How is everyone finding GitHub CoPilot? 🤔 Good / Bad ? 🤔

not exactly the same topic, although I found a wordlist useful to generate passphrases, for example with Bitwarden, 1password or Keepass

https://github.com/sts10/generated-wordlists/tree/main

Today I’m reading about how to save a copy of your secret keys outside a computer, using analog media, or sharing it by voice. For instance, for TOTP authenticators.

I found BIP39 coming from the crypto-wallets world:
https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki

The user has to write down this passphrase

fragile mimic expect ketchup truth between thunder visit expose output powder derive process disagree razor
Which is carefully designed to be checksummed and it’s easy to say on a call

Finally deriving it into a set of bytes like

da39a3ee5e6b4b0d3255bfef95601890afd80709

Do you know some alternatives not related to cryptocurrencies? 🤔

@prologic@twtxt.net I don’t understand what you’re saying. podman works with TLS. It does not have the “–docker” siwtch so you have to remove that and use the exact replacement commands that were in that github comment.

@prologic@twtxt.net @jmjl@tilde.green
It looks like there’s a podman issue for adding the context subcommand that docker has. Currently podman does not have this subcommand, although this comment has a translation to podman commands that are similar-ish.

It looks like that’s all you need to do to support podman right now! Though I’m not 100% sure the containers I tried really are running remotely. Details below.

I manually edited the shell script that cas.run add returns, changing all the docker commands to podman commands. Specifically, I put alias docker=podman at the top so the check for docker would pass, and then I replaced the last two lines of the script with these:

podman system connection add cas  "host=tcp://cas.run..."
podman system connection default cas

(that … after cas.run is a bunch of connection-specific stuff)

I ran the script and it exited with no output. It did create a connection named “cas”, and made that the default. I’m not super steeped in how podman works but I believe that’s what you need to do to get podman to run containers remotely.

I ran some containers using podman and I think they are running remotely but I don’t know the right juju to verify. It looks right though!

This means you could probably make minor modifications to the generated shell script to support podman. Maybe when the check for docker fails, check for podman, and then later in the script use the podman equivalents to the docker context commands.

@prologic@twtxt.net hmm, now I get this:

$ ssh -p 2222 -i PRIVATE_GITHUB_KEY GITHUB_USERNAME@cas.run add | sh
sh: 135: docker: not found

The quickstart says:

## Quick Start

  ssh -p 2222 cas.run add | sh

so that’s why I tried this command (I had to modify it with my key and username like before)

Edit: 🤦‍♂ and that’s becasue I don’t have docker on this machine. Sorry about that, false alarm.

@prologic@twtxt.net aha, thank you, that got me unjammed.

Turns out I thought I had an SSH key set up in github, but github didn’t agree with me. So, I re-added the key.

I also had to modify the command slightly to:

ssh -p 2222 -i PRIVATE_GITHUB_KEY GITHUB_USERNAME@cas.run help

since I generate app-specific keypairs and need to specify that for ssh and I haven’t configured it to magically choose the key so I have to specify it in the command line.

Anyhow, that did it. Thanks!

@prologic@twtxt.net so what is the command to use? I did ssh -p 2222 GITHUB_USERNAME@cas.run help but that gives the same error. There’s something missing here.

@prologic@twtxt.net I do, but you didn’t specify in your twt that you needed to use a github account. I copy pasted the ssh command you posted verbatim!

[lang=en] you can find it here: https://github.com/eapl-gemugami/twtxt-php

There are still many things to do, but it’s already usable.

Release jq 1.7rc1 · jqlang/jq · GitHub

Renewed activity on jq after five years. This RC looks nice!

@prologic@twtxt.net I see what you mean about tldraw. I looked at their github repository and it seems like they are distributing it as an npm package for people who want to include a whiteboard in their Javascript-based frontend. I didn’t see a way to just launch the thing.

I have half a mind to write a little scala frontend that sets up one of these, since scalajs makes it very easy to use these Javascript web component things while making it look like you’re writing scala.

@hecanjog@hecanjog.com I have a script for tmux that sets up a new if needed among other things.

http://github.com/brandur/tmux-extra

Works great with powerline.

