Ah, nice idea. I've tried a few different ways of doing this, and I think what you're seeing is a discrepancy in how the compiler handles member access into incomplete types. It seems that, in your examples, the compiler is allowing -> decltype(f.private_msg) within the class, but I think it's not selecting do_something outside of it because it uses decltype(t.private_msg). In my case, I'm not even able to do that within the class.
For example, since I'm not able to use decltype(f.private_msg) inside the class, I'm using decltype(private_msg) instead, which causes an error at the do_something declaration related to incomplete type (presumably because of the t.private_msg usage):
// candidate template ignored; member access into incomplete type
template 〈class T〉 auto do_something(T &t) -> decltype(t.private_msg);
class Foo {
const char *private_msg = "You can't touch me!";
friend auto do_something〈〉(Foo &f) -> decltype(private_msg);
};
template 〈〉 auto do_something(Foo &f) -> decltype(f.private_msg) {
return f.private_msg;
}
My reasoning is that removing the t.private_msg from the declaration works:
template 〈class Ret, class T〉 auto do_something(T &t) -> Ret;
class Foo {
const char *private_msg = "You can't touch me!";
friend auto do_something〈〉(Foo &f) -> decltype(private_msg);
};
template 〈〉 auto do_something(Foo &f) -> decltype(f.private_msg) {
return f.private_msg;
}
static Foo foo{};
// this works, but Ret cannot be deduced and must be specified somehow:
static auto something = do_something〈const char*〉(foo);
The reason your second example works is because the friend template inside the class acts as a template declaration rather than a specialization, which isn't specialized until after Foo is complete:
// the do_something inside Foo is a declaration, meaning this isn't used
// template 〈class T〉
// auto do_something(T &t) -> decltype(t.private_msg);
class Foo {
const char *private_msg = "You can't touch me!";
template 〈class T〉 // t.private_msg is allowed because T is not Foo yet
friend auto do_something(T &t) -> decltype(t.private_msg);
};
template 〈〉 auto do_something(Foo &f) -> decltype(f.private_msg) {
return f.private_msg;
}
I think the issue is that Foo is incomplete when you're declaring the friend, so I think it's impossible. I just tried it and g++ ignores the target candidate due to "member access into incomplete type", which makes sense since std::begin is already defined and calls .begin(). The closest you can get is to use another friend to expose arr and overload std::begin manually, but that's a bit silly 😅
I suppose the most tangible benefit I get out of it is embedding a custom initramfs into the kernel and using it as an EFI stub. And I usually disable module loading and compile in everything I need, which feels cleaner. Also I make sure to tune the settings for my CPU and GPU, enable various virtualization options, and force SELinux to always remain active, among other things.
I have this device and use it to store my keepassxc and onlykey backups, and it's useful to me because I've stopped using passwords (I only need to remember the pins for these devices which can unlock my keepass dbs that have everything else).
It seems secure enough for my use case, especially since the files I store in it are themselves encrypted (the onlykey backup still requires a pin), but I still want them to be difficult to access.
I've had to rely on it before but only because I didn't prepare a backup onlykey ahead of time- ideally it should be one of many recovery methods. But so far it's worked great for me.
Maybe try programming? It's incredibly exciting once you get the hang of it. It can be frustrating at times but it's really rewarding. Since becoming my hobby/job its given me an endless source of things to do at home. Plus it can open up new career paths :)
Yes! Awk is great, I use it all the time for text processing problems that are beyond the scope of normal filters but aren't worth writing a whole program for. It's pretty versatile, and you can split expressions up and chain them together when they get too complicated. Try piping the output into sh sometime. It can be messy though and my awk programs tend to be write-only
Yeah for me it's been great and I do essentially leave it plugged in the whole time I'm using my PC (attached to my keys). It does require a pin entered each boot, so leaving it in would still offer security. But as someone else mentioned getting kwallet PAM working would make things easier in any case
Lol. I press a button on the device (which I unlocked with a pin before boot), but it would be nice to have the DB unlock automatically
Personally, I've relied on an OnlyKey for a few years (with backups and an extra fallback device) and haven't needed to type passwords since. This doesn't help with the number of prompts, but it does make them easier to dismiss.
I do use autologin, but I don't use a system wallet (only KeePassXC, which I do need to unlock manually). Autologin with system wallets can be tricky, but I've had some luck setting it up in the past. You might want to check out this wiki for PAM configuration.
