Kopi creates ephemeral, anonymized, and relational subsets of your production database for local development in seconds... still WiP.
- My wife and I had a good chuckle at these. The one we both remember is the one about Penguin losing his lollipop and buying a Milky Way.
However, we both agreed that when comparing the UK(ish) and US(ish) variants, the UK ones are much more fun and colourful: The US ones seem a little, erm, boring!
- I'm working on something called Kopi: a CLI tool that replaces the slow process of restoring massive production database backups on a dev machine with a "surgical slicing" approach, spinning up lightweight, referentially intact Docker containers in seconds: It spins up the exact schema of your source db and generates safe, synthetic datasets in seconds. It can, if you want, also replicate the actual data in the source DB but with automatically anonymized PII data.
It can replicate a DB in as little as 9 seconds.
It's Open Core: Community Edition and Pro/Enterprise editions.
Still a WiP --> https://kopidev.com
- I'm replying to you from Windows 11 IoT Enterprise LTSC courtesy of massgravel (or massgrave... not sure wth it's actually called now!) and it's activated until 2038.
The only thing it didn't have out of the box that I wanted was Microsoft Store (so that I could install Winget and Terminal) but you install it from an elevated powershell command with "wsreset -i" and that's it done.
It also has the original version of Notepad, not that abomination with the tabs and Copilot!
Oh, no Copilot whatsoever in fact.
All the instructions for IoT (including where to get it... legitimately) are on the massgrave github page and website.
And before I am accused of sailing the high seas... I'm not! The activation script just activates complicated processes built-in to Windows: it doesn't "hack" it or anything!
- FWIW, I work for a major financial organization in the UK as a software architect and I've brought it up more than once over the years in various roles: not a single bank in the UK supports Yubikeys or custom Authenticator apps.
Not one (I last checked about a month ago!)
Security, while pretty good, is still lacking imo!
- I see where you are coming from but in my head, Brenda isn't real.
She represents the typical domain-experts that use Excel imo. They have an understanding of some part of the business and express it while using Excel in a deterministic way: enter a value of X, multiply it by Y and it keeps producing Z forever!
You can train AI to be a better domain expert. That's not in question, however with AI, you introduce a dice roll: it may not miltiply X and Y to get Z... it might get something else. Sometimes. Maybe.
If your spreadsheet is a list of names going on the next annual accounts department outing then the risk is minimal.
If it's your annual accounts that the stock market needs to work out billion dollar investment portfolios, then you are asking for all the pain that it will likely bring.
- It's not as black-and-white as "Brenda good, AI bad". It's much more nuanced than this.
When it comes to (traditional) coding, for the most part, when I program a function to do X, every single time I run that function from now until the heat death of the sun, it will always produce Y. Forever! When it does, we understand why, and when it doesn't, we also can understand why it didn't!
When I use AI to perform X, every single time I run that AI from now until the heat death of the sun it will maybe produce Y. Forever! When it does, we don't understand why, and when it doesn't, we also don't understand why!
We know that Brenda might screw up sometimes but she doesn't run at the speed of light, isn't able to produce a thousand lines of Excel Macro in 3 seconds, doesn't hallucinate (well, let's hope she doesn't), can follow instructions etc. If she does make a mistake, we can find it, fix it, ask her what happened etc. before the damage is too great.
In short: when AI does anything at all, we only have, at best, a rough approximation of why it did it. With Brenda, it only takes a couple of questions to figure it out!
Before anyone says I'm against AI, I love it and am neck-deep in it all day when programming (not vibe-coding!) so I have a full understanding of what I'm getting myself into but I also know its limitations!
- I'm not sure it is off-topic. The parent to this one was talking about, presumably, dodgy Windows keys (that shouldn't be allowed) but from my understanding, the massgrave scripts just use internal Windows mechanisms to activate.
It's not actively usurping Windows security.
In fact, I've read more than once that Microsoft tech support have been known to use massgrave scripts to help with activation-related issues with clients: Although I should caveat that with saying that it may have been Reddit I found that info so pinch of salt and all that...
So, my take on this is if the massgrave scripts allow activation without breaking any laws then sobeit. I'm talking about doing stuff that, while it appears dodgy, actually just manipulates the ultra-complicated processes under the hood that Microsoft has already built into the OS.
It's like publicising the workarounds for the now-mandatory Microsoft account when installing Windows 11. These involve things like reg hacks and commands: they're already in Windows so publicise them all you want imo.
- I really wish this wasn't called Vanilla JavaScript... that's what I call actual JavaScript, you know, the language without libraries!
