This post is sponsored by Contributing to Libre Software (and using OpenPGP) feels like Facebook all over again. 🙃️
Whatever the fuck is a "real name", is my handle unreal? If it's a "legal name" is my handle illegal? If it's a "government alias" am I "James (lanodan) Bond"? Is that latter name less real than the others? If you find my "true name" can you control my soul?
Regarding the legal name, in France (where I've been living since birth), at least last time I checked (few years and this might have changed, this is not a legal source), a name is considered to be what other people call you, meaning that for changing your name in your ID/passport you need someone else to testify (paper is fine) you actually answer and use this name and send that to IIRC the mayor of your city. Meanwhile for administrative documents (rent, university, …) you should be able to just ask for another name to be used or use another one, which can also serve as testification.
It is not perfect and still causes trouble (such as the mayor refusing the name change even if they shouldn't be able to), my stance for years has been "whatever name you give me or other people use, I'll consider it a name". I think most people have experienced someone getting a nickname and it got stuck for years and when the given name is used no one recognises it including people like teachers, in that case I consider that the given name doesn't works (kind of like a "not found" error).
Now for what motivated this post: I find real "real name" enforcements stupid and baseless (no offense, it's the act/behavior, not you). Here's why:
Almost no one can verify name authenticity, even Facebook can't (and they should never).
"real" names are different from one state to another (content, formatting, alphabet, …)
For copyright, stuff like pseudonyms are recognised, see pen names
You can easily have a pile of folks with the same full name in one region or institution, this can create a lot of troubles
As explained earlier, I can legally use whatever name I want in most cases, the formatting is also pretty liberal
Also practical example, if a door-to-door marketer comes and I want to be sure they are who they claim to be employed by, do I ask for their ID? Nah, can't verify it at all. I would ask for their business card or similar and ID of their corporation (SIRET in France, which is public data). Latter being the most important as it's verifiable for me in few seconds that it is registered.
And here's a bonus: "Family name" doesn't applies to a fuckton of cultures/jurisdictions, similarly I don't have a middle name.
About a month ago I took a long afternoon being like "Okay whatever let's see how deep the rabbit hole of linux audio playback goes" (previously, previously). That was a mistake I guess but let's at least avoid others from doing the same and so share what I did as it's fairly complete (patches with reference/citations welcome btw).
I consider here as an Audio Output API any reused code which takes a PCM audio stream as input and which is designed to end up to the sound card at some point. In a simple system there should just be some decoders and cross-platform librairies going to the system native API (ones which are nicely desgined being SunAudio and Plan9 audio).
You'll definitely need a large screen if you want to see the whole thing at once.
I never really used OpenPGP for email but now you can email me (much more) securely via reop, my key is available on /reop.pub. I've yet to decide how to manage it since key rotation isn't always that great.
This got accompagnated with a move from pass(1) to creating secret(1), which is based on POSIX shell + reop instead of bash + GnuPG (or go + GnuPG if you use gopass), the code is also much simpler but still quite experimental. It also lacks something like an agent (which I'll probably write as something separated).
This means that the Nitrokey Start that I've been using on my laptop as a workaround on GnuPG bugs (yes…) is getting quite useless now, I'll see if I could make it hold my reop keys with a custom firmware.
And it means that app-admin/pass-otp that I maintain in gentoo is going to be up for grabs.
/bookmarks got a bunch of new links for music platforms, webcomics and more
Everything got moved to XHTML (so I can now validate all my pages with it) and kdb+samp elements are now used in code to ease copy-pasting. Adding all the articles in the Atom feed and timestamping them is left to do.
Badwolf
1.0.0 got released (about a month ago)! A 1.0.1 will soon get released as there is few bugs.
Pleroma
I mostly did code reviews, a lot of them, other devs have been in code writing mode I guess. Anyway other than these:
Fixing videos with peertube, they should have fixed it on their side but will have to check. We should also have complete descriptions now.
Alpine Packaging, package is done but testing is left to be done.
Notification when a poll expires: WIP, doesn't works
I also didn't touch things other than the backend except doing a bundle for MastoFE (which still freezes into WebKitGTK, this doesn't happen in regular mastodon so glitch-only bug I guess…).
Forge
I would quite wish to have a forge for my projects (stagit having quite a lot of limitations). I tried SourceHut but that wouldn't really fit my needs well (it's quite community-oriented) and I ran into some issues while setting it up. Not a huge surprise to me, it's an alpha software and to be honest I didn't much motivation as I wanted something that would be quite free of maintainance and community-management.
That being tried, I would gladly use and recommend SourceHut for communities as I think it's really well done for this. Also would remind that gitlab is a slow pain as it's user interface doesn't scale. For example I often open diffs with curl $url | vis - for large code reviews because scroll speed is very slow, and it's API sucks enough that I can't give annotations back without doing a representation similar to their frontend.
I'll see how gogs/gitea works (used it a bit in few places) but IIRC it has some limitations and not sure how hackable it's codebase is but probably not so much.
Otherwise I'll do my own forge, will see if ForgeFed could be interesting but probably not so much, compatibility and sharing code with projects like SourceHut will try to be done.
Anyway kind of wishlist / destination:
All communication via git+email and maybe bits of ActivityPub for non-code parts
Web interface is only a read-only viewer, likely ran as a separated process
Support for a builder, might just be sourcehut one with some patches otherwise maybe buildbot
Support for custom assets for tags and commits
Some way of doing git-aware ticketing + milestones
Support for viewing manpages (at least mdoc) and markdown in HTML format
So, like an absolute madperson I tried blocking cloudflare IP-ranges on my laptop, cloudflare nicely provide the list their website (otherwise there is stuff like peeringDB and ISPs looking glasses). Also my laptop has it's own DNS resolver (with unbound) with no forwarding so I ended up getting a bunch of unreachale hosts just because they where using a cloudflare-bound nameserver.
Configuration
configuration file for nftables
#!/sbin/nft -f
flush ruleset
table inet filter {
# https://www.cloudflare.com/ips-v4
set cloudflare_ipv4 {
type ipv4_addr
flags interval
elements = {
173.245.48.0/20,
103.21.244.0/22,
103.22.200.0/22,
103.31.4.0/22,
141.101.64.0/18,
108.162.192.0/18,
190.93.240.0/20,
188.114.96.0/20,
197.234.240.0/22,
198.41.128.0/17,
162.158.0.0/15,
104.16.0.0/12,
172.64.0.0/13,
131.0.72.0/22
}
}
# https://www.cloudflare.com/ips-v6
set cloudflare_ipv6 {
type ipv6_addr
flags interval
elements = {
2400:cb00::/32,
2606:4700::/32,
2803:f800::/32,
2405:b500::/32,
2405:8100::/32,
2a06:98c0::/29,
2c0f:f248::/32
}
}
chain output {
type filter hook output priority 0
policy accept
#ct state invalid drop
ip daddr @cloudflare_ipv4 counter reject
ip6 daddr @cloudflare_ipv6 counter reject
}
chain input {
type filter hook output priority 0
policy accept
#ct state invalid drop
ip saddr @cloudflare_ipv4 counter reject
ip6 saddr @cloudflare_ipv6 counter reject
}
}
Unreachable services
Cloudflare Interception service (border-patrol reverse proxy) and anything behind it
Cloudflare Nameserver service (DNS for your own domains)
Cloudflare DNS-over-TCP/HTTPS service (centralising all your DNS to one point)
DigitalOcean and Linode nameservers goes to Cloudflare IPs, probably cloudflare own nameservers
Unreachable hosts
Here is some notable ones, reduced to the NS zone when applicable:
A bunch of the fediverse (feels similar as to when IPv4 goes occasionally down for me)
joinmastodon.org
Some blogs, few from people which I though to be a bit privacy-conscious. For example angristan.fr and PatternsInTheVoid.net
Note: most of the time the www.domain.tld host is a CNAME to www.domain.tld.cdn.cloudflare.net. Which at least means that the rest of the domain should be reachable.
I applied this filterting on the 2020-05-17 and ended up reverting it few days later because I needed access to most of these sites and I couldn't use Tor for the few of them because cloudflare is basically anti-tor by design and opinion.
This means that quite a lot of websites can be censored, same goes for domains. And cloudflare litterally declares that they are basically an extension of the cops as they are taking actions based on their own morality compass (juridiction) and actively working with the states.
1.0.0 is so ready it feels like it's going to pop-out at any moment, only thing is few tweaks as I dogfood it, you can probably expect it very soon™.
Gentoo
I helped get gstreamer 1.16.2 get bumped into the main tree, patches for make 4.3 compatibility weren't so easy but at least the rest of the community is there to provide some patches, which I reused. I also upstreamed a bit of my changes to the webkit-gtk ebuild, let's see where that goes.
Linux Audio, Livestreaming
As ALSA is a broken API where a regular application can take over and block others from using it, I moved to sndio, of course few days later I discovered that a linux weenie deleted support for it into mpv's git master branch. Next release of mpv is gonna be great.
Anyway, sndio also allows me to easily record from a microphone and the system sounds, which will be useful for livestreaming if I ever do that, I tested HLS a bit as webkit-gtk can support it natively (with the right gstreamer plugins) and it's pretty easy to setup, feel free to ask me for some livetsreaming things, I'll probably do some once I get the Valve Index that I ordered, expect me doing some sign language (I learned French Sign Language, I have basic skills) as an anime girl I guess.
Apparently OBS Studio doesn't have support for sndio but the sndio API is great so I'll probably code a plugin if no one already did that, I could use ffmpeg or gstreamer directly but that's quite painful to set up and not easily flexible.
ActivityPub
I created a basic CLI-based client / toolbox for ActivityPub Client-to-Server, available on /git/ap-client/. It's also yet another thing I done with perl, feel free to do some review of it or some patches if you're familiar with perl.
For now it's very barebones but I expect it to become a usable client over time.
