⚠ This page contains old, outdated, obsolete, … historic or WIP content! No warranties e.g. for correctness!

All 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39

FS — field separator? 2020-06-20 Tags: bug I’ve been using “a Unicode (and ASCII) field separator” for my SSV flavour of CSV. I thought I should be using the FS control character (considering “FS”, according to much documentation, is a field separator). Turns out most Unicode control characters have shitty official names and/or acronyms/abbreviations… such as… PLD: partial line forward (not: partial line down)

SPA: start of guarded area (not: start of protected area)

VTS: line tabulation set (not: vertical tabulation set)

DC1: device control one (not: XON)

RI: reverse line feed (not: reverse index)

NP: form feed (probably for “new page”)

NL: line feed (not newline, but we weren’t expecting that either, as an ASCII newline is CR+LF plus Unicode C1 has NEL (next line)…

Adding insult to injury, U+0080, U+0081, U+0084 and U+0099 do not even have a name (but Unicode “name aliases” which include an acronym (which (of course) WTF knows about) and at least a longer name. … and so forth. There’s separators, too! FS: [U+001C] [␜] INFORMATION SEPARATOR FOUR [file separator]

GS: [U+001D] [␝] INFORMATION SEPARATOR THREE [group separator]

RS: [U+001E] [␞] INFORMATION SEPARATOR TWO [record separator]

US: [U+001F] [␟] INFORMATION SEPARATOR ONE [unit separator] And guess what… ASCII and Unicode FS is file separator ( US is field separator). Oops. Sorry. So… I guess when I use SSV next I’ll update (change in an incompatible way) the spec. Again, sorry about that. It’s only in another 48 minutes but enjoy the Solstice! Blessed be!

Reduced SountFont for RAM-constrained devices 2020-06-01 Tags: music I’ve created an SF2 format SoundFont (compressing to SF3 is not worth it really) for use on RAM-constrained devices, such as the Raspberry Pi. It’s comprised of: the piano from Fluid (R3) Mono 2.315 (which is very slim, one twenty-fifth the size of a wonderful new piano in MS_General)

(which is very slim, one twenty-fifth the size of a wonderful new piano in MS_General) monoified (left channel, panned to centre) Choir Aahs (to save another 2½ MB) from MuseScore_General 0.2 (expressive and regular, for SND support)

(expressive and regular, for SND support) the harpsichord from MuseScore_General 0.2 The result, a whopping 7.3 MiB, is enough for accompanied voice, therefore called “SATBkc” — SATB, Klavier (Pianoforte), Cembalo (Harpsichord). It’s published under the same MIT licence as its two constituent soundfonts. Download the soundfont (not going to package it, it has limited use) as well as a test score (in v3 format, it tests Single Note Dynamics too) if desired. Discussion on the MuseScore forum for soundfonts, please. Also remember that the waveforms generated from the soundfonts are, most likely, derivative works, requiring reproduction of legal notices. Combined with TimGM6mb, this gives you full GM but better sounds for some instruments in just 13 MiB HDD and RAM (both are uncompressed SF2). “Choir Aahs” still could be better, but they are not “Choir Aarghs” any more at least ☺ TimGM6mb is GPLv2-only though so not universally usable (YMMV).

How to handle XHTML properly 2020-04-30 Tags: bug rant OK, toned down on the rant, I already did enough in the commit messages… My webpages are valid XHTML/1.1. But what does that mean? I write them conforming to XHTML/1.1, with spaces before the “ /> ” sequence. This allows me use of tools such as xmlstarlet to operate on them as XML files, and even validation against the DTD, offline. That “extra” space allows HTML browsers to process them as HTML. I’m now, as per some part of the spec, supposed to serve them over HTTP as application/xhtml+xml content type — two questions: why does the XHTML spec say anything about HTTP, and, why doesn’t another spec agree with it? Turns out, much later, it has a reason — the XHTML/1.1 spec is mostly just a diff against XHTML/1.0 Strict, which is just a diff against HTML 4.01 Strict. The HTML5 spec (both concurrents, W3C and WHATWG) is however standalone and merges the XHTML parts. It, now, in contrast to the three older specs I mentioned above, has a side note, in a tag-specific chapter (with nothing mentioned in the XML part), explaining a parsing difference (basically, in XML mode, it doesn’t skip a leading newline immediately after an opening pre tag). Fucktards. I’ll just serve my XHTML/1.1 files only as text/html now, even if I get an Accepts for XHTML+XML from the request. (The HTML5 spec, at least one, now forbids me to use XML namespaces, both for things like embedded SVG (I am supposed to just use an <svg> tag) and custom ones, e.g. to embed DC in SVG… but we all know just how binding this is for browsers, and that browsers will handle all kinds of things under the sun, and then some, so I’m ignoring this, ’sides, I even don’t write XHTML5 at all…) Anyway the too-large space around section and subsection headers in our HTML manpages is now “fixed”, for some very low value thereof (but with HTML and CSS the expectation is extremely low anyway…).

Free Music, now with MP3 export 2020-04-23 Tags: fun music I’ve concocted a workaround for the issue that MuseScore cannot reproduce the soundfont copyright in exported files yet, by placing it and (also necessary, not present in every export format) score metadata in the “associated documentation files”, which fulfills the licence. For now, Free Music repository directory listings show a hint requesting the user acknowledge them; I also plan a fancy thingy in ECMAscript to offer downloads and play the sheet music in the browser, if modern enough (lynx, of course, I will handle properly, you know me). Enjoy!

mksh R59 released 2020-04-15 Tags: mksh news pcli With a mixed bag of changes, I’ve released mksh(1) R59 yesterday. Some of those changes are breaking to the shell language: When printf(1) was compiled as builtin, and a matching external utility (i.e. $(which printf) ) didn’t exist, and builtin printf was not used to specifically invoke the built-in utility, it could not be found. This is critical but only for a very small area: mostly when mksh (or more specifically lksh ), with printf as builtin, is used as /bin/sh and the udev SYSVinit script uses printf while insisting on setting PATH to just /bin while printf(1) sits in /usr/bin . If this affects you, you want this fix.

) didn’t exist, and was not used to specifically invoke the built-in utility, it could not be found. This is critical but only for a very small area: mostly when mksh (or more specifically ), with as builtin, is used as and the SYSVinit script uses printf while insisting on setting PATH to just while printf(1) sits in . If this affects you, you want this fix. OS/2 only: the test(1) builtin already sometimes automatically added the suffixes .ksh , .exe , .sh , .cmd , .com , .bat to a file argument if one without these sufficēs was not found. This was extended to cover more cases to improve the user experience. (Thanks to KO Myung-Hun for this!)

, , , , , to a argument if one without these sufficēs was not found. This was extended to cover more cases to improve the user experience. (Thanks to KO Myung-Hun for this!) The output from some builtins is now formatted differently. This mostly affects how alias names, and in some cases their definitions, are printed (by alias , command , whence , etc.) and the output from the bind builtin was also made safe for re-entry into the shell. These are desirable from a security PoV but change formats.

, , , etc.) and the output from the builtin was also made safe for re-entry into the shell. These are desirable from a security PoV but change formats. In the manpage, some documentation was wrong: the example command given for how tab completion escapes, and the right-hand side of string comparisons only globs in [[ , not in [ and test .

, not in and . The shell argv[0] (after removing a leading dash to indicate a login shell and using the basename(1) of the rest) is now checked whether it begins with an ‘r’, and if yes, restricted mode is enabled.

(after removing a leading dash to indicate a login shell and using the basename(1) of the rest) is now checked whether it begins with an ‘r’, and if yes, mode is enabled. In [[ x = $y ]] we now parse the right operand $y as full extglob.

Since we already have breaking changes, the former global builtin introduced in R40b and deprecated, in favour of typeset -g in R55, was removed.

builtin introduced in R40b and deprecated, in favour of in R55, was removed. ^[Q (Esc+ Q ) was added as new editing command, quoting (for use as shell parameter, i.e. with '…' or $'…' like typeset does) the area between the mark and the cursor.

(Esc+ ) was added as new editing command, quoting (for use as shell parameter, i.e. with or like does) the area between the mark and the cursor. The manual page, besides featuring properly spaced “em” dashes, was completely overhauled in documenting reserved words and built-in utilities and now also documents built-in aliases and even those aliases and functions dot.mkshrc offers, more or less verbosely, and indicating, with every entry, which is which, including specialness and keeping assignments, deferring (with flags, like cat , or always, i.e. rename and the optional printf ), being a declaration utility (where ‘b’ in export a=b is not IFS-splitted) or declaration utility forwarder (like command export a=b also skips the field splitting) and requirements (such as job control, or the presence of select(2) etc.)

offers, more or less verbosely, and indicating, with every entry, which is which, including specialness and keeping assignments, deferring (with flags, like , or always, i.e. and the optional ), being a declaration utility (where ‘b’ in is not IFS-splitted) or declaration utility forwarder (like also skips the field splitting) and requirements (such as job control, or the presence of select(2) etc.) The testsuite works again with OS/2 and pre-glibc_2.30-5 GNU/Hurd. Now some of these changes are desirable and indicate you ought to upgrade. If you can’t (due to the breaking changes), talk with me, and I may release an R58b with only some of the changes. But please do consider whether R59 might work just as well. TIA!

jupp 39, mksh R58 released 2020-03-27 Tags: mksh news pcli Continuing with the idea of “let’s get releases out”, hopefully with no regressions introduced, and all updated to the latest UCS, find infos for jupp & mksh updated on their respective pages. There are still some known unfixed issues, but time will see to them. It’s best to occasionally get the more stable codebasēs out, so users can test (and break ☺) them.

rs 20200313 released, more to follow 2020-03-13 Tags: news pcli rs(1) is a classical BSD tool I noticed was missing under Debian. So I made the MirBSD one portable, some long time ago, and, because grml’s mikap wanted it as well, uploaded it to Debian. Turns out this invites actual users to report bugs ☺ So here we are, rebased to include latest OpenBSD changes, bugfixed, made portable, and even with a convenience strtonum implementation: SHA256 (rs-20200313.tar.gz) = 919215dc9fe85a27a30bf63d56406cfb503f9fc9820323c4bd3bfe75a6a3bc3f

RMD160 (rs-20200313.tar.gz) = a8dfa5bb7ef63c66e011ec81bf20e089fdd827f5

TIGER (rs-20200313.tar.gz) = 42135e4d75e7865b817f1b4027d383416d326c305e6553ce

1362219422 12571 /MirOS/dist/mir/rs/rs-20200313.tar.gz

MD5 (rs-20200313.tar.gz) = cc6a310b7f3bae98ea6296fbee0f85b4 If you really need build instructions, look at the Debian package. Development on other fronts is also continuing. See you in IRC only, I guess… (what with the current situations, the last newspost also had conference presence). Due to the sheer amount of changes, a release of mksh is somewhat imminent, if only to get my users to find regressions caused by me attempting bugfixing ☻

FixedMisc [MirOS] 20200214 released, for “I ❦ Free Software” day 2020-02-14 Tags: news pcli Another release of one of MirBSD’s subprojects. Now, both the 8x16 VGA (cp437-encoded) and the full Basic Multilingual Plane 8x16/16x16 proper font are also available, on all possible platforms, as “doubled”, that is, 16x32 and 18x36/36x36, version suited for e.g. hiDPI displays. (This was mostly done with simple pixel doubling for each axis, with only few glyphs fixed up afterwards to achieve a slighly improved, but still FixedMisc bitmap font, look. Thanks to apotheon for the suggestion (even if it ended up being a tad too large in his eyes, and to cnuke@ for testing and to both plus Sarah for feedback. The APT repository was, of course, updated with xfonts-base / consolefonts-base and console-setup to match. It also, in mirabilos-support , ships an updated version of the Linux text/framebuffer console keymap. Download and check: SHA256 (FixedMisc-20200214.tgz) = 92cd16d302741be9314014960f2c57866b7e31f720b47df8efebfec7c6c35319

RMD160 (FixedMisc-20200214.tgz) = 9bbf24131664d201411294b633e265fc3d940fb1

TIGER (FixedMisc-20200214.tgz) = 92099b2a989d7a66b22aacf93836345581f8ba27aab0cab5

758244556 5955999 /MirOS/dist/mir/Foundry/FixedMisc-20200214.tgz

MD5 (FixedMisc-20200214.tgz) = 546f492a4b0459cbf2689306560070a2 Mind this is slightly larger (6/46 MB download/decompressed) than the previous releases (1¼/10½ MB) because it now ships the fonts not only in regular and doubled versions but also the HW-only versions expanded and the full font (normal and doubled) for GRUB and the cp437 font in PSF and PSFU format (version 1 for 8x16, version 2 for 16x32). Enjoy! I also wanted to give you a new release of the another MirBSD subproject, jupp, but I haven’t managed to finish my work on it in time. After that will, most likely, lead me to more mksh bugfixing, followed by the long-expected next regular release (it’s already cooking in Debian unstable). And then, I hope I’ll manage to get a bit of time to get back to the BSD base and manage a rollup rolling release snapshot for those updating from binary, not from source themselves. (Rumours about being discontinued are just that, rumours; they originate (hah!) from Wikipedia, whose page about MirBSD has, incidentally, never been fully right.) See you in IRC or around on conferences!

FixedMisc [MirOS] 20200202 and MirKeyboardLayout 9x released! 2020-02-02 Tags: news pcli I’ve managed to miss FOSDEM this year, unfortunately, because I’ve got a beginning sinusitis (this time before the conference) staying home cautiously. But fear not, I’m working on porting the MirKeyboardLayout™ to Windows® 95, and, during that, I noticed that I need another glyph in the documentation comments. Cue FixedMisc. As usual, download FixedMisc and check the integrity before installing: SHA256 (FixedMisc-20200202.tgz) = 91396414e169b37bc906746ae34188ad360be271865ac44271d9b7d9746c97f1

RMD160 (FixedMisc-20200202.tgz) = 8f672de47df8bc67df52f5f48ac49105953d19e9

TIGER (FixedMisc-20200202.tgz) = d875a4835c053e21914ead312a6ec9afc40b347ee1d04fa5

3480714773 1275833 /MirOS/dist/mir/Foundry/FixedMisc-20200202.tgz

MD5 (FixedMisc-20200202.tgz) = eb494f7f71b2c610346d58e3ac6c46ce I’ll update my APT repository later. The separate Powerline font has been merged considering we don’t even ship glyphs for “Cirth” in CSUR and it’s being considered for inclusion into the SMP anyway. Update: The APT repository is updated, and the MirKeyboardLayout for Windows® 95/98/9x (self-extracting LHarc archive) is also done, as far as I can make it anyway: the 102nd key (“<>|”) operates as “…€„™”, as in the NT/2k/XP/… layout, but it produces wrong results (at least on 950 B) if Shift and/or AltGr are pressed, and I couldn’t test AltGr-Tab and AltGr-Shift-Tab ‘“”’ because my window manager caught them before they could be passed into the VM… and since it uses cp1252, I used the florin ‘ƒ’ for AltGr-- instead of U+2010, randomly. The full source is also available. Test results, fixes and improvements welcome. Next: xkb Update: I’ll be doing a script for customisation of the xmodmap and Linux layout (unswap unshifted Esc and ` , move Mode_switch to Alt_R/AltGr keeping Alt on Alt_L and Meta on Win_L, and a tristate one: CapsLock as …€„™ and the <>| (102ⁿᵈ) key as Compose, vs. the 102ⁿᵈ key as …€„™ and CapsLock being either Compose or Ctrl) soon. Stay tuned!

FixedMisc [MirOS] 20190911 released! 2019-09-11 Tags: news pcli Today I’ve released another new CVS snapshot of the FixedMisc [MirOS] font; as usual, the tarball contains the font in BDF form, with no conflict with the system Fixed [Misc] font; sources for use (compilation, editing) with bdfctool(1) are in CVS. New: a Powerline variant of the halfwidth font, and massively more alternative UCS mapping for the cp437 font. SHA256 (FixedMisc-20190911.tgz) = 1aa35a3128b3e5ca452467fca8150ad394054f60f847eca7296480bd23039dd7

RMD160 (FixedMisc-20190911.tgz) = fc2a61166ea4c955d5c34e03f5da0c00df132a00

TIGER (FixedMisc-20190911.tgz) = f3b087c819c8fdc2c319feca5d11f1ad25f89d7ce17e2907

830148610 1378344 /MirOS/dist/mir/Foundry/FixedMisc-20190911.tgz

MD5 (FixedMisc-20190911.tgz) = 87ef903a45e5a6e1c9dfa86b172b24d3 My “WTF” APT repository contains the updated consolefonts-base and xfonts-base packages, as usual.

Accessing laptop hard discs elsehow 2019-09-10 Tags: debian hardware pcli tip Today, I realised that, to use a laptop hard disc outside of a laptop, no matter whether via converters or in a regular (nōn-laptop PC), most likely… hdparm --security-unlock password /dev/hda Update: SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0a 04 51 40 01 21 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

The fate of MirOS Linux, and a birthday post 2019-09-01 Tags: archaeology fun plan MirBSD has just recently become 17 years old, and I wrote (in German, sorry ☺) a reminiscing piece about that and thanking everyone involved. Today my calendar(1) reminded me of the first steps towards “MirLinux”, a.k.a. “MirOS Linux”, 16 years ago and given this pops up regularily, especially due to Wikipedia spreading it, I feel I have to clarify: cnuke (the original Jupp) really likes the BSD userspace but wants to play Quake Ⅲ with accelerated 3D, so the idea was to maybe build everything for Linux, add a glibc and other dependent libraries (and we’d use different paths, so linking is unaffected and we’d have nicer linking semantics than those GNU people), and maybe things would just work. It was a woozy idea right from the start, and there might have been beer involved, and nobody ever got around to actually doing so, and it clearly was never a/the project goal. Yes, we probably could have done it, back then, up to 90% satisfaction, and with some more binaries thrown in from GNU/Linux (e.g. for the packet filter, as — sadly… ― pf(4) for Linux has never materialised) it could have become usable, and there was ecce!GNU/Linux precedent, but BSD’s the focus. Perhaps if a certain few people had been less Verpeiler… oh well — no big loss. I did turn out fixing stuff in GNU/Linux and porting stuff over in the end, but we never merged them, which perhaps turned out, looking back, to be a good thing. Tomorrow 16 years ago, plip(4) support was added… I need to dig out the cable and run some interoperability tests some time to see if it’s still working, with both Crynwr and Linux on the remote end, and FreeBSD (if they still have it). In unrelated news, other activity has been suspended, as I caught a “summer flu”, which turned out (and very quickly, at that) a rather harsh sinusitis-cum-bronchitis, taking me out and sapping all concentration, expected to linger for a few more days.

So… edugit? gitlab? ruby? maintainer scripts? RoDD/QA? 2019-08-28 Tags: bug debian personal rant work So… the Debian package of gitlab is too buggy to be used (was built against ruby-asciidoc version X.Y while sid carries X.(Y+1) now, which causes it to bug around, of course, as proper for an immature language like that. So, someone decided to switch to the GitLab CE *.deb format packages (not Debian packages — not Free; just Open Core but Debian itself uses those for its “Salsa” instance as well (which is, incidentally, why I refuse use of that whenever possible) and, for that, removed the Debian packages. The gitlab binary package helpfully offered to not delete the repositories, but gitlab-common’s postrm not only removed the user account (a big no-no!) but used the option to delete its home directory… which is where the git repositories and project icons and the likes are stored under. (Note that undeleting from ext3/4 is hard, unlike ext2, and if fsck and/or a journal replay is run, chances get worse… the ext4undelete tool “helpfully” requires an fsck run… ’nuff said… if you ever accidentally delete something, immediately unplug power and destroy VMs hard, then snapshot the filesystem so multiple rescue approaches aren’t made impossible.) Anyway, it’s apparently running GitLab CE now, which means that all the remotes have changed. I used this… sudo find / -xdev -name config | grep '/\.git/config$' >~/xgc sudo fgrep -li gitlab@edugit.org $(<~/xgc) >~/xgc2 <~/xgc2 sudo xargs perl -pi -e 's/gitlab\@edugit.org/git\@edugit.org/gi' Also, ~/.gitconfig insteadOf / pushInsteadOf need fixing. Let me plug an undercover avertisement for my .gitconfig here, which contains examples for insteadOf as well as commands to download GitLab merge and GitHub pull requests. After having fixed those up, go to the web UI and click on “Create empty repository”, then push all remote branches recorded in your hopefully up-to-date clone and (all) tags to the instance: remote= origin git branch -r | sed -n "/^ $remote\\//s///p" | \ while read branchname rest; do test x"$branchname" = x"HEAD" && continue echo "pushing $remote/$branchname" git push "$remote" "$remote/$branchname:refs/heads/$branchname" done git push "$remote" --tags

MirCPIO (paxmirabilis) 20190825 released 2019-08-25 Tags: bug geocache rant archaeology There’s a new MirCPIO (paxmirabilis; tar, ar) release. Difference is, some operating systems don’t yet support passing nil as second argument to realpath(3) which incidentally included (note: past tense) a certain BSD whose installer segfaulted in tar(1)… Debian GNU/Hurd was, btw, not affected. In other news, it’s way too hot and other IRL things take up tuits. And in completely (I’m sure) unrelated news, my waypoint statistics are not getting updated for now, and acronym submissions pile up in the queue. (The broken iOS Äpp link has been forwarded to the author. Techniker ist informiert. YMMV)

Updating IBM X40 with CompactFlash card 2019-08-18 Tags: hardware personal So, I’ll be updating my IBM Thinkpad X40 from an almost broken 40 GB 1.6″ IDE HDD (with 2.5″ connector) to a dual (IDE master/slave) CF card adapter with… two (but I cannot find one of them right now) cards with a whopping 64 GiB, each ☺ I’ll take the added space to install it as a dual boot system so I can play some games… Diablo, Hellfire, StarCraft, BroodWar, Diablo Ⅱ, LoD… again (and perhaps create more binaries of MirSoftware for those sad OS users). It’ll be frustrating. I’m also taking the chance to reinstall MirBSD on the laptop “fresh” and build binary packages for MirPorts and publish it as a half-snapshot (sparc needs more tuits) which is likely going to take time, during which I’ll be on other laptops, limited in agility.