Home | Tabby This is actually pretty cool and useful. Just tried this on my Mac locally of course and it seems to have quite good utility. What would be interesting for me would be to train it on my code and many projects 😅

GitHub and OpenAI fail to wriggle out of Copilot lawsuit • The Register

Lawsuits alleging GitHub Copilot breached licenses can move forward. Will be interesting to see how these cases are decided.

This is a fucked up detail:

The judge meanwhile rejected the defense argument that the plaintiffs should not be allowed to continue their claim pseudonymously based on death threats sent to the plaintiffs’ counsel.

Who is sending death threats to the lawyers of people trying to sue GitHub/Microsoft/OpenAI, and why? Something’s fishy there.

Asleep at the Keyboard? Assessing the
Security of GitHub Copilot’s Code Contributions

40% of code produced by GitHub Copilot has at least one well-known security vulnerability, in the test reported in this paper.

Erlang Solutions: How ChatGPT improved my Elixir code. Some hacks are included.
I have been working as an Elixir developer for quite some time and recently came across the ChatGPT model. I want to share some of my experience interacting with it.

During my leisure hours, I am developing an open-source Elixir initiative, Crawly, that facilitates the extraction of structured data from the internet.

Here I want to demonstrate how … ⌘ Read more

I played with nlpodyssey/verbaflow: Neural Language Model for Go today a little bit today…. First I had to download a ~2GB file (the model), then convert that to a format the program verbaflow understands which came out to roughly ~5GB. Then I tried some of the samples in the README. My god, this this is so goddamn awfully slow its like watching paint dry 😱 All just to predict the next few tokens?! 😳 I had a look at the resource utilisation as well as it was trying to do this “work”, using 100% of 1.5 Cores and ~10GB of Memory 😳 Who da fuq actually thinks any of this large language model (LLM) and neural network crap is actually any good or useful? 🤔 Its just garbage 🤣

There is a “right” way to make something like GitHub CoPilot, but Microsoft did not choose that way. They chose one of the most exploitative options available to them. For that reason, I hope they face significant consequences, though I doubt they will in the current climate. I also hope that CoPilot is shut down, though I’m pretty certain it will not be.

Other than access to the data behind it, Microsoft has nothing special that allows it to create something like CoPilot. The technology behind it has been around for at least a decade. There could be a “public” version of this same tool made by a cooperating group of people volunteering, “leasing”, or selling their source code into it. There could likewise be an ethically-created corporate version. Such a thing would give individual developers or organizations the choice to include their code in the tool, possibly for a fee if that’s something they want or require. The creators of the tool would have to acknowledge that they have suppliers–the people who create the code that makes their tool possible–instead of simply stealing what they need and pretending that’s fine.

This era we’re living through, with large companies stomping over all laws and regulations, blatantly stealing other people’s work for their own profit, cannot come to an end soon enough. It is destroying innovation, and we all suffer for that. Having one nifty tool like CoPilot that gives a bit of convenience is nowhere near worth the tremendous loss that Microsoft’s actions in this instace are creating for everyone.

@carsten@yarn.zn80.net That’s a dissembling answer from him. Github is owned by Microsoft, and CoPilot is a for-pay product. It would have no value, and no one would pay for it, were it not filled with code snippets that no one consented to giving to Microsoft for this purpose. Microsoft will pay $0 to the people who wrote the code that makes CoPilot valuable to them.

In short, it’s a gigantic resource-grab. They’re greedy assholes taking advantage of the hard work of millions of people without giving a single cent back to any of them. I hope they’re sued so often that this product is destroyed.

I was listening to an O’Reilly hosted event where they had the CEO of GitHub, Thomas Dohmke, talking about CoPilot. I asked about biased systems and copyright problems. He, Thomas Dohmke, said, that in the next iteration they will show name, repo and licence information next to the code snippets you see in CoPilot. This should give a bit more transparency. The developer still has to decide to adhere to the licence. On the other hand, I have to say he is right about the fact, that probably every one of us has used a code snippet from stack overflow (where 99% no licence or copyright is mentioned) or GitHub repos or some tutorial website without mentioning where the code came from. Of course, CoPilot has trained with a lot of code from public repos. It is a more or less a much faster and better search engine that the existing tools have been because how much code has been used from public GitHub repos without adding the source to code you pasted it into?