A bit more than a year ago I started writing my own browser based on WebKitGTK, which I named Badwolf (the name is actually from ~2013, similar project but it didn't went far). I quickly ended up using it as a daily driver, before it was even ready for that in my opinion but I was left with no choice simply because rustc is a pain to compile (I love having to do handpatches…) and that's needed for firefox to compile (which is also painful), and chromium taking 11+ hours to compile (with often having to resume it because it would have got OOM-Killed) was just a major pain, meanwhile WebKitGTK takes about one hour to compile on my desktop or laptops (yeah even the one with an Intel i3 first-gen).
In the meantime I done an archlinux chroot for some painful programs to go in (Firefox, Chromium, LibreOffice, Steam), but other than the very rare broken website I don't use it (and I'd rather use another distro in that chroot). Not even for tests as I don't do much of frontend and I don't really use modern HTML features anymore in my website.
It made me drop a bunch of the stuff I had on Firefox/Chromium:
HTTPS Everywhere+Smart HTTPS: Yet to be replaced
Certificate Patrol (basically TOFU in the browser): Yet to be replaced
uMatrix: for now just a javascript toggle (which webkit cleanly provides to me)
uBlock Origin: Replaced with wyebadblock which basically just misses CSS filters (could I could consider a feature)
Popup blocking: popups are just opened in a new background tab, could get some blocking
But! In my opinion WebKit is already much better than Firefox at privacy, for example ephemeral sessions (hardcoded mode in badwolf) will save absolutely nothing to the disk, which is something that is quite how Apple (or at least their employees) seems to want in a browser anyway. Mozilla could try to dance around with finally picking some of the modifications done in the Tor Browser but as far as I can tell there is still very large differencies between the two.
As far as RAM usage goes… well it's a modern web browser so it'll eat whatever is available, a laptop with 4 GB seems to still be quite confortable with it, WebKit seems to not clean up WebKitNetworkProcess when I close a tab but it's basically the only thing that stays so I can just close a bunch of tabs and get back some percents of memory. (and after something like 2 months close some windows) I haven't needed to put my browser in a cgroup to limit it's memory usage like I still do with firefox/chromium.
On the other hand, startup time is so fast that I don't feel the need to have badwolf [url…] commands try to hook to an already running session. I litterally just spawn a new one for each link in my RSS/Atom feed and it's fast enough on my desktop with some quite slow (but reliable) SATA 1 HDDs.
On the developer side of things: WebKitGTK is unusable with overcommit disabled thanks to GLib (it's calling abort() when malloc returns NULL which is great as it kills the whole browser when doing stuff like opening a new tab…), can't be fixed now because that would break the ABI/API because some parts are no return value, this is why you should use int which is the default as a return value and one that you should use unless you're absolutely sure that it will never fail.
Linux maintains bugs because the userland also does so…
Future
BadWolf 1.0.0 should arrive soon™, main blocker is documenting the interface so it can be properly put as stabilized. I'll also try to finish installing SourceHut on my setup so I at least get a tracker and CI from it.
Suggestions based on Bookmarks have been done in a branch but it's a pain to make it work in multiple tabs and I get a crash deep into GLib when 2+ tabs are opened and I close one. Anyway, I will also write a standalone bookmark editor at some point, probably using GTK so I could also spawn it into badwolf.
History should also be done at some point, it'll be properly isolated from WebKit to not lower the privacy. Only issue is a code-design/tools one so far, I wish to have the data saved into flat files with a separated index, I could try to write an agent(for multi-processes) and use SQLite but I'd rather avoid it because the data would be very close to a binary blob.
Proper configuration (with profiles/presets) is something that could be nice to have, I'm not a huge fan of putting the configuration in a C header, probably will also add some command lines options to change some settings (like javascript).
Download overview tab has been done, needs a bit more work but it's close to ready for production use.
And that's basically it, Minimalism is already an existant feature, let's try to keep it, WebKit already has extensions, I will maybe add some public API that you could use for the browser-specific parts but that's basically it.
Finally 2.0.0 is released (with a bunch of great pleroma-tan drawings), which means that old OStatus code got removed, it broke a bit of current federation with some instances but all software including GnuSocial are ActivityPub-compatible so it's just a matter of time.
GURU is is much better shape now, should have been just taking time for it to take off the ground, which isn't really a bad thing as rushing this kind of thing could end up in a huge mess. I started moving few things from my overlay to it and became a Trusted Contributor so been helping on keeping the master branch up-to-date. It also got added into repology which is great for visibility of the packages inside it. I wonder a bit what this will mean for the ::gentoo (aka main) repository and proxy-maint but so far it looks like a testing+helping ground before good ebuilds wanting to be maintained get there, which should mean better ebuild quality and less work for proxy-maint project which has been overwhelmed for quite a while.
My large changes addressing the inconsistent uses of USE=gles2 to mean either adding support or using it instead of full OpenGL got merged and deployed in stable ebuilds.
COVID-19 Lockdown
As I'm full remote basically nothing changed here other than much less motivation to go to store (I bought a bit more than usual beforehand, so quite far from crazy stocking) and not going to the hackerspace every Wednesday evening. Only part which is really annoying is that I had some paperwork which required physical meeting and that I can't buy any hardware (at least I done part of it before the lockdown).
So I bought a Lenovo T495 few weeks ago and received it on 2020-03-05 afternoon, as when you order from Lenovo you can customize it, here are my specs:
So far it has been a great laptop (will probably update this article later-on if this changes). I ran into some issues with AMDGPU when installing gentoo on it but I probably failed somewhere in the kernel config (sys-kernel/gentoo-sources, which reuses archlinux config as a base works fine, uses the same kernel version).
On the neat/great side of things:
It's a thinkpad so: There is a Hardware Maintainance Manual and some parts are replaceable by yourself; The keyboard feel is good and there is a good TrackPoint; The camera can be nicely shut
It is light (1.5 Kg vs 3 Kg for my previous one) and sturdy (I had previous laptop where the keyboard part could bend a bit when put on uneven surfaces, not this one)
The quality of the screen seems great to me (but not a graphist/photographer so no idea for the colors)
it works out of the box in Arch/Ubuntu
seems to have a great battery life (but laptops are 80% battery these days)
On the meh/nitpicks side of things:
Wtf is PrintScreen doing where Menu belongs? (I'm remapping this one of course) Fn/Ctrl should also be physically swappable (but whatever, caps is ctrl for me)
I wish it would have 2 slots for the SSD or a 2.5” SATA slot but maybe I can repurpose the WWAN PCIe slot
I had to buy a Windows license with it, will try to get it reinbursed or whatever. I think lenovo could put a no-OS or something like Ubuntu as an option
The speakers are quite good for a Thinkpad but could probably still get better
Was a great weekend, specially meeting other pleroma contributors and users (we got an actual pleroma gang of at least 20 people…) as well as some operating system booths (you could compile your own badge at gentoo's), will definitely go next year. We didn't went to many talks but for me FOSDEM seems to be more like about meeting up, it's something like Free and Open-Source Developer European Meetup after all.
Sadly I missed going to OFFDEM on Saturday afternoon to meet SocialHub (ActivityPub forum) folks, I realised it was the afternoon way too late.
I went by train, 4 hours and basically direct in both directions in a mostly straight line versus 6+ hours (with having to get up early) via plane by going trough Amsterdam or Lyon (I'm in Rennes) is just not it. Also costed something like two times more.
Pleroma and AFK life
I got hired for more pleroma work two weeks before FOSDEM so now I'm dedicating most of my time for pleroma and I don't have to worry about where the hell I would end up (I got no diploma nor had paid work experience). Currently having to suddenly manage a huge pile of paperwork for transfering or cancelling rent/subscriptions/… from my Dad to myself, hopefully everything will go well with the bunch of different deadlines (thanks France for not making it easier in some forms).
Gentoo
GURU is a mess, it's been two months since any push from dev to master. I think I'll try to become a gentoo-dev and move my stuff into the main repository instead.
My two important packages, app-shells/mksh and app-editors/vis got stabilized, I'll try to get app-shells/mksh stabilized on more arches as now that klibc got dropped as an optionnal-dependency it is available on more arches. Might also try to get my other packages stabilized after this but they're less important to me.
First thing first: Well done, this is the first article where I had to drop a letter from the title to keep the orthogonality between the title and the filename.
I went to the HTTP/3 talk at FOSDEM, it was quite interesting until I got reminded that the Web can't get it's shit right: QUIC basically has tracking of how good your connection/browser/… is, hello fingerprinting.
So none of my computers will have support for HTTP/3 or QUIC, I run gentoo and I have my own browser which reuses existant parts of the system, I wish other browsers would do the same but I have no hope there.
At worst I will have a reduced implementation of the protocol (for example no 0-RTT "Handshake") for compatibility if I get forced to use it.
But I don't see it coming other than maybe for less pain in Google ReeCaptcha (fuck your website if it's using it) as I still support HTTP/0.9 throught HTTP/1.1, and HTTP/2 is only enabled on my HTTP server just because nginx has support for it.
If there is one thing to fix in your broken protocol it's the fact that ETag is also great at being a fucking tracker, but HTTP 304 Not Modified is the same so congrats, we have caching with also having it being tracked. And of course the lawsuits went against KISSmetrics and Hulu instead of browser vendors or protocol designers, because if I had time for this shit (and any trust in the Justice) I probably would sue them, not the ones merely watching their logs.
The client should only do a HEAD to get new metadata and then do it's own side-effects. It's not tracking-proof but it would at least mean having to do tracking on multiple requests and with a risk of false-positives (HEAD and then sometimes GET being used by some software for link previews), while currently you can basically be 100% sure because it's part of the protocol.
The solution adopted by most frontend folks for cache managment was to put a hash into the filename, and it's quite a good way to do it in their case. It should only have been into headers rather than into the filename so it could be used by other folks and a hash/version in the filename would get more rare, thus having better caching.
