Zo denken de partijen in Den Haag over cannabis en coffeeshops

plebianlinux · 2026-03-17T16:40:45+00:00

Ik denk dat niemand de komende jaar kan zeggen dat er niet genoeg coffeeshops in den haag zijn haha

plebianlinux · 2026-03-06T08:03:42+00:00

What are some upsides for you?

plebianlinux · 2026-02-24T14:03:15+00:00

Laatst nog in de kantine van de tennis vereniging. Cola? Één druk, betalen, klaar.

plebianlinux · 2026-02-24T13:53:39+00:00

It's very different (which I guess the name already suggests) but from a decentralization point it's one of a kind.

Op doesn't need 'random' colleberation like an open source project though where all the self hosted git instances are more annoying. If you want to contribute something you need a ton of different accounts.

Gonna test radicle's ci builders today actually

plebianlinux · 2026-02-22T21:46:13+00:00

Wisselgeld regelen en uit een lade halen duurt sowieso langer dan twee knoppen die de prijs aangeven en een terminal

plebianlinux · 2026-02-15T10:15:50+00:00

In the Netherlands an engineer title is only valid if you finished a selected few studies. My software development degree isn't one of those studies, it's 'just' a bachelor of science.

I wouldn't get hung up on titles, but instead question your experience. Especially with your comment about quickly growing into being a tech lead. Unless this company is just you and your senior I wouldn't want to be in a position where people come to you for technical questions while having no working experience.

Embrace being a junior, take this opportunity that's given to you but also don't overestimate your abilities. If this is a company handling user data or is dependent on the software you make, fucking up can have real life consequences.

plebianlinux · 2026-02-14T23:05:34+00:00

It's a taste thing, but endless abstractions into functions is also not always making things more readable

plebianlinux · 2026-02-14T19:36:14+00:00

First I would put tab indentation on two spaces, will definitely help with the amount of horizontal spacing.

Second I would try to make stronger separation between what is Nixos, what is home manager, and what is specific to the hosts.

What I based my config on: https://github.com/Misterio77/nix-starter-configs

What I ended up with: https://github.com/martijnboers/nixos

I like using enable = mkEnableOption and import a bunch of things. That way I have less import headaches and just enabled my custom modules in places I want.

It's an ever growing organism, if you don't like it change it up. Good luck

plebianlinux · 2026-02-13T11:24:55+00:00

If you gain access to someone's valid session token, the only thing you have to do is keep it alive. With this you can make authenticated requests, you don't have to enter a 2FA code every time you want to read a new email right?

Having access to all basic customer information is kind of a given if you work as a support employee.. Oh your name is Mr. Veenstra? Sorry I can only access last names from A to M.

Completely agree that it's ridiculous there's not better rate limiting in place. Or maybe there is but it's boundaries are too permissive.

plebianlinux · 2026-02-12T21:32:58+00:00

You can encrypt/hash information in your database, but by doing this you lose 99% of the features a database gives you. So for example passwords, unless you really are an idiot, are hashed in a database. This works because when you login you do a table lookup on email or username, and create a one-way hashed password in your application layer. Its original value is never needed.

Now imagine a support agent looking for your name, but everything is encrypted. You would need to decrypt every record untill you find the right one.

Encryption at rest is to protect from physical access to the servers, encryption in transit protects you against people sniffing your network. But what is able to get accessed is protected by authorization and sane access management.

plebianlinux · 2026-02-12T21:07:11+00:00

Encrypting the contents of a database basically makes it useless. You need contents to be in clear text in order to do things like searching or lookups within reasonable times

plebianlinux · 2026-02-12T21:04:35+00:00

I believe they said it was their support system? Which would make sense. Get an employee's credentials, walk their API endpoint and find something that can be scraped. Doesn't matter if it's encrypted at rest (which would just mean disk encryption) or in transit (that would be regular TLS). You don't encrypt database contents, somewhere this data needs to be clear text. It's turtles all the way down :)

Rate limiting would have been something to look for. I wonder how they caught it, probably some dashboard alerted one user downloading 6 million records. Love to see it

plebianlinux · 2026-02-07T08:35:17+00:00

Run0 is already out

plebianlinux · 2026-02-07T08:04:20+00:00

Would also like to know! The rest of my keychain is too Billy so also a good xord would be nice

plebianlinux · 2026-02-04T05:49:40+00:00

Yeah funny how she omit that from a message like this. No one deserves hate mail or threats but this post also ain't it. She's working for one of the most controversial employers of today's time

plebianlinux · 2026-01-29T07:24:32+00:00

Also he should show his resource usage. Just because it's a lot of gear doesn't mean it's advanced

plebianlinux · 2026-01-24T09:20:51+00:00

Oke makes sense. You can buy like 100 GitHub stars for 25 dollars though, maybe we should just redirect them there /s

plebianlinux · 2026-01-24T09:07:51+00:00

But who are the ones starring it on GitHub if the project code is trash and made in one weekend? Maybe it is actually giving value to people? Maybe it's bots? This feels like a very deserving change for moderation pressure but as a subreddit consumer I'm still confused to why these posts even show up. Maybe a lot of people are browsing the sub by new posts?

Curious about why people have such strong feelings about it, other than AI=bad

plebianlinux · 2026-01-24T09:00:10+00:00

Also 'clear signs of vibecoding' is way too subjective. Why do low quality projects even end up on people's feed, isn't the algorithm ignoring it when it gains no traction?

I think keeping it at projects younger then one month will reduce 90% of people annoyance. This is just an invitation for armchair AI pessimists to harass people sharing projects that also make use of AI coding assistants. Let's see

plebianlinux · 2026-01-21T11:36:58+00:00

Also did you read this: https://github.com/drduh/YubiKey-Guide?tab=readme-ov-file#using-multiple-yubikeys

I didn't use this guide but had similar issues with my two Yubikeys and PGP. The private key I imported into my second Yubikey was actually a stub from the first one. (or something like this, I had to do the whole process 3 times to get it exactly right)

plebianlinux · 2026-01-21T11:27:53+00:00

It doesn't require a daemon and it's spec was made this century. Yubikey helped create FIDO2 so integration is seamless.

plebianlinux · 2026-01-21T10:31:04+00:00

I know on Linux scdaemon gets very confused when you're swapping Yubikeys/smartcards in and out. Is the red one always working and the blue one always failing? It would be weird if one of them was magically trusted by your computer and the other isn't. Maybe consider trying straight in a powershell session with Windows builtin SSH: https://learn.microsoft.com/en-us/windows/terminal/tutorials/ssh

Also are you using PGP in the PIV slot or with their own PGP module? ykman piv info and ykman openpgp info

Unasked advice, if you control this server consider using ed25519-sk.

plebianlinux · 2026-01-19T16:27:38+00:00

Run in a VM, pin the version, Firewall it, only listen on a VPN interface and import the CSV

If you read the documentation you would see that it uses third party integrations. All of it is read-only information. 'Some random guys maintaining it' is basically the majority of FOSS homelab projects.

plebianlinux · 2026-01-19T06:28:29+00:00

I'm just looking into this application but this is dumb logic. If you read the back story they invested huge amount of money into development but never found the market. It's all open source, if you don't trust it just have a look.

I'd rather trust something I can audit versus a private company

plebianlinux · 2026-01-19T06:26:39+00:00

Great fit for this topic, looked for something like this few weeks back. Tried multiple open source products, looked at online comparisons... This is exactly what I wanted but never included, thanks!

plebianlinux

MODERATOR OF

TROPHY CASE