@prologic@twtxt.net I always liked bit.
I am disappointed that a GUI app would not at least have screenshots.

julien040/gut: An easy-to-use git client for Windows, macOS, and Linux

@abucci@anthony.buc.ci So.. The issue is that its showing the password by default? Would making an alias to always include the -c help? We can probably engage Jason with a PR to enable a more hardened approach when desired. I’ve spoken to him before and is generally a pretty open to ideas.

I found this app that was created by the gopass author that does copy by default and has a tui or GUI mode https://github.com/cortex/ripasso

@prologic@twtxt.net see where its used maybe that can help.
https://github.com/sour-is/ev/blob/main/app/peerfinder/http.go#L153

This is an upsert. So I pass a streamID which is like a globally unique id for the object. And then see how the type of the parameter in the function is used to infer the generic type. In the function it will create a new *Info and populate it from the datastore to pass to the function. The func will do its modifications and if it returns a nil error it will commit the changes.

The PA type contract ensures that the type fulfills the Aggregate interface and is a pointer to type at compile time.

one that i think is pretty interesting is building up dependent constraints. see here.. it accepts a type but requires the use of a pointer to type.

https://github.com/sour-is/ev/blob/main/pkg/es/es.go#L315-L325

I started reading the proposal to introduce operator overloading in Go version 2 that I like to see: https://github.com/golang/go/issues/27605 Now a few hours later I ended up at this gem. Write a program that makes 2+2=5: https://codegolf.stackexchange.com/questions/28786/write-a-program-that-makes-2-2-5 There are some awesone solutions. :-)

Circling back to the IsPreferred method. A hasher can define its own IsPreferred method that will be called to check if the current hash meets the complexity requirements. This is good for updating the password hashes to be more secure over time.

func (p *Passwd) IsPreferred(hash string) bool {
	_, algo := p.getAlgo(hash)
	if algo != nil && algo == p.d {

		// if the algorithm defines its own check for preference.
		if ck, ok := algo.(interface{ IsPreferred(string) bool }); ok {
			return ck.IsPreferred(hash)
		}

		return true
	}
	return false
}

https://github.com/sour-is/go-passwd/blob/main/passwd.go#L62-L74

example: https://github.com/sour-is/go-passwd/blob/main/pkg/argon2/argon2.go#L104-L133

Hold up now, that example hash doesn’t have a $ prefix!

Well for this there is the option for a hash type to set itself as a fall through if a matching hash doesn’t exist. This is good for legacy password types that don’t follow the convention.

func (p *plainPasswd) ApplyPasswd(passwd *passwd.Passwd) {
	passwd.Register("plain", p)
	passwd.SetFallthrough(p)
}

https://github.com/sour-is/go-passwd/blob/main/passwd_test.go#L28-L31

Here is an example of usage:

func Example() {
	pass := "my_pass"
	hash := "my_pass"

	pwd := passwd.New(
		&unix.MD5{}, // first is preferred type.
		&plainPasswd{},
	)

	_, err := pwd.Passwd(pass, hash)
	if err != nil {
		fmt.Println("fail: ", err)
	}

	// Check if we want to update.
	if !pwd.IsPreferred(hash) {
		newHash, err := pwd.Passwd(pass, "")
		if err != nil {
			fmt.Println("fail: ", err)
		}

		fmt.Println("new hash:", newHash)
	}

	// Output:
	//  new hash: $1$81ed91e1131a3a5a50d8a68e8ef85fa0
}

This shows how one would set a preferred hashing type and if the current version of ones password is not the preferred type updates it to enhance the security of the hashed password when someone logs in.

https://github.com/sour-is/go-passwd/blob/main/passwd_test.go#L33-L59

I made a thing. Its a multi password type checker. Using the PHC string format we can identify a password hashing format from the prefix $name$ and then dispatch the hashing or checking to its specific format.

git-bug

Distributed, offline-first bug tracker embedded in git, with bridges

Interesting!

it uses the queries you define for add/del/set/keys. which corrispond to something like INSERT INTO <table> (key, value) VALUES ($key, $value), DELETE ..., or UPDATE ...

the commands are issued by using the maddycli but not the running maddy daemon.

see https://maddy.email/reference/table/sql_query/

the best way to locate in source is anything that implements the MutableTable interface… https://github.com/foxcpp/maddy/blob/master/framework/module/table.go#L38

Progress! so i have moved into working on aggregates. Which are a grouping of events that replayed on an object set the current state of the object. I came up with this little bit of generic wonder.

type PA[T any] interface {
	event.Aggregate
	*T
}

// Create uses fn to create a new aggregate and store in db.
func Create[A any, T PA[A]](ctx context.Context, es *EventStore, streamID string, fn func(context.Context, T) error) (agg T, err error) {
	ctx, span := logz.Span(ctx)
	defer span.End()

	agg = new(A)
	agg.SetStreamID(streamID)

	if err = es.Load(ctx, agg); err != nil {
		return
	}

	if err = event.NotExists(agg); err != nil {
		return
	}

	if err = fn(ctx, agg); err != nil {
		return
	}

	var i uint64
	if i, err = es.Save(ctx, agg); err != nil {
		return
	}

	span.AddEvent(fmt.Sprint("wrote events = ", i))

	return
}

fig. 1

This lets me do something like this:

a, err := es.Create(ctx, r.es, streamID, func(ctx context.Context, agg *domain.SaltyUser) error {
		return agg.OnUserRegister(nick, key)
})

fig. 2

I can tell the function the type being modified and returned using the function argument that is passed in. pretty cray cray.

Hi, I am playing with making an event sourcing database. Its super alpha but I thought I would share since others are talking about databases and such.

It’s super basic. Using tidwall/wal as the disk backing. The first use case I am playing with is an implementation of msgbus. I can post events to it and read them back in reverse order.

I plan to expand it to handle other event sourcing type things like aggregates and projections.

Find it here: sour-is/ev

@prologic@twtxt.net @movq@www.uninformativ.de @lyse@lyse.isobeef.org

https://github.com/tsale/translated_conti_leaked_comms

Will have to take a look at Gogs. Ideally wanting it to be easy to have the same ease-of-use to setup a web page as Github and Gitea.

One year ago to the date I made the lastest update for #phpub2twtxt to github and now 365 days later I have published #pixelblog as its successor - lets see where things are going for trip around the sun

For the Wordle players around here (@lyse@lyse.isobeef.org, @xuu@txt.sour.is, @movq@www.uninformativ.de), and for those moments in which you rather cheat, than lose: https://github.com/KevinXuxuxu/wordle_machine. 😂

Hey. I my own local forward tool. https://github.com/JonLundy/sshfwd it uses ssh port forwards.

No on gitlab. If its self hosted gitea is best in class.

I can see hosting a mirror on github if only for the redundancy/visibility. Some projects will host but then direct contributions on their self host. Like Go does.

I would suggest using a vanity domain that can redirect tools like go get to hosting of choice. And not require rewriting all the packages any time it gets moved.

🤔 👋 Reconsidering moving Yarn.social’s development back to Github: Speaking of which (I do not forget); @fastidious@arrakis.netbros.com and I were discussing over a video call two nights ago, as well as @lyse@lyse.isobeef.org who joined a bit later, about the the whole moved of all of my projects and their source code off of Github. Whilst some folks do understand and appreciate my utter disgust over what Microsoft and Copilot did by blatantly scraping open source software’s codebases without even so much as any attempt at attribution or respecting the licenes of many (if not all?) open source projects.

That being said however, @fastidious@arrakis.netbros.com makes a very good and valid argument for putting Yarn.social’s codebases, repositories and issues back on Github for reasons that make me “torn” over my own sense of morality and ethics.

But I can live with this as long as I continue to run and operate my new (yet to be off the ground) company “Self Hosted Pty Ltd” and where it operates it’s own code hosting, servicesa, tools, etc.

Plese comment here on your thoughts. Let us decide togetehr 🤗

#yarnsocial #github #opsnsource #copilot #microsoft

Everybody is building one because, you know, why not? Why I built my own static site generator.

using this as the service: https://github.com/JonLundy/sshfwd

@niplav@niplav.github.io bigwor~1

@mckinley@twtxt.net @prologic@twtxt.net I have updated the ticket with my findings.. its not what you expect! /clickbait https://github.com/jointwt/twtxt/issues/424

@prologic@twtxt.net I would to build a Chinese version, have you considered supporting different languages? I translated a README file.

this is beautiful https://github.com/shinh/sedlisp

mm yeah newlines without unicode is much better https://github.com/jointwt/twtxt/issues/215

seems like the \u2028 approach breaks some clients, maybe i will try another way https://github.com/jointwt/twtxt/pull/166