So yeah, the 201? decade started with Sun Microsystems being acquired by Oracle… meaning the incoming death of OpenSolaris, the Operating System I was using at the time. I used it until ~2013 where I switched to Ubuntu, which I then dropped for debian in 2014-01 (with a try of a release candidate of FreeBSD 10 for about a week), which I ultimately dropped for Gentoo on the 2015-05-26 (date is from zpool history) and it's a system I'm still using and will likely continue using in the coming years.
Self-hosting
Hosted Software/Services
Self-hosting is something I started around 2013~2014 for a group of friends with a website, a Minecraft server and quite quickly an IRC server (with a chatroom linked to the server's chat). As at the time registrars web interface where quite poor and public APIs not as popular I hosted my own DNS at home. First with bind9, added DNSSEC support with a cron+some tool for few months but it's such a mess that I stopped (with few retries with other stuff like Knot DNS and PowerDNS, never again), switched to NSD when I had some kind of a DoS on my network happening only when DNS was reachable.
Started doing my own blog style website on 2014-02-28 with this commit, it changed a bit on the aesthetic (moved from pre-2010 3D-ish panel to terminal-style flat), the code didn't change much other than moving from PHP for the includes to Server-Side-Includes and daemon changed from apache to nginx.
Hosted my own XMPP server with prosody when Jappix went down, still using it, I often forgot I even run this one because of how smooth it's going.
Hosted my own git-daemon and git web view, mostly because I don't like forges. You can see how it evolved in My git server setup, it might evolve further as I need public tickets and a CI setup for running tests on my software and recipes.
I tried hosting my own Friendica node at some point but it failed quite quickly (do not put a database on a SD card…), real hosting of a fediverse node was with Pleroma in late 2017, which I ended up becoming a co-maintainer after doing some good commits. Which I quite done because gentoo has a tradition in upstreaming their changes and that Pleroma is nicely welcoming, Pleroma also quite made me change between "admin which can write patches in few languages" to "some weird mix of admin and developer".
2019-01 marks when I started hosting my own email server (I was using gandi.net as a forwarder and gozmail.bzh as a hoster).
I've tried setting up a Usenet server but INN is a bloated pain, configuration awfully reminds me of sendmail (which I gladly never touched). I could try NNTPChan or similar but I want to be compatible with the existing network (which is less active than when fedi was only GnuSocial but still), mostly for the archives and not really the software because they suck, one of them litterally does. Interest in it is killing mailing lists btw, I hate them, I had to setup DKIM (let's have your emails signed in a recorded signature with a key that could easily be retained as no one rotates it but me) because of this crap.
Hosting Hardware
This one is going to be weird but basically used my laptop, desktop, Raspberry Pi model B (2012/First Gen), BananaPi, … could even consider my Google Nexus 4 smartphone as I reused it for piratebox needs when the screen died.
Place to Place
Bits of family moves, 4 years in my own flat (which was great) which included 3 years of reaching to hotspots around, made me learn the hard way of how horribly bloated the web is, also made me learn routing to share one or more connections (multi-hotspot drifting!) and sharing data (like .deb files and later tarballs).
I travelled in Japan with my dad in Spring 2014 (photos) and Prague in 2019 (mostly for the ActivityPub Conference, thanks a lot to everyone there btw).
2019 Summary? What happened in the last months?
A summary of the least 3 months of 2019 will be done, there isn't much to say as AFK issues happened, doing a summary for 2019 is meh but might be interesting to do as well.
As you might know, I'm not a huge fan of OpenPGP so when I learned about OpenBSD's signify(1) I wanted to use it on doing my next software release, now is the time.
In a way similar to OpenBSD I'm going to rotate keys at least once every 6 months, I'll not probably not write blog articles on each rotation unless it nicely syncs with my status updates but I'll copy them into https://hacktivis.me/releases/signify/ and post them on the fediverse (like this) or any other place.
keys and their signatures
2019-10 is the first key present to have both key signed, actual assets will be using 2019-11 (the second key), first key being there only to show how the rotation is done.
2019-10.pub
untrusted comment: minisign public key C99CEA24AB65873
RWRzWLZKos6ZDNH4RrGKwA5/I4OUJtgR/CHZkn1Cac0Qxj9wTxH2WgIL
Bumped few things in GURU, done a clean of my overlay as pkgcheck is now quite more usable than it was, sent patches for mksh without klibc (as the ebuild is quite deprecated on gentoo) no answer yet will ping about it a month after I sent it.
As for the dbus thing: I'm just going to maintain the few modifications that I have for now in my overlay and I still haven't unbroke wine.
I'm early-testing clang-9 on my desktop (I run all my gentoos in stable except for few things where I pin the version if possible) as it allows to get LLVM/Clang without python-2, which I've been cleaning out for quite a while now and I'm starting to see the end of it for the stuff I have installed, specially on my servers.
Web browsing and mobile OS
I tried out WPE WebKit with the Qt API, I think I'm going to do a port of badwolf for it this way Qt could start to get a useable browser which isn't QtWebKit (seriously undermaintained) or QtWebEngine (Chrome in disguise… go away), also will try to have it working on SailfishOS but the whole environement is so ancient that I don't have so much hope for it unless maybe I do a chroot/LXC (probably alpine).
I will try again to build PostmarketOS on my gentoo desktop and otherwise in an Alpine chroot/LXC.
Infrastructure
I got a few bucks per month dedicated server at online, 2 slow CPUs, 1 Gbps of bandwith, 1 TB of storage. I haven't installed in on gentoo yet but it was quite a surprise that the Ubuntu ISO came with ZFS by default so I don't have to hack on too much around to manage to install gentoo. Sad thing about it is that there is no console so I can't do Entire Disk Encryption and the only recovery possible is via SSH. So I'm not sure I'll keep this server for a long time given this limitation but it will be quite useful for finally doing offsite backups (and encrypted "client-side" for these, thanks I hate it).
Also this server might be nice for doing livestreams so I might give a shot to configuring it if there is enough people interested in the whatever I feel like streaming (like: coding, sysadmin, gaming, stupid challenges, languages?, …).
Misc
I'm trying to get a PowerMac G4 running at the local hackerspace, this way I could try to do a bit of arch-testing on this architecture as well and I haven't installed my Ultra 10 on anything yet either but I wish I could get an (Open)Solaris and NetBSD dual-boot on it.
I crash tested NetBSD-daily on 2019-08-29 with ZFS on root, without success but I still have it on my laptop, tried asking on #netbsd on freenode but I got no answer. The way I did it was: create a zfs for NetBSD, extract the binary sets and reuse the grub+libzfs that I have with gentoo (also used for booting alpine), add grub entry for NetBSD such as:
2019-10-22 Update: Also note that I tried a bunch of stuff in the nice kernel prompt for picking a boot device, and yeah the first disk isn't encrypted on my laptop, but the second disk is and I got integrity checks.
I've been ranting against rust on social media from time to time and I quite want to put down why I just basically ban rust and specially consider it harmful as a system language, by that I mean stuff like libraries, as I might have to grow okay with rust for applications… (or maybe not, for now I'm ignoring update/new stuff done in rust, specially with rust as an argument)
There is no system libs
There is only Static Linking… another thing where a lot of stuff was thrown around, my take about linking is:
Dynamic Linking is great for shared libraries on a managed system so you can fix something once a for all
Static Linking is great for distributing binaries on unknown systems (Netscape still runs with official static binaries today, it's hopeless with dynamic)
Static Linking isn't well integrated in packaging systems (it's more often used for a minimalist rescue system, which tends to be a completely separated system)
Dynamic and Static Linking have both points for security and it all goes down if the system/environment is controlled or not (and any code in a broken environment is going to be broken anyway)
Additionally as far as I know, there is also no shared location on the system for static libraries (.a files in C) nor source code either (instead of binaries it could be the source).
So we end up with applications packages that are easy to spread out but difficult/impossible to maintain in the long term… I would call that a virus, good or evil.
npm-like scene for libraries
In npm you often end up with way too much parts, node_modules directory in my install of mastofe has 1063 modules, this is basically the amount of stuff you get on a basic (but not minimalist) Linux system. Rust has a quite similar way of ending up with a pile of dependencies for a simple application.
Now I want you to imagine that there is a patch or bump to be done on a library almost everyone uses, it will have to be applied on each dependent of the software (see previous section), which is probably going to take a very long time (like 2 weeks for a slow validation of a package maintainer and add a bit of QA testing time), there is two three ways I currently know on how Rust is packaged:
Network fetching by cargo: Applying it is going to be a mess but you have no reproductibility anyway so you could cheat a bit
Fetch done by the packaging system: Applying the patch should be possible
integrated in the tarball: Applying the patch might be a mess as they might have slightly modified the code
Extra: The main and only de-jure complete implementation is unstable
You probably heard it before "Rust has no specification", which means that rustc is the de-facto only implementation of rust, the rest is something similar to reverse-engineering (like clang/LLVM has to do on some GCC extensions but it's the whole language instead). It also happens that rustc tends to break a lot, I often end up editing it's code for it to work with LibreSSL or other C issues almost no software has these days, funny for a language which tends to be branded as a C replacement.
Conclusion
So we end up with code than cannot be realistically be updated in a timely manner for security, yet there is C/C++ libraries moving to Rust (with a Foreign Function Interface to keep API compatibility), I would quite appreciated if libraries wouldn't do that of all the things.
Also, there is nothing in here specifically about the language, I didn't learn it, I don't consider it to be something I would want to use. Go has been in the same position for me until the modules came and I'm quite glad there is a more high-level language which is great with networking and parsing because for me that's been a pain point in C.
So, third monthly summary, started it seriously late. It's something I want to do anyway, as I find regular work summaries to be very helpful. And I didn't do the draft thing I though about going in the previous one.
