danielquinn

danielquinn , 16 hours ago

This might be fun to write actually. Basically you need a central server you connect to via a websocket that would plot points out on a map (maybe with leaflet?) on receipt of notifications pushed via said socket.

The trouble of course is that with a central server, you tend to incur costs, so you'd have to pay, unless some sort of P2P mesh could be established between participating parties. That'd be a fun problem to solve for sure.

danielquinn , 6 days ago

Very cool trick. I've never been comfortable with how Python package installation is effectively arbitrary code execution. It's also a nice reminder that installing packages into a Docker environment is generally safer than going bare back metal.

danielquinn , 6 days ago

Very slick. It looks like a thin wrapper around some pretty powerful tools, and I'm impressed that they're still useful on such a low-power device.

I wrote an assistant a while back before Whisper was a thing, but now that I see what you've done, I'm going to have to go back and refactor.

danielquinn , 7 days ago

I wrote a version of this in Python a few years ago, but it depended on external tools like ffmpeg to work, limiting its portability. The Python requirement was also a major factor for adoption.

If it were ported to Rust, doing the (de)serialisation internally, I believe that it could have far-reaching implications on how we share and consume news:

https://danielquinn.github.io/aletheia/

If you're interested, I presented the Python version at PyCon UK a while back.

danielquinn , 7 days ago (edited 5 days ago)

That's an interesting thought. There's a lot of cases you see where people have stripped a comic's name from the bottom of the image, but that's not really what this project was designed for. Aletheia will guarantee you that the person/company sharing the media is who they say they are, but critically it won't prevent infringement.

The example I give in my talk is that InfoWars could take a BBC news story and say "we made this", but it wouldn't let them modify that story and claim that "the BBC made this". The goal is to be able to re-connect what someone is saying with the reputation of the person saying it, with the hope that we can start delegating our trust to individuals and organisations again.

danielquinn , 20 days ago (edited 20 days ago)

• Kubernetes Cluster
  • pi-left
  • pi-right
  • pi-centre
• Other Servers
  • pi-katamari (file server & database)
  • pi-athens (DHCP, DNS, pi-hole)
  • Alexandria (Synology)
• Desktops
  • Berlin
• Laptops
  • London
  • Brighton
  • Brussels
  • Cambridge
  • Toronto
• Phones
  • Laconia
  • Vulcan
  • Bajor

danielquinn , 22 days ago

They also support genocide.

danielquinn , 22 days ago

Snowfl has some pretty good results (note the addition of the keyword complete). But you can do a lot better than Paw Patrol! "Bluey", "The Owl House", "Hilda", and "Kipo and the age of the Wonderbeasts" are all far better choices for kids and your own sanity ;-)

danielquinn , 21 days ago

Heh. We've convinced our kids that Paw Patrol and Cocomelon "don't work on our TV". All I had to do was let her select it a few times and then kill the network connection when she wasn't looking. After that, we marked them as "disliked" in Netflix and now they never appear.

It may not last, but I'm doing what I can :-)

danielquinn , 1 month ago

I rather like the FSFe for general Free software stuff, but you may find nicer-looking stuff if you visit merch store for specific projects, like GNOME, KDE, etc.

danielquinn , 1 month ago (edited 1 month ago)

Not throwing any shade, just some advice for the future: try to always consider the problem in the context of the OSI model. Specifically, "Layer 3" (network) is always a better strategy for routing/blocking than "Layer 5" (application) if you can do it.

Blocking traffic at the application layer means that the traffic has to be routed through (bandwidth consumption) assembled and processed (CPU cost) before a decision can be made. You should always try to limit the stuff that makes it to layer 5 if you're sure you won't want it.

The trouble with layer 3 routing of course is that you don't have application data there. No host name, no HTTP headers, etc., just packets with a few bits of information:

• source IP and port
• destination IP and port
• A few other firewall-specific bits of information like whether this packet is part of an established connection (syn) etc.

In your case though, you already knew what you didn't want: traffic from a particular IP, and you have that at the network layer.

At that point, you know you can block at layer 3, so the next question is how far up the chain can you block it?

Most self-hosters will just have their machines on the open internet, so their personal firewall is all they've got to work with. It's still better than letting the packets all the way through to your application, but you still have to suffer the cost of dropping each packet. Still, it's good enough™ for most.

In your case though, you had setup the added benefit of Cloudflare standing between you and your server, so you could move that decision making step even further away from you, which is pretty great.

danielquinn , 1 month ago

Mozilla's VPN is just reselling Mullvad, so you can support Mozilla and use Mullvad at the same time if you like.

danielquinn , 1 month ago

You might want to consider just Dockerising everything. That way, the underlying OS really doesn't matter to the applications running.