I don't normally feel strongly one way or the other about stuff but this really rips my knitting!
Note: Credit to the creators for making something and puting it out there but man, that name :(
- I admit, my approach was rather nuclear but it worked at the time.
I think an evolution would be to use some sort of exponential backoff, e.g. first time offenders get banned for an hour, second time is 4 hours, third time and you're sent into the abyss!
Still crude but fun to play about with.
- > It's interesting to study, right?
Definitely! I wasn't experiencing any issues, hell it wasn't even for public consumption at that time so no great loss to me but I found a few things fascinating (and somewhat stupid!) about it:
1. The sheer number of automated requests to scrape my content
2. That a massive number of the bots openly had "bot" or some derivative in the user agent and they were accessing a page I'd explicitly denied! :D
3. That an equally large number were faking their user agents to look like regular users and still hitting a page that a regular user couldn't possibly ever hit!
Something I did notice but it was towards the end and I didn't pursue it (I should log it better the next time for analysis!) was that the endpoint was dynamically generated and only existed in the robots.txt for a short time but there were bots I caught later on, long after that auto-generated page was created (and after the IP was banned) that still went for that same page: clearly the same entities!
My spidey senses are tingling. Next time, I'm going to log the shit out of these requests and publish as much as I can for others to analyse and dissect... might be interesting.
- I had a website earlier this year running on Hetzner. It was purely experimenting with some ASP.NET stuff but when looking at the logs, I noticed a shit-load of attempts at various WordPress-related endpoints.
I then read something about a guy who deliberately put a honeypot in his robots.txt file. It was pointing to a completely bogus endpoint. Now, the theory was, humans won't read robots.txt so there's no danger, but bots and the like will often read robots.txt (at least to figure out what you have... they'll ignore the "deny" for the most part!) and if they try and go to that fake endpoint you can be 100% sure (well, as close as possible) that it's not a human and you can ban them.
So I tried that.
I auto-generated a robots.txt file on the fly. It was cached for 60 seconds or so as I didn't want to expend too many resource on it. When you asked for it, you either got the cached one or I created a new one. The CPU-usage was negligible.
However, I changed the "deny" endpoint each time I built the file in case the baddies cached it, however, it still went to the same ASP.NET controller method. By hitting it, I sent a 10GB zip bomb and your IP was automatically added to the FW block list.
It was quite simple: anyone that hit that endpoint MUST be dodgy... I believe I even had comments for the humans that stumbled across it letting them know that if they went to this endpoint in their browser it was an automatic addition to the firewall blocklist.
Anyway... at first I caught a shit load of bad guys. There were thousands at first and then the numbers dropped and dropped to only tens per day.
Anyway, this is a single data point but for me, it worked... I have no regrets about the zip bomb either :)
I have another site that I'm working on so I may evolve it a bit so that you are banned for a short time and if you come back to the dodgy endpoint then I know you're a bot so into the abyss with you!
It's not perfect but it worked for me anyway.
- Go here [0] to get the links to Windows 10 and Windows 11 LTSC.
Also, the script to activate it, go here [1] for that.
[0] - https://massgrave.dev/windows_ltsc_links
[1] - https://massgrave.dev/
I'm using Windows 10 IoT Enterprise LTSC to write this and using Massgrave(l) it's activated to 2038 or something now. The only thing I wanted that LTSC didn't have out of the box was the Microsoft Store but you install that from PowerShell with the command "wsreset -i" and wait for 30s or so :)
- In this case, they likely had adequate fuel for, the usual eventualities but the weather in Scotland was particularly bad that night across the whole country (source: I live near Prestwick airport).
Either Edinburgh (on the east coast) or Prestwick (on the west coast) are ok (one or the other or both) but in this case neither was suitable so the nearest was Manchester - definitely an edge-case.
I don't know how much fuel they had, or if they could've fitted any more on the plane but it was unusual circumstances.
There was a military plane right behind it with the same issue that night too.
- Latency. It's everywhere. Open file Explorer and it lags. Change the volume and the slider lags with the example sound and just a general sluggishness compared to Windows 10.
Also updates have broken my printer 3 times (that I can remember). At least once my network connection failed due to updates.
With the resources they have, it's unforgivable.
- I was using Win 11 for a year or so until recently but I'd had enough. It was laggy and I was scared to download updates as they break things way too often.
I understand the complexity with the Windows codebase... it's fkn massive! However, to be able to push out a Windows update and break something literally every single time is something for the history books!
