That's what I ended up using, in order to avoid repackaging the installer I built a payloadless deployment (dummy/empty .pkg, unsigned as it doesn't matter if it fails to run, followed by a post-install script that downloads the latest installer for each software to deploy, install them, then delete the temporary folder.
I checked the WarpBuild website and got excited because the header in the menu says you have macOS Intel runners, but then you click through and it doesn't seem to be so?
Right now at my company our biggest complaint are macOS Intel runners from GitHub which somehow take 15+ minutes to provision and are the slowest of the bunch.
I can assure you WarpBuild has Mac runners that work very well. When I first switched GH only offered 1 Mac runner and it was horribly slow. Literally cut my build times in half by changing 1 line in my workflow file to use the WB runner.
Nowadays GH has more sizes by WB continues to beat them in price and performance.
It’s highway robbery what GH charges for the crap they provide. I can highly recommend WarpBuild for Mac (and Linux) runners.
That was an interesting read, thanks! Two questions:
- What is the problem with stale certificates if a domain changes hands? It seems to me that whether they renew the certificate or not, the security situation for the user is still the same, no?
> What is the problem with stale certificates if a domain changes hands?
The previous owners have valid certificates for up to 398 days. If they are a malicious party cable of doing a man-in-the-middle attack, they can present a valid certificate and fully impersonate the owner. For example, when Stripe started, they purchased the domain from another party, who had a valid stripe.com payment certificate for nearly a year. (https://www.certkit.io/blog/bygonessl-and-the-certificate-th...)
> Is CertKit a similar solution to Anchor Relay?
I hadn't heard about anchor relay before, thanks for the link!
CertKit is similar, but broader. Anchor says it sits between your ACME clients and the CA and simplifies the validation steps, which is super useful. But you still have to run ACME clients and have a bunch of automation logic running on your end.
CertKit IS the ACME client. You CNAME the challenge record to us and we do all the communication with the CAs and store/renew/revoke your certificates centrally. Your systems can pull (or be pushed) the certs they need via our API, then we monitor the HTTPS endpoints to make sure the correct cert is running. Its a fully-audited centralized certificate management.
Except this is going the wrong way. We should be discouraging frequent domain ownership changes not making them easier. New owners getting visibility into traffic meant for the old owners is as much if not a bigger problem.
I'm disappointed to see so many negative responses to such a good thing to do. I understand where it's coming from, the distrust on progressively de-empowering freemium apps. But if there was a product to gain some trust (or at least the benefit of the doubt) on doing the right thing, and having a fair and balanced approach to monetization, it is Affinity. Same thing they've been doing for years.
I for one, think this is a really nice thing, and that it gives access to really well-made and actual professional-level design tools to a huge swath of people who didn't have it before, be it for personal use or for work. No previously included feature is now part of the subscription, and they've made sure to say they'll be free forever. I see this as a huge win.
The ISPs are compelled by judicial order to take down whatever LaLiga tells them to, and LaLiga is telling them to block the entire IP range. They can’t not do it.
Presumably there's no legal reason why the ISPs couldn't write to all their customers giving "notice of upcoming partial internet service outage, due to the actions of La Liga". It would be factually true
Of course, LL could still give them hell in court even on false grounds (and maybe even win anyway, given the case detailed in the root comment). And in any case there's simply no commercial reason why they would stick their neck out in the first place
I think most of this are being done in the moment, without advanced warning. Plus, some ISPs carry soccer in their TV offerings so they’re probably not benefiting from speaking out. At least, my ISP does replace the blocked website with a notice explicitly stating that this is the result of a judicial ruling in favor of LaLiga
From vague recollections of previous times this came up, I think this is downstream of the providers getting blocked refusing to cooperate though?
I know when eSNI / ECH came out, Cloudflare at least made a point of taking about plans to use it to frustrate targeted blocks in hopes that governments would be unwilling to respond by escalating to blanket IP blocks.
Yep, this was a huge hassle for me, I didn't realize it would happen!
Another option is to do `ssh -L 32400:localhost:32400 <your-plex-address>` and connect to http://localhost:32400/web, it will let you claim the server as it detects the connection being local.
I was thinking about this the other day. I think it might just be a thing of Google looking for a different thing than what made his open source project famous.
Without no knowledge of the details further than mxcl's tweet; probably any performance issues even on simple code, get infinitely multiplied when running at Google's scale, slogging the thing, on Google's dime. From what I've seen of him, mxcl is good at designing a really approachable product, and on running an open source project. But homebrew is really slow, even on the latests Macs, even for basic cases.
To me it seems then that he'd be more fit for a product owner/manager position than an engineering one, and that could be the root of his not-hiring.
IIRC basically the SE is indeed complicated and has a bunch of requirements that would not make sense for a startup. Plus, it isn’t really a common denominator for different corporate laws, but they kinda add together so now you need to know about laws in Germany AND laws in Spain AND etc, wherever you operate.
A bit off topic I guess, but what’s your usage for xs? I read the website, I think that I understand it and find it intriguing, but I’m not sure what one would use it for.
When I'm working on a remote machine, it's nice to be able to easily pass things back and forth between it and my local laptop. I start a stream on the remote server and use `dumbpipe` to make the stream available on my local laptop.
Or register a local handler for the topic "pasteboard" that puts the contents on my local clipboard. Then, from the remote machine, I can run: `"foo" | .append pasteboard`