Wayland
No real news on this one other that I hate NVidia GPUs and being completely stuck with nouveau because it's on the legacy branch 340.xx of NVidia which is stuck on a old kernel branch so I can't really check if my bugs are hardware issues or not. At least I moved to an AMDGPU on my desktop in late April and it's been quite an improvement even in pure performances (OpenCL vs. CUDA, hardware support for HEVC, less wattage).
Badwolf
I'm slowly designing a library to parse XBEL files as Foreign Function Interfaces from C (Badwolf) to another languages are quite bad. I want it to be a good one so I looked at other implementations of XBEL and similar data storage libraries.
I've been thinking of adding history to Badwolf, one which WebKit wouldn't have access to (this one should be basic since at least Snowden…), could be in XBEL format as I want to have at least the timestamp, URL and title, might just be a log file that is to be used against syslog and/or logrotate. I just wanted it to be with XBEL so this way I don't have more stuff to do, but knowing how long XBEL is probably going to take…
Pleroma
Just reviewing most of the Pull Requests and sending the occasional patches.
I'm going to the ActivityPub Conference, plus two extra days in Prague (leaving in the late-afternoon of September 20th) as I never went in Czech at all (done Berlin and Amsterdam for the strictly east of France countries). I'm interested in quite a lot of the talks there so I'm quite hyped for it, specially as there is other people I quite want to meet.
Also while I wasn't really trilled about the migration from OStatus (nonstandard mix of small standards) to ActivityPub (loose own standard), the future of it seems to be going in quite the right direction. I'm thinking about OCAP, as "followers-only" and "unlisted" are pure hacks which have almost no reality in ActivityPub once you put interactions and different implementations behaviors.
Gentoo
Meh. I called for an agenda item on the issue with real names (Gentoo Archive). Probably opinionated summary of mine would be: They think it's okay to have {ano,pseudo}nymous developers being stuck on committing by proxy, which feels like You are part of the Jedi council, but you can't have a seat), and they picked the Linux Kernel as a sort of base… which isn't really a good example of a nice working environment (might have changed when Linus Torvalds stepped down to treat people better). Here is their summary and full log.
Whatever but I guess I might pick a distribution I like more on how they politically goes and manage, I have few ideas I'll try to dig a bit into: Adélie which dropped portage because of issues with Gentoo, Exherbo, NetBSD (only technical limitation being their support of ZFS on root so I can switch easily).
Without dbus
On evince without dbus: news about the PR, I should have sent it by email to gnome@ instead, will try this one. Honestly the one from the Gentoo gnome project wasn't really welcoming it but whatever, worst case it will keep being in my chaotic overlay.
I definitely broke wine in the process, haven't tried to repair it again. I don't use it often anyway, specially as quite a lot of games are either native by design or have been reverse-engineered to be native. And I don't have any other Windows API-only programs to run.
pure Real Life things
Having stopped my remote courses, I'm looking for certifications or jobs (the former being quite helpful in finding the latter when you didn't manage to get a diploma because the system doesn't works for you), I'll try on my own but any help is appreciated.
Summary of Summary
I feel like I've done much less things this month but well, for me it's the typical Summer Holiday and it should be my last one, and I quite expected theses summaries to actually be shorter the the first one as it wasn't only strictly about one month. And while I like holidays, I quite hope it's going to be the last two-months one, I seriously want to move on.
Okay, here goes the second summary, started it a bit late IMHO, maybe I should try taking notes in a draft when I feel like there is something important in the month.
Wayland
I finally switched to Wayland, full time for my laptop and just for some tests on my desktop. I didn't found a way to fix Waymonad for it to work on my machines so I went with Sway, which is quite nice yet lacks few things and in another way has too much stuff.
I ended up discovering with a bug that a window could resize itself out of it's allocated space. And in Sway it is quite invisible because the borders aren't updated, yet it will catch the mouse events. This quite reminds me of one reason on why I really love XMonad by comparison to i3: XMonad doesn't listen by default to windows asking to basically manage themselves, XMonad is the only one that should manage them (there might be few exceptions given that it's Xorg but still).
So I looked at creating a Wayland Compositor which will do it this way, even if I have to break some of Wayland in the way. I called her Inaban, in reference to the character in Koroko Connect which quite leads the group yet, doesn't have much trust in her peers. It's far from ready, regard it as a early WIP state and something quite experimental. Repository is at https://hacktivis.me/git/inaban and it is gui-wm/inaban in my Gentoo overlay.
Badwolf
I released version 0.3.0, which adds few things, I'm awfully stalled on a lot of things so I guess I'll ask around to other developers that might be interested in sharing some code.
One being bookmarks: I would highly prefer it for the native format to be XBEL for direct interoperability and just write a CLI tool for the Unix needs, problem is that AFAIK there is no standalone C XBEL library (KDE has a XBEL implementation but I'm no going to pull half of KDE for bookmarks), so I'll ping web browser developers that have XBEL in a more or less working state and are using the C language. If this works this would at least means that they would have a more complete XBEL implementation.
On the Content-Blockers: I haven't retried again, will look into other WebKitGTK browsers to see if they implemented it. Otherwise it's going to be digging in MiniBrowser again.
Pleroma
We finally released version 1.0.0, alias 0.999… I'm slowly getting more active in it and restarted on reviewing most of the code. Credo almost skipped my mind and haven't started re-reading the code to see if there could be stuff to improve.
Gentoo
On the migration from my overlay to GURU, I'm cleaning my ebuilds in my overlay to clean them so they can be sent to guru, taisei for example should be there soon.
Without dbus
On evince without dbus: no news on the PR, sent a ping as I was writing this.
I probably broke wine, even with USE=-udisks (I have this USE flag set like that for years, one reason was trying mdev instead of eudev and it stayed like that). But so far everything else has apparently been working fine.
I have yet to find a native Wayland terminal which works without dbus and isn't in a broken language/ecosystem (like alacritty in rust). I tried wlterm, needed a patch to work with a years old glibc change, and then it fails at linking time, might look into it again. The terminal that I've been using for quite a long time is st - simple terminal, so I would quite prefer to keep on using something about as light on it's code as it's really neat to patch if you have anything you want to change in it.
Gentoo Dev
I sent one email on becoming a co-maintainer for cjk@, got no answer, I guess I might just get more involved on exiting packages to know the devs better so it's less of a shot in the dark.
Random things of last Summary
Still haven't managed to get Perl from pkgsrc to work on my phone, even with seriously hacking the Makefile. I guess I'll try it with Gentoo/Prefix instead as SailfishOS build recipes are based on shell and I'm much more familiar on how ebuilds are working than pkgsrc
Revamping HackerAgenda is still in my todo but I've quite been avoiding it as it's in python and I failed to get it to work in it's current state. Will see if I manage to fix that.
I quite failed to continue Russian on Duolingo, it's too much in a homework-like way and I haven't looked for Russian media to read, so just been using wiktionary from time to time on what I have in some of my search results and Fediverse posts
I'm trying to start regular summaries of what I done, for now I think theses will be done monthly but might be done each two-weeks instead as that's what I was used to for four years until a year ago (at the "Lycée Expérimental de Saint-Nazaire”). Might also end up being in French as that's my native language (even if I almost never use it on the internet). This should also help in finding what I have done as most of my work is scattered around.
So here goes a summary of what I've been doing this month and a bit before so you get context.
Badwolf
So I started doing a web browser WebKit interface, named Badwolf, I quite wanted to for years (in fact the name dates back from around 2014 if not even older as I started watching DrWho in 2010~2012). I looked at a bunch of other WebKitGTK browsers but none really fit for me. Either it's Qt-based so you get either the seriously unmaintained QtWebKit (btw you might be interested in Introducing WPEQt, a WPE API for Qt5) or QtWebEngine which is basically chromium code more or less cleaned up to become a WebKit-like library and updated on the regular Qt release cycle. What's left is GTK, why not but the issue was that none were really useable, either they were quite large ones that would take a long time before being able to hack confortably on it (Midori, Epiphany), or ones that were really opiniated on how to do a true Unix-Philosophy browser and often were using vi shortcuts which I love for edition but hate for browsing (specially as it's broken with Web Apps), I find it even meh in a Shell so not surprising to me.
Badwolf is useable as a daily driver, if you do not mind going back to just /etc/hosts blocking and a simple JS-toggle for now (this one is seriously going to get fixed), I would consider it to be in a Beta state. I tried to add Content-Blockers to it but I can't seem to be able to get it to work… and I don't have errors so I’m waiting for a browser other than WebKitGTK MiniBrowser to look at how it's done. I'll try to also merge in proper WebKitExtension support (for now I have a patch as the path isn't definitive, might end up being a #define to uncomment in config.h).
Slowing-down on Pleroma for a bit
I tried to do a sort of pause on development and code review (even updating my instance…) as it's been more than a year, I think this is more or less done so I guess I'll soon come back on it as there is still stuff I want to do. Like: Getting credo to be used in a more fuller way, auditing more of the code in a global way.
Gentoo
I became part of the Gentoo GURU Project as a Trustee Committer, so I'll be reviewing commits with a bit of non-blocking reviews, and pushing more things from my overlay to it (if you use or want to use stuff from my overlay ping me because I would prefer to have it into GURU, my overlay being quite experimental), specially stuff that I do not use much but quite want to share to others. Of course, the only hard-exception from GURU being my overrides on gentoo ebuilds/profiles (I try to upstream them in the main repo, recent one being evince without dbus).
Also as I only stated it on the fediverse so far: I really dislike the real name part of GLEP-76: Copyright Policy, it's sad because I quite like how we finally have some clear way on how to do copyright. I hope this won't stay a pain point, specially as how it's basically a barrier for fellow trans people (I which I could at least proxy your code if some wanted to…).
In pull-request #11441, I became the maintainer for app-shells/mksh as I wanted to fix a packaging bug in it but it was maintained-needed for few months.
It's a shell that I have been using and liking a lot for quite some years now, I would seriously recommend it if you want a POSIX-compatible Korn Shell.
