Kind notes

 Note

Very excited to announce that @lornajane and I are running a new @openuk Meetup that's digital-only, alongside the other great events being run by the #OpenUK organisation.

Our first event will be a tie-in with #GitHub's #MaintainerMonth and we'll be hearing from a number of excellent maintainers from a variety of projects - stay tuned for more details.

Looking forward to seeing some of y'all on May 22nd at 1200 noon (UK time) for an interesting webinar!

(This will be in addition to other OpenUK events still being hybrid where possible)

 Note

GitHub relaxing the requirement of the construction of the GitHub App's JWT (under private_key_jwt) is interesting, especially if now you don't need to know the installation ID to auth.

Presumably this also means that on GitHub's side they're still limiting access to repos that an installation has access to, but I'd have assumed that by doing it by installation ID you'd get additional checks

(I'd been lazy in the past and would rarely persist the installation ID, needing me to then go in and find it through the GitHub UI πŸ˜…)

 Note

Has anyone else started getting spam from a Substack they definitely didn't subscribe to? It's for with an email I wouldn't have signed up to, and it's a language I don't know (Spanish)

I've now unsubscribed and marked it as spam - I didn't seem to get a "are you sure you want to sign up", but I did get a "thanks for subscribing" post (in Spanish)

 Note

Friends and folks working with #SBOMs - how do you conceptually think about them in terms of ingesting them into tools?

I.e. I like to think of an SBOM having a source repository or component it relates to, but sometimes you don't know that up front, and all you have is the result of a scan, which could be the source repo, a container image, or a built binary.

Considering whether:

  • I try to guess what repo/component it is based on the filename
  • Just store the filename in the database and allow querying with that (and leave repo info optional)
  • Retrieve metadata from the SBOM that known tools use to define this
  • Some 4th option?

Trying to tweak how Dependency Management Data works with SBOMs and trying to find how other folks do it and consider them

 Note

Does anyone know if there's a good way of getting a historical storage of queries that users put into #Datasette? Trying to get some stats around common queries and usage, couldn't see a plugin for it, but not sure if my searching just missed it

 Note

Listening to Tulips - Minotaur Shock Remix is forever going to remind me of the last few chapters of Leviathan Falls. It happened to be what I was listening to at the time, and the lyrics seemed to fit so perfectly with the grand finale, and listening to it just now brought that all back, including all the feels around the events.

Deffo need to re-read #TheExpanse series, what a great series.

See also: previous thoughts on the way #music can remind you of things.

 Note

For the last ~7 weeks on-and-off rewriting the documentation for oapi-codegen which has needed a fresh version for a bit of time. On top of that, I've spent pretty much the last two days solidly finishing it off, and am very glad to have just merged it!

Documentation can be difficult to do - especially if you're redoing it all in one go - but am hoping it's in a much better place for new and existing users alike!

Also introduces a CONTRIBUTING.md for the first time, and I ended up adding 14 new examples to the examples directory because I couldn't quite remember how things worked πŸ˜…

 Note

Followers of my blog - you can now subscribe to just blog posts for certain tags, for instance if you want to read all my articles about Go but only my articles, and not be annoyed by all the other stuff tagged go, you can now add https://www.jvt.me/tags/go/feed.articles.xml to your feed reader of choice.

And of course, this is discoverable via RSS discovery so you can just point your feed reader at i.e. https://www.jvt.me/tags/go/ and it should prompt you the different options.

 Note

No #WeekNotes tonight as I'm celebrating my 30th birthday in Rome πŸŽ‚πŸ₯‚πŸπŸ·

If you wanted to do something nice to honour it, you could support my work on the Open Source projects I maintain as well as the content on my blog. But I'd also love to see y'all pay it forward to other creators or maintainers for the stuff you use, and work with your companies to pay to support the Open Source you so heavily rely on!

I'll be posting my Week Notes some time next week, when I get to relive the lovely ~10 days we've been having πŸ₯°

 Note

Does anyone know of/use an HTTP caching proxy, which can read/write cached responses to disk? Trying to reduce the overhead on an external service (during CI/CD) and allowing caching between runs

 Note

Whenever I see a profile view on LinkedIn from someone who works at a company I used to work at, I always wonder what it means. Like, are you interested in who was in the git blame? Did you find something I've done, or heard a story about me and want to know more?

I guess we'll never know πŸ€·πŸ½β€β™‚οΈ

 Note

If you're able to see this post (on the Fediverse) yay! That means your admin hasn't blocked Bridgy Fed which I use to bridge my website with the Fediverse so I can chat to y'all.

This is likely due to recent discussion around the upcoming BlueSky bridge and opt-out being the default decision.

I don't dispute the freedom or choice to block Bridgy, and am definitely taking some time to think about how I feel about the varying thoughts, but the main thing is that it looks like several admins have blocked Bridgy altogether, resulting in not just the blocking of the upcoming BlueSky bridge (at a separate domain under brid.gy) but also classes Bridgy as Tier 0:

Tier 0 is a combined blocklist of only the worst actors, and it exists to provide one blocklist to which surely no one can object as a baseline for others. It's the perfect starting list for any new mastodon admin.

So it could be my time interacting with the Fediverse is going to be cut short, and I'll be screaming into the void very much moreso πŸ˜…

 Note

Well, I'm home after a great couple of days at #StateOfOpenCon #SOOCon24, which has given me lots to think about. There were some great talks, some really interesting hallway track conversations, and nice to meet friends old and new.

First of all a huge thank you to the organisers - there were so many of you behind the scenes doing such great work to make the event a massive success. I've seen the effort that it can take to do a single track conference let alone 8 tracks(!!!) so it's a huge result, and I hope y'all are gonna have some well deserved rest!

I'd like to say in particular a bit thank you for the work that @andypiper has been doing in the lead up to the conference to support the speakers, being warm, super helpful and supportive, as well as seeing them busy over the conference helping ensure everything was going well

And a big thanks to @AmandaBrock for all her excellent work with OpenUK and State of Open Con πŸ™Œ

I'll definitely be making my way back next year πŸ‘€ And I'll be (re)watching talks as they pop up!

 Note

Today I've been emailed by both Clever Cloud and Heroku around "your account hasn't been used in some time so we're gonna delete it" - coincidence, or is today their "clean up all the old accounts day"?