Harry Potter in Unicode 2019-08-03 Tags: fun ☺͛ I wasn’t even looking for it but for LATIN SMALL LETTER S WITH CROWN ABOVE or COMBINING CROWN ABOVE for… Wasⷳa? Wasⷿa? Was̐a?… that, anyway, but didn’t find it, when I found that. Update: Of course, Mozilla® Firefox™ renders it wrong. In lynx (standard browser) in xterm (standard terminal) it properly renders like I wonder when the first UIs will render it as inline small HP photo…

FixedMisc [MirOS] 20190604 released! 2019-06-04 Tags: news pcli Today I’ve released another new CVS snapshot of the FixedMisc [MirOS] font; as usual, the tarball contains the font in BDF form, with no conflict with the system Fixed [Misc] font; sources for use (compilation, editing) with bdfctool(1) are in CVS. New: the UCS map for the 8x16 cp437 font is also shipped within the tarball, in the hope of helping someone with it. (The 8x16 font isn’t just badly truncated 9x18, but specially adapted for that size.) This release was partially sponsored by tarent, and it is dedicated to my actual users, who submit bug reports and feature requests. To Japanese users, the U+32FF SQUARE ERA NAME REIWA from Unicode 12.1 prerelease is included. The missing small caps Q was added just as the ring form of the Benzol ring. The minuscle lambda and pi were tweaked (especially lambda looked like crap), the coptic pi was, to avoid mistaking it for greek, changed minimally, too). In a next release, I’m planning to make the digit seven (‘7’) more a seven, less a one (7̶ or 7̵ or better), and switch to “single-storey” ‘a’ and ‘g’ (mind ɑ and ɡ though). My “WTF” APT repository contains the (updated) xfonts-base package, which ships FixedMisc [MirOS], and (new!) consolefonts-base with the 8x16 PSF (SYSLINUX, ISOLINUX, PXELINUX) and PSFU (Linux VGA text console), 9x18 and 18x18 GRUB fonts, and, as usual, the patched console-setup with the 9x18 for Linux’ framebuffer console.

ISP move 2019-06-04 Tags: hardware personal In a similar vain as last post, I’ll be moving with my ISP (to a new 1ˢᵗ TAE) next Tyrsday. I hope everything will be as unupsetting as last time…

ISP change 2019-04-22 Tags: hardware personal I’m going to be switched from ADSL (version 1) at Netcologne to VDSL with Vectoring at Telekom Business tomorrow. So, if I seem to have fallen off the earth, you’ll know why. I should also take this as chance to replace the ne(4) NIC my current DSL modem is connected to (a 10 Mbit/s card, but at least already PCI) with another fxp(4) to make use of the more speed (50/10 Mbit/s instead of 4/½ or so). I’ve set up Backup MX (already had Backup NS), so nothing should suffer too much except response times, perhaps.

New “Mirzeitkarte” theme for Mapsforge / c:geo 2019-04-10 Tags: geocache The Freizeitkarte offline OpenStreetMap vector maps can be rendered with MapsForge, a library which is embedded in several Android applications like c:geo. (Note that c:geo ships two instances of it, the “old MapsForge v3 API” which works much better on my ancient HTC Desire and the standard newer one.) However, this uses the stock rendering theme of MapsForge by default, which is an old Osmarender one (in v3 at least, later MapsForge extends it) and kinda sucks for detailled navigation, such as what GPS Stash Hunters need to do. Thankfully Freizeitkarte ships a MapsForge theme, well two, one with more contrast or something. Did I say “ships”? Oops, “shipped” is more correct. It was taken offline (with, unfortunately, no trace any more online) some years ago due to difficulties or something. Luckily, I still have a copy (in which I enabled several “extra” features (such as displaying bus stops, which ought to be default…) which I can use. But this has several problems: it needs fixing, as upstream said, and OSM also developed, so I could not see any ramps (lanes to join/exit highways) any more. Well, jupp and XML editing and OSM data inspection to the rescue. I now maintain the XML in a private git repo (although I unfortunately only have the preconfigured one as starting point), and I extended, changed and fixed it a lot and redrew two of the images, and freizeitkarte.zip is the fruit of these efforts. It likely can still use more fixing and extending but is at least usable, and the licence is rather liberal. Perhaps I should rename it to Mirzeitkarte to clarify it is not the original any more, but for now I did it in the title of this wlog entry. (Dear Freizeitkarte people, please do contact me if you have anything to say. We could even populate your fzk-theme github repository.) Update 2019-04-22: I’ve renamed the XML (but not the PKZIP archive name, as to not break deep links) and have fixed more stuff, continuing to do so. Freizeitkarte people just pointed me to Geoclub (an independent webforum) for “support”, so they seem to not be interested. I do have permission though. In unrelated news, the Free Music repository also grew, and the soundfont has an update.

tons of updates, more coming… (hope I didn’t break anything ☺) 2019-01-05 I’ve updated a lot of things in MirBSD and for use with the Debian operating system. More to come, pax(1) has been converted to Mirtoconf (the successful Build.sh system of mksh’s) but needs to be re-ported to a lot of systems (and some more bugs squished). My “WTF” APT repository also received a number of updates, such as to the ever-desired wtf(1), but it’s the time of that two-year cycle which invites general care for all of one’s packages. On the other hand, MirBSD stops offering RSS feeds by tags. The world has become more insular, first by DSGVO, now by other cultural issues. I’ll be at FOSDEM, as usual, though, so rejoice! You can now directly download, for all platforms and synthesisers, the soundfonts shipped in Debian for MuseScore (and others) I maintain. This service may cease at any time, without notice. Also, do mind the MIT licence. On an unrelated note, happy new year in the western calendar!

learn.to/quote 2018-10-25 Tags: archaeology debian news pcli tip The “properly quote eMail messages and on Usenet” documentation is hosted on a server that appears to not get too much care at the moment. I’ve dug out workable versions: current all-in-one-page German version ( aktuelle alles-auf-einer-Seite-Fassung auf Deutsch ), with a short link on http://deb.li/quote

), with a short link on last archived Dutch version ( laatste versie in het Nederlands ), the server is currently unreachable, but the Wayback Machine still has it

), the server is currently unreachable, but the Wayback Machine still has it current English translation, still workable The original link, with its http://learn.to/quote/ redirection, which contained the links to the translations into Dutch and English, unfortunately no longer works. I’m asking everyone to please honour these guidelines when posting in Usenet and responding to eMail messages, as not doing so is an insult to all the (multiple, in the case of Usenet and mailing lists) readers / recipients of your messages. Even if you have to spend a little time trimming the quote, it’s much less than the time spent by all readers trying to figure out a TOFU (reply over fullquote) message. Ich bitte jeden darum, sich bitte beim Posten im Usenet und Verfassen von eMails sich an diese Richtilinien zu halten; dies nicht zu tun ist ein Affront wider alle (im Falle von Usenet und Mailinglisten viele) Leser bzw. Empfänger eurer Nachrichten. Selbst wenn man zum Kürzen des Zitats ein bißchen Zeit aufwenden muß ist das immer noch deutlich weniger als die Mühe, die jeder einzelne Leser aufwenden muß, herauszufinden, was mit einer als TOFU (Text oben, Vollzitat unten) geschriebenen eMail gemeint ist. Mag ik iederéén verzoeken, postings in het Usenet en mailtjes volgens deze regels te schrĳven? Als het niet te doen is vies tegen alle ontvanger’s en moeilĳk om te lezen. Zelfs als je een beetje tĳd nodig heb om het oorspronkelĳke deel te korten is het nog steeds minder dan de moeite van alleman, om een TOFU (antwoord boven, fullquote beneden) boodschap proberen te begrepen.

