97
Do we have a community for computer architectures or computer science on this instance or anywhere else?
96
Untagging images from AWS ECR (without deleting be like
(programming.dev)
I had to go full Rube Goldberg to clean up old image tags from closed PRs, while still leaving deletion of untagged image to the ECR repo's own lifecycle policy. Never go full Rube Goldberg:
- https://stackoverflow.com/questions/70065254/remove-ecr-image-tag-despite-imagereferencedbymanifestlist-error
- https://github.com/aws/containers-roadmap/issues/1567
name: ECR Retention Policy
on:
pull_request:
types:
- closed
workflow_call:
workflow_dispatch:
jobs:
clean-unused-ecr:
name: Delete unused container images
runs-on: runs-on,runner=2cpu-linux-x64,run-id=${{ github.run_id }},image=ecr_login_image
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.RUNS_ON_AWS_REGION }}
- name: AWS ECR Login
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: AWS ECR Info
shell: bash
run: |
echo "ECR_REGISTRY=${{ steps.login-ecr.outputs.registry }}" >> $GITHUB_ENV
echo "ECR_REPO=$(basename ${{ github.repository }})" >> $GITHUB_ENV
- name: Docker meta
id: docker_meta
uses: docker/metadata-action@v5
with:
images: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPO }}
flavor: suffix=-
tags: type=raw,value=${{ github.head_ref || github.ref_name }}
# NOTE: This is convoluted because AWS ECR has no simple way to untag image without deletion
# given we want to leave deletion of untagged image to the ECR repo's own lifecycle policy
# https://stackoverflow.com/questions/70065254/remove-ecr-image-tag-despite-imagereferencedbymanifestlist-error
# https://github.com/aws/containers-roadmap/issues/1567
- name: AWS ECR Cleanup
shell: bash
run: |
REPO_EXISTS=$(aws ecr describe-repositories --repository-names $ECR_REPO 2>&1 || true)
if echo "${REPO_EXISTS}" | grep -q 'RepositoryNotFoundException'; then
echo "Repository not found, skipping cleanup."
exit 0
fi
IMAGE_TAGS=$(aws ecr list-images --repository-name $ECR_REPO --query 'imageIds[*].imageTag' --output text)
docker pull busybox
docker tag busybox $ECR_REGISTRY/$ECR_REPO:_
docker push $ECR_REGISTRY/$ECR_REPO:_
TEMP_IMAGE=$(
aws ecr batch-get-image \
--repository-name $ECR_REPO \
--image-ids imageTag=_ )
TEMP_MANIFEST=$(echo $TEMP_IMAGE | jq -r '.images[].imageManifest')
TEMP_DIGEST=$(echo $TEMP_IMAGE | jq -r '.images[].imageId.imageDigest')
TAG_PREFIX=$(echo ${{ fromJSON(steps.docker_meta.outputs.json).tags[0] }} | cut -d: -f2)
for TAG in $IMAGE_TAGS
do
if [[ $TAG == $TAG_PREFIX* ]]; then
docker tag busybox $ECR_REGISTRY/$ECR_REPO:$TAG
docker push $ECR_REGISTRY/$ECR_REPO:$TAG
echo "Untaged image $TAG"
fi
done
# Delete the temporary image by digest
aws ecr batch-delete-image \
--repository-name $ECR_REPO \
--image-ids imageDigest=$TEMP_DIGEST
405
Pro tip: If you check the conical URL (youtube.com) first, the Lemmy web UI will help catch reposts before they are accidentally submitted.
I switched from using the short (e.g youtube.be) or external URL mirrors for that same reason, and just let the bots comment with privacy mirrors for those who prefer. Using the conical URL, aside from cross post detection, also ensures the thumbnail image and preview text get cached consistently.
scrambling to lock their doors
From a consumer perspective, it seems like all the FANG conglomerates are trying to shut the stable door after the AI horse has bolted, but perhaps from an industry perspective, their just trying to pull up the ladder behind themselves to curb competition, or stall any emerging upstarts, just like most FANGs where themselves only decades ago.
I think the comment that the_lego is replying to also highlights the false equivalency of calling the anti-WEI crowd as criminals, as was not a good look for Google.
They have apologized for using the word criminals & bullies in a broader context and I appreciate that. However, the initial part of the comment is very telling of how they view those who oppose.
Related:
- Is Web Environment Integrity a risk to the accessibility of the Internet?
- Google’s nightmare “Web Integrity API” wants a DRM gatekeeper for the web
- Mozilla opposes Web Integrity API proposal
This proposed standard raises my concerns about the ability to continue using the public internet with user-preferred hardware/software and custom extensions, and does not instill my confidence in maintaining the level of freedom and accessibility users currently enjoy:
Some examples of scenarios where users depend on client trust include:
- Users like visiting websites that are expensive to create and maintain, but they often want or need to do it without paying directly. These websites fund themselves with ads, but the advertisers can only afford to pay for humans to see the ads, rather than robots. This creates a need for human users to prove to websites that they're human, sometimes through tasks like challenges or logins.
What information is in the signed attestation?
The proposal calls for at least the following information in the signed attestation:
- The attester's identity, for example, "Google Play".
- A verdict saying whether the attester considers the device trustworthy.
How does this affect browser modifications and extensions?
Web Environment Integrity attests the legitimacy of the underlying hardware and software stack, it does not restrict the indicated application’s functionality: E.g. if the browser allows extensions, the user may use extensions; if a browser is modified, the modified browser can still request Web Environment Integrity attestation.
Image transcription: Screenshot
A wide crop of a screenshot zoomed in on r/place's pixel canvas, where a white on black pixelated font reads:
never forget what
was stolen from you!
r/save3rdpartyapps
With the slogan boarded on the right by the r/blind logo (a snoo wearing sunglasses, holding a cane, standing next to a guide dog). The small p.d logo for programming.dev is squarely tucked above and to the left of RBlind's snoo. Lastly, boarded along the bottom is a row of third party Reddit app icons, from left to right:
- Apollo
- ?
- Boost for Reddit
- ?
...
13. Reddit is Fun
14. Sync for Reddit
I'm a human volunteer content transcriber and you could be too!
Looks like they posted some more updates scene I check this morning:
- Recap of the Lemmy XSS incident & steps for mitigation
- Lemmy.world (and some others) were hacked
Here are some good articles and responses I've seen on this topic:
- https://daringfireball.net/linked/2023/06/19/not-that-kind-of-open
- counter argument
- https://wedistribute.org/2023/06/john-gruber-no-understand/
- rebuttals to counter
- https://ploum.net/2023-06-23-how-to-kill-decentralised-networks.html
- historic precedent and prevailing trends with open protocols
Image Transcription: Meme
A photo of an opened semi-trailer unloading a cargo van, with the cargo van rear door open revealing an even smaller blue smart car inside, with each vehicle captioned as "macOS", "Linux VM" and "Docker" respectively in decreasing font size. Onlookers in the foreground of the photo gawk as a worker opens each vehicle door, revealing a scene like that of russian dolls.
I'm a human volunteer content transcriber and you could be too!
I suspect this comment was posted to spell out the meme for those unfamiliar, but I wanted to thank you for transcribing it into text for those that also may be blind or visually impaired. With the loss of r/TranscribersOfReddit , I salute your contribution! Please keep at it!
https://www.theverge.com/2023/6/23/23771396/reddit-subreddit-community-transcribers-accessibility
view more: next ›
Similarly reported (in more detail) by TechCrunch: