Florian Apolloner 's Avatar

Florian Apolloner

@florian.apolloner.eu

Dabbling in many things. Mostly Ops and Python stuff.

47
Followers 46
Following 13
Posts 22.10.2024
Joined
Posts Following

Latest posts by Florian Apolloner @florian.apolloner.eu

Afaik becoming a CNA will allow you to prevent such CVEs in the first place.

10.05.2025 18:04 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
How to Get or Create in PostgreSQL And why it is so easy to get wrong...

So basically a "get or create"? Haki has a great article about the ups and downs of the individual approaches: hakibenita.com/postgresql-g...

10.05.2025 17:59 πŸ‘ 5 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

@brongondwana.bsky.social / @fastmail.com Hi, since today (?) I am seeing avatar icons for some automated mails from domains that don't have bimi etc set. How/where from does fastmail source the avatar icons? favicon from the TLD?

02.04.2025 07:51 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Sticking with Django - Florian Apolloner | Django Chat Florian is a long-time Django contributor who previously served on the Steering Council and Security Team. We discuss changes to Django over the last 20 years, switching over to `uv`, why he’s not a f...

Ep177: Sticking with Django w/ Florian Apolloner

@florian.apolloner.eu is a long-time Django contributor who previously served on the Steering Council and Security Team. We discuss changes to Django, switching to `uv`, and drawing inspiration from other frameworks. djangochat.com/episodes/sti...

05.03.2025 14:25 πŸ‘ 3 πŸ” 5 πŸ’¬ 0 πŸ“Œ 0

Certainly "as we know it". I am so sorry, I just couldn't resist.

09.12.2024 16:54 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Thanks, that brings me to my next question: would you recommend NATS or rather not use it again (independent of Channels). It looks really great, but I don't have any experience with it yet.

25.11.2024 06:21 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

@carltongibson.bsky.social @aeracode.org Did either of you ever tried writing a channel layer for NATS?

24.11.2024 21:14 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

I wonder why that often happens? I think Kubernetes really seems off-putting at first due to the sheer size. Docker Swarm and Hashicorp Nomad seem so much simpler in comparison (but also offer less I guess).

24.11.2024 16:05 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

I nearly spilled my coffee πŸ˜‚ Funny enough we are just working out a plan to start using k8s. I think I still hate it but one cannot deny the benefits.

24.11.2024 15:43 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

No argument on cibuildwheel which is why I was explicitly asking about stage 1 -- ie source bundling. downloadLocation might be indeed an answer but most likely means using all the security analysis you'd get otherwise

22.11.2024 21:39 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

And while I agree that a name & version is better than nothing, it is pretty much close to nothing imo. Maybe it helps someone looking at the SBOM manually but I do not have the feeling that it will help any software using that SBOM.

22.11.2024 20:39 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

But do Package URLs actually work? I mean if I embed libpq what would be the correct purl for it -- there doesn't seem to be a scheme for the actual source without having a repository (might miss something). I am trying to use purls over CPE where possible due to all the false positives with CPEs :/

22.11.2024 20:38 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Nice post, some questions though. Stage 1: what are suitable identifies for bundled software (purl/packageUrl)? Stage 2: Even without extra dependencies like Maturin etc shouldn't the build backend inject itself as well?

22.11.2024 20:13 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Uff, can't wait to read that. Will it have tooling advice as well? All the generators I tried till now seem to have issues one way or the other. πŸ™ˆ So I am kinda afraid of even trying to merge sboms πŸ˜‚

22.11.2024 06:34 πŸ‘ 1 πŸ” 0 πŸ’¬ 2 πŸ“Œ 0