It is hand to remember a few finger/knuckles/elbow/shoulder combinations for common measures. One of your phalanges should be ~1 inch, for example, and one of your finger nails is probably ~1 cm wide.

There's a reason that the English system of measurement had things like "hand" and "foot" - because when you're not measuring things exactly, close enough and commonly available is fine.

Or be like the mythbusters guy and get a ruler tattooed on your arm!

Minimal valid HTML5:

    <!doctype html>
    <title>Hello</title>
    <h1>Hello World</h1>

They don't promise anything "Open Source" here.

The bait and switch was around the “free” license for non-commercial use. They got lots of people using it and porting software to it, and then they revoked that free license.

Then they did exactly the same thing again a few years later.

And now, for the 3rd time, they are offering a “free” non-commercial license.

SQLite is only deployed as a single file but the original sources are multiple files. They call it "The Amalgamation".

https://sqlite.org/src/doc/trunk/README.md

Yes, that's why I've asked about possible rust support of creating such version of normal project. The main issue, I'm unaware of comparably large rust projects without 3rdparty dependencies.

From my daily-use utilities, ripgrep and bat seem to have zero dependencies.

I believe ripgrep has only or mostly dependencies that the main author also controls. It's structured so that ripgrep depends on regex crates by the same author, for example.

Looking at Cargo.toml, ripgrep seems to have some dependencies and bat has a lot.

Sounds like you look for an intersection of academic papers (1.), tech blogs (2.), text books (3.), and confidential business strategies (4.)? A very high ambition.

Corporations commonly describe some of their internal processes and achievements because it builds reputation and that can be important for both sales and recruitment.

Sometimes they do it in the form of free or open source software releases.

This site is about "historic" stuff only. No Fantasy or SciFi, thus no Warhammer.

If you want to this historic wargaming hobby in action: https://www.youtube.com/@LittleWarsTV

At work my machine has probably ten or more installations of Python hidden in various tools. I'm certainly not alone. So we could say "on average Python is installed on every machine". /s

My principles is that I do not. If PyPI packages are needed, rewrite it in Rust (or Go or D or whatever allows me to use statically-linked libraries).

Python packages are fine for servers but not for CLI tools.

We use proprietary tools (QNX compiler, Coverity static analysis, ...) and those require access to a license server which requires some secret.

I don't really understand what you mean by "secure enclave style"? How would that be different?

With a secure enclave or an HSM, there's a secret, but the users do not have access to the secret. So, if you have a workflow that needs to, say, sign with a given private key, you would get an API that signs for you. If you need to open a TLS connection with a client certificate, you get a proxy that authenticates for you.

I suppose I would make an exception for license keys. Those have minimal blast radii if they leak.

And how is that exposed to the CI/CD? An environment variable? Some bespoke tool that the CI runs to read the secret from the Secure Enclave?

Your approach boils down to “lets give each step its own access to its own hardware-protected secrets, but developers shouldn’t otherwise have access”

Which is a great way to “support secrets,” just like the article says.

I think this is the most efficient approach. Decisions should be made at the lowest possible level of the org chart.

However, it has an important assumption: You are sufficiently aware of higher level things. If you have a decent communication culture in your company or if you are around long enough to know someone everywhere, it should be fine though.