Actually non-tor certificates will (sadly) be signed with Let’s Encrypt a bit before 2017-05-26, tor will be self-signed
Support La Quadrature Du Net

www-client are broken

So after saying that (it still is). Chrom* became broken too :

Basically I have no web browser anymore… or well no. I have even more web browser installed than when I was doing/learning web development, because I have several whatever around engines.

Anyway let’s put what I need in a web browser:

As my findings of 2017-07-06, the web browsers (Gui;engine;style/inspiration) that are almost compliant to my needs are, without much sorting/ordering:

Disk identification


So the one for network interface is now okay-ish. I done a quick look at how it works for… disks. So most of it was done under Linux, but I know this nightmare under OpenSolaris(I recommend 20% of Solaris Knowledge that solves 80% of your needs; but only 8 slices/partitions, non-intuitive, no file hierarchy… why), Plan9front(a bit better, at least partitions are under a directory).

And as you’re probably using lsblk and/or blkid or even fdisk -l(I use that when I’m on a non-Linux Unix) to identify as a human your disks, I done a quick look for fun at disk identifiers… (intended more for machines I guess) and… oh noes.

TRAN   NAME        SIZE FSTYPE      PARTUUID                             UUID                                 WWN
usb    sdf           2G
       └─sdf1        2G vfat
usb    sdd       931.5G
       └─sdd1    931.5G ntfs-3g     874ddc9f-01                          FEBC2BA2BC2B5505
sata   sdb         1.8T zfs_member                                       15625953673200575561                 0x11804586289146122240x
sata   sdg       111.8G crypto_LUKS                                      7979cfc6-568f-4b3a-bfc4-301c92316767 0x17202986447841742850x
sata   sdc       189.9G
       ├─sdc2    189.9G crypto_LUKS caadf50b-7419-4379-b34e-6cbdb9fb9e17 86106360-90e8-425e-b37e-33131b23a6b0
       │ └─root1 189.9G zfs_member                                       2052176674175130762
       └─sdc1        2M             d3e52e3c-2c83-48e5-af2f-8c3ce10131aa
sata   sda       189.9G
       ├─sda2      256M             b585598d-8b2c-4db8-b58c-65bfe314d57e
       ├─sda3      248M crypto_LUKS d4d61264-c2c9-4953-8c59-3ac265d986e3 9877c105-252e-4141-97df-358f14daa2a8
       └─sda1    189.4G crypto_LUKS a359857c-49eb-44c0-936c-464c150d20a0 1c578f43-6f16-497c-ba88-986609ffa1d6
         └─root  189.4G
$ blkid
/dev/sda1: UUID="1c578f43-6f16-497c-ba88-986609ffa1d6" TYPE="crypto_LUKS" PARTLABEL="encrypted" PARTUUID="a359857c-49eb-44c0-936c-464c150d20a0"
/dev/sda3: UUID="9877c105-252e-4141-97df-358f14daa2a8" TYPE="crypto_LUKS" PARTLABEL="boot-efi" PARTUUID="d4d61264-c2c9-4953-8c59-3ac265d986e3"
/dev/sdb: LABEL="seagate" UUID="15625953673200575561" UUID_SUB="11105316071247026470" TYPE="zfs_member"
/dev/sdc2: UUID="86106360-90e8-425e-b37e-33131b23a6b0" TYPE="crypto_LUKS" PARTUUID="caadf50b-7419-4379-b34e-6cbdb9fb9e17"
/dev/sdd1: LABEL="TOSHIBA EXT" UUID="FEBC2BA2BC2B5505" TYPE="ntfs" PARTUUID="874ddc9f-01"
/dev/mapper/root: LABEL="zroot" UUID="2052176674175130762" UUID_SUB="12007847542772910046" TYPE="zfs_member"
/dev/sdg: UUID="7979cfc6-568f-4b3a-bfc4-301c92316767" TYPE="crypto_LUKS"
/dev/mapper/root1: LABEL="zroot" UUID="2052176674175130762" UUID_SUB="5697203163307082646" TYPE="zfs_member"
/dev/sda2: PARTLABEL="boot" PARTUUID="b585598d-8b2c-4db8-b58c-65bfe314d57e"
/dev/sdc1: PARTUUID="d3e52e3c-2c83-48e5-af2f-8c3ce10131aa"
/dev/sdf1: SEC_TYPE="msdos" TYPE="vfat"

If you look enough at it… NONE of them works and wtf is UUID_SUB printing out of nowhere. So as you’re probably not LABEL’ing all your hard-drives because your system sucks… The only thing I found so far that is the least broken under linux(+(e)udev) is /dev/disk/by-id.


