The experimental quarkus update (or gradle quarkusUpdate) seems like a cool feature that really should graduate out of experimental. I’ve been happily using it in my personal projects and it works quite nicely under Linux conditions; Windows not so much. Sadly though, openrewrite the underlying plugin that is used by quarkus to do its thing doesn’t support gradle multi modules very well. I am, by no means, a gradle expert (who among us really is) and it seems that init scripts in a multi-module don’t run under the same conditions as a single module project (relentless banging on keys like a demented monkey hoping for a Shakespeare-esque moment ended in failure).

I’ve found that I like just as a task runner, more so than anything else that I’ve used. It has some knowledge about task dependencies, and it supports all the major shells (because sometimes you do have to write it in Powershell rather than as a bash script). I use shellcheck a lot to nip potential issues in the bud so I wanted to be able to shellcheck the tasks that were effectively scripts inside a monolithic Justfile (there does come a point when I will split it up; but ~500 lines is nowhere that yet).

I was reading some git hints & tips and I realised that I really should be signing my commits since github supports signing using SSH keys. I previously haven’t been because GnuPG was just too hard (even though I use it with gopass); reusing my ssh keys seems like a good idea with github.

So, supply chain attacks are all the rage; and by all the rage I mean it’s a thing that’s happening, security people are concerned, and there’s been some thought leadership happening around it. People that know me know that I have a tangential interest in security; I couldn’t hold my own in a conversation about security with a professional but I am a dangerous amateur. If I’m lucky maybe the semi-finals of the local county schools’ championships (choose your elitist activity here, I would choose trash-talking). I’m not going to talk about why you should pin, but some of the practical consequences on pinning.

I recently purchased a framework laptop; the Framework 13 13th Gen Intel variant. I have no complaints about the hardware, and I’m loving the hardware switch for the webcam & microphone. I have yet to find any niggles with it (though I have only had it for ~1 week). This acts as documentation for my setup to dual boot Windows (on NVMe) and Ubuntu (on 1Tb expansion).