this is in part because it's for (yet another) post I'm working on, but I figured I'd pop some things here and see if others have contributions too. the post will be completed (and include examples, usecases, etc), but, yeah.
I've always taken a fairly strong interest in the tooling I use, for QoL and dtrt reasons usually (but also sometimes tool capability). conversely, I also have things I absolutely loathe using
wireguard. a far better vpn software and protocol than most others (and I have slung tunnels with many a vpn protocol). been using this a few years already, even before the ios app beta came around. good shit, take a look if you haven't before
smallstep cli. it's one of two pieces of Go software I actually like. smallstep is trying to build its own ecosystem of CA tools and solutions (and that's usable in its own right, albeit by default focused to containershit), but the cli is great for what you typically want with certificate handling. compare step certificate inspect file and step certificate inspect --insecure https://totallyreal.froztbyte.net/ to the bullshit you need with openssl. check it out
restic. the other of the two Go-softwares I like. I posted about it here previously
rust cli things! oh damn there's so many, I'm going to put them on their own list below
zsh, extremely lazily configured, with my own little module and scoping system and no oh-my-zsh. fish has been a thing I've seen people be happy about but I'm just an extremely lazy computerer so zsh it stays. zsh's complexity is extremely nonzero and it definitely has sharp edges, but it does work well. sunk cost, I guess. bonus round: race your zsh, check your times:
% hyperfine -m 50 'zsh -i -c echo'
Benchmark 1: zsh -i -c echo
Time (mean ± σ): 69.1 ms ± 2.8 ms [User: 35.1 ms, System: 28.6 ms]
Range (min … max): 67.0 ms … 86.2 ms 50 runs
magic-wormhole. this is a really, really neat little bit of software for just fucking sending files to someone. wormhole send filename one side, wormhole receive the-code-it-gives the other side, bam! it uses SPAKE2 (disclaimer: I did help review that post, it's still good) for session-tied keying, and it's just generally good software
[macos specifically] alfred. I gotta say, I barely use this to its full potential, and even so it is a great bit of assistive stuff. more capable than spotlight, has a variety of extensibility, and generally snappy as hell.
[macos specifically] choosy. I use this to control link-routing and link-opening on my workstation to a fairly wide degree (because a lot of other software irks me, and does the wrong thing by default). this will be a fuller post on its own, too
[macos specifically] little snitch. application-level per-connection highly granular-capable firewalling. with profiles. their site does a decent explanation of it. the first few days of setup tends to be Quite Involved with how many rules you need to add (and you'll probably be surprised at just how many things try to make various kinds of metrics etc connections), but well worth it. one of the ways to make modern software less intolerable. (honorary extra mention: obdev makes a number of handy pieces of mac software, check their site out)
[macos specifically] soundsource. highly capable per-application per-sink audio control software. with the ability to pop in VSTs and AUs at multiple points. extremely helpful for a lot of things (such as perma-muting discord, which never shuts up, even in system dnd mode)
rust tools:
b3sum. file checksum thing, but using blake3. fast!. worth checking out. probably still niche, might catch on eventually
hyperfine. does what it says on the tin. see example use above.
dust. like du, but better, and way faster. oh dear god it is so much faster. I deal with a lot of pets, and this thing is one of the invaluables in dealing with those.
ripgrep. the one on this list that people are most likely to know. grep, but better, and faster.
jql. I ... tend to avoid jq? my "this should be in a program. with safety rails." reflex often kicks in when I see jq things. haven't really explored this
rtx. their tagline is "a better asdf". I like the idea of it because asdf is a miserable little pile of shell scripts and fuck that, but I still haven't really gotten to using it in anger myself. I have my own wrapper methods for keeping pyenv/nvm/etc out of my shell unless needed
pomsky. previously rulex. regex creation tool and language. been using it a little bit. not enough to comment in detail yet
I don't follow evans so I wasn't aware of that post existing. cool to see some overlap I guess
aka the silver searcher
just switch to ripgrep:
froztbyte@bambam ~ % cd ~/code
froztbyte@bambam code % dust -n 0
10G ┌── .│████████████████ │ 100%
froztbyte@bambam code % hyperfine -m 15 -i 'ag somerandomstring' 'rg somerandomstring'
Benchmark 1: ag somerandomstring
Time (mean ± σ): 8.728 s ± 0.149 s [User: 4.112 s, System: 12.585 s]
Range (min … max): 8.585 s … 9.133 s 15 runs
Benchmark 2: rg somerandomstring
Time (mean ± σ): 2.359 s ± 0.095 s [User: 0.935 s, System: 3.690 s]
Range (min … max): 2.285 s … 2.665 s 15 runs
Warning: Ignoring non-zero exit code.
Summary
rg somerandomstring ran
3.70 ± 0.16 times faster than ag somerandomstring
for our ansibles
I'm sorry. e: this wasn't said in snark - ansible sucks so much, and it sucks that you have to use it
gopass: why ... is this its own thing in go? it doesn't seem to advocate why it's a thing. not that I particularly care, I'll almost certainly avoid it (on the basis of it in go), but it's weird that it just exists as a plural copy without advocating why
gojq: see above
vcsh: heh I forgot this exists. I recall when richi first started working on that. worth mentioning indeed, some people might use that (I don't (my hg ~ repo has been going since the dark times and I really like that I can still just hg clone . ssh://host//path/to/dest and have it just dtrt))
himalaya: heh, ran across that a while back when looking into rust mail implementations (also when I found vomit/vmt). guess I should setup a trial sometime just to see how it rolls
direnv: years ago I first wrote this off because on spinny rust it was just awful (and even running into it on AWS hosts it was annoyingly slow because people run systems on ext3/4). recently reinstalled it on a host but haven't found myself using it much
desk: cute. how does it handle/where does it store state? how does it deal with e.g. path moves? not sure I'd ever use it (see aforeposted grump about miserable piles of shellscript), but cute
i actually quite like ansible; the alternatives aren't much better (and i did use all of them, starting from the unlamented cfengine), they just suck differently.
…and people mostly know at least a bit about ansible (i might start moving some parts of the machinery to saltstack, which i hate the least these days, but it's owned by vmware, and vmware is now being manhandled by broadcom.)
also, i'm not really prejudiced against go tools – as long as they're maintained by someone else and easily installable in binary form.
regarding gopass; i wouldn't use it just for myself, just like i wouldn't use pass – they're of no use for me personally; gopass manages the integration with git in a very easy way, knows to push changes automatically when secrets are created or updated and is extremely easy to set up as a secret storage for a small group of users: you just need to generate some throwaway gpg keys and you're all set. and it does have a nice ansible lookup support, which means i can autogenerate secrets on first use, regenerate them automatically when needed, and never bother to know them unless it's really necessary.
as for desk, it's a nice way to delineate, say, workspaces, i.e. set up separate shell environments for interactive work. not for everyone, but i already write too much glue code in bash. so when i start work, i just run “desk work”, and it starts the right vpn, autologs me into teleport, and adds the required ssh keys to the agent. (unfortunately it cannot yet trigger the time accounting system, but if our hr annoys me badly enough once more time, i'll work on that too.)
i mean we did have situations where the puppet agent was leaking memory so badly it smothered the systems it was running on; we had resigned ourselves to simply run the bloody thing from cron.