So quick list of things that are nice/works:

Here is an example of a file hierarchy of my idea, based on that:

Know things

Yeah, very imaginative title… But well, here is why gitter just sucks compared to all chat things I saw:

I’m really glad I’m more of a sysadmin/netadmin than a developer… at least it doesn’t tries to please my kind. Seriously with all this DevOp shit don’t make it more hard for cypherpunks/privacy-nerds.


You may have noticed if you’re following me on that I’m posting quite a bit of honest post about the goodness of ed, and let me say why, sometimes I prefer ed

Note: From ed, with love; Also, I’m not trolling here, appart from the "standard editor" part

My git server setup

So after having problems with (not being able to push to your own repository for example). I decided to have a very simple git setup, inspired by I putted all my git repos into /git.

started with just nginx and ssh

This one is dead-simple when you know the trick, simply put git update-server-info into hooks/post-update of your git repo (they have to be bare repo, that’s done with --bare)

Added git-daemon

That one was even more simple, just had to point to where the git repositories are stored

Wanted a better interface

While searching for alternatives to GNU I saw stagit, a static git generator (I don’t like CGI, specially when it could have access to my git repos), to use it I added theses lines to the post-update-hook

cd "$(pwd | sed s/.git$//)" && stagit -c "$repo.cache" "$repo"
cd /git && stagit-index *.git > /git/index.html

Deployement to blog

This one output an error(probably because the GIT_INDEX_FILE should not be empty) but it works so who cares :P

GIT_INDEX_FILE='' git --work-tree=/srv/web/ --git-dir=/git/blog.git checkout -f

Garbage Collector

It’s not like my repos were getting big, git is supposed to do that itself but it seems like it doesn’t, so I’m doing git gc each time, which isn’t very optimised.

Final post-update hook

update_f=' * Updating %s…'
is_ok(){ echo ' [OK]'; }

printf "$update_f" 'Garbage Collector'
git gc && is_ok

printf "$update_f" info
git update-server-info && is_ok

printf "$update_f" stagit
cd "$(pwd | sed s/.git$//)" && stagit -c "$repo.cache" "$repo" && is_ok

printf "$update_f" stagit-index
cd /git && stagit-index *.git > /git/index.html && is_ok

# Errors but works
grep blog <<<$repo && printf "$update_f" blog && GIT_INDEX_FILE='' git --work-tree=/srv/web/ --git-dir=/git/blog.git checkout -f && is_ok

USA asking social-network password

TL;DR: it’s stupid, it’s often the worse “I have nothing to hide” thing and a (dis-united) state wants to to it. A password is meant to be hidden, even/specially to governments.

Other questions

What is a social network, is it what’s allowing humans to communicate or more specific thing like Twitter or Facebook

How can you verify that you gave all your social accounts, or even not a fake account which is created just for that (like recycling a _ebook bot)

Fighting Harrassement

After reading this post(in french). I noticed that theses new techniques are basically the same as for fighting spam years ago, and there the definition of spam by [Pirate Bay Member] makes even more sense. Basically spam got defined by “unwanted messages”, which is true for most commercial-messages and harassement.

And so I think we can actually reuse anti-spam software/code to make it more diverse and able to block not only commercial/weird messages but all unwanted messages.

I’ll code something I can use for most of my messaging software as I do also receive unwanted messages not flagged as traditionnal spam.

Type of programs and example that can be useful for inspiration: Requirements for the code:

Also I think accounts like @SaferBlueBird are mostly bad because it’s managed by few people and actually censors things they doesn’t want to, also it’s totalitarist/oligarchist, only one/few people are needed to start the storm of reports. I follow it because at the moment it’s the best solution we have…

Warning: It’s a concept, useable software might not exist at the end, feel free to contact me if you want to participate in it (even if you don’t know how to code, everyone can be useful)

404 not found
Actually non-tor certificates will (sadly) be signed with Let’s Encrypt a bit before 2017-05-26, tor will be self-signed
Support La Quadrature Du Net
Oops you found a Dead Link !

Entire Disk Encryption with LUKS and ZFS

Note: this is done from my current system, notes and my mind.

