AppArmor is a good way to sandbox programs on a Linux system, but it has some limitations. In particular, it requires you to define a static profile for each program, and changing profiles requires root access. This can be impractical for ad-hoc usages, and in particular if you want to give the program access to a particular directory (such as the current directory). These gaps can be filled with bubblewrap.

If you have a Linux system with AppArmor, you can use it to sandbox IntelliJ IDEA. Do not install IntelliJ with snap, download the .tar.gz archive instead and unpack it in /opt/JetBrains/. Then add this file to /etc/apparmor.d. #include <tunables/global> profile idea /opt/JetBrains/idea*/bin/* { #include <abstractions/base> #include <abstractions/consoles> #include <abstractions/nameservice> #include <abstractions/ssl_certs> #include <abstractions/gnome> #include <abstractions/xdg-open> #include <abstractions/dbus-session> /etc/** r, /dev/** r, /dev/ptmx rw, @{PROC}/ r, @{PROC}/** r, /sys/** r, /bin/* rixm, /usr/bin/{[^s]*,?

If you have a Linux system with AppArmor, you can use it to secure your Go builds. First install Go in /usr/local/go as in the the instructions. Then add this file to /etc/apparmor.d, replace ${HOME} with your home directory. #include <tunables/global> profile go /usr/local/go/bin/go { #include <abstractions/base> #include <abstractions/consoles> /tmp/ r, /tmp/** rwkix, @{PROC}/** r, /sys/** r, /dev/** r, /etc/** r, /usr/** r, /bin/** ix, /usr/bin/** ix, /usr/libexec/** ix, /usr/lib/** ix, /usr/local/go/** rix, owner @{HOME}/.

If you have a Linux system with AppArmor, you can use it to secure your Rust builds. First install Rust with rustup in ~/.cargo/bin. Then add this file to /etc/apparmor.d, replace ${HOME} with your home directory. #include <tunables/global> profile cargo-bin ${HOME}/{.cargo/bin/*,.local/share/JetBrains/IntelliJIdea*/intellij-rust/bin/linux/x64/*} { #include <abstractions/base> #include <abstractions/consoles> @{PROC}** r, /sys/** r, /usr/bin/** ix, /usr/include/** r, /usr/libexec/** rix, /usr/share/** r, /tmp/ r, /tmp/** rwkix, owner @{HOME}/.gitconfig r, owner @{HOME}/.gitignore r, owner @{HOME}/.rustup/** r, owner @{HOME}/.

If you have a Linux system with AppArmor, you can use it to secure your Gradle builds. Here is how I installed it on Ubuntu Linux: Make sure you have a Java Development Kit installed. Set the JAVA_HOME environment variable to point to your JDK by creating a file /etc/profile.d/java.sh with this content: #!/bin/sh export JAVA_HOME=/usr/lib/jvm/java-21-openjdk-amd64 Make a manual installation of Gradle in /opt/gradle. Make it available in PATH: $ cd /usr/bin $ sudo ln -s .

You can speed-up Maven builds considerably by using Maven Daemon. Here is how I installed it on Ubuntu Linux: Make sure you have a Java Development Kit installed. Set the JAVA_HOME environment variable to point to your JDK by creating a file /etc/profile.d/java.sh with this content: #!/bin/sh export JAVA_HOME=/usr/lib/jvm/java-21-openjdk-amd64 Download Maven Daemon. Unpack it into /opt Make it available in PATH: $ cd /usr/bin $ sudo ln -s ../../opt/maven-mvnd-1.0.2-linux-amd64/bin/mvnd . $ sudo ln -s mvnd mvn You can configure IntelliJ IDEA to use it by setting Maven home path to /opt/maven-mvnd-1.

As I mentioned earlier, it’s straightforward to use SQLite as the relational database in Go applications. Your data is stored in one single file with a well-defined format and there is no hassle with installing and configuring a separate database. However, for any serious application you most likely want backup of your data. If your dataset is not very large, and it is OK to lose updates since the last backup, there is a very simple option.

I have been learning the Go programming language lately, and it’s remarkably easy to build simple web apps with it. In particular, with just a few simple tricks, you can make the deployment of such web apps super simple: just one single standalone statically linked binary which stores its data in one single file. The Go standard library contains everything needed to build a basic web app: A production-ready HTTP server An URL router Interface for SQL databases Parsing command line options Simple logging HTML templating HTTP client If you use the embed feature, you can embed templates and static resources (CSS, JavaScript, images) and produce one single self-contained binary.

As I wrote a while ago, I have been trying different approaches for server-side HTML generation in Kotlin, with focus on good support for generating partials without a single root element (which is important for htmx). Given Kotlin’s good support for internal DSLs, I decided to explore that route, and try kotlinx.html and HtmlFlow. They both make great promises of encoding the entire HTML standard and enforce valid HTML at compile time.

I have been trying out htmx with Kotlin and http4k. To use htmx, you need some way of generating HTML on the server. In Kotlin, you have plenty of options, both Kotlin specific ones and everything from the broader Java/JVM ecosystem. There are two main categories here, template languages and internal DSLs. Given Kotlin’s good support for internal DSLs, I decided to explore that route, and try kotlinx.html and HtmlFlow. They both make great promises of encoding the entire HTML standard and enforce valid HTML at compile time.