Tuesday, May 6, 2025


Sunday, April 27, 2025

sqldelight doesn't yet have a public release with kotlin's k2 compiler support. a potential alternative could be exposed @ https://www.jetbrains.com/exposed/.

though personally i like sqldelights approach of sql to code generation better than the pure code approach of exposed.

tags: tech_stack



Saturday, April 26, 2025


Tuesday, April 1, 2025

this looks interesting: https://nuejs.org/blog/large-scale-apps/

in my experience, things are lightweight if you

  1. leave out the corner cases or
  2. make it so general that there aren't corner cases, but also few batteries included

also see hn discussion: https://news.ycombinator.com/item?id=43543241


Friday, February 14, 2025

yesterday i ran into troubles deploying my current side project filemure.

my current dev stack is:

(edit: the first link is kotlin, but ~there seems to be a bug in pepperino's alias handling~ - update: it shows up here so it must be something else)

(edit 2: turns out, [...]: def is a reference style link)

and

i ran into a few problems this time, compared to when i worked on pepperino:

  1. don't forget to make it a fat jar by including john engelman's shadow. i think it's not necessary to change the build command, but build creates both a thin and a fat jar and then it might not be clear which one of the two the start.cmd selects.
  2. if it's a multi module project, either copy the jar to root build/libs directory (which is where nixpacks looks by default), or overrule it in the nixpacks config
providers = ["java"]

# add shadowJar
[phases.build]
cmds = ["chmod +x gradlew", "./gradlew clean shadowJar -x check -x test"]

# new path, and we can know the actual jar name
[ start ]
cmd = "java $JAVA_OPTS -jar app/build/libs/app-all.jar"

(note: the [ start ] is without spaces of course, but pepperinos parser doesn't support escaping yet)

tags: tech_stack


Wednesday, February 12, 2025

https://brutecat.com/articles/leaking-youtube-emails

the interesting (for me) part of this attack is not the leak of the google ID (gaia ID), or the usage of a legacy system.

the interesting (for me) part is the trick they use to prevent the notification email (which would alert the victim) from being sent:

  1. use the legacy systems api to leak the email via a test recording
  2. the legacy system now would send a notification email about the test record including its title
  3. to prevent this, chose a 2.5m character long title for the test record
  4. now the action is executed, but the notification email is not sent

i guess the action is executed first, the notification email is sent afterwards and when an email sending error occurs, the action is not rolled back.

tags: security google youtube email


Are eggs bad for you? https://www.strongerbyscience.com/are-eggs-bad-for-you/

TL;DR: eggs (the consumption thereof) are slightly good or at least neutral for your health, except if you don't tolerate them well, which is, apparently, rare but real.


Thursday, January 2, 2025


archive