This tutorial is for people that know how to install gentoo. By Entire Disk Encryption I mean that even the /boot is encrypted. (but grub isn’t I think I’d need UEFI which too much hard and risky to setup and I don’t have hardware compatible with coreboot)

Setup the disk

cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512 --verify-passphrase luksFormat /dev/sda
cryptsetup luksOpen /dev/sda cryptrpool

zpool create -f -m none -R /mnt/gentoo rpool /dev/mapper/cryptrpool
zfs create -o mountpoint=none -o compression=lz4 rpool/ROOT

zfs create -o mountpoint=/ rpool/ROOT/default

zfs create -o mountpoint=/home rpool/HOME
zfs create -o mountpoint=/root rpool/HOME/root
zfs create -o mountpoint=/home/haelwenn rpool/HOME/haelwenn

zfs create -o mountpoint=none rpool/GENTOO
zfs create -o mountpoint=/usr/portage rpool/GENTOO/portage
zfs create -o mountpoint=/usr/portage/distfiles -o compression=off rpool/GENTOO/distfiles
zfs create -o mountpoint=/usr/portage/packages -o compression=off rpool/GENTOO/packages


USE flags:

sys-boot/grub libzfs device-mapper
sys-fs/zfs rootfs
sys-fs/zfs-kmod rootfs
sys-kernel/genkernel cryptsetup

Now you need: sys-boot/grub sys-fs/zfs sys-fs/zfs-kmod sys-kernel/genkernel. You can also replace genkernel with dracut.

Configuring ZFS for boot-up: rc-update add zfs-import boot && rc-update add zfs-mount && rc-update add zfs-zed

initramfs (genkernel)

sed -i 's/.*LUKS=.*/LUKS="yes"/' /etc/genkernel.conf
sed -i 's/.*ZFS=.*/ZFS="yes"/' /etc/genkernel.conf
sed -i 's/.*DISKLABEL=.*/DISKLABEL="yes"/' /etc/genkernel.conf
genkernel --luks --zfs --disklabel initramfs


As grub-mkconfig is a piece of crap which does unreadable config, I do it myself. Here it is:

insmod part_gpt
insmod cryptodisk
insmod luks
insmod gcry_rijndael
insmod gcry_sha512
insmod zfs

cryptomount -u 1c578f43-6f16-497c-ba88-986609ffa1d6
set root=(crypto0)
set prefix=(crypto0)/ROOT/default/@/boot/grub

insmod gzio

menuentry 'Gentoo Hardened 4.4.2' {
	linux /ROOT/default/@/boot/vmlinuz-4.4.2-hardened root=ZFS=rpool/ROOT/default crypt_root=UUID=1c578f43-6f16-497c-ba88-986609ffa1d6 rd.luks.uuid=1c578f43-6f16-497c-ba88-986609ffa1d6 dozfs rootfstype=zfs
	initrd /ROOT/default/@/boot/initramfs-genkernel-x86_64-4.4.2-hardened

And that should be all !

I fucking hate RULES

Tagged by Toot6


  1. Choose 13 people
  2. Tag-backs are allowed
  3. You have to post All the Rules
  4. You Can’t say you don’t do tags
  5. You have to legitimately tag 13 people
  6. Be creative with the title.No titles like: “I got tagged”
  7. Each person has to share 13 things about themselves
  8. You must make a journal entry. No comments... Unless you’re talking about the entry I HATE YOU
  9. Answer 13 questions asked to you and invent 13 questions the people you tag will have to answer
  10. You have to finish within a week.If you don’t finish in time, you have to do what-ever the creator tells you

Facts about myself

  1. I’m a librist
  2. I hate rules
  3. I’m queer
  4. I’m breton
  5. I mostly eat pasta, noodles and rice
  6. I don’t like hierarchy
  7. I didn’t forgot a whole part of this
  8. I love to use retro/deprecated but still awesome things (floppy disks and IDE mwhahaha)
  9. I hate obselecence (corrected by using Free Software anyway ;3)
  10. When I say free software I think about BSD and not GNU
  11. Beeing a Metalhead used to be my cloak as a queer, I’m now out and still a metalhead
  12. I don’t like talking so sometimes I make sounds instead
  13. I’m done with that


  1. Favourite band/musician ?

    Vladimir Bozar

  2. Play video games much ? If yes, what's your favourite game/franchise ?

    Not that much… but I love .hack project

  3. Would you kiss a dragon ?

    uh… yeah

  4. Do you have any pets ? Can I pet them


  5. If you could have a superpower, which would it be ?

    Time travel

  6. If you could go into another word or universe, which would you wanna go to ?

    still My Little Pony (without transphobia) I guess or maybe No Game/Hack/Source, No Life

  7. Do you play Monster Hunter ? Do you play Smash ? Wanna have a go ?

    Nope. Maybe for fun

  8. What's the best advice you can give regarding art ?

    Use all the tools you have in every way you can think of

  9. What's your favourite movie monster/creature ? Why ?

    Currently sadako, because she are an esper/magician and lived 30 years into a well, but is still alive in emotional form into electronics and people

