duncan­lock­.net

In this When Will We Learn post, Drew DeVault talks about supply chain attacks against language package managers (npm, PyPI, cargo, etc…​) - and compares them to official Linux distribution repositories (deb, rpm, etc…​).

The conclusion drawn was:

The correct way to ship packages is with your distribution’s package manager. These have a separate review step, completely side-stepping typo-squatting, establishing a long-term relationship of trust between the vendor and the distribution packagers, and providing a dispassionate third-party to act as an intermediary between users and vendors. Furthermore, they offer stable distributions which can be relied upon for an extended period of time, provide cohesive whole-system integration testing, and unified patch distribution and CVE notifications for your entire system.

I think I agree with this, essentially. We do need to change the way we do …

Continue reading “Supply Chain Attacks & Package Managers - a Solution?”

I’ve been using Linux exclusively for ~15 yrs. I’ve recently started a fantastic new job – the only wrinkle was that it came with a Windows 10 laptop.

This is my first time using Windows after a 15-year break. This is how it’s been going.

First Impressions

Windows is such a mess! It’s sort of shocking how much of a mess it is. Desktop Linux is often criticized for this, but Windows is much worse, somehow! It’s really inconsistent. Half of it is “new” UI and half of it is old Win32/GDI type UI - just as bad as KDE/GTK - except worse, because you can’t configure them to use the same theme. Also, when you install a Linux distribution, it’ll start off either all KDE or all GTK, or whatever - but with Windows …

Continue reading “Using Windows after 15 years on Linux”

The last thing we need right now is new fossil fuel projects. Send a message to Minister Steven Guilbeault and key cabinet ministers, calling on them to reject the Bay Du Nord project and investing in a just transition instead: https://act.leadnow.ca/bay-du-nord-ett/

This is what I wrote, if anyone wants some ideas:

To Minister Guilbeault and cabinet,

I’m writing to you to urge you to reject the Bay du Nord offshore drilling project.

Oil and Gas is ~26% of Canada’s emissions - AND this is ONLY the emissions from production - not the emissions from burning all that fuel for transport, heating etc…​ the Oil and Gas industry needs to go away, ASAP. Fossil fuels must stay in the ground to have any chance of getting to zero.

No approvals for new fossil fuel extraction projects, ever …

Continue reading “Write to Minister Guilbeault Opposing Bay Du Nord Offshore Oil Development”

The Python Black formatter outputs to stderr, not stdout


Windows PowerShell does support aliases, but doesn't support commands with parameters in aliases - you have to create a function


How to template out JSON in Bash


Tag Icon in the shape of a luggage tag
Figure 1. This pages tag list is using this tag icon from FontAwesome. This is a 550 byte SVG file, 346 bytes gzipped.

If you want to use SVG icons on a website and style them with CSS - then the SVG needs to be inline - i.e. the SVG markup needs to be included with the rest of the pages HTML markup.

Unfortunately putting things inline means that they can’t be cached. In this article I’ll show one way to get around this - and get the best of both worlds: inline styleable SVG icons, with caching!

Continue reading “Styleable Inline SVG Icons, with Caching & Fallback”

I’ve just emailed my UK MP to complain about government corruption & Owen Patterson. You should do the same. As always, we need as many people as possible to speak out.

This is what I wrote, if anyone wants some ideas:

<My Name>
<My Address>
<My Email Address>

Dear <MP Name>,

Like many others, I am angered - but not very surprised - by the latest revelations of government corruption, revealed by the corrupt behaviour of Owen Patterson.

I do have to admit to being slightly surprised that the government’s reaction to this was naked collusion and a blatant attempt to water down the rules & standards!

The existing Committee on Standards needs to be strengthened, not weakened by the introduction of another Conservative-dominated committee overseeing its work.

The government needs to adopt the recommendations of numerous independent bodies - such as the …

Continue reading “You Should Write to Your UK MP about Corruption Now”

How to find a git repositories default branch name


Hand-drawn map of the Kingdom of Hyrule.
Figure 1. Our hand-drawn map of the Kingdom of Hyrule. I drew a 2x1 grid in Inkscape and printed it out, then we filled it in as we went along.

It’s been about six months since the last update. We’ve mostly been camping, playing outside and generally enjoying the summer - although we have also squeezed in some gaming, here and there.

Favourite Games So Far

We spent almost all of our game time playing Legend of Zelda. It’s a towering achievement – a truly great game. I’m amazed that this thing is from 1986 – it doesn’t feel like it.

It’s also a great example of a different kind of co-op game. One where you play together by collaborating: discussing what to do & where to go next, how to tackle things, etc…​ We also took turns …

Continue reading “Speedrunning Computer Games History with a 6yr Old - Part 4”