yesterday i ran into troubles deploying my current side project filemure.

my current dev stack is:

• kotlin: programming language
• javalin: web framework
• gradle: build system
• dokploy: docker image hosting
• nixpacks: building a docker image

(edit: the first link is kotlin, but ~there seems to be a bug in pepperino's alias handling~ - update: it shows up here so it must be something else)

(edit 2: turns out, [...]: def is a reference style link)

and

• sqldelight: database wrapper
• tempolin: html templating

i ran into a few problems this time, compared to when i worked on pepperino:

1. don't forget to make it a fat jar by including john engelman's shadow. i think it's not necessary to change the build command, but build creates both a thin and a fat jar and then it might not be clear which one of the two the start.cmd selects.
2. if it's a multi module project, either copy the jar to root build/libs directory (which is where nixpacks looks by default), or overrule it in the nixpacks config

providers = ["java"]

# add shadowJar
[phases.build]
cmds = ["chmod +x gradlew", "./gradlew clean shadowJar -x check -x test"]

# new path, and we can know the actual jar name
[ start ]
cmd = "java $JAVA_OPTS -jar app/build/libs/app-all.jar"

(note: the [ start ] is without spaces of course, but pepperinos parser doesn't support escaping yet)

https://brutecat.com/articles/leaking-youtube-emails

the interesting (for me) part of this attack is not the leak of the google ID (gaia ID), or the usage of a legacy system.

the interesting (for me) part is the trick they use to prevent the notification email (which would alert the victim) from being sent:

1. use the legacy systems api to leak the email via a test recording
2. the legacy system now would send a notification email about the test record including its title
3. to prevent this, chose a 2.5m character long title for the test record
4. now the action is executed, but the notification email is not sent

i guess the action is executed first, the notification email is sent afterwards and when an email sending error occurs, the action is not rolled back.

tags: security google youtube email

Are eggs bad for you? https://www.strongerbyscience.com/are-eggs-bad-for-you/

TL;DR: eggs (the consumption thereof) are slightly good or at least neutral for your health, except if you don't tolerate them well, which is, apparently, rare but real.

happy new year everyone!

song of the day: Haute & Freddy - Scantily Clad

on my dokploy instance i attempted to host a static website, but i ran into troubles with letsencrypt. after assigning the A record to the ipv4 address of the dokploy instance, the letsencrypt cert failed to work even after 48 hours.

so i started trouble shooting: googling didn't yield a quick solution; mostly complaints if letsencrypt took more than a few minutes. recreating the domain and rebooting the server didn't help either.

i didn't know where to find logs at first. after some searching i found it: Settings -> Server -> Webserver -> Traefik -> Watch logs. in the logs i spotted ipv6 adresses. corrected the DNS AAAA record and everything worked after a few seconds.

finished my first marathon race in 4:36:29. to my surprise i'm one of the slowest finishers with that time, ranking 748 out of 860.

Simon_Willison talks about XKCD 1425 here - it's the one about finding out whether the picture was taken in a national park (super easy!) and whether it's of a bird (super hard!).

i still have a nagging feeling that this comic has kickstarted the current AI trend and the re-emergence of ANNs.