Skip to content



  • Pkl

    “a programming language for configuration”, from Apple. Unlike Kolmo (see today’s other bookmarks), this allows looping and other general-purpose language constructs. Really it doesn’t feel much like a config language at all by comparison. I prefer Kolmo!

    (tags: configuration programming languages via:bert-hubert)


  • Kolmo

    A configuration file definition language, from Bert Hubert:

    Self-documenting, with constraints, units, and metadata; ‘Typesafe’, so knows about IP addresses, port numbers, strings, integers; Tool that turns this configuration schema into Markdown-based documentation; A standalone parser for configuration files; Test for validity, consistency; Runtime library for parsing configuration file & getting data from it; Standalone tooling to interrogate and manipulate the configuration; A runtime loadable webserver that allows manipulation of running configuration (within constraints); Every configuration change is stored and can be rolled back; Ability to dump, at runtime: Running configuration Delta of configuration against default (‘minimal configuration’); Delta of running configuration versus startup configuration; In effect, a Kolmo enabled piece of software gets a documented configuration file that can be modified safely and programmatically, offline, on the same machine or at runtime, with a full audit trail, including rollback possibility.

    (tags: configuration languages programming kolmo config lua)

Pluralistic: How I got scammed (05 Feb 2024)

  • Pluralistic: How I got scammed (05 Feb 2024)

    Cory Doctorow got phished. He took advantage of the painful opportunity to make this very important point:

    I trusted this fraudster specifically because I knew that the outsource, out-of-hours contractors my bank uses have crummy headsets, don’t know how to pronounce my bank’s name, and have long-ass, tedious, and pointless standardized questionnaires they run through when taking fraud reports. All of this created cover for the fraudster, whose plausibility was enhanced by the rough edges in his pitch – they didn’t raise red flags. As this kind of fraud reporting and fraud contacting is increasingly outsourced to AI, bank customers will be conditioned to dealing with semi-automated systems that make stupid mistakes, force you to repeat yourself, ask you questions they should already know the answers to, and so on. In other words, AI will groom bank customers to be phishing victims. This is a mistake the finance sector keeps making. 15 years ago, Ben Laurie excoriated the UK banks for their “Verified By Visa” system, which validated credit card transactions by taking users to a third party site and requiring them to re-enter parts of their password there: This is exactly how a phishing attack works. As Laurie pointed out, this was the banks training their customers to be phished.

    (tags: ai banks credit-cards scams phishing cory-doctorow verified-by-visa fraud outsourcing via:johnke)