I still proxy-maintain www-plugins/passff{,-host} but I will probably look for other people to co-maintain it or take it over at some point because of my lack of firefox usage in the last months.
I am still undecided if I should become a Gentoo Dev or not, I think I should try it, specially as that would mean having more power (and more reponsabilities) on the distro I'm quite stuck to.
Random things
I'm trying to get out of SailfishOS on my phone (OnePlus One) in small steps, it's a wonderful phone distro but compared to other nicely maintained generic distro it sucks a bit as it's missing stuff like tmux and compiling on it is a pain (like any other binary-based distro). I tried Gentoo/Prefix and it failed, same goes for pkgsrc (which is mainly from NetBSD). So I guess I'm going to go Linux From Scratch in a quite GoboLinux-like way so it's quite manageable without a package manager.
I'll probably revamp HackerAgenda which is an events aggregator by using APIs/Scrapping on a lot of platforms. As I want to do a local instance for events I am interested in (and why not a bunch of others but meh at centralisation to me), I wanted to do that when I came back to Rennes about a year ago but I'm not a pythonist so I guess I quite dropped it easily.
I still quite like to learn other languages so I started Russian on Duolingo, but if you have easy to understand stuff done in Russian I would quite like it. Stuff like Series/Films, Comics, Games, Music, Poems, … probably not books as even in English/French I don't read them much.
init: the init file I wrote, included in the initramfs of the floppy image, could be done better
fdimage: The floppy image (2.88 MB), done with make fdimage288 FDINITRD=/boot/initramfs-smol.cpio.xz
Some people might be wondering why I did this: Well, I saw this blogpost of cramming Windows 3.1 + some extra in the coreboot virtual floppy. And looking at how my kernel images where relatively well stripped down (5 MB for the kernel of my VPS and about the same size for my other machines) and that busybox is damn small (~700 Kilobytes), yet has all the neccesarry userspace tools required to install gentoo (iproute2, udhcpc, fdisk, mkfs, wget, …).
Also while the floppy version isn’t very useful nowadays, the kernel+initramfs is quite useful for netbooting or installation on a VPS which already has a Linux Install but doesn’t have a good enough ISO, which I basically never have since I use ZFS and interestingly Alpine Linux, which can be used for that, isn’t much present (I already had a quite generic kernel+initrd but 4 times bigger).
It was quite fun to do, even if I needed to launch the VM quite a lot of time until I got all the drivers for QEMU to work. And so, here is what is present in the kernel:
Architecture: amd64
USB: Human Interface Device (HID), Mass Storage (only USB 2.0)
Storage: msdos/GPT partitions, Ext2, FAT (in unicode)
Networking: IPv4+IPv6, TCP, Intel+Realtek cards
Graphics: reuses the VGA framebuffer
Compression: XZ on kernel + initramfs
Note: The permissions for the /dev files are wrong, which is probably why udhcpc is broken. And it requires you to put FEATURES="-userfetch" in /etc/portage/make.conf. I guess this will make me fix some stuff in make-initrd.
btw I managed to not hit the floppy limit (except when I tried without XZ on the initramfs), but I didn’t find a way to see the occupied size on the floppy. I would probably have tried to cram more stuff in it like tinyx / tinyxserver and/or useful recovery tools. Such a floppy-based linux was Basic Linux from 2005 but it’s apparently dead and it used either DOS for booting or two floppies.
NightmareMoon: Desktop machine, plagged with broken rDNS
minion: BananaPi Server (offline at the time of writing)
cloudsdale: VPS at Hetzner
NightmareMoon
OpenSMTPd: 6.4.1_p2, patched to accept non-root owned certs
libasr: 1.0.2 (with res_randomid patch)
libc: GNU libc
OpenSMTPd config
pki minion.the-delta.net.eu.org cert "/srv/certs/minion.the-delta.net.eu.org_rsa.crt"
pki minion.the-delta.net.eu.org key "/srv/certs/minion.the-delta.net.eu.org_rsa.key"
queue encryption [REDACTED]
smtp max-message-size 4M
listen on enp3s0 port 25 tls pki minion.the-delta.net.eu.org hostname minion.the-delta.net.eu.org
listen on lo
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
# Lines with <cloudsdale> are legacy because of libasr-1.0.2 under musl, now fixed
#table cloudsdale { 2a01:4f8:1c17:4b6d::1, 138.201.117.120 }
action "local" mbox alias <aliases>
action "relay" relay helo minion.the-delta.net.eu.org host smtp+tls://cloudsdale.the-delta.net.eu.org
#action "relay" relay helo minion.the-delta.net.eu.org tls no-verify
action "backup_relay" relay helo minion.the-delta.net.eu.org backup mx minion.the-delta.net.eu.org
match from local for local action "local"
match from local for any action "relay"
#match from src <cloudsdale> for any action "relay"
match from any for domain <domains> action "backup_relay"
For now minion/NightmareMoon doesn’t store my emails but this is what is expected at some point, thus inverting backup and main too. It is configured to be a backup MX and to send internet emails to cloudsdale (because of the broken rDNS).
Cloudsdale
OpenSMTPd: 6.4.1_p2, patched to accept non-root owned certs
pki cloudsdale.the-delta.net.eu.org cert "/srv/certs/cloudsdale.the-delta.net.eu.org_rsa.crt"
pki cloudsdale.the-delta.net.eu.org key "/srv/certs/cloudsdale.the-delta.net.eu.org_rsa.key"
queue encryption [REDACTED]
smtp max-message-size 4M
# internet
listen on eth0 port 25 tls pki cloudsdale.the-delta.net.eu.org hostname cloudsdale.the-delta.net.eu.org tag IN no-dsn
listen on lo tag IN
# If you edit the file, you have to run "smtpctl update table aliases"
table aliases file:/etc/mail/aliases
table domains file:/etc/mail/domains
action "deliver" maildir alias <aliases>
action "relay" relay tls no-verify
# Legacy: libasr-1.0.2 tarball is broken with musl, use git
#action "relay" relay host smtp+tls://hacktivis.me
match from any for domain <domains> action "deliver"
match from local for local action "deliver"
match from local for any action "relay"
DNS Records
This is what I have in all my zones (I use a $INCLUDE, which supported by nsd):
There is no filtering yet, I don’t have much spam but adding rspamd is planned (hopefully OpenSMTPd will have filters then)
I don’t require tls when receiving emails, I got about half with and without TLS, I also use the default config for the ciphers as it’s a good enough one (not PFS but no broken ciphers)
I require TLS when sending emails but not a valid certificate (yet), this is quite something where self-hosting is required, I didn’t need to put exceptions yet
There is no DANE/TLSA because I do not have DNSSEC and I’m not adding MTA-STS because it is a mess
I do not use IMAP/POP, using Maildir with a remote mutt is perfect and I can still use ssh (sshfs and set sendmail=ssh machine sendmail …) if I need to have mutt locally (like for attachments), thus removing a large piece of software to maintain
This article is in early drafting process, made public so I get comments and more people can be aware
OpenPGP
Pretty Good Privacy standard, derives from the original PGP implementation. "PGP", "Pretty Good", and "Pretty Good Privacy" are trademarks of PGP Corporation. The term "OpenPGP" refers to the protocol described in this and related documents.
GnuPG / GPG
Gnu Privacy Guard, main/only implementation of OpenPGP
OpenPGP standard
Compression
Furthermore, compression has the added side effect that some types of
attacks can be thwarted by the fact that slightly altered, compressed
data rarely uncompresses without severe errors. This is hardly
rigorous, but it is operationally useful. These attacks can be
rigorously prevented by implementing and using Modification Detection
Some additionnal ciphers got added later on, but this basically mean that you cannot be sure that a OpenPGP message you sent wasn’t done in more-or-less plaintext. DES was broken by the EFF in 199x, 3DES is basically now on about the same size (NIST: 80 bits of security) but computing power got much better, SHA1 was probably still known as okay but could be better (as SHA2 was already a thing), DSA was probably not now enough as good to be hardcoded, no idea for Elgamal.
I tried few years ago to build a GnuPG without support for theses broken ciphers, and I failed doing so. One can note that SSH requires 3DES-CBC, but it can be disabled or non-implemented (tinyssh).
13.4. Plaintext
Algorithm 0, "plaintext", may only be used to denote secret keys that
are stored in the clear. Implementations MUST NOT use plaintext in
Symmetrically Encrypted Data packets; they must use Literal Data
packets to encode unencrypted or literal data.
14. Security Considerations
* As with any technology involving cryptography, you should check the
current literature to determine if any algorithms used here have
been found to be vulnerable to attack.
[…]
* There is a somewhat-related potential security problem in
signatures. If an attacker can find a message that hashes to the
same hash with a different algorithm, a bogus signature structure
can be constructed that evaluates correctly.
For example, suppose Alice DSA signs message M using hash algorithm
H. Suppose that Mallet finds a message M' that has the same hash
value as M with H'. Mallet can then construct a signature block
that verifies as Alice's signature of M' with H'. However, this
would also constitute a weakness in either H or H' or both. Should
this ever occur, a revision will have to be made to this document
$ gpg --version
gpg (GnuPG) 2.2.10
libgcrypt 1.8.3
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/haelwenn/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
“LOL”
It leaks a pile of metadata (time, implementation name+version, …)
There is no deniability possible, there is quite a difference between no-authentication and deniability, to be elaborated on
Your public key/identity will end up on the keyservers at some point, no exception.
There is no forward secrecy
OpenPGP in real life
Real Name policy and other stuff that should be optionnal in the Public Key Verification process (An ID card? Seriously?).
The keyservers/Web-of-Trust is architecturaly vunerable to a DoS by spam. keyservers.md
Bonus: Keybase is a fuck
Keybase is what you get when you want crypto (just the math), but you do not care about security (they are called secrets for a reason) or privacy (social-media with a cryptographically verified graph that lives forever…).