Progress report from the Movim packaging sprint at MiniDebconf 2018-05-19 Tags: debian Nik wishes you to know that the Movim packaging sprint (sponsored by the DPL, thank you!) is handled under the umbrella of the Debian Edu sprint (similarily sponsored) since this package is handled by the Teckids Debian Task Force, personnel from Teckids e.V. After arriving, I’ve started collecting knowledge first. I reviewed upstream’s composer.json file and Wiki page about dependencies and, after it quickly became apparent that we need much more information (e.g. which versions are in sid, what the package names are, and, most importantly, recursive dependencies), a Wiki page of our own grew. Then I made a hunt for information about how to package stuff that uses PHP Composer upstream, and found the, ahem, wonderfully abundant, structured, plentiful and clear documentation from the Debian PHP/PEAR Packaging team. (Some time and reverse-engineering later I figured out that we just ignore composer and read its control file in pkg-php-tools converting dependency information to Debian package relationships. Much time later I also figured out it mangles package names in a specific way and had to rename one of the packages I created in the meantime… thankfully before having uploaded it.) Quickly, the Wiki page grew listing the package names we’re supposed to use. I created a package which I could use as template for all others later. The upstream Movim developer arrived as well — we have quite an amount of upstream developers of various projects attending MiniDebConf, to the joy of the attendees actually directly involved in Debian, and this makes things much easier, as he immediately started removing dependencies (to make our job easier) and fixing bugs and helping us understand how some of those dependencies work. (I also contributed code upstream that replaces some Unicode codepoints or sequences thereof, such as 3⃣ or ‼ or 👱🏻‍♀️, with <img…/> tags pointing to the SVG images shipped with Movim, with a description (generated from their Unicode names) in the alt attribute.) Now, Saturday, all dependencies are packaged so far, although we’re still waiting for maintainer feedback for those two we’d need to NMU (or have them upload or us take the packages over); most are in NEW of course, but that’s no problem. Now we can tackle packaging Movim itself — I guess we’ll see whether those other packages actually work then ☺ We also had a chance to fix bugs in other packages, like guacamole-client and musescore. In the meantime we’ve also had the chance to socialise, discuss, meet, etc. other Debian Developers and associates and enjoy the wonderful food and superb coffee of the “Cantina” at the venue; let me hereby express heartfelt thanks to the MiniDebConf organisation for this good location pick! Update, later this night: we took over the remaining two packages with permission from their previous team and uploader, and have already started with actually packaging Movim, discovering untold gruesome things in the upstream of the two webfonts it bundles.

mksh bugfix — thank you for the music 2018-05-07 Tags: bug debian mksh pcli I’m currently working on an mksh(1) and bc(1) script that takes a pitch standard (e.g. “A₄ = 440 Hz” or “C₄ = 256 Hz”) and a config file describing a temperament (e.g. the usual equal temperament, or Pythagorean untempered pure fifths (with the wolf), or “just” intonation, Werckmeister Ⅲ, Vallotti or Bach/Lehman 1722 (to name a few; these are all temperaments that handle enharmonics the same or, for Pythagorean in out case, ignore the fact they’re unplayable). Temperaments are rule-based, like in ttuner. Well, I’m not quite there yet, but I’m already able to display the value for MuseScore to adjust its pitch standard (it can only take A₄-based values), a frequency table, and a list and table of cent deltas (useful for using or comparing with other tuners). Of course, right now, the cent deltas are all 0 because, well, they are equal temperament against equal temperament (as baseline), but I can calculate that with arbitrary and very high precision! For outputting, I wanted to make the tables align nicely; column(1), which I normally use, was out because it always left-aligns, so I used string padding in Korn Shell — except I’m also a Unicode BMP fan, so I had F♯ and B♭ in my table headings, which were for some reason correctly right-aligned (for when the table values were integers) but not padded right when aligning with the decimal dot. So I worked around it, but also investigated. Turns out that the desired length was used as second snprintf(3) argument, instead of, as in the right-align case, the buffer size. This worked only until multibyte characters happened. A fun bug, which only took about three minutes to find, and is covered by a new check in the testsuite even. Thought I’d share. Feedback on and improvements for the tuner, once it’ll be done, are, of course, also welcome. I plan to port the algorithm (once I’ve got it down in a programming language I know well) to QML for inclusion in the tuner MuseScore plugin, even. Check here, for now, for my work in progress… it’s quite big already despite doing basically nothing. Foundation laid (or so…).

Website consolidation 2018-05-05 I’m currently working on consolidating mirsolutions.de (as my former business is long defunct) and “The MirOS Project” (that as of 2018 is also back to being my own one-man show / hobby) into www.mirbsd.org as my hobby / personal sorta homepage to not need any vhosts and simplify EU-DSGVO conformity. (I’ve also reduced logging.) Please excuse upheavals, as well as the continued presence of old, obsoleted or outdated content that may even be, as of now, completely wrong; I’ll fix it as time permits.

Happy Birthday, GPS Stash Hunt! 2018-05-03 by tg@ Tags: debian fun geocache personal GPS Stash Hunt, also commercially known as “Geocaching”, “Terracaching”, or non-commercially (but also nōn-free) as “Opencaching”, is 18 years old today! Time for celebration or something! Excluding Munzees, I visited 2365 waypoints to date, ever since 2006 (I knew about GPS Stash Hunt in 2004 already but thought one’d need one of those expensive GPS receivers to play, which is untrue but I only got that when Pfeffer (from BOSng) took his GPS and me out for a bike tour in 2006, so, here we are… (Some older on-platform logs have a number that still counts Munzees; the current format uses “number﹟”.)

FixedMisc [MirOS] 20180429 released 2018-04-29 by tg@ Tags: news pcli Today I’ve released another new CVS snapshot of the FixedMisc [MirOS] font; as usual, the tarball contains the font in BDF form, with no conflict with the system Fixed [Misc] font; sources for use (compilation, editing) with bdfctool(1) are in CVS.

mksh on Jehanne, a guest post by Shamar 2018-04-15 by tg@ Tags: archaeology debian fun guest mksh pcli Giacomo Tesio referenced mksh(1) in his annual Jehanne report and provided a guest post (dated 2018-01-09, sorry for posting it this late only) for us on his journey on porting mksh to Jehanne, his Plan 9 derivative operating system. Read on for his story! MirBSD's Korn Shell on Plan9 Jehanne Let start by saying that I'm not really a C programmer.

My last public contribution to a POSIX C program was a little improvement to the Snort's react module back in 2008. So while I know the C language well enough, I do not know anything about the subtliness of the standard library and I have little experience with POSIX semantics. This is not a big issue with Plan 9, since the C library and compiler are not standard anyway, but with Jehanne (a Plan 9 derivative of my own) I want to build a simple, loosely coupled, system that can actually run useful free software ported from UNIX. So I ported RedHat's newlib to Jehanne on top of a new system library I wrote, LibPOSIX, that provides the necessary emulations. I wrote several test, checking they run the same on Linux and Jehanne, and then I begun looking for a real-world, battle tested, application to port first. I approached MirBSD's Korn Shell for several reason: it is simple, powerful and well written

it has been ported to several different operating systems

it has few dependencies

it's the default shell in Android, so it's really battle tested I was very confident. I had read the POSIX standard after all! And I had a test suite!

I remember, I thought "Given newlib, how hard can it be?" The porting begun on September 1, 2017. It was completed by tg on January 5, 2018. 125 nights later. Turn out, my POSIX emulation was badly broken. Not just because of the usual bugs that any piece of C can have: I didn't understood most POSIX semantics at all! First, Cinap had to patiently explain me on #cat-v that UNIX signals are reentrant.

It took him a while: I wasn't able to understand.

Even now, I keep asking: "Why?!? Why they did this! why..." Fixed that, I saw that mksh was unable to execute ls : in Plan 9 common environment variables are lower case.

The $PATH variable is called $path , the $CDPATH variable is called $cdpath and so on.

Also, when appropriate, they are NULL separated char arrays, since they are exposed as files from the env device, and rc can get their size with a simple seek . I reflected on the issue for a while, tried several solutions to preserve both conventions (some of which even worked).

But finally, I surrended to the simplest solution: I adopted the POSIX convention for Jehanne. Aesthetics amuse, but simplicity helps. However it was not enough: I needed to hook mksh startup to read the variables from the filesystem (just like rc does). How to do that cleanly? I asked on #!/bin/mksh and tg did not simply explained a poor noob how to do that. He did it himself! I was enchanted by his kindness. So far Jehanne is just a toy. Still he spent his own time for me. But the journey was still ongoing. I realized that to run a command, mksh requires SIGCHLD support. I added it. The first implementation worked. Once. It was able to run exactly one command in mksh. The shell stopped reading input after the second one. So I wrote it again from scratch. And it worked! Yuppy! :-) Till I tried echo test | grep test Grep didn't get EOF, as mksh for some strange reason was keeping the pipe open.

I extended devdup to ensure fcntl 's emulation was working as expected. I rewrote fcntl emulation. Still broken. Out of despair I turned to annoy tg again over IRC. Talking with him I realized that the problem was the signal dispatching. So I rewrote it again, introducing a new 9P2000 file server that handles signal IPC among POSIX processes, taking care of masks, ignored signals, waited ones. Finally echo test | grep test worked. But... mksh was blaming me with two annoying warnings: mksh: No controlling tty: open /dev/tty: No such file or directory mksh: warning: won't have full job control I asked tg and he tried to explain me what /dev/tty is, providing links about /dev/tty, /dev/ttyN and /dev/console. So I modified vt (and later hmi/pipeconsole ) to provide /dev/tty as an alias to /dev/cons. The first warning was gone... but only the first one! It was not just a matter of warnings: I was unable to interrupt a script (what you do with Ctrl+C on unix). Down the rabbit hole, again. I had to study the complex semantics of tty job control (asking boring questions to tg, again).

I had to fix setsid , getsid , setpgid , getpgid , getpgrp and to add support for termios' tcgetpgrp and tcsetpgrp .

Worse: I had to mostly rewrite the file server I had just written. Sob! It took a while.

In the process I realized that a sys/posixly instance actually represents a single terminal session.. ... did I say it took a while? Then, suddenly... I saw this, and it was like an epiphany: MirBSD's Korn Shell was working on Jehanne! What a happy new year! :-D

Groeten vanuit Brussels, tĳdens FOSDEM 2018-02-03 by tg@ Tags: event personal I’m in Bruxelles again, as every year since 2001, for FOSDEM. (I only missed OSDEM in 2000, mostly due to the curse of late birth.) To revive a tradition, I’ve attempted (and successfully at that!) to find a place where we can eat Couscous Merguez, and we met up with bsiegert@ and had some nice conversation and, besides the overly LOUD!!! belly dance, delicious food. It was nice to catch up with each other again. Other than that, see you over the next few days at ULB! Don’t miss the MuseScore booth and the two Teckids talks. Colophon: complexity sucks.

FOSDEM 2018-01-10 by tg@ Tags: event fun I’ve been going to FOSDEM for about half of my lifetime, give or take a year I think. So, of course, I will be there again this year. Thanks to my employer for sponsoring travel and accommodation again. It’s a bit annoying that the future of alternative OSes is a bit misty right now, depending on the hardware, but we’re continuing development, in subprojects (like mksh(1) and jupp(1), for example) and other projects (like Debian and MuseScore, whom I’ll meet at FOSDEM again) while researching possible fixes for the security theatre.

FrOSCon 2017-08-16 by tg@ Tags: event fun pcli personal I’ll not respond, much, until next Monday. We have FrOSCon.