Anyway, I need Windows for some of my software, like my VST's (Roland Earth Piano, XLN Audio) so Linux isn't an option unless there is something I'm missing!
I use Windows 10 IoT Enterprise LTSC with the Massgrave activation... that's me until I retire hopefully. I'd encourage everyone to do the same.
- This post has come along at an interesting time as it happens...
I was at my mum and dads yesterday and I was asking my dad if he'd seen any messages or nag screens about upgrading his computer from Windows 10? It's ancient and I wouldn't put Windows 11 on it, even though I can burn a copy with Rufus to remove all the requirements. As it happens, he had. In fact, he thought Microsoft wanted him to pay for it, such is their confusing marketing!
Now, my dad is no dumbass. He has a PhD in electrical engineering, all his faculties are still present and correct and he's used computers for years and he won numerous awards as uni for being smart af! Anyway, I put him off the idea of Windows 11 and onto the idea of a Chromebox instead. He seemes keen to try it.
Also, my dad only uses the web, the odd spreadsheet to keep track of his money, the odd YT video and that's about it: he's not a power-user.
My reasoning for the Chromebox is that I can't be about all the time when he needs tech support and I'm worried he's scammed by someone wanting him to "install an anti-virus, quick, before all his money is gone" or something. Plus, he has an Android phone already... it makes sense I think.
Next week I'll drop off my Chromebook and set it up for him to try. I think it'll work out, and if it does, I'll buy a Chromebox for about £300 and that'll do him for ever I think.
On a side-note, I've switched back to Windows 10 a few weeks ago: specifically Windows 10 IoT Enterprise LTSC. I used the Massgrave script and it's valid until 2038 or something. I've had it with the latency and general dystopia (and the broken printer... ffs Microsoft!) around Windows 11, which I'd been using for a couple of years until last week.
It may sound trivial but I still can't get over the volume slider latency in Windows 11: When you change the volume slider in the quick launch area and the "ding" sound happens 400ms later, not at the same time, it drives me nuts!
Anyway, my £0.02
- I remember a time when the internet was ran by techies and hobbyists for zero money, zero expectation etc. Sure, there were some banner ads on some websites but very few mega-corps wanting their pound of flesh like today.
A hobbyist-run internet can still be done today too... no need for mega-corporations to run every website when it costs a few ££ per month to run a web server that could easily handle millions of monthly connections.
Also, it's not my job to validate a scummy business model like advertising: if they (the corporations with ads) want to use them as their primary revenue source that's on them, not me!
- Ok, total shower thought but what if the likes of Dell, HP, Lenovo, Samsung, Acer, Asus etc. got together and said "Guys, let's form a consortium to create a new OS (based on Linux, of course) to break the Microsoft hold".
Would it work? Would there be demand?
Hell, I'll run it for them: I just want Windows 2000 with some security fixes :-)
Just a crazy thought but hey, you never know ¯\_(ツ)_/¯
- > Linux lacks designers and product managers
I don't think that would be enough: adding those people to a team won't matter if the overall vision isn't there.
It needs, and I'm about to choke on my words here, a Steve Jobs at the helm saying "No, it needs to be like this".
Yes, I know that won't achieve perfection but there needs to be a coherent vision of what the OS is trying to be, or who it is aiming for.
Linux, right now is pure techie-driven. There isn't any vision at all! Every distro is subtly different and reflects the wants of the team that work on it.
It needs a company to take a distro and pick a direction, e.g. Linux for normies would have to remove almost all traces of command line, hard disk partitions, configs, package managers etc. All that shit would have to be hidden away, still in the background and available if wanted, but to use the OS it should not be a requirement.
Anyway, Linux is what it is :)
- I've said it many times in the past: the OS is a toolbox, just like a carpenters toolbox.
I use it to keep my apps (tools) in. I use the apps (hammer, saw, screwdriver etc.) to get a job done, then I put them away. The job of the OS isn't to recommend that I use Hammer v2.0 or to update my toolbox to the latest version.
The OS is, or should be, out of my way.
I agree with others here: Windows 2000 was peak OS for me!
- Ok, I'll bite... what if an "ad" on a website is a bit of javascript that mines bitcoins using my GPU? Does this mean I have to let it do this?
What if it does it while showing me an ad for something at the same time?
How does running a bit of software on my computer concern anyone other than me?
I am not a lawyer and I haven't read the court's rulings but this seems assinine!
1. Develop discipline around the piano
2. Build my side hustle beyond a side hustle (Kopi - replicate a production DB schema and relational subsets of its data for local development in seconds)