Hi, it’s Clément! 👋

💬 This is a comment on Neovim 0.12 News (archive) Neovim 0.12 was released earlier today. I don’t have enough time just now, but I’m sharing here the list of things from the release page that I want to try first. Whole new features Here are new features to replace some plugins and simplify my configuration: There is a new 'autocomplete' option. When set, completion suggestions appear in insert mode, without pressing a triggering shortcut. The 'complete' option also gains the ability to call arbitrary functions, as long as they follow the complete-functions interface. These two features combined could replace the many completion plugins that came and went over the years. I certainly hope to use them to remove mini.completion from my config. More importantly, they might help the ecosystem to standardize around a common interface for completion sources. At the moment, LSP servers play this role, but a full-blown LSP server implementation in every plugin is quite heavy. For example, crates.nvim supports some completion plugins (nvim-cmp, coq.nvim) and also exposes an LSP server for cross-compatibility support. In the future, such a crate might only implement the complete-functions interface and it could be used as a source by either native nvim completions or plugins. The other big highlight of this release is the native plugin manager, vim.pack. It was contributed mainly by Evgeni Chasnovski (known for mini.nvim). His guide of this new component is worth a read. In particular, you can pin plugins to a particular hash, for a version you have audited and update only once you have audited the changes in any new version. The default status line was reworked and integrates with vim.diagnostic.status(), vim.ui.progress_status() and an indicator for the new busy state. This will allow me to remove some custom logic to produce diagnostic status (E:2 W:3 for 2 errors and 3 warnings) and maybe even drop my custom status line code entirely. I will try to use the MarkSet to make user-placed marks visible in the gutter of the current buffer. I used plugins for that feature in the past, but it should be simple to implement it in configuration with MarkSet now. I’ll use vim.net.request() to replace some calls to external commands. It will make the configuration more portable and shorter — it might even be marginally faster, eliminating an external command call. 'diffopt' inline and inline:word will provide richer diff at the line level, a bit like delta. It’s nice to have native plugins for the undo tree (:Undotree) and to compare whole folders (:DiffTool). I plan to use the new treesitter selection shortcuts (an, in, [n and ]n in visual mode) to replace the deprecated treehopper plugin: I don’t really care about jumping to a particular highlight node, visual mode should work better for me. Polish of existing features This release introduces some nice performance improvements, for instance on Ctrl+r in insert mode and packadd. ...

💬 This is a comment on DNS-PERSIST-01: A New Model for DNS-based Challenge Validation The Source of Truth Connecting to a website? Sending an email? Which server1 you reach depends on DNS records. And CAA or SSHFP records establish trust for public key cryptographic protocols. DNS records are the source of truth. DNS API Tokens Currently, wildcard certificates with Let’s Encrypt require to write an arbitrary string in a DNS record, for every single certificate renewed or issued. In practice, this often involves sharing a write API token to change the DNS. This is risky: should an attacker obtain the token, they can do a lot of damage: hijack traffic (and get valid certificates for it), receive and send emails using the corresponding domain… ...

💬 This is a comment on 6-day and IP Address Certificates are Generally Available by Matthew McPherrin (via) Let’s Encrypt has just announced that short-lived1 certificates are generally available. They can also be used for IP addresses, which is especially useful for DNS over HTTPS. Those certificates could be smaller in the future, if information for validity checks is omitted. However, for now at least, these certificates still include revocation information. ...