[PSA] Fixing CVE-2017-12836 (Debian #871810) in GNU cvs 2017-08-11 by tg@ Tags: archaeology bug debian pcli security Considering I’ve become the de-facto upstream of cvs(GNU) even if not yet formally the de-iure upstream maintainer, fixing this bug obviously falls to me — not quite the way I had planned passing this evening after coming home from work and a decent and, worse, very filling meal at the local Croatian restaurant. But, so’s life. The problem here is basically that CVS invokes ssh(1) (well, rsh originally…) but doesn’t add the argument separator “--” before the (user-provided) hostname, which when starting with a hyphen-minus will be interpreted by ssh as an argument. (Apparently the other VCSes also had additional vulnerabilities such as not properly escaping semicoloi or pipes from the shell or unescaping percent-escaped fun characters, but that doesn’t affect us.) The obvious fix and the one I implemented first is to simply add the dashes. This will also be backported to Debian {,{,old}old}stable-security. Then I looked at other VCSes out of which only one did this, but they all added extra paranoia hostname checks (some of them passing invalid hostnames, such as those with underscores in them). OK, I thought, then also let’s add extra checks to CVS’ repository reference handling. This will end up in Debian sid and MirBSD, pending passing the regression tests of course… hah, while writing this article I had to fixup because a test failed. Anyway, it’s not strictly necessary AFAICT to fix the issue. Update, about 2⅕ hours past midnight (the testsuite runs for several hours): of course, the “sanity” testsuite (which itself is rather insane…) also needs adjustments, plus a bonus fix (for something that got broken when the recent allow-root-regex patch was merged and got fixed in the same go to…night). tl;dr: a fix will end up in Debian *stable-security and can be taken out of my mail to the bugreport; another few changes for robustness are being tested and then added to both MirBSD and Debian sid. The impact is likely small, as it’s hard to get a user (if you find one, in the first place) to use a crafted CVSROOT string, which is easy to spot as well. Update, Monday: apparently someone took care of the DSA and DLA yesterday after ACCEPTing the uploads — thanks, I was outside during the day. Update 2017-08-25: It was noted that ssh(1) does not parse its command line correctly, and therefore the patch above might not be enough in the general case. However, I still think it’s good enough for CVS because it constructs its command line in a way that doesn’t let users exploit that bug.

New mksh and jupp releases, mksh FAQ, jupprc for JOE 4.4; MuseScore 2017-08-10 by tg@ Tags: debian mksh news pcli mksh R56 was released with experimental fixes for the “history no longer persisted when HISTFILE near-full” and interactive shell cannot wait on coprocess by PID issues (I hope they do not introduce any regressioins) and otherwise as a bugfix release. You might wish to know the $EDITOR selection mechanism in dot.mkshrc changed. Some more alias characters are allowed again, and POSIX character classes (for ASCII, and EBCDIC, only) appeared by popular vote. mksh now has a FAQ; enjoy. Do feel free to contribute (answers, too, of course). The jupp text editor has also received a new release; asides from being much smaller, and updated (mksh too, btw) to Unicode 10, and some segfault fixes, it features falling back to using /dev/tty if stdin or stdout is not a terminal (for use on GNU with find | xargs jupp , since they don’t have our xargs(1) -o option yet), a new command to exit nonzero (sometimes, utilities invoking the generic visual editor need this), and “presentation mode”. Presentation mode, crediting Natureshadow, is basically putting your slides as (UTF-8, with fancy stuff inside) plaintext files into one directory, with sorting names (so e.g. zero-padded slide numbers as filenames), presenting them with jupp * in a fullscreen xterm. You’d hit F6 to switch to one-file view first, then present by using F8 to go forward (F7 to go backward), and, for demonstrations, F9 to pipe the entire slide through an external command (could be just “sh”) offering the previous one as default. Simple yet powerful; I imagine Sven Guckes would love it, were he not such a vim user. The new release is offered as source tarball (as usual) and in distribution packages, but also, again, a Win32 version as PKZIP archive (right-click on setup.inf and hit I̲nstall to install it). Note that this comes with its own (thankfully local) version of the Cygwin32 library (compatible down to Windows 95, apparently), so if you have Cygwin installed yourself you’re better off compiling it there and using your own version instead. I’ve also released a new DOS version of 2.8 with no code patches but an updated jupprc ; the binary (self-extracting LHarc archive) this time comes with all resource files, not just jupp’s. Today, the jupprc drop-in file for JOE 3.7 got a matching update (and some fixes for bugs discovered during that) and I added a new one for JOE 4.4 (the former being in Debian wheezy, the latter in jessie, stretch and buster/sid). It’s a bit rudimentary (the new shell window functionality is absent) but, mostly, gives the desired jupp feeling, more so than just using stock jstar would. source tarballs

Win32 binaries

DOS binaries

drop-in jupprc for JOE 2.8, or to update jupp 2.8

drop-in jupprc for JOE 3.7

drop-in jupprc for JOE 4.4 CVS’ ability to commit to multiple branches of a file at the same time, therefore grouping the commit (by commitid at least, unsure if cvsps et al. can be persuaded to recognise it). If you don’t know what cvs(GNU) is: it is a proper (although not distributed) version control system and the best for centralised tasks. (For decentral tasks, abusing git as pseudo-VCS has won by popularity vote; take this as a comparison.) If desired, I can make these new versions available in my “WTF” APT repository on request. (Debian buster/sid users: please change “https” to “http” there, the site is only available with TLSv1.0 as it doesn’t require bank-level security.) I’d welcome it very much if people using an OS which does not yet carry either to package it there. Message me when one more is added, too ☺ In unrelated news I uploaded MuseScore 2.1 to Debian unstable, mostly because the maintainers are busy (though I could comaintain it if needed, I’d just need help with the C++ and CMake details). Bonus side effect is that I can now build 2.2~ test versions with patches of mine added I plan to produce to fix some issues (and submit upstream) ☻ In other news, I’m working on a new i386+sparc MirBSD snapshot more than ever. Mostly to get everything old out from under my feet before tackling the LibreSSL import (to get TLSv1.2 support, due to the aforementioned idio…decision). I’ve yet to see whether our G++ port works on sparc, and I’ve yet to create ports for libGLU and xlock which used to be in the base X system but had to go away for being written in an unmaintainable language (plus a system is only reliable if it has only one libstdc++), but it’ll be a good stepping stone (plus mfny asked for a sparc snapshot on IRC). I was considering distributing ISOs at FrOSCon but, with an installed user base in the single digits (likely), you can imagine how useful that’d be. (Fun side idea: distribute ISOs with a boot menu where you can choose not only MirBSD installer or live system but also “minimal Debian system directly booting into the MirBSD live system running under qemu-kvm”. But I’ve got not enough spare time right now.)

Midsummer 2017-06-26 by tg@ Tags: plan snapshot Yes, well. Sorry. Didn’t manage Beltane, not this one either. But, progress.

Updates to the last two posts 2017-03-16 by tg@ Tags: bug debian grml news pcli rant snippet tip work Someone from the FSF’s licencing department posted an official-looking thing saying they don’t believe GitHub’s new ToS to be problematic with copyleft. Well, my lawyer (not my personal one, nor for The MirOS Project, but related to another association, informally) does agree with my reading of the new ToS, and I can point out at least a clause in the GPLv1 (I really don’t have time right now) which says contrary (but does this mean the FSF generally waives the restrictions of the GPL for anything on GitHub?). I’ll eMail GitHub Legal directly and will try to continue getting this fixed (as soon as I have enough time for it) as I’ll otherwise be forced to force GitHub to remove stuff from me (but with someone else as original author) under GPL, such as… tinyirc and e3. My dbconfig-common Debian packaging example got a rather hefty upgrade because dbconfig-common (unlike any other DB schema framework I know of) doesn’t apply the upgrades on a fresh install (and doesn’t automatically put the upgrades into a transaction either) but only upgrades between Debian package versions (which can be funny with backports, but AFAICT that part is handled correctly). I now append the upgrades to the initial-version-as-seen-in-the-source to generate the initial-version-as-shipped-in-the-binary-package (optionally, only if it’s named .in) removing all transaction stuff from the upgrade files and wrapping the whole shit in BEGIN; and COMMIT; after merging. (This should at least not break nōn-PostgreSQL databases and… well, database-like-ish things I cannot test for obvious (SQLite is illegal, at least in Germany, but potentially worldwide, and then PostgreSQL is the only remaining Open Source database left ;) reasons.) Update: Yes, this does mean that maintainers of databases and webservers should send me patches to make this work with not-PostgreSQL (new install/name.in , upgrade files) and not-Apache-2.2/2.4 (new debian/*/*.conf snippets) to make this packaging example even more generally usable. Natureshadow already forked this and made a Python/Flask package from it, so I’ll prod him to provide a similarily versatile hello-python-world example package.

Updated Debian packaging example: PHP webapp with dbconfig-common 2017-03-08 by tg@ Tags: debian pcli snippet tip work Since I use this as base for other PHP packages like SimKolab, I’ve updated my packaging example with: PHP 7 support (untested, as I need libapache2-mod-php5 )

) tons more utility code for you to use

a class autoloader, with example (build time, for now)

(at build time) running a PHPUnit testsuite (unless nocheck) The old features (Apache 2.2 and 2.4 support, dbconfig-common, etc.) are, of course, still there. Support for other webservers could be contributed by you, and I could extend the autoloader to work at runtime (using dpkg triggers) to include dependencies as packaged in other Debian packages. See, nobody needs “composer”! ☻ Feel free to check it out, play around with it, install it, test it, send me improvement patches and feature requests, etc. — it’s here with a mirror at GitHub (since I wrote it myself and the licence is permissive enough anyway). This posting and the code behind it are sponsored by my employer ⮡ tarent.