It is centralised (and so proprietary) and harms decentralisation. For example: pleroma basically can’t have keybase integration because the instances are too small, lol, mastodon instances are way too big.
As an alternative (and if you still want OpenPGP), I think putting your fingerprint everywhere you can and putting you minimal public key on your blog is a much better way, and it can be automatised a bit (OPENPGPKEY DNS record, IndieWeb rel="openpgp", …).
This is a port of a loose-thread I made on the Fediverse while trying to delete an account on codacy.com that was supposely linked to BitBucket (Atlassian service).
So after trying to log into Codacy via BitBucket via Atlassian while not remembering either the email nor the password (yeah it was already a huge mess), I guessed the email would be the same as the one Codacy send me the notification.
So I go to account recovery, it sends me a email with a overly large link (~1180 characters) to reset my password, google recaptcha greeting, fill the password, omit filling the Full Name, “Submit”, help train the Google AIs, “Full name must not be empty” (at this point I’m quite aware that they are fucking noobs at doing web), fill it, “Submit”, “I’m not a Robot”
Wait… did they just send me a password reset link while my account is non-existent?
Whatever, I end up on https://id.atlassian.com/manage-profile, which goes into a redirection loop (noobs). Well let’s see if there is another way to delete the account. Search for “GDPR Atlassian Delete”, after a bit I end up on a heavily bugged webpage headed “Request deletion of personal data”.
First image is without accepting launchdarly in uMatrix, second is why accepting it. Enjoy the non-sensical error message.
So once their widget works: There was an error during form submission. Please try again later. Well I try right away (with google recaptcha allowed in the meantime): it works
And few seconds later I receive this in my emails:
*****************************************
Your request to delete your personal data
*****************************************
We received a request to delete your personal data. Because you have an Atlassian account, you need to delete your account, which will delete your personal data along with it. To do so, log in to your account and go to the
*Delete account* tab. If your organization manages your account, ask an organization admin to delete the account for you.
Log in to your Atlassian account ( https://id.atlassian.com/manage-profile/close-account )
If you didn't make this request, you can ignore this email. We won't delete your personal data. Report this email. ( https://support.atlassian.com ) Thanks, The Atlassians
( https://www.atlassian.com )
So back where I was…
I fiddle a bit with uMatrix on the loop-redirecting id.atlassian.com, end up creating a clean firefox profile, disable referer spoofing on it and it finally loads.
git: Make sure commit.gpgSign isn’t set. (system-wide: git config --system --get commit.gpgSign, user-wide: git config --global --get commit.gpgSign, repo-wide: git config --local --get commit.gpgSign). To strip existing commits run git filter-branch on the repositories.
Email: Disable OpenPGP Signatures in your client if you did (also avoid Protonmail), make sure DKIM is non-existent, you may have to self-host your email
Fediverse: For Mastodon starting with 2.7.0 (released 2019-01-20 12:40) you should use non-public statuses by default (See Pull Request #9659). Otherwise you can use Pleroma which doesn’t have JSON-LD Signatures.
XMPP: Do not use OpenPGP or OX, OMEMO seems to have good deniability. I’m not very sure about OTRv3 as Simplifying OTR Deniability (referenced on OMEMO’s page) doesn’t mention the version.
Why?
It’s something that weirdly doesn’t seems very popular in cryptonerds circles. Long-term signatures in a computer world basically is that everything that you send can and will be used against you and people you interacted with or wrote about and there is absolutely no deniability about it.
For example with DKIM: The content of the message is known to not be modified and to have been send by the right provider. What is required? The email and a DNS record (which is usually not changed). No interception whatsover is required. Also this standard absolutely doesn’t help against receiving unwanted messages (aka SPAM), so in my opinion it’s a waste of human time(configuration) and computing power.
Did you ever send a message that can be used against you or someone else? Probably (I surely did, please do not continue on this). Also if it can’t be used against you right now, it might be later.
Date: Sun, 6 Jan 2019 01:54:46 +0100
From: Haelwenn Monnier <contact@hacktivis.me>
To: graphics-dev@chromium.org
Subject: Nouveau blacklisting
Message-ID: <20190106005446.GA22465@cloudsdale.the-delta.net.eu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
Hello,
I would like to complain about the blacklisting of nouveau in the
chromium graphics stack, nouveau is a useful replacement to the proprietary
driver and linked tools from NVidia, notably, because of the following cases:
- Ethics/Choice, nvidia being a proprietary driver, that litterally gets
about everything graphics related passed to it, it can be very sensible, be it
for privacy or politics (they could ban applications or some API).
- Wayland, as the nvidia driver wrongfully provides their own API that only
a very few compositors provide. wlroots, created for usage in Sway for example
will never support their API[1].
- Up-to-date software, the proprietary driver has quite the history of lagging
behind on the software it depends on, for example the 304.xx legacy branch
needs a vulnerable Xorg branch(1.19.x) and when spectre/meltdown arrived a
legacy branch was incompatible with the stable branch of the linux kernel
at that time.
Which honeslty is quite funny considering that you apparently banned it
because of outdated mesa builds[2], which just cannot be fixed with the legacy
branch. Something which I think will probably get even worse if WebGL will have
to use the slow and power-hungry software rendering.
I do not think that chromium is very liked in a lot of the linux community,
probably because of the overly large codebase and the link to Google, but doing
this will probably raise quite a large and visible flag to even non-maintainers.
1: https://drewdevault.com/2017/10/26/Fuck-you-nvidia.html
2: https://www.phoronix.com/scan.php?page=news_item&px=Chrome-Blacklisting-Nouveau
--
Haelwenn (lanodan) Monnier
https://hacktivis.me/
I finally added a syndication feed, using the Atom format (and xHTML for the articles)! (seriously after all theses years?) I’m pretty sure the URL for it isn’t backward-compatible with what I had a long time ago, so you’ll have to update.
The link is available on the navbar and have proper metadata so it should show up in your browser, but here it is for completeness sake:
Few weeks ago I changed the colorscheme of my terminal from solarized (which has quite too much blue even with redshift) to gruvbox (by the way here is a commit to patch st-0.8.1 with switch from light and dark), which also has better contrast and something I wanted for a long time: all the colors are viewable nicely, unless you set the same color on fg and bg and maybe few similar things.
And having a colorscheme which has poor contrast even for my probably good eyes on a website is totally not something I wanted to keep. And so with this colorscheme default foreground with the soft background nicely passes the WCAG AAA level with a ratio of 9.57:1.
Microsoft and similar Corporations are well-known for doing this kind of thing, we cannot have permanent links or main forges based on something like that.
Also microsoft may like Open-Source (and probably not GPL), but the same goes to Google, do we all trust Google with our and others data? Also Google Code created a pile of dead links.
And this post will probably evolve as Microsoft apparently haven’t finished aquiring Github.
Lack of Transparency / OpenData
Currently all the tickets aren’t available in a open manner (I know gitlab can import them, but AFAIK you need a Github account for that and control over the repository).
One true alternative to this that is used in real life is debbugs (used at debian) by using emails, and bugzilla with their RSS feeds.
I also see some projects and their owner from time to time being removed from GitHub with no messages at all on their side. And looking at their Terms of Service there is a bunch of ways you can be banned. (search for "suspen" and "terminat")
So if I didn’t mess up the math there is at least over 26% of software in gentoo ports/packages that are more-or-less hosted on github. I think a better version could be obtained by incrementing one package if there is github in the metadata or the latest ebuild. It would be awesome if repology.org could have some stats on VCS providers usage btw.
Github is a bad interface
(This parts also applies to most git-based Forges)
Pull Requests shouldn’t be the only way to send modifications, they are meant to maintainers/frequent contributors, not someone that send patches from time to time. (I love sending months of commits to github…).
Pull Requests also puts more burden on the contributor than on the maintainer, it means that whatever modification often have to be done by the contributor otherwise it’s not mergeable, which may know nothing about your coding policies. I’m pretty sure this is how you have long-standing PRs that became broken because other stuff came in.
Also GitHub is very inpopular with designers and others non-coders, and for a good reason, git is meant for versioning code/text files and it does that well. But for other stuff? No, it’s basically a hack and every contributor shouldn’t have to learn git. (note: coders don’t all know git and not having PRs would just mean knowing how to use diff(1)).
And one of my favorite thing from coders is but GitHub allows you to edit with a web browser. Yeah, but where is rebase, ammending commits, …? There is just only one commit and a broken push. Could be acceptable for a patch, not really acceptable in most cases for something that is made to be directly merged in a branch.
GitHub is a registered trademark of Github Inc. ; Microsoft is a registered trademark of Microsoft Corporation.
False Security
I posted about this on the fediverse before, probably on social.hacktivis.me (RIP). So here github with their dark pattern (Update is highlighted, so not enough privacy given?) is randomly asking me to confirm my account recovery settings. And it is actually bad for security because here it means that Facebook could gain access to Github Accounts. What could go wrong? (Note: I do have a bit of write access to few projects on github).
Also I use the TOTP token regularly and I have recovery codes in case I would lose it (actually all stored and encrypted with pass, maybe I should change that).
One thing I wonder is: Is github putting a similar thing to people not using token?. 2FA is quite useless in my case so I could remove tokens, and I could quite imagine other people doing that but on which 2FA actually increases security. Woops, less people being secure because of a bad design. (Also security ≠ usability is bullshit, but that will be for a later time)
As a user of micro-blogging platform, I see people doing a pile of micro-posts that are probably already redacted elsewhere. I’m calling it multi-posting and it’s also known under the name of “thread” (which I’m not using because it could be confusing). I want to ask y’all to stop doing theses things and ask you to use stuff like a blog or even just a pastebin/twitlonger. Here is few of the reasons I don’t like theses:
There is a lot of useless space at places which can be the worse. And you can’t have formatting unless you know how to do bullets points in unicode and similar stuff (I do)
You wanted to see the whole thing at once, on one page (i.e offline reading, printing, …) ? Haha nope. (for twitter that requires at least JS)
You can’t find it back without using bookmarks on your side (good luck with managing them) as microblogging doesn’t have titles and so indexing
The poster can’t edit the “article” without appending to it or breaking the whole thread unless it is on the last bit
And this is just without the social part of it, with the social part you can have stuff like:
Third-party comments/replies in the threading if it was done to a post which isn’t the last one (also see editing)
You can boost/announce parts of the posts, and with most interfaces it doesn’t shows that it got replies and is a reply. And I have yet to see one that cleanly shows this multi-posting of yours.
