bomctl is format-agnostic Software Bill of Materials (SBOM) tooling, which is intended to bridge the gap between SBOM generation and SBOM analysis tools. It focuses on supporting more complex SBOM operations on multiple SBOM files that represent systems by being opinionated on only supporting the NTIA minimum fields or other fields supported by protobom.
A YAML parsing library for Rust.
Current secret management forces applications to answer three questions at once:
- WHAT - Which secrets does the application need? (DATABASE_URL, API_KEY)
- HOW - What are the requirements? (required vs optional, defaults, validation, environment)
- WHERE - Where are these secrets stored? (environment variables, Vault, AWS Secrets Manager)
This coupling creates vendor lock-in, runtime failures, poor developer experience, and inconsistent practices.
SecretSpec solves this by separating secret declaration from secret provisioning. Your application declares what secrets it needs in secretspec.toml, but the actual secret values are retrieved at runtime from your chosen provider - never stored in configuration files.
How to write beeper music, essentially.
A speed up would be nice, but what I’m really looking for is making it safer to run terraform init in parallel for multiple projects.
Essentially a better cookiecutter.
Package Changes Analyzer (pkgdiff) — a tool for visualizing changes in Linux software packages (RPM, DEB, TAR.GZ, etc).
diffoscope tries to get to the bottom of what makes files or directories different. It will recursively unpack archives of many kinds and transform various binary formats into more human-readable form to compare them. It can compare two tarballs, ISO images, or PDF just as easily.
A simple measure of software dependency freshness. It is a single number telling you how up-to-date your dependencies are.
This tool compares two Software Bill of Materials (SBOMs) and reports the differences.
Might solve a problem for me. Builds on lib4sbom, which I might just use directly.
It’s a mechanism similar in intent to OpenBSD’s unveil(2) and pledge(2) to allow processes to opt out of access to things they don’t need, sandboxing themselves automatically without the need for the likes of SELinux.
Here’s the actual project website: landlock.io
I was wondering if ldd would be enough to deal with containerising some dynamically linked binaries, and apparently it almost is.
Sometimes, all you need is Paint, and this is basically Paint.
Stacked Git, StGit for short, is an application for managing Git commits as a stack of patches.
With a patch stack workflow, multiple patches can be developed concurrently and efficiently, with each patch focused on a single concern, resulting in both a clean Git commit history and improved productivity.
Ink is a language for defining simple hypertext-based interactive fiction systems.
It doesn’t have the flexibility of the likes of Inform, but the choose your own adventure format is surprisingly flexible, and it has built-in flags and counters that help, along with a bunch of other tools for defining narratives.
Potentially a useful alternative to tag URIs and uuid URNs for something I’m looking do implement.
I found this by accident when looking for an alternative to this internet draft that attempted to defined a hash urn namespace. Unfortunately, that seemed to go nowhere, but this ni: URI namespace looks promising. I read some objections to it that objected to the use of ; (which is is generally used to introduce fragments at the end of a path), but this isn’t something to be parsed, only validated at most. It’s only if you’re actually trying to resolve a URN (in which case you should be able to recognise the pattern) that you need to detect that kind of thing.
Anyhoo…
Feels unfortunately timely.
Another configuration language, this one sits in-between Hashicorp’s HCL and Google’s CUE.
A better pre-commit, engineered in Rust.
My understanding is that it plays better with monorepos, has built-in uv support, and plays nice with PEP 723, so it may be useful at $WORK.
A Meson-compatible build system, written in C for speed. It incorporates Samurai, a Ninja-compatible build tool, so it’s essentially an all-in-one build solution.
QBE is a compiler backend that aims to provide 70% of the performance of industrial optimizing compilers in 10% of the code. QBE fosters language innovation by offering a compact user-friendly and performant backend. The size limit constrains QBE to focus on the essential and prevents embarking on a never-ending path of diminishing returns.
A very simple RISC ISA and system architecture for teaching CPU implementation.
Huh. Didn’t know this was a thing.
Scryer Prolog is a free software ISO Prolog system intended to be an industrial strength production environment and a testbed for bleeding edge research in logic and constraint programming.
Looks to be a pretty nice implementation with some useful extension modules in the library.
A collection of scripts and tools for Atmel ATF150x and GAL Programmable logic devices, some of the only standing active 5V programmable logic parts still available.
Needed this for Advent of Code. I’ve forgotten so much maths!
Crafting Interpreters contains everything you need to implement a full-featured, efficient scripting language. You’ll learn both high-level concepts around parsing and semantics and gritty details like bytecode representation and garbage collection. Your brain will light up with new ideas, and your hands will get dirty and calloused. It’s a blast.
Starting from
main(), you build a language that features rich syntax, dynamic typing, garbage collection, lexical scope, first-class functions, closures, classes, and inheritance. All packed into a few thousand lines of clean, fast code that you thoroughly understand because you write each one yourself.
Kind of surprised I’ve never come across this before.
A clever way to implement a priority queue using the Set module that makes use of the min_elt/min_elt_opt functions and internal ordering on the priority.
I’m thinking of re-implementing the A* implementation I did for Advent of Code to lean on this. It’s already sets, so it shouldn’t affect the speed, but it’ll likely make it significantly less awkward, especially as far as finding the current element goes.
Here is where the example priority queue implementation mentioned can be found. More recent versions of the documentation don’t appear to have it anymore.
Just stumbled across this when looking for something else. A really nice monospace font done in an Insular style.
This is one of the more compelling features of 14.2. The big thing that’s long been missing from containerised workloads (jails) on FreeBSD has been a sane way of bundling up the contents of the container into an artifact. This is some very useful cross-pollination from the Linux container world!
The process of generating a static executable is weirdly involved!
I’ve been looking for this for a while but could never find it!
A build system that’s quite similar to Bazel, Pants, and Buck2.