New GitHub Terms of Service r̲e̲q̲u̲i̲r̲e̲ removing many Open Source works from it 2017-03-01 by tg@ Tags: bug debian event grml news pcli rant security tip work Please use the correct (perma)link to bookmark this article, not the page listing all wlog entries of the last decade. Thank you.</update> Some updates inline and at the bottom. The new Terms of Service of GitHub became effective today, which is quite problematic — there was a review phase, but my reviews pointing out the problems were not answered, and, while the language is somewhat changed from the draft, they became effective immediately. Now, the new ToS are not so bad that one immediately must stop using their service for disagreement, but it’s important that certain content may no longer legally be pushed to GitHub. I’ll try to explain which is affected, and why. I’m mostly working my way backwards through section D, as that’s where the problems I identified lie, and because this is from easier to harder. Note that using a private repository does not help, as the same terms apply. Anything requiring attribution (e.g. CC-BY, but also BSD, …) Section D.7 requires the person uploading content to waive any and all attribution rights. Ostensibly “to allow basic functions like search to work”, which I can even believe, but, for a work the uploader did not create completely by themselves, they can’t grant this licence. The CC licences are notably bad because they don’t permit sublicencing, but even so, anything requiring attribution can, in almost all cases, not “written or otherwise, created or uploaded by our Users”. This is fact, and the exceptions are few. Anything putting conditions on the right to “use, display and perform” the work and, worse, “reproduce” (all Copyleft) Section D.5 requires the uploader to grant all other GitHub users… the right to “use, display and perform” the work (with no further restrictions attached to it) — while this (likely — I didn’t check) does not exclude the GPL, many others (I believe CC-*-SA) are affected, and…

the right to “reproduce your Content solely on GitHub as permitted through GitHub's functionality”, with no further restructions attached; this is a killer for, I believe, any and all licences falling into the “copyleft” category. Note that section D.4 is similar, but granting the licence to GitHub (and their successors); while this is worded much more friendly than in the draft, this fact only makes it harder to see if it affects works in a similar way. But that doesn’t matter since D.5 is clear enough. (This doesn’t mean it’s not a problem, just that I don’t want to go there and analyse D.4 as D.5 points out the same problems but is easier.) This means that any and all content under copyleft licences is also no longer welcome on GitHub. Anything requiring integrity of the author’s source (e.g. LPPL) Some licences are famous for requiring people to keep the original intact while permitting patches to be piled on top; this is actually permissible for Open Source, even though annoying, and the most common LaTeX licence is rather close to that. Section D.3 says any (partial) content can be removed — though keeping a PKZIP archive of the original is a likely workaround. Affected licences Anything copyleft (GPL, AGPL, LGPL, CC-*-SA) or requiring attribution (CC-BY-*, but also 4-clause BSD, Apache 2 with NOTICE text file, …) are affected. BSD-style licences without advertising clause (MIT/Expat, MirOS, etc.) are probably not affected… if GitHub doesn’t go too far and dissociates excerpts from their context and legal info, but then nobody would be able to distribute it, so that’d be useless. But what if I just fork something under such a licence? Only “continuing to use GitHub” constitutes accepting the new terms. This means that repositories from people who last used GitHub before March 2017 are excluded. Even then, the new terms likely only apply to content uploaded in March 2017 or later (note that git commit dates are unreliable, you have to actually check whether the contribution dates March 2017 or later). And then, most people are likely unaware of the new terms. If they upload content they themselves don’t have the appropriate rights (waivers to attribution and copyleft/share-alike clauses), it’s plain illegal and also makes your upload of them or a derivate thereof no more legal. Granted, people who, in full knowledge of the new ToS, share any “User-Generated Content” with GitHub on or after 1ˢᵗ March, 2017, and actually have the appropriate rights to do that, can do that; and if you encounter such a repository, you can fork, modify and upload that iff you also waive attribution and copyleft/share-alike rights for your portion of the upload. But — especially in the beginning — these will be few and far between (even more so taking into account that GitHub is, legally spoken, a mess, and they don’t even care about hosting only OSS / Free works). Conclusion (Fazit) I’ll be starting to remove any such content of mine, such as the source code mirrors of jupp, which is under the GNU GPLv1, now and will be requesting people who forked such repositories on GitHub to also remove them. This is not something I like to do but something I am required to do in order to comply with the licence granted to me by my upstream. Anything you’ve found contributed by me in the meantime is up for review; ping me if I forgot something. (mksh is likely safe, even if I hereby remind you that the attribution requirement of the BSD-style licences still applies outside of GitHub.) (Pet peeve: why can’t I “adopt a licence” with British spelling? They seem to require oversea barbarian spelling.) The others Atlassian Bitbucket has similar terms (even worse actually; I looked at them to see whether I could mirror mksh there, and turns out, I can’t if I don’t want to lose most of what few rights I retain when publishing under a permissive licence). Gitlab seems to not have such, but requires you to indemnify them… YMMV. I think I’ll self-host the removed content. And now? I’m in contact with someone from GitHub Legal (not explicitly in the official capacity though) and will try to explain the sheer magnitude of the problem and ways to solve this (leaving the technical issues to technical solutions and requiring legal solutions only where strictly necessary), but for now, the ToS are enacted (another point of my criticism of this move) and thus, the aforementioned works must go off GitHub right now. That’s not to say they may not come back later once this all has been addressed, if it will be addressed to allow that. The new ToS do have some good; for example, the old ToS said “you allow every GitHub user to fork your repositories” without ever specifying what that means. It’s just that the people over at GitHub need to understand that, both legally and technically¹, any and all OSS licences² grant enough to run a hosting platform already³, and separate explicit grants are only needed if a repository contains content not under an OSI/OKFN/Copyfree/FSF/DFSG-free licence. I have been told that “these are important issues” and been thanked for my feedback; we’ll see what comes from this. ① maybe with a little more effort on the coders’ side³ ② All licences on one of those lists or conformant to the DFSG, OSD or OKD should do⁴. ③ e.g. when displaying search results, add a note “this is an excerpt, click HERE to get to the original work in its context, with licence and attribution” where “HERE” is a backlink to the file in the repository ④ It is understood those organisations never un-approve any licence that rightfully conforms to those definitions (also in cases like a grant saying “just use any OSS² licence” which is occasionally used) Update: In the meantime, joeyh has written not one but two insightful articles (although I disagree in some details; the new licence is only to GitHub users (D.5) and GitHub (D.4) and only within their system, so, while uploaders would violate the ToS (they cannot grant the licence) and (probably) the upstream-granted copyleft licence, this would not mean that everyone else wasn’t bound by the copyleft licence in, well, enough cases to count (yes it’s possible to construct situations in which this hurts the copyleft fraction, but no, they’re nowhere near 100%).

How to use the subtree git merge strategy 2016-12-20 by tg@ Tags: debian grml pcli tip work This article might be perceived as a blatant ripoff of this Linux kernel document, but, on the contrary, it’s intended as add-on, showing how to do a subtree merge (the multi-project merge strategy that’s actually doable in a heterogenous group of developers, as opposed to subprojects, which many just can’t wrap their heads around) with contemporary git (“stupid content tracker”). Furthermore, the commands are reformatted to be easier to copy/paste. To summarise: you’re on the top level of a checkout of the project into which the “other” project (Bproject) is to be merged. We wish to merge the top level of Bproject’s “master” branch as (newly created) subdirectory “dir-B” under the current project’s top level. $ git remote add --no-tags -f Bproject /path/to/B/.git $ git merge -s ours --allow-unrelated-histories --no-commit Bproject/master $ git read-tree -u --prefix= dir-B / Bproject/master $ git commit -m ' Merge B project as our subdirectory dir-B ' Later updates are easy: $ git pull -s subtree Bproject master Besides reformatting, the use of --allow-unrelated-histories recently became necessary. --no-tags is also usually what you want, because tags are not namespaced like branches. Another command you might find relevant is how to clean up orphaned remote branches: $ for x in $(git remote); do git remote prune "$x"; done Update: Natureshadow wishes you to know that there is such a command as git subtree which can do similar things to the subtree merge strategy explained above, and several more related things. It does, however, need the præfix on every subsequent pull.

“I don’t like computers” 2016-11-13 by tg@ Tags: debian pcli personal rant tip cnuke@ spotted something on the internet, and shared. Do read this, including the comments. It’s so true. (My car is 30 years old, I use computers mostly for sirc, lynx and ssh, and I especially do not buy any product that needs to be “online” to work.) Nice parts of the internet, to offset this, though, do exist. IRC as a way of cheap (affordable), mostly reliant, communication that’s easy enough to do with TELNET.EXE if necessary. Fanfiction; easy proliferation of people’s art (literature, in this case). Fast access to documentation and source code; OpenBSD’s AnonCVS was a first, nowadays almost everything (not Tom Dickey’s projects (lynx, ncurses, xterm, cdk, …), nor GNU bash, though) is on a public version control system repository. (Now people need to learn to not rewrite history, just commit whatever shit they do, to record thought process, not produce the perfect-looking patch.) Livestreams too, I guess, but ever since live365.com went dead due to a USA law change on 2016-01-02, it got bad.

Please save GMane! 2016-07-28 by tg@ Tags: debian news pcli rant GMane has been down for a day or two, and flakey for a day before that. MidnightBSD’s laffer1 just linked the reason, which made me cry out loud. GMane is really great, and I rely on the NNTP interface a lot, both posting and especially reading — it gives me the ability to download messages from mailing lists I don’t receive in order to be able to compose replies with (mostly) correct References and In-Reply-To headers. Its web interface, especially the article permalinks, are also extremely helpful. This is a request for a petition to save GMane. Please, someone, do something! Thanks in advance!

httpd CVE-2016-5387 “httpoxy” fixed 2016-07-28 by tg@ Tags: security A small patch was applied to httpd(8) to not pass the HTTP Proxy header as HTTP_PROXY environment variable to CGI scripts, because those often call utilities such as ftp(1), lynx(1), GNU wget, etc. which may accept this as an alternative spelling of http_proxy which is used to set a proxy for outgoing connections — something e.g. the CGI scripts in MirKarte do.

PSA: when upgrading to snapshots, boot into new kernel first 2016-03-06 by tg@ Tags: news plan snapshot tip I’ll have to add O_DIRECTORY support to open(2) for more security in cpio(1), pax(1), and tar(1). (Maybe I’ll also add O_CLOEXEC while there…) Today’s paxmirabilis will however pick this up as soon as it’s there and thus fail if it is not supported by the running kernel yet. Morale: when upgrading to a snapshot take care of the kernel first (install and reboot), userspace second. To be clear: this will affect the first -current snapshot to be published after today on /MirOS/current .

mksh R52c, paxmirabilis 20160306 released; PA4 paper size PDF manpages 2016-03-06 by tg@ Tags: bug debian mksh news pcli security The MirBSD Korn Shell R52c was published today as bugfix-accumulating release of low upto medium importance. Thanks to everyone who helped squashing all those bugs; this includes our bug reporters who always include reproducer testcases; you’re wonderful! MirCPIO was also resynchronised from OpenBSD, to address the CVE-2015-{1193,1194} test cases, after a downstream (wow there are so many?) reminded us of it; thanks!

