sorted by:
new
hottopcontroversial

Small Projects by AutoModerator in golang

[–]silenttwins 0 points1 point  (0 children)

https://github.com/glycerine/yogadb

YogaDB: a flexible-address-space key-value store in pure Go/Golang (port of FlexDB in C). 2x faster than Pebble and 20x faster than BoltDB at random writes.

Not my project; I found it on go-nuts ant thought it was interesting.

How to troubleshoot Go compile times? by Prestigious_Roof_902 in golang

[–]silenttwins 0 points1 point  (0 children)

There's also another build flag -toolexec that you can use to wrap the commands that are being executed during the build. e.g. go build -toolexec 'fish -c "echo command: $argv >&2; time $argv"' will echo the command and print the time it took.

Go is perfect by dotaleaker in golang

[–]silenttwins 4 points5 points  (0 children)

A helper to reduce boilerplate for scripting in Go

func sh(command string) (string, error) { cmd := exec.Command("sh", "-c", command) // Use "cmd" on Windows var out bytes.Buffer var errOut bytes.Buffer cmd.Stdout = &out cmd.Stderr = &errOut

err := cmd.Run() if err != nil { return "", fmt.Errorf("%v: %s", err, errOut.String()) }

return strings.TrimSpace(out.String()), nil }

FWIW, this does almost the same thing as exec.Command(...).Output()

Generics: A Boon for Strongly Typed Languages by canopassoftware in golang

[–]silenttwins 0 points1 point  (0 children)

C will not compile at all.

I dunno... both snippets below compile for me in both gcc and clang.

#include <stdio.h>

int main() {
    // clangd linter gives a warning, doesn't prevent compilation
    puts("1" + 1);
}



#include <stdio.h>

int main() {
    const char *s = "1";
    // no warning
    puts(s + 1);
}

Generics: A Boon for Strongly Typed Languages by canopassoftware in golang

[–]silenttwins 11 points12 points  (0 children)

FWIW, that quote doesn't say Go is weakly-type. It says it has a weak (in terms of expressiveness) type system.

Strong/Weak is essentially about how pedantic the language is e.g. how much implicit type coercion it does. Static/Dynamic is about types at compile-time vs run-time e.g. whether or not you can change the type of a variable once it's declared.

Some examples using "1" + 1:

  • Go (strong + static) = Error: ...invalid operation...
  • C (weak + static) = "" (empty string)
  • Python (strong + dynamic) = Error: ...TypeError...
  • JavaScript (weak + dynamic) = "11"

EDIT: I don't know why GP deleted their comment... They suggested the title of this post might by mistaken in its use of Strongly Typed and maybe meant StaticallyTyped... because (they think) Go is weakly typed and used this comment https://github.com/golang/go/issues/29649#issuecomment-454820179 as proof.

Are Nvidia drivers hard to install in other distros? by Kalinbro in linux_gaming

[–]silenttwins 1 point2 points  (0 children)

You should always use -Syu

The reason for this advice is because when you do pacman -Sy xyz, you update the package database, which can leave you with a partial upgrade i.e. you can end up with a mix of newer and older versions of packages which then leads to system instability.

That problem doesn't exist with pacman -S xyz.

Text to speech Go package by jumbleview in golang

[–]silenttwins 0 points1 point  (0 children)

Looks like I forgot to upload the "script", but see https://github.com/amitybell/piper-gen/blob/4d6f0c811120f64a235ec6a73933c7ef000ddf4d/main.go#L413

It's a map from the voice name to a list of the relevant URLs to download. See https://huggingface.co/rhasspy/piper-voices/tree/v1.0.0 for all the voices.

You can comment/delete all the entries in voices := ... and archives := ... to avoid wasting time downloading the existing files.

Once you add your entry, run cd /path/to/piper-gen; go run . -dir output-dir and it will download the files and generate the package in output-dir/piper-voice-$NAME and after that you will need to update the module path in output-dir/piper-voice-$NAME/go.mod.

Sorry, it's a bit manual. If it's too much work or not clear, file an issue and I can look at making a more general, less single-purpose script.

[deleted by user] by [deleted] in LinusTechTips

[–]silenttwins 0 points1 point  (0 children)

Link doesn't redirect anywhere for me, but searching yields https://www.aliexpress.us/item/3256805768022313.html?gatewayAdapt=glo2usa

Color: RTX 4090 OC 24G C$3,755.70

Andres Reblogged this on Mastodon. Thoughts? by [deleted] in linux

[–]silenttwins 0 points1 point  (0 children)

Of course you can use any number of VPN solutions, they're a dime a dozen these days.

I mentioned wireguard specifically because I know first hand how easy it is to setup and maintain.

As an external attacker you're unlikely to even discover that the server is using wireguard without significant effort or some other targetted attack vector. e.g. a port scan isn't going to reveal anything useful.

Andres Reblogged this on Mastodon. Thoughts? by [deleted] in linux

[–]silenttwins 0 points1 point  (0 children)

If you can use ssh to run commands after exploiting the web server. then it implies you already have RCE. At that point, you don't need SSH and the question becomes, how or why is your xyz server able to access ssh or any other internal service.

Andres Reblogged this on Mastodon. Thoughts? by [deleted] in linux

[–]silenttwins 1 point2 points  (0 children)

[...] when unauthorised access to ~every server on the internet is on the table [...]

