16
better tools thread
(awful.systems)
submitted
11 months ago* (last edited 11 months ago)
by
froztbyte@awful.systems
to
c/notawfultech@awful.systems
this is in part because it's for (yet another) post I'm working on, but I figured I'd pop some things here and see if others have contributions too. the post will be completed (and include examples, usecases, etc), but, yeah.
I've always taken a fairly strong interest in the tooling I use, for QoL and dtrt reasons usually (but also sometimes tool capability). conversely, I also have things I absolutely loathe using
- wireguard. a far better vpn software and protocol than most others (and I have slung tunnels with many a vpn protocol). been using this a few years already, even before the ios app beta came around. good shit, take a look if you haven't before
- smallstep cli. it's one of two pieces of Go software I actually like. smallstep is trying to build its own ecosystem of CA tools and solutions (and that's usable in its own right, albeit by default focused to containershit), but the cli is great for what you typically want with certificate handling. compare
step certificate inspect file
andstep certificate inspect --insecure https://totallyreal.froztbyte.net/
to the bullshit you need with openssl. check it out - restic. the other of the two Go-softwares I like. I posted about it here previously
- rust cli things! oh damn there's so many, I'm going to put them on their own list below
- zsh, extremely lazily configured, with my own little module and scoping system and no oh-my-zsh. fish has been a thing I've seen people be happy about but I'm just an extremely lazy computerer so zsh it stays. zsh's complexity is extremely nonzero and it definitely has sharp edges, but it does work well. sunk cost, I guess. bonus round: race your zsh, check your times:
% hyperfine -m 50 'zsh -i -c echo'
Benchmark 1: zsh -i -c echo
Time (mean ± σ): 69.1 ms ± 2.8 ms [User: 35.1 ms, System: 28.6 ms]
Range (min … max): 67.0 ms … 86.2 ms 50 runs
- magic-wormhole. this is a really, really neat little bit of software for just fucking sending files to someone.
wormhole send filename
one side,wormhole receive the-code-it-gives
the other side, bam! it uses SPAKE2 (disclaimer: I did help review that post, it's still good) for session-tied keying, and it's just generally good software - [macos specifically] alfred. I gotta say, I barely use this to its full potential, and even so it is a great bit of assistive stuff. more capable than spotlight, has a variety of extensibility, and generally snappy as hell.
- [macos specifically] choosy. I use this to control link-routing and link-opening on my workstation to a fairly wide degree (because a lot of other software irks me, and does the wrong thing by default). this will be a fuller post on its own, too
- [macos specifically] little snitch. application-level per-connection highly granular-capable firewalling. with profiles. their site does a decent explanation of it. the first few days of setup tends to be Quite Involved with how many rules you need to add (and you'll probably be surprised at just how many things try to make various kinds of metrics etc connections), but well worth it. one of the ways to make modern software less intolerable. (honorary extra mention: obdev makes a number of handy pieces of mac software, check their site out)
- [macos specifically] soundsource. highly capable per-application per-sink audio control software. with the ability to pop in VSTs and AUs at multiple points. extremely helpful for a lot of things (such as perma-muting discord, which never shuts up, even in system dnd mode)
rust tools:
- b3sum. file checksum thing, but using blake3. fast!. worth checking out. probably still niche, might catch on eventually
- hyperfine. does what it says on the tin. see example use above.
- dust. like
du
, but better, and way faster. oh dear god it is so much faster. I deal with a lot of pets, and this thing is one of the invaluables in dealing with those. - ripgrep. the one on this list that people are most likely to know. grep, but better, and faster.
- fd. again, find but better and faster.
- tokei. sloccount but not shit. handy for if you quickly want to assess a codebase/repo.
- bottom. down the evolutionary chain from
top
andhtop
, has more feature modes and a number of neat interactive view functions/helpers
honorary mentions (things I know of but don't use that much):
- mrh. not doing as much consulting as I used to, using it less. quickly checks all git(?) repos in a path for uncommitted changes
- fzf. still haven't really gotten to integrating it into my usage
- just. need to get to using it more.
- jql. I ... tend to avoid jq? my "this should be in a program. with safety rails." reflex often kicks in when I see jq things. haven't really explored this
- rtx. their tagline is "a better asdf". I like the idea of it because asdf is a miserable little pile of shell scripts and fuck that, but I still haven't really gotten to using it in anger myself. I have my own wrapper methods for keeping pyenv/nvm/etc out of my shell unless needed
- pomsky. previously
rulex
. regex creation tool and language. been using it a little bit. not enough to comment in detail yet
…the little tools i'm personally using without too much complaining (and haven't seen mentioned so far) include:
ag
, aka the silver searcher which is probably like ripgrep,gopass
, which we're currently using as the secret storage for our ansibles,gojq
, which is just like jq, but also has--yaml-output
and--yaml-input
built-in,vcsh
for my config file management,himalaya
, the cli (…not tui) email client,direnv
for location-dependent shell configuration,desk
for more general task groupings.I don't follow evans so I wasn't aware of that post existing. cool to see some overlap I guess
just switch to ripgrep:
I'm sorry. e: this wasn't said in snark - ansible sucks so much, and it sucks that you have to use it
hg clone . ssh://host//path/to/dest
and have it just dtrt))i actually quite like ansible; the alternatives aren't much better (and i did use all of them, starting from the unlamented cfengine), they just suck differently.
…and people mostly know at least a bit about ansible (i might start moving some parts of the machinery to saltstack, which i hate the least these days, but it's owned by vmware, and vmware is now being manhandled by broadcom.)
also, i'm not really prejudiced against go tools – as long as they're maintained by someone else and easily installable in binary form.
regarding gopass; i wouldn't use it just for myself, just like i wouldn't use pass – they're of no use for me personally; gopass manages the integration with git in a very easy way, knows to push changes automatically when secrets are created or updated and is extremely easy to set up as a secret storage for a small group of users: you just need to generate some throwaway gpg keys and you're all set. and it does have a nice ansible lookup support, which means i can autogenerate secrets on first use, regenerate them automatically when needed, and never bother to know them unless it's really necessary.
as for desk, it's a nice way to delineate, say, workspaces, i.e. set up separate shell environments for interactive work. not for everyone, but i already write too much glue code in bash. so when i start work, i just run “desk work”, and it starts the right vpn, autologs me into teleport, and adds the required ssh keys to the agent. (unfortunately it cannot yet trigger the time accounting system, but if our hr annoys me badly enough once more time, i'll work on that too.)
fucking cfengine
ah now. cfengine2 was fine, bloody fast and resource-light local agent, and just slightly convoluted configuration – cfengine and cfengine3 though…
i mean we did have situations where the puppet agent was leaking memory so badly it smothered the systems it was running on; we had resigned ourselves to simply run the bloody thing from cron.