I'm really interested to learn more about the work on the official Rust frontend - do you have any links to share by chance?

Interesting - I run a nearly identical set, with many TLDs configured in `/etc/resolver/X` and dnsmasq handling the resolve and I have not had a single issue.

the resolver confs all contain this content:

    # /etc/resolver/example-private
    nameserver: 127.0.0.1
    domain example-private

I noticed in the author's bug report they do not include `domain`, which is documented in `man 5 resolver` as:

    # The domain directive is only necessary, if your local
    # router advertises something like localdomain and you have
    # set up your hostnames via an external domain.

In the real world though, I've found the `domain` setting to be required nearly every time. I wonder if adding it will resolve the issue?

SOPS with Age is simple, and simple is good. I strongly recommend this approach.

SOPS is simple? You are kidding me. Pass from https://www.passwordstore.org/ fame is simple. SOPS is ultra-complicated for a security tool.

I dunno, it seems mostly simple to me.

You have a .sops.yaml with some Age public keys, and then you run “sops secrets.yml” to create an encrypted file.

Can you explain what you find complicated about sops? I've used it with ease for the last two years, both personally and professionally.

I've been having great success with LLMs generating Mermaid diagrams and flowcharts from a repo. Claude Code and Cursor both do consistently great jobs. For example: `generate a mermaid swimlanes diagram of the XX logic flow`.

This is what I do previously too! The problem that I realize with them is that mermaid diagrams and flowcharts are static and sometimes oversimplified.

> which every old-school Linuxer should be able to do in their sleep.

Oof, this hit home, hah.

s/lazy/efficient/g :)

> CertManager is on strike and certificate has expired

Had a good chuckle here, hah.

Same. Typically call it “hung” but maybe stating certmanager is on strike will get the point across better.

But sigh does it really get to the state of the kubernetes ecosystem. All these projects need to be operated, can’t just set it and forget it.

I too have been using sops for years, and agree -- dotenvx encryption seems very similar to sops.

I'd prefer an integration between dotevnx and sops where dotevnx handles the UX of public env and injection, while leveraging sops for secret management and retrieval. Additionally, being able to have multiple keys for different actors is important.

Having a single `.env.keys` file feels risky and error prone. dotenvx encourages adding your various env files, such as `.env.production`, to vcs, and you're one simple mistake away from committing your keyfile and having a bad day.

If sops is not to be integrated, dotenvx could take some inspiration where the main key is encrypted in the secrets file itself, and you can define multiple age key recipients, each of which can then decrypt the main key.

> Brig. Gen. Pat Ryder, Pentagon press secretary, told reporters Friday that an F-22 fighter aircraft based at Joint Base Elmendorf-Richardson shot down the object using the same type of missile used to take down the balloon nearly a week ago.[0]

[0] https://apnews.com/article/pentagon-shoots-down-unknown-flyi...

Shameless plug - I've been building the startup Wedge[0]. In addition to helping prevent application fraud, I deeply believe applicants are _people_ and have more to share beyond a resume.

We enable companies to asynchronously collect a short series of video responses from an applicant either at application time or later in the process.

[0]https://www.wedgehr.com/product

Under no circumstance would I apply to any job that required me to record videos of myself as part of the application process.

I’m curious how many people feel the same way.