This is mostly to prevent extracting ../foo — either directly or from a symlink(7) — from actually ending up being placed in the parent directory. As such the severity is medium-high. And it has a page now — initially just a landing page / stub; will be fleshed out later. Uploads for both should make their way into Debian very soon (these are the packages mksh and pax). Uploading backports for mksh (jessie and wheezy-sloppy) have been requested by several users, but none of the four(?) DDs asked about sponsoring them even answered at all, and the regular (current) sponsors don’t have experience with bpo, so… SOL ☹ I’ve also tweaked a bug in sed(1), in MirBSD. Unfortunately, this means it now comes with the GNUism -i too: don’t use it, use ed(1) (much nicer anyway) or perlrun(1) -p/-n… Finally, our PDF manpages now use the PA4 paper size instead of DIN ISO A4, meaning they can be printed without cropping or scaling on both A4 and US-american “letter” paper. And a Бодун from the last announcement: we now use Gentium and Inconsolata as body text and monospace fonts, respectively. (And à propos, the website ought to be more legible due to text justification and better line spacing now.) I managed to hack this up in GNU groff and Ghostscript, thankfully. (LaTeX too) Currently there are PDF manpages for joe (jupp), mksh, and cpio/pax/tar. And we had Grünkohl today! Also, new console-setup package in the “WTF” APT repository since upstream managed to do actual work on it (even fixed some bugs). Read its feed if interested, as its news will not be repeated here usually. (That means, subscribe as there won’t be many future reminders in this place.) The netboot.me service appears to be gone. I’ll not remove our images, but if someone knows what became of it drop us a message (IRC or mailing list will work just fine). PS: This was originally written on 20160304 but opax refused to be merged in time… Happy Birthday, gecko2! In the meantime, the Street Food festival weekend provided wonderful food at BaseCamp, and headache prevented this from being finished on the fifth. Update 06.03.2016: The pax changes were too intrusive, so I decided to only backport the fixes OpenBSD did (both those they mentioned and those silently included), well, the applicable parts of them, anyway, instead. There will be a MirCPIO release completely rebased later after all changes are merged and, more importantly, tested. Another release although not set for immediate future should bring a more sensible (and mksh-like) buildsystem for improved portability (and thus some more changes we had to exclude at first). I’ve also cloned the halfwidth part of the FixedMisc [MirOS] font as FixedMiscHW for use with Qt5 applications, xfonts-base in the “WTF” APT repo. (Debian #809979) tl;dr: mksh R52c (bugfix-only, low-medium); mircpio 20160306 (security backport; high) with future complete rebase (medium) upstream and in Debian. No mksh backports due to lacking a bpo capable sponsor. New console-setup in “WTF” APT repo, and mksh there as usual. xfonts-base too. netboot.me gone?

The things you find in upstream code… 2016-02-13 by tg@ Tags: archaeology bug pcli rant security snapshot I had just gotten an eMail from the nightly /etc/security cronjob that the mailbox from the user foo.lock belongs to the user foo (name changed to protect the… innocent? well, I know that guy from #OpenBSD on IRC, so… YMMV… anyway). Of course, I wanted to change that to exclude mbox lockfiles… # Mailboxes should be owned by user and unreadable. ls -l /var/mail | sed 1d | \ awk '$3 != $9 \ { print "user " $9 " mailbox is owned by " $3 } Dear OpenBSD developers, repeat after me:

Do n̲o̲t̲ parse ls(1) output!

Or write 100 lines of it, or something, until it sinks in. (It can take some writing for it to sink in… just yesternight the fanfiction I was reading was at the point where Dolores Umbridge uses her Blood Quill on the students. Coincidence.)

PDF manpages look better than before 2016-02-10 by tg@ Tags: mksh pcli Our PDF manpages will, starting from now, be generated with Inconsolata instead of Bitstream Vera Mono as monospace font. The body font is still Gentium, of course. To be more exact: the Teχ flavour of Inconsolata Regular and Bold, with the varl and varqu flags, is used, and because GNU groff also requires an Italic or at least Oblique font (also in its bold variant, which the mksh(1) manpage doesn’t use though), Inconsolata LGC (both Italic and Bold Italic) are plugged in there. I added them as PFA Type 1 fonts to GNU groff, so I had to make some fixes in FontForge (merging the variants into the main font, removing unused glyphs (not for LGC), fixing the validation (mostly, and not so much for LGC), autohinting where FontForge expressed a need for that, renaming glyphs to the names expected by afmtodit , …), but it works. I’m not regenerating older PDF manpages though. Inconsolata is also not all I wish for a monospaced font (and even bsiegert@ says nothing goes over FixedMisc) but it has, at least, a 0 (digit zero) with a correct stroke through it ☺

expect turmoil 2016-02-08 by tg@ Tags: archaeology bug hardware news pcli personal plan rant My network at home is unstable. NetCologne suggests to switch to fibre network, but that only comes with a dynamic IPv6 address and NAT64; completely unsuitable to running a server. (I could arguably tunnel a static IPv4 address from a dedicated server to home, but that would completely foil my plans for redundancy.) So I may need an ISP (phone isn’t important) that provides me with connectivity where a static IPv4 (and, ideally, a static IPv6 /64 or /48 — but only if the reverse DNS gets delegated to me, otherwise that’s unusable) ends up at a device of my choosing (and not a plastic router which can then “forward ports”; I require full internet to end up at my own device). HostEurope is relocating the other server, both physically and network-wise. Their plan seems fool-proof so far, though. gecko2@ is decommissioning the server on which eurynome is hosted, shortly. This will also be no small amount of fun for everyone involved. Expect old links, SSH host keys, etc. to break. This explicitly includes /etc/ssh/*known_hosts . During all those moves, I will downsize my DNS zones and change some entries, so that old or duplicate records will be gone. I’ll likely generate and publish completely new hostkeys (both gzsig(1) and PGP clearsigned) once this is all over. The current gzsig(1) key is at the end of /usr/share/doc/README in any installed system. (Do note MD5 is considered insecure.) My current PGP key is 9031955E7A97A4FDA32B2B8676B534B2E99007E0 but this requires GnuPG, so check both. My seeming inability to remember rarely-used “secure” passwords, i.e. those not fitting into my normal schemata, led to me not attempting to run a CA myself any more. While, thanks to rsc, we have an official certificate for www.mirbsd.org now, I probably will get StartSSL for “all” other systems (i.e. herc, as I appear to be downsizing), despite it lacking the SSL client purpose (important e.g. to SMTP). This shouldn’t affect anyone. PS: I still hate Karneval!

FOSDEM 2016-01-28 by tg@ Tags: event Of course, some MirBSD presence will be at FOSDEM this year. There’s no FOSDEM without mirabilos, after all. We have no booth nor any other set place, and no planned talk schedule either, so coordination of meetups will be tricky. I’ll try to get into IRC at least occasionally, but WLAN is usually shitty.

hardware problems on www.mirbsd.org solved (thanks HE) + snapshot 2016-01-20 by tg@ Tags: bug hardware news snapshot Fearing loss of the server or the hard disc when reporting the hard disc issue I postponed that and created a snapshot (for i386) and a CVS repository snapshot and uploaded them first then backed up everything worthwhile on fish and created myself some custom rescue media. (Some background info — this server is from 2006, and back then, they usually cost around 100 €, while this is partially sponsored. I was fearing stopping of the sponsoring or shutdown of such an old real iron hardware even though it works fine for my needs.) Then I shut the server down and asked HostEurope support to check the HDD and, if possible, when replacing, put the old HDD into the second slot (I checked, the PowerEdge 750 has two of them). With a big German dedicated hoster that shall stay unnamed (it’s not the Uffline one), even with a RAID 1 you’re SOL because they refuse to just swap the discs, but I decided to try anyway. So I put the request up in KIS and thought they’d do it during normal working hours (as off-hour work costs extra), but no more than four hours later, the HDD was checked as faulty, a new one (even bigger as they don’t stock 80 GB ones any more ☺) was put into the first slot and the old one into the second slot, and… oh well. The machine was booted into BIOS Setup, and I may connect with the DRAC III/XT (which needs a Java 1.4 plugin for MSIE, or telnet (not ssh), and whose password I forget due to unuse). Some tricking around later I found out that their new netbootable rescue system (a Grml 2014.03 PONY WAGON) doesn’t work with my server, so I resigned to pay the 25 € to have someone boot it up with a Knoppix CD (uh-oh). After all, I just needed any system with which I could dd(1) the custom MirBSD installer ISO I previously made onto /dev/sda then boot into it. To my surprise, I got an eMail telling me they had booted it with a Grml (not from network) and set it up so I could ssh(1) in… with the “initial password”. One eMail later I found out that this server predates passwords in KIS, and by now I’m in the process of restoring services by copying everything from the old to the new disc (only lost some directories under the anoncvs mirror from ocvs which is easily rsync’d right later)… ah, this completed during writing of this wlog/news entry. In the end, this all worked perfectly fine, and I’ll be pointing the www RR back to fish after the bad disc was removed and everything has rsync’d back to my satisfaction.

CVE-2016-0777 OpenSSH roaming leak 2016-01-14 by tg@ Tags: bug security snapshot While our OpenSSH has (now: had) some code related to roaming, I believe our version not affected. If desired, CVS HEAD ships with the entire code removed. I fixed lots of mksh bugs today!

hardware problems on www.mirbsd.org 2016-01-14 by tg@ Tags: bug hardware news rant I just got wd0a: uncorrectable data error reading fsbn style messages in dmesg(8) on the machine behind our website. This is rather unfortunate; it’s possible the website will be down for a while, depending on what service I’ll be able to get for the antique thing. Update: it’s still there after a reboot; I’ll most likely ask the hoster for a hardware check early next week and take the website down durinf that.