I've got a few Raspberry Pi's running Debian, and on top of that, they're running a kubernetes cluster with K3s. I host a bunch of different services, all in their own containers (effectively their own OS) and I don't have to care. If I want to change the underlying OS, the containers don't know either. It's pretty great.

danielquinn , 1 month ago

You might like Swarmism!

danielquinn , 1 month ago

Revealjs is a pretty great replacement for PowerPoint, but it does require rudimentary HTML skills.

danielquinn , 1 month ago

yt-dlp is pretty much the authoritative solution for this these days.

danielquinn , 1 month ago

What's a PPA?

danielquinn , 1 month ago

If you really want an app-like interface, you could make use of Epiphany's "Install as Web App" feature. Just open Epiphany, go to your Lemmy instance, login, and then select "Install as Web App" from the main menu. Like magic, you get a "Lemmy App" that you can bring up like any other app.

This is my experience in GNOME. Presumably though, it'd work with any desktop environment that respects the XDG standards.

danielquinn , 1 month ago

These are fun questions! There's a few other things you have to consider though before you can have some answers.

If the work was done for your employer (non-commercial, academic, or otherwise) you should be sure that your work for that organisation did not include the transfer of ownership of the work you create to said organisation. Most organisations that employ people to write software usually include a stipulation in your contract that anything you create "in the course of your employment" (this is a legal term meaning work you do for your job as well as work you might do related to you job as inspiration/necessity for your job etc) is owned by the employer. If that's the case for you, you can't simply re-license the software, even if it's already publicly viewable. You need to seek the consent of the copyright owner to either (a) transfer the ownership to you, or (b) agree to a new license.

Which brings me to the first thing people tend to forget about copyright: unless otherwise stipulated (like through the inclusion of a LICENSE file) all creative works are copyrighted and cannot be copied, imported, modified, distributed, etc. without the express consent of the copyright holder (usually through a licensing agreement).

So with that in mind, and assuming that you already have the copyright to this code, I'll answer your three questions:

1. Can I just add a license after the fact and it will be valid for all prior work?

This is fun question because it hinges on a silly technicality of software development. If you add a license to your repo today, the license applies to the code as of that point in the commit history. There's no official way to say (through the standard of including a file in the repo) that this license applies retroactively, but if you're the sole copyright holder (see notes on this below) of the work in its current state as well as everything that came before (ie. you didn't get PRs from other people thinking they were committing to a project under a proprietary license) then practically speaking, you can apply a Free license to all the old versions because you're the copyright holder -- you can do whatever you want. The problem is a practical one: without a LICENSE file, it's not clear that this software is Free.

Unless you've got a bunch of other people/teams/organisations working off of forks of your current codebase though, it's really just a thought experiment: no one will care because the latest version is Freely licensed. Someone could conceivably fork your repo from an earlier point in history, but without a LICENSE file in that fork, legally speaking that code is solely your property, so copying it would be illegal unless you made a copy for them with a LICENSE file included.

2. Do I have to make sure the license is included in all branches of the repo, or does this not matter? There are for instance a couple of branches that are used to freeze the state of code at a certain time for reproducibility’s sake (I know this could be solved in a better way, but that’s how it is).

There's a lot of overlap here with #1. Basically your old release branches will be copyrighted by you and not licensed Freely. If it's important to you that these releases also be under your new Free license, then yeah, you're going to have to include a new commit on each release branch with your LICENSE file. Personally though, I wouldn't bother. If anyone is using an old release, they'll get the Free version once they upgrade and that's usually good enough for most people.

3. I have myself reused some of the code in my current work for a commercial entity (internal analysis work, only distributed within the organization). Should this influence the type of license I choose? I am considering a GPL-license, but should I go with (what I believe to be) a more permissive license like MIT because of this?

So much of this centres around the current ownership of all code in the repo. If this were a personal project into which no one but you has ever committed any code and for which there's no existing contract stating that your-employer-not-you owns the code, then the answer is really simple: it's your work, you can do whatever you like.

For example, you can write a program, license it under the AGPL3, and post it on GitLab for all the world to see. Strangers from the other side of the planet can download it, modify it, and run it in their own projects so long as they adhere to the AGPL3 license. So long as you don't accept any merge requests from anyone else, you can also re-license the code (or a portion thereof) to a private company (your employer, a contract gig, whatever). Remember, it's your code, you can do with it as you like, so if you choose to give it to a company to build into their proprietary project, there's no problem.

