i figure out the niche ffmpeg commands various chain filters, etc
then expose them from my python cli tool with words similar to what this gentleman above has done.
If one has fewer such commands its as simple as just bash aliases and just adding it to ~/.bashrc
alias convertmkvtomp4='ffmpeg command'
then just run it anytime with just that alias phrase
i use ffmpeg a lot so i have my own dedicated cli snippet tool for me, to quickly build out complex pipeline in easier language
the best part is i have --dry-run then exposes the flow + explicit commands being used at each step, if i need details on whats happening and verbose output at each step
It sounds like you'd be better off self-hosting Jenkins. The other issue with GHA is they cap all runs at 6 hours.
Despite what people say about "maintaining" Jenkins (whatever that means to them personally) - you can set it up in an IaaC way including the jobs. You can migrate/create jobs en masse via its API (I did this about 10 years ago for a large US company converting from what was then called TFS)
Hi, I'm the author of this post. Before anyone reads too much into this - it's a tool for us to use internally with the team, and for various OSS repos I maintain. If you'd like the code let me know and we can make it available - but at its core it's getting webhooks from GitHub and using Slicer's API to launch reviews in isolated microVMs.
It's not the only thing that could be created - far from it, it's of use to us, but it may give you some of your own ideas or maybe you can think of other use-cases for running LLM inferences, builds, code generation, or analysis within a temporary, isolated environment.
This whole discussion needs way more input - this has been posted three times (I was the last and it got flagged as "dupe") - the moderators are not allowing fair discussion here.
As an industry this has a huge impact.
Good to know re: Traefik - I wonder if K3s will continue to ship Traefik v2?
The reason people are posting again is that this hasn't had any discussion. It's going to have a major impact and the reasoning is "we have something shiny now".. even the tone of the post: "if you must use ingress"
This looks like a lot of fun. I've been trying to help folks understand how to make use of Firecracker - what it is, when to use it and how to tie its various low-level parts together. Unlike Docker - microVMs tend to need a lot more hands-on knowledge up front.
I tried out smolBSD - the build and boot speed were impressive - as was the hint at a patch that boot time will be reduced from 100ms to 10ms. That's neat - in my experience adding systemd to a modern Linux Kernel pushes Firecracker up to 1-2s.
This smolBSD idea reminds me of unikernels and also of LinuxKit.
The documentation for smolBSD is a great start and could be so much better - for instance - the SSH example shows no way to configure an authorized SSH key or how to log in. The port-map to the host for the open port is also not mentioned.
I'm sure the author knows how to do these things - but even reading around in the repo, it wasn't clear. So hoping he'll improve on this if he's listening.
If anyone's interested in the Linux equivalent of this - check out my blog post on building a Linux microVM from a container [1] and video talk on Firecracker/Linux with Richard Case that led much of the work on Weave Ignite/Flintlock [2]
> The documentation for smolBSD is a great start and could be so much better - for instance - the SSH example shows no way to configure an authorized SSH key or how to log in. The port-map to the host for the open port is also not mentioned.
For those who want to check it out now: there is documentation but for the nitrosshd documentation. The sshd service works the same, minus nitro of course.
I don't understand. The link could've come from anywhere (for example from a HN comment). How does just clicking on it give your package credentials to someone else? Is NPM also at fault here? I'd naively think that this shouldn't be possible.
For example, GitHub asks for 2FA when I change certain repo settings (or when deleting a repo etc.) even when I'm logged in. Maybe NPM needs to do the same?
OP entered their credentials and TOTP code, which the attacker proxied to the real npmjs.com
FWIW npmjs does support FIDO2 including hard tokens like Yubikey.
They do not force re-auth when issuing an access token with publish rights, which is probably how the attackers compromised the packages. iirc GitHub does force re-auth when you request an access token.
They wouldn't have manually typed the exact URL from the email, they would have just typed in npmjs.com which would ensure they ended up on the real NPM site. Or even if they did type out the exact URL from the email, it would have made them much more likely to notice that it was not the real NPM URL.
A number of people reached out about the Beelink SER4-7 - which are about double the cost of a bare N100. Nice machines and I may have considered them if they'd been more popular at the time.
Certainly, if the main use-case is fastest speed in a straight line - get something with a Ryzen like the Acemagic I mentioned at the end with Geekbench scores.
I see Ryzen 5 3550H + 16GB + 512GB + EUT VAT + free shipping at 152EUR (random Aliexpress deal, says "Ninkear G3 Pro") - not much considering bundled up RAM and Disk, N100 costs a little bit less.
Braindead YouTube-solution would be to buy this device, connect to TV, wireless mouse and install Windows 10/11 LTSC, install firefox + favorite addons. N100 is barely enough for 4k@60, and Ryzen gets a bit more juice to live comfortably
> Now, if something is public facing and making revenue (or risks revenue/reputation by going down), I will absolutely run that on a popular cloud VM, or on Hetzner's bare-metal offering split up into various microVMs. If possible, I'll run it on a CDN - like my blog, a homepage, or a documentation site.
Quite telling that these tools need to exist to make ffmpeg actually usable by humans (including very experienced developers).
reply