Yeah, it's a problem on a package-per-package basis. My point isn't how to solve the git problem but that the experience can vary wildly depending on the package. It can be surprising and often comes at the expense of time trying to navigate the insanity that is nixpkgs :)
Passwords are a pain in the ass, I just wished that having a cryptographic key installed in your device (and linked to it) to login to stuff or having an external crypto-device to login was easier and more common.
For local access, biometrical is fine, and a "super-secure" password for if something happens that can only be used once would be the way.
Biometrics are really not fine. They're somehow supposed to be some permanent marker of who you are, but that's really not how it works in the real world. You physically change.
I've broken any biometrics recognising me in a dozen different ways, this year alone. Cut open my finger, changing my fingerprint. Head surgery for melanoma gave me a scar so facial recognition doesn't work anymore, blood vessel burst in my eye, so iris scan changed. And so on.
They're fine for a convenience, but that's it. They're nothing more than a pin, and you will have to fall back to password or authenticator or something else, sooner or later.
Also, even if they work as desired, if they're ever compromised [1], you're permanently unable to use that form of authentication, or permanently vulnerable to services that use and/or require it.
Again, biometrics are fine for local access. If you cut your finger or scar your face just use your backup method (maybe a pin, maybe a different finger) to get in and update the scan. And if someone steals your fingerprint they can't use it without having physical access to your device, because again, this is for local access.
For remote authentication you use a private key accessed via the local system (which you are already authenticated to using biometrics).
There's also this failure case: I know a pair of sisters who look and sound identical enough that they can unlock each other's phones with face and voiceprint recognition.
I knew a girl from Asia that had a sister that was six years younger and twenty pounds skinnier. They could both unlock each other's phones using facial recognition.
Considering the frequency with which facial recognition leads to arrests if you're black [0], it seems that if you've got the right non-white skintone, you can unlock someone else's phone.
You can store it in paper with your other important documents. It's not unstealable but if someone nicks your document folders you're spending two weeks redoing/reissuing everything anyway.
I've taken a liking to using a self-hosted Bitwarden instance via vaultwarden, and it's been a pretty good experience. The vaultwarden server is only accessible through my Tailscale network for extra security.
I use KeepassXC as well and it works well enough. Its still not as clean as just an SSH key login which we could have done on the web years ago and would make everyone’s life easier.
I want to be able to tie digital credentials to my identity so if they are compromised or I loose access I can recover them by providing my national ID documents. Similar how I do with my bank app, I go to the bank, show my ID, sign some forms and reset all the creds. I don't have to fear loosing access. On the other hand if I loose my google account I'm screwed, all my other services depend on either my email address or google 2fa keys to prove my identity.
We could have been using SSH key logins for decades at this point but no we had to go and use usernames and passwords everywhere.
I don't want a key limited to a single device I just want a strong key that can automatically login to a website. The technology has existed for longer than the internet it just needs to become the norm.
The main problem with IIFE is the same as with a normal function:
You cannot return the caller function from inside the closure, making the "short-circuit" mechanism provided by questionmark (?) operator not possible.
With the GCC Extension, we get around that using a construct that is pretty similar to IIFE, it allows to return a value from an immediate expression created by a block of code that is surrounded by ({})
The nice thing about this block ({}) is that the last statement is used as the "return value" without an explicit return, this disambiguates between the "expression" return and the "function" return.
Without compiler support, the short-circit is not possible, but with this feature + macros we can create a function that behaves like that.
Regardless of that, the only function that requires this extension is the "except" macro, if you are willing to not short-circuit, you can still use the other functionality of this library.
What's the point of JSON output anyway? UNIX filenames can contain arbitrary sequences of bytes except NUL and /, they can't be represented as JSON strings.
nix build github:NixOS/nixpkgs#pkgsStatic.git
return the pacakge as:
ls -lah git
-r-xr-xr-x 1 rucadi rucadi 5.1M Jan 1 1970 git
ldd git
$ not a dynamic executable
So you don't really need to really grow the container
reply