The problem comes once you accept code from someone else. If I submit a merge request to your project that fixes a bug, I do so under the terms of that project's license. My code is AGPL3 because the project's license is AGPL3. You can't now take my bugfix and copy that into a private project because I didn't grant you that right. This is why re-licensing a Free software project, even from GPL-2 to GPL-3 can be really painful: you have to contact each contributor and acquire the right to change the license.

So, TL;DR: if it's 100% your code, you can make 10 copies, all under different licenses. Do whatever you want. If it's 99% your code, you're bound by the license in affect at the time those other contributions were made.

[Source: I'm a Free software nerd with a penchant for copyright, so much so that I married a copyright lawyer so we talk about this stuff a lot.]

danielquinn , 1 month ago

Interesting. I wonder if this code would fall under the license of the publication then? The blurry line between documentation licenses and software licenses is usually when I stop and go ask my wife :-)

danielquinn , 1 month ago

That's fair, though if you're looking for something more legally ironclad, I'm not sure I would want to depend on a declaration like that. But you're right, as the sole copyright holder, you can choose to apply your licence any way you like, so long as it's clear (for some value of clear) to the recipient that the software, what the license is.

danielquinn , 1 month ago (edited 1 month ago)

That's a good question. I believe there is official text for "GPL-3 or later" that you can use, which should (I just asked the wife to be sure) then let you re-license the project to GPL-4 later. This is probably possible because the "or later" portion of the license text includes consent by contributors for the future change.

danielquinn , 1 month ago

When I stepped away from my own (mildly successful) Free software project, I had the same concerns: it's about the reputation.

The project had earned a decent amount of trust when I was running it, and presumably people were installing new updates without going over the changes. If I handed off the project to someone new, I wasn't just handing over the work, but that trust as well.

So rather than handing over the project to someone new, I archived it and someone else (thankfully someone not-evil) forked it. Anyone installing the fork immediately understood that the relationship was new. They'd have to decide whether to trust this new maintainer or not.

For my money, this is the way. If you're burning out, remember that your reputation is tied to your project name, and that it has considerable value. If you don't want to continue, the disruption of a fork is better/safer than the smooth-but-risky hand-off.

danielquinn , 1 month ago

You can always just reset your git history:

$ git reset [your first commit hash]
$ git add .
$ got commit -m "Collapse git history"
$ git push -f

danielquinn , 1 month ago

Why didn't this become a thing? Surely in 2024, we should be able to build packages from source and sign releases with a private key.

danielquinn , 1 month ago

What about blog spam though? Surely this would relinquish controls like moderation for your site?

danielquinn , 1 month ago

Are they refusing patches, or are you just expecting people to do what you want for free?

danielquinn , 1 month ago

Ooh! Thanks for this! I had no idea it existed.

danielquinn , 2 months ago (edited 2 months ago)

I recommend writing everything in Bourne shell (/bin/sh) for a few reasons:

• Bash is more capable, which is nice, but if you're fiddling with complex data structures, you probably should be using a more maintainable language like Python.
• Bash is in most places, but crucially not everywhere. Docker-based deployments for example often use Ash which is very similar to Bash, but lacks support for arrays and a few other things.
• Bourne's limitations force you to rethink your choices regularly. If you find yourself hacking around a lack of associative arrays for example, it's probably time to switch to a proper language.

Also two bits of advice.

1. Use shellcheck. There's a website that'll check your script for you as well as a bunch of editor extensions that'll do it in real time. You will absolutely write better, safer code with it.
2. If your script exceeds 300 lines. Stop and rewrite it in a proper language. Your future self will thank you.

danielquinn , 2 months ago

I think Emudeck is available as a Flatpak, so you should be able to install it on your desktop too.

danielquinn , 2 months ago

Oh really? Boo.

Retrodeck looks good, but the recommended install instructions were just too nutty for me: curl https://... | bash is not ok.

danielquinn , 2 months ago

Well that looks promising. Last time I looked into it, I was put off by a shell script that called sudo, but if it's bound to a Flatpak, I can work with that.

danielquinn , 2 months ago

Ahh, yeah that's about what I remember. Too messy for me. This sounds like it'd be better as an actual package (apt/pacman) then.

danielquinn , 2 months ago

There have been some great answers on this so far, but I want to highlight my favourite part of Docker: the disposability.

When you have a running Docker container, you can hop in, fuck about with files, break stuff as you try to figure something out, and then kill the container and all of the mess you've created is gone. Now tweak your config and spin up a fresh one exactly the way you need it.

You've been running a service for 6 months and there's a new upgrade. Delete your instance and just start up the new one. Worried that there might be some cruft left over from before? Don't be! Every new instance is a clean slate. Regular, reproducible deployments are the norm now.

