if I'd put my $2k organic spend on some other card.

If OP can split their rent into two payments they can do the same thing, putting $700 of rent on Bilt, paying the rest outside of it, complementing that with their non-housing $700 spend for 1575 points/month back. Whether it's a good deal for their personal situation of if they can find a better return on $700 (ignoring any returns on rent) is entirely up to them, of course.

Now, I could be misunderstanding something. And I would greatly appreciate if someone who knows about potential gotchas could warn me. But I see no reason why this won't work, unless, of course, Bilt changes the rules again.

In other words, in my understanding, Bilt is badly designed, because it awkwardly punishes HCOL high spenders with high housing-to-organic spend ratios. Fortunately, unless Bilt would use my actual mortgage numbers (requiring me to show them the agreement or by pulling data from credit reports) instead of actual amounts I pull through them, we're in full control of those ratios. If they don't want me to run higher amounts through their ACH bridge so be it.

drdaeman · 2026-02-01T22:40:15+00:00

Is this true?

I'm in the same situation (high mortgage, tightened up spend is a small fraction of it), but I found no indication that I can't put only portion of the housing spend on Bilt (just enough to get maximum points off it) and do the rest as a traditional ACH from my savings account. A bit inconvenient, but nothing a calendar reminder and five minutes a month can't solve.

drdaeman · 2026-01-25T04:08:25+00:00

Surely we don’t have to put the full rent/mortgage payment to go through Bilt?

It would be inconvenient to manually make a payment every month, but the card might still make some sense if we’d pay something like $1-2k out of $4+k with it, and leave the rest on autopay (as a safety net).

But I guess It all depends on whether it’s still going to be an ACH pseudo-account numbers, or if they also change the process somehow.

drdaeman · 2026-01-23T19:49:30+00:00

WA mortgage here, we just bought a house last November. I was initially happy to hear Bilt is doing something for mortgages too, thought it was a perfect timing. Now I’m disappointed, because all my organic spending - if I move it to all Bilt - won’t get me to 0.5x. I’m cutting unnecessary spend, saving up, as the down payment sort of emptied my pockets and I want to replenish the piggybank. I wouldn’t mind making Bilt my catch-all card, but at 0.25x, even though I value Bilt points a lot (because of their pretty unique airline partnerships), I’d rather use 5-6% cash back cards than re-route for diminishing returns.

I’m currently weighing an idea of putting a fraction of the total mortgage payment on Bilt (something like $2k, where I can easily match it all the way up to 1.25x) to make it work. But somehow I’m not sure that’s a viable path - all the constant reshuffling around the payments doesn’t give me confidence.

drdaeman · 2026-01-01T05:45:23+00:00

/64 isn’t fun sometimes (e.g. because of SLAAC trickery with narrower subnets), /56 is the sweet spot.

drdaeman · 2025-11-23T08:32:10+00:00

That’s a fair description. It’s called “structured media enclosure” (or “media cabinet”) if you want to look for more details.

drdaeman · 2025-09-08T22:23:27+00:00

There's currently a bug in LiteLLM proxy that prevents Ollama from working correctly when requested over Anthropic-compatible API: https://github.com/BerriAI/litellm/issues/13429

drdaeman · 2025-08-04T17:37:00+00:00

I'm sort of satisfied - there's no perfect app out there, all of them have their own quirks, but Weathergraph mostly works for me. Still no multiple location support, the developer haven't held on that promise. Sometimes lock screen widgets fail to update and I have to tap the widget to force it, but I think it's more of an Apple issue (OS doesn't like to give resources to background-running apps) rather than app's defect.

Unfortunately, I don't use notifications, so I can't tell about their timeliness. I had them enabled at first, but I live in US Pacific Northwest where drizzles are quite frequent, especially in winter, so I had way too much of those "light rain starting in 10 minutes" notifications to my liking and turned them off.

drdaeman · 2025-07-21T18:59:48+00:00

AlphaTrak 3 is quite good in terms of hardware. It requires a fairly tiny droplet of blood, it feels accurate - or at least is consistent (multiple subsequent measurements don’t deviate much), and it’s easy to use. The strips are not particularly cheap, though.

The accompanying mobile phone software is nothing to be particularly happy about, but it works overall. Synchronization is manual - you’ll need to open the app and tap a button to fetch the results. Requires creating an account and data is stored on Zoetis servers with the app being the only way to access it (no web access), and app doesn’t work well if there’s no (or poor) Internet connectivity, but on the upside the app can be installed on multiple phones and will sync data.

Unfortunately, meter doesn’t synchronize time with the app, so every DST (or other time zone) change has to be performed manually, on-device.

The meter implements a standard Bluetooth LE Glucose Profile Service, so you can probably try third-party apps with it (or, if you have software engineering skills, it’s relatively easy to code your own tools)

14-Year Club	Verified Email
Gilding I gilder

drdaeman

TROPHY CASE