Nice, sounds pretty cool. FZF is great, I need to try out some new things with it. Never got into snippets but I'm sure that speeds things up considerably, will think about it.
Yeah separate config files is probably the best approach if you have a lot of things configured. I haven't done that yet, but might try soon. My config has generally been pretty simple, mostly bindings and plugin settings. But I started developing in the TTY and had to shoehorn-in a conditional theme and such to get it to work properly, leaving it pretty unorganized.
| I can never leave vim. It has taken over the pathways in my brain.
Haha, yeah
My neovim config is a total mess :D. But yeah i3-msg+jq is great, I've written a number of solutions to this problem before using the API and external scripts, but it's nice having things inline in the config file
For a while I would have agreed, and I used sway for years. But recently I switched back to i3 (i3-rounded) due to display issues with my AMD GPU. I started doing most of my development in the TTY, and found that switching from TTY to Wayland takes half a second and can sometimes break my GPU (until I switch between TTY and display a few times). With X11 it's instant and without issue ¯\_(ツ)_/¯. Hoping that gets fixed down the road, or that it's specific to my GPU.
This is always the first thing I get set up:
# focus next available workspace on this output
bindsym $mod+q exec --no-startup-id ws=$(i3-msg -t get_workspaces | jq '.[] | select(.focused) | .num') && ofs=$(i3-msg -t get_outputs | jq 'map(select(.active)) | length') && i3-msg workspace $(($ws-$ofs))
bindsym $mod+w exec --no-startup-id ws=$(i3-msg -t get_workspaces | jq '.[] | select(.focused) | .num') && ofs=$(i3-msg -t get_outputs | jq 'map(select(.active)) | length') && i3-msg workspace $(($ws+$ofs))
# move window to next available workspace on this output
bindsym $mod+Shift+q exec --no-startup-id ws=$(i3-msg -t get_workspaces | jq '.[] | select(.focused) | .num') && ofs=$(i3-msg -t get_outputs | jq 'map(select(.active)) | length') && dest=$(($ws-$ofs)) && i3-msg move workspace $dest && i3-msg workspace $dest
bindsym $mod+Shift+w exec --no-startup-id ws=$(i3-msg -t get_workspaces | jq '.[] | select(.focused) | .num') && ofs=$(i3-msg -t get_outputs | jq 'map(select(.active)) | length') && dest=$(($ws+$ofs)) && i3-msg move workspace $dest && i3-msg workspace $dest
Works with sway if you replace i3-msg with swaymsg (and remove --no-startup-id, since it's not needed for Wayland).
Edit: ampersand issues, trying quote instead of code block
I usually use Awk to do the heavy lifting within my Bash scripts (e.g. arg parsing, filtering, stream transformation), or I'll embed a Node.JS script for anything more advanced. In some cases, I'll use eval to process generated bash syntax, or I'll pipe into sh (which can be a good way to set up multiprocessing). I've also wanted to try zx, but I generally just stick to inlining since it saves a dependency.
I started by writing small scripts to automate things, but really got into it after learning how fun it can be to make the computer do stuff. I also see it as a kind of creative outlet, but in general I just want to learn how to fix anything in software if I'm not satisfied with how it works.
I use LUKS-encrypted LVM volumes to store everything (and transfer via SSH or HTTPS), but would use GPG if I needed to encrypt individual files.
I've been using it for years and I think it's great. Currently on a 6 Pro. It's true that some apps don't work without Google Play services, but GrapheneOS has the option to install the google stuff in a sandbox, so you shouldn't run into any issues if you do that. Personally, I don't use Play services unless I need to, and use Aurora store for any apps that aren't on F-Droid.
In any case, you can always revert to stock or try another OS
Edit: as faede has pointed out, it appears that Google Wallet has issues. Also, the usage docs mention issues with banking apps in general, so that's something to consider
If you're willing to spend the time to learn how to write custom policies, SELinux can be used for this, to some extent. It's highly customizable and can sandbox your apps, but the process of doing so is quite complicated. I wrote a small guide on custom policy management on Gentoo in another comment if you're interested.
There's also apparently a "sandbox" feature, but I don't know much about it. I just write my own policies and make them as strict as possible.
As an example, my web browser can't access my home directory or anything except its own directories, and nobody (including my own user), except root and a few select processes (gpg, gpg-agent, git, pass) can access my gnupg directory.
This only covers security/permissions, and doesn't include many of the other benefits of containerization or isolation. You could also try KVM with libvirt and Gentoo VMs; that works pretty well (despite update times) and I did that for a while with some success.