As a developer it's even better: the thing you develop locally is identical to the thing that's built, tested, and deployed in CI.

I <3 Docker!

danielquinn , 2 months ago

yt-dlp might be able to do the job. It has options for you to specify credentials too.

danielquinn , 2 months ago

Nifty! I wrote something similar a couple years ago using Vosk for the stt side. My project went a little further though, automating navigating the programs you start. So you could say: "play the witcher" and it'd check if The Witcher was available in a local Kodi instance, and if not, then figure out which streaming service was running it and launch the page for it. It'd also let you run arbitrary commands and user plugins too!

I ran into two big problems though that more-or-less killed my enthusiasm for developing on it: (1) some of the functionality relied on pyautogui, but with the Linux desktop's transition to Wayland, some of the functionality I relied on was disappearing. (2) I wanted to package it for Flatpak, and it turns out that Flatpak doesn't play well with Python. I was also trying to support both arm64 and amd64 which it turns out is also really hard (omg the pain of doing this for the Pi).

Anyway, maybe the project will serve as some inspiration.

danielquinn , 2 months ago

Don't get me started with Mycroft. I bought the 1st gen device and invested a year of my life writing the first incarnation of Majel built on top of it. When it was ready to share I announced it in their internal developers group and was attacked repeatedly for using the AGPL instead of a licence that'd let them steal and privatise it. Here I was offering a year's worth of free labour (and publicity, the project exploded on Reddit), and all they could say was: "use the MIT license so we don't have to contribute anything".

I'm still bitter.

danielquinn , 2 months ago

I'm not sure. https://mycroft.ai/ appears to be gone, redirected to https://community.openconversational.ai/. Since the Mycroft devices depended on a central server for configuration (you pushed your config to their website which in turn relayed environment variables to your code), my guess is that the project is dead, but like all good Free software, still out there.

danielquinn , 2 months ago

I like Tilix, since it lets me split the terminal with a keyboard shortcut and easily switch between terminals too. I tried using GNOME terminal + tmux, but having to hit Ctrl+b before the command I wanted got tedious fast.

danielquinn , 2 months ago (edited 2 months ago)

Upon a cursory read, it sounds like you host a server and then relay all of your data through their centrally controlled system all while also pushing your account data to them.

I'm not sure they understand what "federated" means. Or rather, they know, but they're hoping we don't care.

danielquinn , 2 months ago

It's funny, before this, I was just going to buy a legit copy and play it on my Deck (I have a Switch, but prefer the Deck)

Now, fuck those guys. If I play at all, it'll be on a pirated copy.

danielquinn , 2 months ago (edited 2 months ago)

There was a talk on exactly this at a FOSDEM years ago, and the verdict was that licence changes were prohibitively difficult if the project was openly developed because you need to acquire permission to change the licence from every contributor. This is why some projects (React for example) require the signing of a contract in advance of any PR merge that transfers the ownership of the contribution to "the project".

So, if Matrix is (a) developed openly, allowing contributions from anyone, and (b) doesn't require the signing of a bullshit CLA, I think it's fine.

danielquinn , 2 months ago

Ha! I wrote it! Well the original anyway. It's been forked a few times since I stepped away.

So yeah, I think it's pretty cool 😆

danielquinn , 2 months ago

Actually, I stepped away from the project 'cause I stopped using it altogether. I started the project to satisfy the British government with their ridiculous requirements for proof of my relationship with my wife so I could live here. Once I was settled though and didn't need to be able to bring up flight itineraries from 5 years ago, it stopped being something I needed.

Well that, and lemme tell you, maintaining a popular Free software project is HARD. Everyone has an idea of where stuff should go, but most of the contributions come in piecemeal, so you're left mostly acting as the one trying to wrangle different styles and architectures into something cohesive... while you're also holding down a day job. It was stressful to say the least, and with a kid on the way, something had to give.

But every once in a while I consider installing paperless-ngx just to see how it's come along, and how much has changed. I'm absolutely delighted that it's been running and growing in my absence, and from the screenshots alone, I see that a lot of the ideas people had when I was helming made it in in the end.

danielquinn , 2 months ago

Thanks! The crazy thing is that it's really not that complicated. I'd say the hardest work was in writing the docs :-). It's awesome to hear that people still use it and love it though.

danielquinn , 2 months ago

Aww! Thank you! It was fun ❤️

danielquinn , 2 months ago

42,396 installs.... Holly shit.

Edit, from the article:

This “Exodus” application published in the Snap store was indeed a scam application. There is a genuine organisation that developed a real, seemingly ’legitimate’ cryptocurrency wallet application. This is not that.

Any chance that the FlatHub one is legit?