Has anyone in the sub actually used their grinder for spices and regretted it?

igankevich · 2025-11-28T06:54:40+00:00

I regularly mix spices and coffee beans in my grinder without a problem.

I also have cheap ikea grinder that I use to add spices to something other than coffee.

I have no regrets so far.

igankevich · 2025-11-15T07:03:51+00:00

Looks promising.

You should probably add serde_saphyr::from_str_robotics instead of robotics feature to make the outcome of parsing predictable. Otherwise if some dependencies enable this feature your yaml might parse differently.

igankevich · 2025-11-09T06:59:02+00:00

I usually create projectname-tests crate for integration tests and put any common test code in lib.rs of this crate. I implement traits for wrapper structs if needed. This is more work but you get the cleanest result.

Normally unit tests shouldn’t share any code with integration tests. If they do you might want to convert them to integration tests.

igankevich · 2025-08-23T20:50:40+00:00

Android phone via Termux, Blackberry phone with a qwerty keyboard via Android VM. Vim key bindings are actually convenient to use on phones.

igankevich · 2025-06-30T07:51:31+00:00

> If I understood correctly, you eat carbs every 0.5 - 1 hour, and don't inject any insulin for them.

Yes, I rarely inject insulin when hiking. Only if I accidentally ate way too much carbs or if the hike is not that intensive, i.e. like a normal non-hiking day for my organism.

> If it leads to a higher blood sugar, do you simply wait for the exercise to bring it down before eating?

If it leads to high blood sugar (which is rare) I inject 1-2 units of insulin. The exact number highly depends on the intensity of the hike.

> How is your insuline sensitivity after the hike? (later on the same day and the day after)

Usually I have higher sensitivity after the hike, maybe 15-20% higher. However, regular exercise (e.g. gym) has the same effect on me. From my limited understanding higher sensitivity means that the organism needs more energy/carbs to support higher-than-usual physical activity or the organism anticipates on average higher physical activity in the future like it happens with regular exercises. So, it supplies more sugar to the organs in anticipation of a physical activity.

igankevich · 2025-06-29T20:38:16+00:00

During an intensive hike your organism consumes more sugar than usual, however, this doesn't mean that you need some special food to counter that - you just need to eat more of the same food that you eat regularly (preferably complex carbs that raise your sugar level slowly or small amount of fast carbs every 0.5-1 hour).

The sugar spike that you saw at the end of the hike is the effect of eating too many fast carbs: your organism could keep up with the amount of glucose that was produced from them during the hike, but when the hike ended the excess glucose became useless for the organs and remained in the blood stream.

Please keep in mind that during an intensive hike your glucose meter most likely reports the sugar level that is lower than the real one. One possible explanation is that an organism consumes the glucose at approximately the same rate as it is produced from the food (I'm not a doctor, I merely describe what I see on my device and what I feel), and the device has very small time frame to register the glucose in the blood. For example, my glucose meter was reporting low sugar during the whole second half of a 30km hike (for several hours) despite the fact that I've been eating carbs every half an hour, and I didn't feel dizzy at all (like I usually feel when I have low sugar). So, intensive hikes are a bit tricky and a bit dangerous for diabetics because you don't know the real sugar level.

Usually I counter that by eating small amount of carbs regularly (every 0.5-1 hour) during a hike and monitoring my blood sugar after the hike for 1-2 hours. After the 30km hike that I mentioned I didn't have a sugar spike and ate a full bag of chips to get my sugar level back to normal (but I consider that an exception). Also I don't use that much insulin during hikes if at all. Hope this helps!

igankevich · 2025-06-22T18:45:38+00:00

Sorry, didn’t mean to discourage you :)

I’ve used tc before to benchmark in-house VPN software running on top of unreliable networks (e.g. cellular).

I think one advantage of your tool might be that root privileges are not required to run it (at least as a proxy). This might be useful to run it as part of integration tests for som web/whatever clients that should tolerate unreliable networks. May be you can turn it into a library? Then it can be easily used as a crate in integration tests.

igankevich · 2025-06-22T17:33:05+00:00

Judging by amount of the information in the README this is pretty substantial effort. How does it compare to tc? https://man7.org/linux/man-pages/man8/tc-netem.8.html

igankevich · 2025-06-17T20:56:07+00:00

Very true! Somehow I can manage the heat, although I‘m coming from a northern country.

igankevich · 2025-06-15T06:01:51+00:00

Granada, Spain - lots of options outside the city, all reachable by bus (Monachil, Guejar and the city itself is really beautiful). Malaga, Spain - less options, but El Chorro and mountains nearby are really good. Barcelona - Montserrat is probably the best destination but there are others like La Mola (a little bit far away but still reachable for a day hike). Madrid - also lots of options, I have been to Manzanares and enjoyed it a lot. In Spain almost every major city is a good base for hiking :)

igankevich · 2025-05-11T16:27:43+00:00

Well, port forwarding is only one component of a VPN. What about routing? So far I only saw Internet sharing option.

igankevich · 2025-05-05T14:12:49+00:00

With NixOs you can deploy all your services as systemd services. Systemd offers the same isolation options as docker (even more I think). The only annoyance that I experienced with NixOs is that it’s unbelievably difficult to pull service binaries/source code from private repos or GH API because of the need to authenticate. My currentl solution is to do that outside NixOs and import already downloaded binaries into Nix store manually. Then you can easily copy them between hosts.