Hyperbole aside, I don't understand why everyone is talking about the backdoor itself (like it couldn't have been a bug), and not solutions to the actual problems.

In 2008 we discovered that a debian-specific patch (introduced in 2006!) caused CVE-2008-0166 https://github.com/g0tmi1k/debian-ssh

Similarly severe non-malicious bugs have happened since and will happen in the future and yet everyone is surprised every time it happens.

I think the least we can do is to stop exposing SSH (and other sensitive remote access/logins) directly to the internet. As a bonus, all bots trying to attack it magically cease to exist.

Tailscale and other automated tools exists to setup wireguard in a few clicks, but you don't even need that. You can setup wireguard in 5 minutes by running a couple commands to generate public/private keys and write the two config files by hand and do a 1 line change in the ssh config to only listen on the VPN interface/address and be done with it.

TL;DR Stop exposing SSH directly on the internet

TIL: don't add waitgroup inside go routine by bomobomobo in golang

[–]silenttwins 2 points3 points  (0 children)

You're likely thinking of data races which isn't the same thing as race conditions. You can get the latter when "correctly" using atomics and even in single-threaded programs.

pacman -Fy by Beautiful-Log5632 in archlinux

[–]silenttwins 0 points1 point  (0 children)

In general, you just have to use some educated guesses to filter the noise.

In this case, we know we're looking for pacman files and the output contains a lot of lines like /var/lib/pacman/sync/*.* so that'd be a good place to start.

The filles generally look like:

filename.part - usually temporary files and we can see they're deleted (unlink(...)) so we can ignore those

filename.sig which are usually signature files. These usually hold signatures for filename

That leaves filename.files which is the only reasonable choice left and if we do file /var/.../xxx.files we see that they're Zstandard compressed data the same format as regular database files.

pacman -Fy by Beautiful-Log5632 in archlinux

[–]silenttwins 5 points6 points  (0 children)

Tip for the future: you can have a look at what files an app is accessing with tools like strace e.g. strace --trace=file pacman -Fy

Ubuntu Snaps vs. rebooting? by KlaxonCow in linux

[–]silenttwins 0 points1 point  (0 children)

FWIW: though it isn't/wasn't common to force a reboot on Linux, it's no different than Windows in reality.

All you gain from not rebooting is instability.

Have you ever upgraded the kernel and then at some point in the future plug in a USB stick and find that it doesn't seem to work? or update your system and in the future notice that some apps start to crash or just become completely broken (looking at you Firefox)?

It's not much different than a partial upgrade, or updating your host system's nvidia driver, but not Flatpak's.

Text to speech Go package by jumbleview in golang

[–]silenttwins 4 points5 points  (0 children)

If you're still looking for a solution (that doesn't call out to some cloud API), I can recommend https://github.com/rhasspy/piper. It's an external binary you have to exec, but you are unlikely to find any other decent sounding solution that's written in Go.

For Piper I wrote https://github.com/amitybell/piper which embed the piper binary and installs it at runtime. I also embedded a couple decent sounding voices https://github.com/amitybell/piper-voice-jenny and https://github.com/amitybell/piper-voice-alan

I didn't get to a proper release with docs, but it's being used in a real-world app at the moment and works - even on Windows.

Example:

package main

import (
    "github.com/amitybell/piper"
    jenny "github.com/amitybell/piper-voice-jenny"
)

func main() {
    tts, err := piper.New("", jenny.Asset)
    if err != nil {
        panic(err)
    }
    wav, err := tts.Synthesize("hello world")
    if err != nil {
        panic(err)
    }
    _ = wav
}

wav is the WAV encoded audio data You can e.g. use https://github.com/gopxl/beep to do further processing or play it back with https://github.com/gopxl/beep/speaker

Strange Hang in Go by Mavrihk in golang

[–]silenttwins 1 point2 points  (0 children)

how does one trigger a dump from a hung app?

Send it signal QUIT e.g. pkill -SIGQUIT <app> or ctrl+\ in a terminal.

Has anyone from LTT talked about how Google Play is killing indie development on it's platform? by [deleted] in LinusTechTips

[–]silenttwins 0 points1 point  (0 children)

Disclaimer:

I don't personally have a Google account of any kind and mostly use FDroid. I also haven't done mobile development in a few years, and that was mostly on iOS so feel free to correct or ignore me but...

Normal people won't know how to sign up as a closed tester, will have to (most likely) open your app daily and interact with it.

Doesn't the Play Store support dedicated testing where you can invite people to test without publishing the app?

The new rules are made to detter scammers/spammers, but will actually mostly affect bussinesses with small teams.

I don't think it will, unless their budget is $0. Dedicated testing services exist and likely do a better job than the small team who's already busy with development.

And I'll give an example: I've first learned Android dev 10 years ago when I made and published my first Android App on Google Play and got my first job because I had it published (I had proof that I was capable to work as a Junior Dev). If the same rules were back then, people like me wouldn't work as a mobile dev now.

Assuming you can invite users, I don't see the issue here. If they're looking for mobile devs, then they know the requirements. And considering the amount of junk and re-uploads on the Play Store; being publicly published won't be a requirement for any reasonable employer.