miniblog.

← Back to all posts
Jul 1, 2018 at 19:19
There's an awkward tension between auto-update and fixing security bugs. If platforms don't automatically update, users don't get security fixes. If they do update, you're giving the vendor RCE power.

Related Posts

Feb 9, 2025 at 00:45
I made some changes to a node express project that I haven't touched in almost five years. I was pleasantly surprised that I only needed to update one dependency to get it working again! (It was sqlite3, which is a native dependency using node-gyp.)
Jul 19, 2024 at 06:09
I've been really enjoying paru as a pacman substitute on Arch Linux: https://github.com/Morganamilo/paru It allows you to update both normal and AUR packages in one go, which is super convenient. It also shows you PKGBUILD files, so there's still a human audit step for AUR.
GitHub - Morganamilo/paru: Feature packed AUR helper
GitHub - Morganamilo/paru: Feature packed AUR helper
Feature packed AUR helper. Contribute to Morganamilo/paru development by creating an account on GitHub.
Apr 7, 2024 at 21:52
For my personal server, I deploy services with docker and update with watchtower. It works OK, but I'd love to have a proper configuration as code approach. I want a git commit to change a file that says which version should be live, and then CI should deploy that.