  10. Doth thou even hoist ?

    Yes, I have musl installed on my server ;P

  11. Are you a dirty yiffer ?

    Dirty -> yes, yiffer -> not tested yet

  12. What are your favourite songs for relaxing ?

    Dark ambient

  13. Aliens ? Discuss

    They can transform you into a magical girl and grant one wish but it cost your life… meh. I prefer the genius of Aladin. :P

Question for tagged peers

  1. What is your name?
  2. Where do you live?
  3. What is your favorite color?
  4. What is a spallow?
  5. Where is SPARTA‽
  6. Do you like waffles?
  7. What are your favorite styles of fine arts(drawings, painting)
  8. What are your favorite styles of music
  9. What are your favorite styles of litterature
  10. What are your favorite styles of films
  11. What’s your favorite animal?
  12. What’s your favorite character?
  13. Do you think I’m a lazy shit?

Mozilla is Broken

I’m quitting Mozilla, not that I have been really been into the community(mostly because they want me to do one thing, apply this to programs, not humans) but I was using and enjoying it for a long time(like since 2008). Also in about 2014 I switched from Thunderbird to mutt because I wanted something simple which does GPG, hard time to switch but I love it. And now it seems like Mozilla is killing Firefox for years :

And there is potentially way more shit (just look and the old but still open tickets)

Current solution: None, all browsers sucks and none sucks less, so I’m in a constant change of web browser everyday. See:

BTW if everyone have to use a LTS/ESR/real-stable version of a browser even if they are actual developers… well why is the Developer Edition based on Nightly ? For badly supported things like H.264 ? gstreamer works(can be an interface to ffmpeg). For brand new stuff ? Well most web-smiths have to support old browsers like IE6 or IE7. For marketing because we are the browser with tons of features ? Well I think so. I think Netscape did the same mistake in the browser-war, why change things?

Apparently since like… middle-late 2016 Mozilla Firefox is now better in Nightly than ESR. Whatever, it’s still broken for me.

Lennart Poettering merged “su” command replacement into systemd: Test Drive on Fedora Rawhide

“Original” Article

Well, there have been long discussions about this, but the problem is that what "su" is supposed to do is very unclear. On one hand it's supposed to open a new session and change a number of execution context parameters (`uid`, `gid`, `env`, ...), and on the other it's supposed to inherit a lot concepts from the originating session (`tty`, `cgroup`, `audit`, ...). Since this is so weakly defined it's a really weird mix&match of old and new paramters.

Pretty clear, it ask for root or specified user password, launches a shell. If -, -l, --login is put it starts a new environement before starting the shell.

To keep this somewhat managable we decided to only switch the absolute minimum over, and that excludes `XDG_RUNTIME_DIR`, specifically because `XDG_RUNTIME_DIR` is actually bound to the `session/audit` runtime and those we do not transition. Instead we simply unset it.

Ah, of course desktop crap in the userland… And crappy explanation, maybe you should patent and copyreich that in case. ᕕ(ᐛ)ᕗ

$ cat /etc/os-release
NAME=Fedora VERSION="24 (Workstation Edition)"
PRETTY_NAME="Fedora 24 (Workstation Edition)"
VARIANT="Workstation Edition"

$systemctl --version
systemd 225

Okay here’s the same shit from a non voided system. Let’s share. ;D

% cat /etc/os-release
% rc --version
rc (OpenRC) 0.17 (Gentoo Linux)

Anyway, let’s continue

$ machinectl shell Connected to the local host. Press ^] three times within 1s to exit session.

Okay even worse binding than Escape-Meta-Alt-Control-Shift(EMACS), fuck stty eof(^D), fuck POSIX, fuck quick and intuitive commands(shell for login, hell yeah), yes rude mode is activated.

It works! We can work as superuser. And isn’t end: we can also set shell and host: $ machinectl shell /bin/bash

Wait… ssh is crap too? Why is there a dot before the host(maybe fuck localhost too…)?

Login as non-root user and set variable of shell environment: #1000 - UID of user `paul` #SYSTEMD_TEST - test variable of user environment $ machinectl shell --uid 1000 --setenv="SYSTEMD_TEST=777"

’Kay so starting another $SHELL and export VAR=VARIABLE too ?

$ sudo systemd-run -p CPUQuota=50% -p PAMName=login -t /bin/bash -c '/usr/bin/stress -c 4'

Ah! So after saying cgroups is awesome… you goes with quota on the CPU… well maybe that’s called evolution… ? Why are you using login, you created machinectl for nothing? Why are you using -p options like a replacement to args… o_O Well this command is full of fuck(not the very great program which among other thing uses… sudo with the last command :D)

I wonder when you will eat Emacs(meta-OS), build your own kernel because fuck UNIX so we can 🖖“live long an prosper” with (GNU/)Linux and BSD and you with SystemDOS.