I know this will probably not stop the whole thing as it have been going for quite a long time, but it will allow me (and you too, I hope) to easily link to this post from time to time and so I can avoid yelling at people or repeating myself.
The keyset(not OpenPGP vocabulary I know) I had before was becoming quite a mess, I had lost my subkeys quite often or sometimes they were not reachable (available on desktop but being on the laptop for few weeks and the desktop is ~200 km away).
This keyset should be quite state of the art for late-2017.
Generated on my air-gapped A20-OLinuXino-LIME2 (Running on Gentoo Hardened but with a non-GrSecurity kernel as it doesn’t support arm else than arm64)
I have quite the hardened GnuPG setup (thanks to quite a lot of people) see my dotfiles (even if they are quite outdated)
Stored on encrypted storage from 2017-12-11 (it’s creation) to 2018-01-11 where it’s now stored on my Nitrokey start
Terminal output with some modifications so I’m sure I don’t leak stuff.
I've read about dotsies which is a way to map a to z to letters of 5 horizontal bits. It felted a bit nice even if way too cybre and not human enough (a bit like our current keybaords are for entities with 10 tentacles and not 2 hands/arms that aren’t parallel on such a space).
But well, I though about lojban, a logical neutral language. This language only uses 28 non-blankspace characters(abcdefgijklmnoprstuvxyz,.') which makes it fully fit in 5 bits(25=32 possibilities).
My proposition is:
map lojban “’” to latin “h”
create one dotsie for “.” and maybe another one for “,”
Having this would make a machine-human-? language work on a machine-human-? writing system. OCR on current human writings is horrible, this would allow more accurate OCR I guess as it’s barcode alike, and well we could add checksumming as we still haven’t used the whole address-space. 4 characters are left if I didn’t screw up the Math, we could totally have checksum-start/checksum-end and maybe text-start/text-end.
So after saying that Mozilla is Broken (it still is). Chrom* became broken too :
Doesn’t compile without black magic (also it takes at least 5+ hours)
Now depends on Node.JS/NPM, which I can’t use as it depends on OpenSSL (I use LibreSSL, note that google got BoringSSL) and that I don’t want. (I prefer to avoid any javascript)
The provided source tarballs includes third-party code and doesn’t compile with removing it (yeah, the broken "let’s put every dependency in the tarball" is also a thing at Google)
Basically I have no web browser anymore… or well no. I have even more web browser installed than when I was doing/learning web development, because I have several whatever around engines.
Anyway let’s put what I need in a web browser:
Unicode by default (or at least follow my LANG environment variable or make it configurable)
Full Libre software
Compiles and works without systemd and pulseaudio, works with LibreSSL, bonus if no dbus hard-dependency.
Privacy/Security:
No calling home without prior free consent(i.e. health report, search suggestions)
No proxying/DNS over Whatever/Auto-VPN/… without configurability
Does not implements their own crypto and supports current best practices/algorithms
per-domain blocking of requests by their type(cookies,css,images,media,xhr,scripts,…) and domain (as seen in uMatrix)
blocking of request by their URL (as seen in uBlock)
Bonus: Certificate fingerprint(like (TOFU of SSH(know-hosts)) and Certificate Patrol)
Deep(ciphers, headers, …) & understandable configuration (Mozilla Firefox being the worst, Opera-like browser being the best, another good example is linux menuconfig)
Supports: HTML 5, CSS 3, Images(PNG, JPEG, SVG), Bonus: javascript(So I don’t need another browser)
Uses dependencies/libraries but doesn’t eat them (I don’t like having to do: rm -fr third-party; ./configure --enable-system… --with-system…)
Does not eat up all the RAM/CPU for nothing or freezes/crashes for whatever reason (but I think multiprocess à la chrom* is great when there is JS support and the overhead is ok)
As my findings of 2017-07-06, the web browsers (Gui;engine;style/inspiration) that are almost compliant to my needs are, without much sorting/ordering:
So the one for network interface is now okay-ish. I done a quick look at how it works for… disks. So most of it was done under Linux, but I know this nightmare under OpenSolaris(I recommend 20% of Solaris Knowledge that solves 80% of your needs; but only 8 slices/partitions, non-intuitive, no file hierarchy… why), Plan9front(a bit better, at least partitions are under a directory).
And as you’re probably using lsblk and/or blkid or even fdisk -l(I use that when I’m on a non-Linux Unix) to identify as a human your disks, I done a quick look for fun at disk identifiers… (intended more for machines I guess) and… oh noes.
If you look enough at it… NONE of them works and wtf is UUID_SUB printing out of nowhere. So as you’re probably not LABEL’ing all your hard-drives because your system sucks… The only thing I found so far that is the least broken under linux(+(e)udev) is /dev/disk/by-id.
Proposition
So quick list of things that are nice/works:
SunOS: Controller, Target-id, Drive, Slice; but moved to a tree would be better as it’s more flexible
DISK ID (MODEL+SERIAL) and partition ID (MBR/GPT thing)
PCI/BUS IDs (like: /proc/bus/pci/x/y in Linux)
Plan9: disk as a directory, partitions as files, data for whole disk access
DISK SLOT: useful when you plug (some of) your disk(s) by their slot (IDE: Primary/Secondary Master/Slave; SATA: 1,2,3…; USB: bus/network_iface equivalent?)
Here is an example of a file hierarchy of my idea, based on that:
/dev/…/${BUS ID}/
by-label/${DISK LABEL} → ${DISK ID}
by-slot/${DISK SLOT} → ${DISK ID}
${DISK ID}
by-label/${PARTITION LABEL} → ${PARTITION ID}
${PARTITION ID}
raw
Know things
labels being a free-form string it can be the same as another ID, a by-label directory have to be made
I have not mentionned disk and partitions UUIDs, could be kept for legacy, but I’m in favor of not keeping them as they are broken
in Plan9 there is the data file to have full access to the disk, I named it raw here as I think it’s more intiutive (and keeping the name data because of Plan9 is almost no use considering how dead Plan9 currently is compared to Linux|BSD|Solaris)
The BUS ID directory allows to get sane DISK SLOT
Maybe it doesn’t work for everything (please contact, fork, patch, …) but as it is about the same thing as what SunOS and Plan9 uses I think I’m safe saying : This should work and be flexible enough
Also anyway I think findfs(8) should be modified to add at least the DISK ID in it
Note: Turns out Haiku uses almost exactly my idea, I think I can make mine compatible with it (because I think that can be how good standards are made)
Yeah, very imaginative title… But well, here is why gitter just sucks compared to all chat things I saw:
You have to sign in, but you can see the lobby or whatever without being logged on via the JS thing
The IRC bridge requires you to sign in or it throws you out of the server…
You can only sign in with Github or Twitter
Triple-Facepalm for the Privacy Policy and probably the rest of the Legal Documents (hosted on Zendesk™ because hosting text is hard…)
I’m really glad I’m more of a sysadmin/netadmin than a developer… at least it doesn’t tries to please my kind. Seriously with all this DevOp shit don’t make it more hard for cypherpunks/privacy-nerds.
You may have noticed if you’re following me on @lanodan@pouet.it that I’m posting quite a bit of honest post about the goodness of ed, and let me say why, sometimes I prefer ed
It’s a too much simple and so powerfull ed-tor (pun intended)
It’s blazzingly fast (as fast as your terminal actually), which is something I need as I use slow RS232 ones or shit connections(hotspots :3) with SSH
If you know bits of vi or sed, you can basically use ed
It’s accessible to everyone, even blind people, without modifications whatsoever (thanks to line-oriented editing)
You can screen/copy/capture/… the whole session, no more TUI madness
Make patches/sessions that can actually be pasted directly in ed (even if I think I’ll stick to the well-known/larryWall one when sharing), try to paste diffs in other editors. :)
You have what made grep(1) in your editor. (g/regex/p)
Remember how your current $EDITOR is hard to learn? POSIX defines only 29 commands, and there is about half that can be forgotten (compared to like ~1% for vim)
ED IS THE STANDARD EDITOR (actually vi is too, but only in latest(2008) POSIX)
Note: From ed, with love; Also, I’m not trolling here, appart from the "standard editor" part
So after having problems with gitlab.com (not being able to push to your own repository for example). I decided to have a very simple git setup, inspired by git.linkmauve.fr. I putted all my git repos into /git.
started with just nginx and ssh
This one is dead-simple when you know the trick, simply put git update-server-info into hooks/post-update or hooks/post-receive of your git repo (they have to be bare repo, that’s done with --bare)
Added git-daemon
That one was even more simple, just had to point to where the git repositories are stored
Wanted a better interface
While searching for alternatives to GNU I saw stagit, a static git generator (I don’t like CGI, specially when it could have access to my git repos), to use it I added theses lines to the post-update-hook
repo=$(pwd)
cd "$(pwd | sed s/.git$//)" && stagit -c "$repo.cache" "$repo"
cd /git && stagit-index *.git > /git/index.html
Garbage Collector
It’s not like my repos were getting big, git is supposed to do that itself but it seems like it doesn’t, so I’m doing git gc each time, which isn’t very optimised.
Final Hook code (deploy, stagit, …)
This can be seen in my /git/utils repo, in the git-hooks folder.
Also the blog is a symlink to /git/blog.work which are the raw files done by that hook.
TL;DR: it’s stupid, it’s often the worse “I have nothing to hide” thing and a (dis-united) state wants to to it. A password is meant to be hidden, even/specially to governments.
