Linkblog/2025/03/03

With Yoke, you write your infrastructure definitions in Go or Rust, compile it to WebAssembly, and then you take input and output Kubernetes manifests that get applied to the cluster.

While I am not a Kubernetes user, I know enough about it to be dangerous, and while in some concepts this is cursed, it does seem like this has some value, especially here as Xe brings up:

Think about Yoke flights as functions. They take in input and output Kubernetes resources. One of the big advantages of using WebAssembly here is that you can use the same Kubernetes manifest types that Kubernetes itself uses. This means you don’t have to write your own types and you can reuse code aggressively. Here’s an example bit of code that creates a Kubernetes ServiceAccount:

func createServiceAccount(app v1.App) *corev1.ServiceAccount {
	return &corev1.ServiceAccount{
		TypeMeta: metav1.TypeMeta{
			APIVersion: corev1.SchemeGroupVersion.Identifier(),
			Kind:       "ServiceAccount",
		},
		ObjectMeta: metav1.ObjectMeta{
			Name:      app.Name,
			Namespace: app.Namespace,
			Labels:    app.Labels,
		},
    AutomountServiceAccountToken: ptr.To(true),
	}
}

This is nice, seeing this sort of thing as actually code and not just a sea of YAML is nice.

But honestly, I have no stake in the game, only vibes.

I defer proper criquette to either Dan, Riley, or Stephen.

2025/03/16 Update: Riley gave his response:

@Jack Was going to respond last night, but lacked the braincells to do so. Yoke is interesting, but I’m not sure I see a massive amount of value of it unless you’re needing to use some sort of tool that deals in producing Kubernetes YAML files. Yoke effectively enables you to build your own Kubernetes resource types so you can create a single YAML file to spin up whatever behind the scenes, and what you’re doing behind the scenes is defined by code.

Something that’s more along the lines of what you’re thinking (and what I’m more likely to use for my cluster) is cdk8s (https://cdk8s.io/) which allows you to write code that synthesizes into normal Kubernetes YAML files. You’ll never write any actual YAML yourself besides the configuration for cdk8s itself

BLAFS is a bloat-aware filesystem for container debloating. The design principles of BLAFS are effective, efficient, and easy to use. It detects the files used by the container, and then debloats the container by removing the unused files. The debloated containers are still functional and can run the same workload as the original containers, but with a much smaller size and faster deployment.

Very interesting idea!

As soon as I saw this, I thought of Capsicum, a similar idea, but in the concept of permissions and security rather than simply files being ripped out of place.

I mentioned this in the thread here, and the OP of the post (presumably the authors) responded:

Yes, a huge reason we are interested in this is for container security hardening. Chainguard is great and all, but it is both expensive and not-general enough.

Having an alternative to Chainguard is cool.

From /r/programming.

Blender-made Film wins an Oscar! Huge!

Interesting note from the orange site as well:

Not only was it made with Blender, the final renders were done with Blenders semi-realtime Eevee engine rather than its max-fidelity Cycles engine. That reduced the compute required by orders of magnitude - the director said a render farm wasn’t necessary because his local workstation could produce final-quality 4K frames in 0.5-10 seconds.

The partner post to yesterday’s I Went To SQL Injection Court.

The whole point of this entire thing was to make it easier to request data through FOIA. Ultimately, the goal is to simply send a SQL statement to an agency for them to run, and avoid so much of the usual nonsense. Basically, an API.

The frustrating thing is reading about ‘Metalicious’, supposedly at one point in the Chicago had a data dictionary place you could go to get database schemas to help people structure their FOIA requests based on actual schema, but that was shuttered.

We have a ‘Open data’ portal here in Newfoundland, but it for sure doesn’t seem like its gotten much love since it opened up.

As much as I jest about RIIR, and have been enjoying my time writing Odin as of late for some low-level game dev, I think pushing C++ to have more built-in ways of handling memory better is good.

In a February 7 “Note to the C++ Standards Committee” (WG21) in support of his Profiles memory safety framework, he wrote, “This is clearly not a traditional technical note proposing a new language or library feature. It is a call to urgent action partly in response to unprecedented, serious attacks on C++. I think WG21 needs to do something significant and be seen to do it. Profiles is a framework that can do that.”

His note continues, “As I have said before, this is also an opportunity because type safety and resource safety (including memory safety) have been key aims of C++ from the very start. “I feel strongly about this. Please don’t be fooled by my relatively calm language.”

Nah actually on second thought, rewrite it in Rust.

From /r/programming

The crypto industry has gotten everything it could have dreamed of in the US after the elections, and yet the market has taken a dramatic turn for the worse. Bitcoin prices have been tanking, dropping more than 25% since the previous all-time high price, which was set on January 20.

[…]

Most notably, the SEC case against Coinbase was dismissed with prejudice, meaning the SEC cannot refile the case in the future. CEO Brian Armstrong was explicit with his thanks when announcing the dismissal on Twitter: “I have to give credit here to the Trump administration, for winning the election”. He insisted that he believed “we would have won this case in the courts either way”, but noted that Trump’s election “certainly helped accelerate the process”.23 Coinbase has spent $75 million on contributions to crypto-focused super PACs, some apparently in violation of federal election law, and contributed $1 million to Trump’s inauguration fund.

I’m curious to know how the math works out here, to the amount these crypto entities donated to the Trump inauguration fund, and how much value they will likely get out of these policies…

Yay for no crypto accountability anymore!

The same guy who banned the entire state of Colorado for life since the principal engineer of System76 chimed into his discussion on Coreboot, called a reviewer a ‘zombie’.

Nice.

Orange site discussion.

“Can it run Crysis?” will never die.

I hadn’t heard of the box64 / Winulator projects before, very cool stuff.

New Godot release, with so many changes:

Physics rehabbed, using JoltPhysics

Also, Vertex freaking shading, for that low poly lighting vibes.

A new piece of the TanStack just dropped!

API on the surface looks very react-hook-form-esq, would be nice to try it out to see how it compares.

Flash games were the gateway for many developers in the games industry, and served as an experimental playground for distilling games down to their most pure and engaging elements. The end-of-life of Flash in December 2020 marks the end of one of the most creative periods in the history of gaming.

Beautiful website, with wonderful content on the history of Flash.

By the time I was becoming a developer, Flash was already well on its way out, not straight up deprecated, but it was already during a time folks knew it was generally a bad choice, and you could do the same stuff in HTML5 so do it in that instead!.

I do think its sad no one tool took over, be it Phaser, PlayCanvas, Construct, etc.

All of the above tools are good, but none can ever trump the sheer ubiquity of Flash.

Obviously shoutout to Ruffle, the Flash emulator making websites still function in the modern day, especially giving the Internet Archive a way to still have Flash websites function in the wayback machine.

Project: Severance Season 2

Requirements: The story needed we build a machine that measured Woe in a person, one of the Kier Eagan’s “Four Tempers”: Woe, Frolic, Dread, and Malice. Having been shown only concept renders and only having six weeks until the shoot schedule of the episode we had to streamline the design and feedback process.

Been loving the new season of Severance, this is a sweet breakdown of a prop made for the latest episode!