I use garage at home, single node setup. It's very easy and fast, I'm happy with it. You're missing out on a UI for it, but MountainDuck / CyberDuck solves that problem for me.
After years of using Garage for S3 for the homelab I’d never pick anything else. Absolutely rock solid, no problem whatsoever. There isn’t ONE other piece of software I can say that about, not ONE.
Major kudos to the guys at deuxfleurs. Merci beaucoup!
I used to be a big ruby/rails fan but I have to agree with you. I now write c-sharp and it's a lot less stressful than Ruby. If a Ruby/Rails codebases get to a large enough point it's really difficult to keep track of what types a method you wrote accepts. You end up just constantly double checking your own code. Or you end up with a few type checks and/or type conversions at the top of every method. And maybe I was doing it wrong because it was early on in my career. But when a method can accept literally anything and return literally anything, not even a strong IDE like RubyMine can save you.
For Mac, yes and no. IIRC you don't need a developer's license to build and sign software for yourself. But you do need one to distribute pre-built software.
You can still run unsigned software, but you need to approve 2? prompts, and also allow exception for every executable by going to Privacy & Security tab in settings.
IIRC there is a CLI command for achieving the same.
You can’t run unsigned software on Apple silicon. Note that when you build your software if you use Apple’s tools it will inject an ad-hoc signature into the product.
You very much _can_ run unsigned software on Apple silicon. At work my department has a bit less than 50 engineers with Macs (M1 to M4) and nobody complained that they can't build and run our product (using GCC from Homebrew, not Clang from Apple). But it involves some jumping through hoops, yes.
As mentioned above you have to approve the binary two times (at least), being careful the first time because the dialog popup offers to remove the binary. Also since our product has some networking to do one has to mingle with firewall settings to allow the binary to do the networking.
To check I did this: removed the signature (LC_CODE_SIGNATURE section) using lief Python package (no affiliation, just looked suitable for the task), checked by otool that the section is indeed gone, started the binary - it worked. The spctl said that the binary is "rejected", but it says so about every non-Apple binary I checked on my machine so not informative. The codesign tool shows "is not signed at all" on the binary with stripped signature.
I'm not too well-versed in OSX system/dev tools, so if there is a more correct/precise method of checking the signatures I'd very much like to know.
Nope, 15.7.2. Maybe there are some settings, unknown to me, that are configured by MDM and that allow for such behaviour - our Macbooks are managed by the employer and are intended for development, so would be logical to set them up this way.
_A Mac with Apple silicon doesn’t permit native arm64 code to execute unless a valid signature is attached. This signature can be as simple as an ad hoc code signature (cf. codesign(1)) that doesn’t bear any actual identity from the secret half of an asymmetric key pair (it’s simply an unauthenticated measurement of the binary)._
_For binary compatibility, translated x86_64 code is permitted to execute through Rosetta with no signature information at all. No specific identity is conveyed to this code through the device-specific Secure Enclave signing procedure, and it executes with precisely the same limitations as native unsigned code executing on an Intel-based Mac._
The signature that gets added is vaguely a hash of the binary. You probably want to look at the UUID that gets injected into your binary instead of this.
To be fair, there’s a massive banner on their front page warning users it’s in beta. Until they settle on a proper release it’ll continue to be a bit chaotic. All software development is like that.
Same, in a way. I've been using it for a couple months on my MacBook Pro M2 Max, zero issues. Recently I installed it on my work laptop, M4 Max, and I get frequent crashes. No idea why it would make a difference.
They're saying that when someone uses a privacy token to search, they cannot track which account it's tied to. Therefor, they cannot track limits & billing.
The whole point of privacy tokens is you don't need to track usage. You track generation instead. They can track limits and billing at generation time. They know this. The sentence I previously quoted says so in the [...] section:
> We are working on enabling this feature for Trial and Starter plans, which have access to a limited number of monthly searches. Therefore, they risk a worse user experience if their generated tokens are lost (for example, due to uninstalling the extension)
If they don't track limits and billing at generation time, then there's no "risk [of] a worse user experience if their generated tokens are lost".
This ""risk [of] a worse user experience if their generated tokens are lost" is a logical reason to not enable privacy tokens for Trial and Starter plans. The risk of "users on this plan could redeem more tokens than the limit of searches allowed on their plan" is not a logical reason to not enable privacy tokens for Trial and Starter plans.
What's to stop a single unlimited user from generating and sharing infinite tokens with the rest of the world, then?
Edit: Each account is limited to 2000 tokens per month, unless they email support to request more. (from the FAQ near the bottom).
Still seems like there could be a secondary market for resold tokens, though. Not just as a money making system, but possibly as a privacy initiative? If enough accounts pooled tokens into a shared pool and withdrew a random one from it each time, it would be a further safeguard.
I like Ruby a lot, but I find it large codebases get convoluted since it doesn't have a proper typing system. RBS doesn't count lol. Even RubyMine by JetBrains gets confused with classes and such in a "large" codebase I wrote (50k lines give or take). And that's with doing things the proper Ruby/Rails way, with full RBS files for everything.
