Lourenço

@lvales
10 Followers
44 Following
38 Posts
Hi there, this is Lourenço. I'm an economist by training, farmer by trade, nerd by passion. Here's a quick fact: the kiwifruit has one of the highest contents of vitamin C of all known fruits - even more than an orange!
Githubhttps://github.com/lourencovales
Excipiohttps://excipio.tech/
Show threadLourençoMay 26

This is my announcement for my fork of HiveDAV, a fork of a WebUI for a scheduling tool, that is available under the MIT license on https://git.assilvestrar.club/lourenco/hivedav

Would love to hear your thoughts, especially with regards to how FOSS can (or if it should) evolve for the future. Let me know!

hivedav

hivedav

código do assilvestrar
LourençoMay 26

Are you in for a post that's a 2-in-1?

What if I told you that for the past 10 months, I've forked and maintained an open source project, and that I'm marking the release of v2.0.0 of that project with an extensive blog post about this journey.

Do you want to spend 15 minutes reading about how I revamped and modernized a Golang codebase?

What about my thoughts on the future of Free Open Source Software?

You can have it all here: https://excipio.tech/blog/hivedav-forking-an-open-source-project/

HiveDAV - forking an open-source project

The amount of posts and videos that I’ve seen in the past ~12 months which are announcing the end of Free Open Source Software is off the charts. From AI tools being set loose on several project’s issue and pull requests boards, to a veritable flood of security vulnerabilities being discovered by automated tools, not forgetting the burn out that many developers are feeling in these agentic times, and the fall of GitHub; it would seem that FOSS is undergoing a crisis.

Excipio
LourençoMay 23

I replaced docker with systemd-nspawn (plus -resolved and -networkd) on my self-hosted actions runner. Am wondering what @pid_eins would think of this

https://excipio.tech/blog/improving-my-self-hosted-actions-runner-setup/

Improving my self-hosted actions runner setup

For a while now, I’ve self-hosted a runner to integrate with Gitea Action. But there was something about it that was leaving me worried: in an age where software supply chain security is becoming more and more important, I felt like I needed to improve the security of the setup. The answer I arrived at, while not perfect (yet), it’s a great improvement over what I had before. This post will be a walk through of what I had, what and why I chose to replace it, how I did it, and where I could still improve it.

Excipio
LourençoApr 15
I've started hosting DoT/DoH endpoints, and even with a few layers of QoS/rate-limiting enabled, I wonder how long it will be until I get to be part of a DNS amplification DDoS.
Show threadLourençoMar 19
hey at least I already paid for a full year a few days ago
LourençoMar 19
It's kind of wild to see the price of an existing VPS contract rise because "[f]or several months, the global memory shortage has been driving up hardware costs across the entire hosting industry." The economics of this make very little sense.
Show threadLourençoMar 10
I'm tired. Really tired of this. They're turning a potential useful tool into a weapon of mass bullshit. This is dangerous, and we're all just smiling and waving, celebrating these morons who are "red pilling". This isn't going to end well.
Show threadLourençoMar 10
This is the exact same thing that happened with cURL, and has led them to close their bug bounty program: https://curl.se/docs/bugbounty.html . It became infested with AI slop reports that follow this exact pattern: the AI spots some potential problem, claims CRITICAL VULNERABILITY!!!11, and the idiot at the wheel just goes along.
curl - Bug Bounty

Show threadLourençoMar 10
But all this just goes to show what the actual problem here: this is just AI slop. Shame on the poster, a Google employee no less, that goes and uses a false report, that he didn't bother to check, to create a perception - in this case, how the AI-generated code is actually better than code that has been written by humans, and is production tested for several years.
Show threadLourençoMar 10

Now, is this a _potential_ bug? Yes, if e.g. the goldmark package ever changes the way it processes its input and creates the possibility of the conversion erroring out, then it's possible for an attacker to craft a payload that could trigger this code path and exploit this XSS vulnerability.

And should the devs just have used `return template.HTML(escapedText)` in that code path? Also yes. Why they didn't, I'm not really sure. But it's besides the point.