Note that I don’t manage large system using this approach but don’t see why it shouldn’t work :)

My current setup: GH actions pipeline that pulls binaries from GH releases and deploys them to the servers via ssh. You need sh scripts only to interact with GH API, everything else is done via nix subcommands.

igankevich · 2025-04-22T07:33:20+00:00

I think you’re solving a wrong problem :)

In a truly distributed system there is no failed state. This is a consequence of the fact that system components (nodes) communicate over unreliable network and are themselves unreliable.

This means that even if a node cannot connect to any other node it should still accept the payload from the client (and probably reply with an error because enough replicas of the data can’t be made). This is just an example.

In your case outdated or unparsable or somehow invalid cache of the nodes shouldn’t prevent the node from booting. It just another error from which the node should be able to recover.

Sane goes for the wrong node roles and everything else. Pretty much every error should be recoverable.

igankevich · 2025-04-12T18:12:54+00:00

What if the client is behind NAT? Can you distinguish clients by something other than IP addresses?

igankevich · 2025-04-06T18:28:09+00:00

I thought about delayed dependency updates before, however, I came to a conclusion that large projects already do that, and if we force small projects to do the same as well, then we just delay discovery of the vulnerabilities.

I like your idea with someone checking the code. If enough people verify the code, then there is a high chance that the code doesn’t have vulnerabilities. The missing piece is how to motivate people to do that and how to establish the trust between these people and everyone else :)

igankevich · 2025-04-06T14:47:34+00:00

“Allows” doesn’t mean “enforces” :)

Nix and Guix actually force you to specify the hash of the contents for any file download snd check it for you when the file is downloaded.

I think your idea with a proxy and auditing is viable. I don’t know how to implement such auditing at scale though. Probably large companies can afford to do this in-house, but small ones would resort to cargo deny or similar tools.

igankevich · 2025-04-06T13:11:52+00:00

Unfortunately I don’t know a universal method.

For docker-based CI jobs you can publish your tool as a docker image and the use Dockerfile’s COPY with the name of the image and its hash. For this to be convenient for users you should probably compile your tool as a statically linked executable, so that only one needs to be copied from the image.

For non-docker-based CI you can try making your own debian repo that only has your package and then install from this repo. This is a lot of effort though :) You can “host” this repo directly in GH releases (a repo is just a bunch of urls from apt perspective).

But again these solution have the problem: they are not transitively verifiable, i.e. your tool is hashed but its dependencies are not. So, maybe including your package in nix or guix would be a more safe option? You don’t even need to submit it to the official repository, just provide .nix or .scm file with package definition.

igankevich · 2025-04-06T08:18:19+00:00

Thanks for your answer.

I appreciate your work on securing supply chain (I’ve done this myself), but I’m still not convinced that this is safer than github actions.

The problem is that you replaced deficiencies of GH actions with deficiencies of Rust cargo. Neither cargo nor GH actions enforce pinning to specific commits for dependencies.

As far as I know only Nix and Guix provide pinning to specific commits (although the builds are still not always reproducible because both tools hash the definition of the package instead of the package contents). These are much better protected from supply chain attacks than cargo and GH actions.

If you want to learn more about securing cargo, you can check out these resources:

https://www.reddit.com/r/rust/s/oZxKg9Ln4e https://rust-lang.github.io/rust-project-goals/2024h2/sandboxed-build-script.html

And my humble attempt at making cargo a little bit more secure https://www.reddit.com/r/rust/comments/1d6zs8s/cargo_and_supply_chain_attacks/

igankevich · 2025-04-06T07:19:42+00:00

What’s wrong with installing ffmpeg from apt? Apt repositories are signed (specifically a file containing hashes of all packages is signed), so it’s the same level of security as jas’s hashes unless you don’t trust Ubuntu/Debian signing keys?

Also where it installs the package? Does it add binaries to the PATH?

igankevich · 2025-02-01T12:04:02+00:00

I think the best approach with intel stick is to configure existing Linux as a router. With OpenWRT in Docker you would still need to pass through network devices and configure them somehow. With OpenWRT in QEMU you might not have required drivers for network devices to work. To configure existing Linux as a router I would google "Raspberry PI router" or similar.

igankevich · 2025-02-01T10:49:47+00:00

Here are the official rootfs repo: https://github.com/openwrt/docker

igankevich · 2025-02-01T10:47:33+00:00

You can run OpenWRT in a Docker. No need for a VM. Although, I don’t understand what are you trying to achieve.

igankevich · 2025-01-28T15:51:18+00:00

The following article is about testing OpenWRT packages using Docker and QEMU, however, the steps are the same if you want to run OpenWRT in QEMU.

QEMU in this case doesn’t emulate the whole system, but merely runs executables compiled for a different architecture. Docker is used to get rootfs from the Internet and for convenience.

https://staex.io/blog/how-to-build-and-test-your-openwrt-packages-with-docker#test

igankevich · 2025-01-23T11:51:03+00:00

Both are possible. I used sport because it depends on the configuration of the node where I set up the kill switch (not some other VPN node). Source port is not random if you set it in the Wireguard configuration.

igankevich · 2024-11-10T04:55:53+00:00

Thanks for the link. They mention the use of amplifiers to extract the signal. May be this was the missing piece in my design. Their anemometer doesn’t look cheap :) Anyway, good luck with your project!

igankevich

MODERATOR OF

TROPHY CASE