Do I give you the whole public/private keyring ? (at least 4096 bytes per account)
I cannot, it’s my finger which does the id and the password is by using sequences of my fingers
I have Two Factor Authentification
I use avian carriers for receiving my tweets per packets of 200
Oh, you want one word, here is the first word of the passphrases
Do I give also the accounts where I’m still logged in but forget the password
There is no password, the server is on my computer
Other questions
What is a social network, is it what’s allowing humans to communicate or more specific thing like Twitter or Facebook
How can you verify that you gave all your social accounts, or even not a fake account which is created just for that (like recycling a _ebook bot)
After reading this post(in french). I noticed that theses new techniques are basically the same as for fighting spam years ago, and there the definition of spam by [Pirate Bay Member] makes even more sense. Basically spam got defined by “unwanted messages”, which is true for most commercial-messages and harassement.
And so I think we can actually reuse anti-spam software/code to make it more diverse and able to block not only commercial/weird messages but all unwanted messages.
I’ll code something I can use for most of my messaging software as I do also receive unwanted messages not flagged as traditionnal spam.
Type of programs and example that can be useful for inspiration:
Spam-filtering: SpamAssasin
Spam-slowing: spamd
Requirements for the code:
Highly portable(OS and existing clients)
Well documented/commented
Easy to read (≠obfuscation)
Doesn’t censor / Filter by final score
Verbose mode
Also I think accounts like @SaferBlueBird are mostly bad because it’s managed by few people and actually censors things they doesn’t want to, also it’s totalitarist/oligarchist, only one/few people are needed to start the storm of reports. I follow it because at the moment it’s the best solution we have…
Warning: It’s a concept, useable software might not exist at the end, feel free to contact me if you want to participate in it (even if you don’t know how to code, everyone can be useful)
It’s based on the 30 Days of Pride Challenge. I like the concept but I’m too lazy to keep it for 30 days, so instead I answer 30 questions, and as it’s originaly for 30 days it’ll be updated live. (Yay, more edits in prod’)
Haelwenn (lanodan) Monnier, currently 18 years old. And currently define myself as a nerdy non-binary/Quantuum aromantic pan-demisexual. And I won’t share a picture of my face, but my anti-face !
Wow, too much back in time, I can’t really remember when but I think self-identified as not-really a boy when I was 5. Identification as a queer is way later (I think age 12~14) but I have a very bad memory of time (I think it’s because I don’t care which year/month/day/hours it is unless I have to wait / be on time).
Uuuh… *tries to define to theyself what is a crush* Well, probably no if it’s AFK and real-life I forgot the nickname. I’m aromantic, seriously, I should better pass this question.
I’m out with my friends and other people which are open-minded, I’m not out with my family, but I give them clues and I’m not really closed except to few of them which I don’t know enough about their potential reaction (I’m a nerd, remember)
I’m also out online for 2 or 3 years but I was mostly open.
Uuh, well I can’t remember who it was online, probably on a IRC chatroom or to my ex on LINE®/Skype(when it wasn’t owned by MS)/IRC. But AFK it was probably my friends which were very supportive (and already had queer friends ;3) and few days later the whole class because I misgendered my ex because of stress. (I was so sorry for doing it)
Uuuh… well I don’t want to, they’re very nice but I can’t stay with people for a long time and have issues talking to them because it’s not like I can redo and asociability doesn’t help. (Which probably explains why I haven’t come out to them)
I don’t really know but it’s one of my friends or my dad even if I haven’t come out to him and can’t talk about it and seriously the net is sometimes very great
Uuh, the weirdos? The Queers? The Whatever-people which aren’t in a tribe but fit in about half and neither of them? « Les seuls en groupe » (the lones/only/asocial in a group).
The 2015 pride of Rennes, all the classes where I learn to me and others(Freinet high school ;3) about ABGILPQT+, … I don’t know. I think the classes were the most efficient one because there was few outed queers.
That moment when you try to force yourself not to be totally shameless and name your own characters. XD Jocelyn Samara
Oh noes… Uh I’d say for the sake of "Safe For Work": Rain LGBT characters (specially Rain and Ky’) and El Goonish Shive main characers, Steven Universe, …
But seriously if I find a nerdy-genderqueer there is very high chances it would be my all time favorite (Tyrell and his Boyfriend in Mr. Robot is nice and have huge potential but anyway this serie is awesome.), Lisbeth Salander from Millenium is one of them but I really want to read the 3 books to avoid “examinating” the nerdy part of it.
Note: this is done from my current system, notes and my mind.
This tutorial is for people that know how to install gentoo. By Entire Disk Encryption I mean that even the /boot is encrypted. (but grub isn’t I think I’d need UEFI which too much hard and risky to setup and I don’t have hardware compatible with coreboot)
Setup the disk
Disk: /dev/sda, sda1: BIOS Boot(2M+), sda2: Linux
LUKS container: $hostname
Zpool: $hostname
Your username: haelwenn
temporary mountpoint: /mnt/gentoo
UUID of your clean GPT table: 1c578f43-6f16-497c-ba88-986609ffa1d6
I’m quitting Mozilla, not that I have been really been into the community(mostly because they want me to do one thing, apply this to programs, not humans) but I was using and enjoying it for a long time(like since 2008). Also in about 2014 I switched from Thunderbird to mutt because I wanted something simple which does GPG, hard time to switch but I love it. And now it seems like Mozilla is killing Firefox for years :
Version numbering doesn’t mean anything(patches, big change, small change, security update ?)
Have a very bad privacy and security (look at the differences between tor browser and Firefox)
adb (android, non-free) is installed by default (Dev Edition ?)
Pocket(non-free service) is installed, displayed, non-configurable at compile time → And now is integrated in it
DRM (adobe EME) is active by default (can be disabled)
Firefox Hello is installed, displayed, non-configurable at compile time
Other New web stuff(WebRTC, HTML5 audio/video, …) have to be disabled/configured into about:config which is a total mess with no help (seamonkey/opera/linux-menuconfig are very good examples)
add-ons have to be signed and only by Mozilla, non-configurable at compile time
tracks you even if you disable all tracking in about:preferences
Geo location can only be totally disabled with about:config
Can’t choose a fallback(also weirdly called “Legacy”) encoding(old profile had it, about:preferences#content → Advanced(or Fonts, whatever) is shit, about:config is a mess)
Broken multitasking. With chrom* when a tab crashes there is only one, in firefox it’s multiple/all tabs. (I had this issue with e10s and I still got it since the first days)
Do Not Track is not respected on Mozilla Websites: Ignoring Do Not Track header, knowing nothing about what "tracking means" or what a "third-party" can do, being in this stupid reasoning where there is colateral tracking by Google Analytics and/or Ads Companies, also badly using the word "anonymous"(It means no name/identification).
No Unicode even if my Locale is en_US.UTF-8 and configured to "Default for Current Locale", I have to change every single time to Unicode instead of Western (is that even a thing?)
more and more slowness and crashes and new profile doesn’t help
And there is potentially way more shit (just look and the old but still open tickets)
Current solution: None, all browsers sucks and none sucks less, so I’m in a constant change of web browser everyday. See: www-client are broken
BTW if everyone have to use a LTS/ESR/real-stable version of a browser even if they are actual developers… well why is the Developer Edition based on Nightly ? For badly supported things like H.264 ? gstreamer works(can be an interface to ffmpeg). For brand new stuff ? Well most web-smiths have to support old browsers like IE6 or IE7. For marketing because we are the browser with tons of features ? Well I think so. I think Netscape did the same mistake in the browser-war, why change things?
Apparently since like… middle-late 2016 Mozilla Firefox is now better in Nightly than ESR. Whatever, it’s still broken for me.
Well, there have been long discussions about this, but the problem is that what "su" is supposed to do is very unclear. On one hand it's supposed to open a new session and change a number of execution context parameters (`uid`, `gid`, `env`, ...), and on the other it's supposed to inherit a lot concepts from the originating session (`tty`, `cgroup`, `audit`, ...). Since this is so weakly defined it's a really weird mix&match of old and new paramters.
Pretty clear, it ask for root or specified user password, launches a shell. If -, -l, --login is put it starts a new environement before starting the shell.
To keep this somewhat managable we decided to only switch the absolute minimum over, and that excludes `XDG_RUNTIME_DIR`, specifically because `XDG_RUNTIME_DIR` is actually bound to the `session/audit` runtime and those we do not transition. Instead we simply unset it.
Ah, of course desktop crap in the userland… And crappy explanation, maybe you should patent and copyreich that in case. ᕕ(ᐛ)ᕗ
$ machinectl shell
Connected to the local host. Press ^] three times within 1s to exit session.
Okay even worse binding than Escape-Meta-Alt-Control-Shift(EMACS), fuck stty eof(^D), fuck POSIX, fuck quick and intuitive commands(shell for login, hell yeah), yes rude mode is activated.
It works! We can work as superuser. And isn’t end: we can also set shell and host:
$ machinectl shell root@.host /bin/bash
Wait… ssh is crap too? Why is there a dot before the host(maybe fuck localhost too…)?
Login as non-root user and set variable of shell environment:
#1000 - UID of user `paul`
#SYSTEMD_TEST - test variable of user environment
$ machinectl shell --uid 1000 --setenv="SYSTEMD_TEST=777"
’Kay so starting another $SHELL and export VAR=VARIABLE too ?
Ah! So after saying cgroups is awesome… you goes with quota on the CPU… well maybe that’s called evolution… ? Why are you using login, you created machinectl for nothing? Why are you using -p options like a replacement to args… o_O
Well this command is full of fuck(not the very great program which among other thing uses… sudo with the last command :D)
I wonder when you will eat Emacs(meta-OS), build your own kernel because fuck UNIX so we can 🖖“live long an prosper” with (GNU/)Linux and BSD and you with SystemDOS.
