Traditionally, I used Python for personal tools optimizing for quick coding and easy maintenance. These tools commonly feed UI elements like waybar, shell, and tmux, requiring frequent, fast calls.

My approach is evolving due to NixOS and home-manager with vibe coding to do the lifting. I increasing lean on vibe coding to handle simple details to safely write shell scripts (escaping strings, fml) and C/C++ apps. The complexity is minimized, allowing me to almost one-shot small utilities, and Nix handles long-term maintenance.

With NixOS, a simple C/C++ application can often replace a Python one. Nix manages reading the source, pulling dependencies, and effectively eliminating the overhead that used to favor scripting languages while marking marginal power savings during everyday use.

`HOSTALIASES` lets you alias hostnames, but not map hostnames to IPs.

Docs at `man gethostbyname`

https://man7.org/linux/man-pages/man3/gethostbyname.3.html

You can use the linker to preload `nss_wrapper`[0] and overwrite anything using `nss`.

Here's an example:

  > cat hosts
  198.51.100.33 test.tld
  2001:db8::33 test.tld
  198.51.100.12 test4.tld
  2001:db8::12 test6.tld

  > LD_PRELOAD=/nix/store/sw2r0gpi9c9rsvqgvi4906yxh948ydsv-nss_wrapper-1.1.16/lib/libnss_wrapper.so NSS_WRAPPER_HOSTS=hosts getent ahosts test.tld
  198.51.100.33   DGRAM  test.tld
  198.51.100.33   STREAM test.tld
  2001:db8::33    DGRAM
  2001:db8::33    STREAM

  > LD_PRELOAD=/nix/store/sw2r0gpi9c9rsvqgvi4906yxh948ydsv-nss_wrapper-1.1.16/lib/libnss_wrapper.so NSS_WRAPPER_HOSTS=hosts getent ahosts test4.tld
  198.51.100.12   DGRAM  test4.tld
  198.51.100.12   STREAM test4.tld

  > LD_PRELOAD=/nix/store/sw2r0gpi9c9rsvqgvi4906yxh948ydsv-nss_wrapper-1.1.16/lib/libnss_wrapper.so NSS_WRAPPER_HOSTS=hosts getent ahosts test6.tld
  2001:db8::12    DGRAM  test6.tld
  2001:db8::12    STREAM test6.tld

  > LD_PRELOAD=/nix/store/sw2r0gpi9c9rsvqgvi4906yxh948ydsv-nss_wrapper-1.1.16/lib/libnss_wrapper.so NSS_WRAPPER_HOSTS=hosts curl -v test.tld
  * Host test.tld:80 was resolved.
  * IPv6: 2001:db8::33
  * IPv4: 198.51.100.33
  *   Trying [2001:db8::33]:80...
  *   Trying 198.51.100.33:80...

[0] https://cwrap.org/nss_wrapper.html

Here's a good YouTube overview from the developer

https://youtu.be/QQV6vjzhylg

This looks like a great project!

That's my video. I'm indeed one of the developers but my contributions are mostly around adding new devices, creating installers when possible, and doing most of the Youtube content!

I think you mean

yourname+servicename@gmail.com

From my experience, many (bad) websites consider "+" an invalid character and prevent you from using the address in this form.

Smart spammers can just strip the service name since it works the same for all Gmail users.

Really need dedicated addresses like Fastmail's Masked Addresses.

Closed User Group (CUG)?

That's it!

Never heard of aws-lc before this, but now I'm looking for an excuse to use it.

Indeed, made some preliminary tests under RHEL 9 (Rocky, etc) for example and if you're used to compile HAProxy from sources to use specific OpenSSL versions, testing "aws-lc" is fairly straightforward. Their BUILD instructions and INSTALL file from HAProxy also help.

There is also a RHEL/CentOS 8/9 + QuicTLS / AWS-LC package available to test out or start with.

https://github.com/haproxy/wiki/wiki/Packages

> Chipworks offers $50-250k to fully extract the eFUSE of one Intel i5 processor, so the eFUSE content is encrypted by a master key (called “global wrapping logic key” in the patent).

I wonder how readily things like this are known within the HW security community?

Elevated temps significantly impact the retention and are included in some datasheets by memory vendors, but often they are omitted and you need to request them.

Some earlier HN discussion here [0]

[0] https://news.ycombinator.com/item?id=35382252

Switched to Technitium (from piHole via Docker on amd64 and manual dnsmasq before that) primarily for DNS over HTTPS and never looked back. Used it for DHCP and DNS.