“git find” published; test, review, fix it please 2016-01-07 by tg@ Tags: debian fun mksh pcli tip I just published the first version of git find on gh/mirabilos/git-find for easy collaboration. The repository deliberately only contains the script and the manual page so it can easily be merged into git.git with complete history later, should they accept it. git find is MirOS licenced. It does require a recent mksh (Update: I did start it in POSIX sh first, but it eventually turned out to require arrays, and I don’t know perl(1) and am not going to rewrite it in C) and some common utility extensions to deal with NUL-separated lines ( sort -z , grep -z , git ls-tree -z ); also, support for '\0' in tr(1) and a comm(1) that does not choke on embedded NULs in lines. To install or uninstall it, run… $ git clone git@github.com:mirabilos/git-find.git $ cd git-find $ sudo ln -sf $PWD/git-find /usr/lib/git-core/ $ sudo cp git-find.1 /usr/local/share/man/man1/ … hack … $ sudo rm /usr/lib/git-core/git-find \ /usr/local/share/man/man1/git-find.1 The idea behind this utility is to have a tool like “git grep” that acts on the list of files known to git (and not e.g. ignored files) to quickly search for, say, all PNG files in the repository (but not the generated ones). “git find” acts on the index for the HEAD, i.e. whatever commit is currently checked-out (unlike “git grep” which also knows about “git add”ed files; fix welcome) and then offers a filter syntax similar to find(1) to follow up: parenthesēs, ! for negation, -a and -o for boolean are supported, as well as -name , -regex and -wholename and their case-insensitive variants, although regex uses grep(1) without (or, if the global option -E is given, with) -E , and the pattern matches use mksh(1)’s, which ignores the locale and doesn’t do [[:alpha:]] character classes yet. On the plus side, the output is guaranteed to be sorted; on the minus side, it is rather wastefully using temporary files (under $TMPDIR of course, so use of tmpfs is recommended). -print0 is the only output option ( -print being the default). Another mode “forwards” the file list to the system find ; since it doesn’t support DOS-style response files, this only works if the amount of files is smaller than the operating system’s limit; this mode supports the full range (except -maxdepth ) of the system find(1) filters, e.g. -mmin -1 and -ls , but it occurs filesystem access penalty for the entire tree and doesn’t sort the output, but can do -ls or even -exec . The idea here is that it can collaboratively be improved, reviewed, fixed, etc. and then, should they agree, with the entire history, subtree-merged into git.git and shipped to the world. Part of the development was sponsored by tarent solutions GmbH, the rest and the entire manual page were done in my vacation.

no more Munzee in stats 2015-11-13 by tg@ My waypoint statistics and supporting scripts ceased to handle Munzee in any way whatsoever. This is because they’re getting ridiculous, especially in amount, and loss of play fun due to a too slow “äpp”. This means that my figure is now much closer to the real geocaching count, and you have to look at two, separate, statpics to get the entire scoop, but then, the separation does make it all clearer ☺

Oktobr Rain 2015-10-27 by tg@ Tags: fun twitxr The title is a pun on “November Rain” and “Красный Октябрь” (Red Oktober, or nice october)… as a follow-up on my earlier Sakura weblog entry. Again, small images as links to bigger ones:

Go enjoy shell 2015-08-27 by tg@ Tags: debian fun pcli Dimitri, I personally enjoy shell… tglase@tglase:~ $ x=車賈滑豈更串句龜龜契金喇車賈滑豈更串句龜龜契金喇 tglase@tglase:~ $ echo ${x::12} 車賈滑豈更串句龜龜契金喇 tglase@tglase:~ $ printf '%s

' 'import sys' 'print(sys.argv[1][:12])' >x.py tglase@tglase:~ $ python x.py $x 車賈滑豈 I would have commented on your post if it allowed doing so without getting a proprietary Google+ account.

portable shebang for mksh on Unix and Android 2015-06-27 by tg@ Tags: mksh pcli carstenh asked in IRC how to make a shebang for mksh(1) scripts that works on both regular Unix and Android. This is not as easy as it looks, though. Most Unicēs will have mksh installed, either manually or by means of the native package system, as /bin/mksh . Some put it into package manager-specific directories; I saw /sw/bin/mksh , /usr/local/bin/mksh and /usr/pkg/bin/mksh so far. Some systems have it as /usr/bin/mksh but these are usually those who got poettering’d and have /bin a symlink anyway. Most of these systems also have env(1) as /usr/bin/env . Android, on the contrary, ships with precisely one shell. This has been mksh for a while, thankfully. There is, however, neither a /bin nor a /usr directory. mksh usually lives as /system/bin/mksh , with /system/bin/sh a symlink(7) to the former location. Some broken Android versions ship the binary in the latter location instead and do not ship anything that matches mksh on the $PATH , but I hope they merge my AOSP patch to revert this bad change (especially as some third-party Android toolkits overwrite /system/bin/sh with busybox sh or GNU bash and you’d lose mksh in the progress). However, on all official Android systems, mksh is the system shell. This will be important later. The obvious and correct fix is, of course, to chmod -x the scripts and call them explicitly as mksh scriptname . This is not always possible or desirable; sometimes, people will wish it to be in the $PATH and executable, so we need a different solution. There’s a neat trick with shebangs — the absence of one is handled specifically by most systems in various ways. I remember reading about it, but don’t remember where; I can’t find it on Sven Mascheck’s excellent pages… but: the C shell variants run a script with the Bourne Shell if its first line is a sole colon (‘:’), the Bourne family shells run it with themselves or ${EXECSHELL:-/bin/sh} in those cases, and the kernel with the system shell, AFAIK. So we have a way to get most things that could call the script to interpret it as Bourne/POSIX shell script on most systems. Then we just have to add a Bourne shell scriptlet that switches to mksh iff the current shell isn’t it (lksh, or something totally different). On Android, there is only ever one shell (or the toolkit installer better preserve mksh as mksh), so this doesn’t do anything (I hope — but did not test — that the kernel invokes the system shell correctly despite it not lying under /bin/sh ) nor does it need to. This leaves us with the following “shebang”: : case ${KSH_VERSION-} in *MIRBSD\ KSH*) ;; *) # re-run with The MirBSD Korn Shell, this is an mksh-specific script test "${ZSH_VERSION+set}" = set && alias -g '${1+"$@"}'='"$@"' exec mksh "$0" ${1+"$@"} echo >&2 E: mksh re-exec failed, should not happen exit 127 ;; esac Thanks to carstenh and Ypnose for discussing things like this with us in IRC, sending in bugfixes (and changes we decline, with reason), etc. — it feels like we have a real community, not just consuments ☺

さくら — Kirschblüte 2015-04-28 by tg@ Tags: fun twitxr I took some photos of the cherry blossoms fading today. As usual, small versions (about five à 100K) inline, linking to bigger versions (over 1 MiB each). They are published under the terms and conditions of The MirOS Licence. Enjoy. (I am aware that I missed the Kirschblütenfest. This is a deliberate shot, well five, of the blossoms waning. There is another shot of cherry and apple trees in fuller bloom, though I did not take it and thus cannot licence it.) Update: follow-up post during Autumn.

Pannekōche 2015-04-18 by tg@ Tags: food fun tip twitxr Dies ist ein Rezept für polnische Hefepfannkuchen (Racuchy drożdżowe) mit Äpfeln (z jabłkami). Bei uns zu Hause gab es allerdings auch immer diese Pfannkuchen, nur mit Backpulver statt Hefe. Hefe ist allerdings besser. Das, was man sonst in Deutschland (außer Berlin, da heißen Berliner so, obschon die nicht in der Pfanne zubereitet werden) als Pfannkuchen (oder Eier(pfann)kuchen) kennt heißt bei uns Crêpes (oder Eierkuchen). (Natureshadow und ich haben und jetzt drauf geëinigt, daß der Begriff „Pfannkuchen“ zu überladen ist, und zwischen Pannekōche (wie diese hier, nur mit Backpulver), Hefepfannkuchen (diese hier), Eierkuchen (pfannengroß, ½cm dick, mit Zeug eingebacken), Crêpes (beinahe selber Teig wie Eierkuchen, pfannengroß, deutlich dünner, um Zeug gewickelt) und Berlinern zu unterscheiden.

Die Hefepfannkuchen werden etwas mehr als handtellergroß, sind wunderbar luftig und prall und weich in der Mitte. Man kann die nicht nur als Apfelpfannkuchen zubereiten, sondern sie schmecken auch mit Erdbeeren total lecker, was allerdings recht matschig ist. Blaubeeren oder Pfirsische bieten sich auch an. Die Mengenangaben sind für eine Standardfamilie gedacht; auf Arbeit doppeln wir alles, um die halbe Firma satt zu kriegen, und beim Firmenfest haben wir alles vervierfacht; das Rezept skaliert linear sehr gut. Zutaten: 1 Pfund Weizenmehl (½ kg)

1 Prise Salz

50g frische Hefe

3 Eßlöffel Zucker

1½ Tassen Milch auf Zimmertemperatur(!)

1 Ei

3–4 Äpfel (am besten „Topaz“) Zubereitung: Das Mehl in eine große(!) Schüssel geben (der Teig steigt enorm hoch), das Salz hinzumischen. In die Mitte eine kleine Kuhle machen und dort die Hefe hineingeben und mit dem Zucker überhäufen, danach mit einer halben Tasse Milch übergießen und eine Viertelstunde gehen lassen. Dann das Ei und eine ganze Tasse Milch zugeben, kneten und zugedeckt etwa ein bis zwei Stunden gehen lassen. Die Äpfel schälen, vierteln und in dünne Scheiben (etwa 2–3 mm dick) schneiden. (Für 16 Äpfel muß man hier über eine Stunde Arbeitszeit einkalkulieren!) Diese nach dem Ziehen dem Teig zugeben und nochmals durchmischen und eine weitere Stunde (im polnischsprachigen Rezept stand 15–20 Minuten, aber wir gehen hier von Erfahrungswerten von Paweł und mir auf Arbeit aus) zugedeckt gehen lassen. In einer Pfanne (bei doppelter oder gar vierfacher Menge besser in drei Pfannen zu zweit gleichzeitig) Öl mit einem Klecks Butter heißwerden lassen und dann mit einem großen Eßlöffel oder, besser, einem Salatbestecklöffel, drei bis vier Kleckse des Teigs (separat) in die Pfanne geben; nach kurzer Zeit (wenn der Boden und die Ränder schon etwas fest sind) mit einem Pfannenwender umdrehen und leicht obendrauf drücken, dann braten lassen und noch 3–4 Mal wenden, bis sie auf beiden Seiten goldbraun (oft auch etwas mehr als das…) und in der Mitte durch sind, dann auf einen Teller geben, der mit zwei Lagen Zewa ausgelegt wurde, um das überschüssige Fett aufzusaugen. Dann die nächsten Pfannkuchen machen und auf den Teller (oder einen neuen) stapeln. Zielgröße ist etwas mehr als handtellergroß und mehrere Zentimeter dick. Heiß servieren. Kann man so (sind mir süß genug) oder mit Puderzucker bestreut (mag Paweł lieber) oder mit Marmelade essen. (Wenn man die vierfache Menge für die ganze Firma macht sollte man bereits während des Bratens ab und zu selber einen essen, weil man sonst nix mehr bekommt, weil das so lecker riecht, daß die Kollegen einen belagern…) Update: Photo. Diesmal mit Vollkornmehl — eher mehr Milch nehmen hierbei, sonst fallen die Äpfel raus. Stevia geht auch, aber ein bißchen Zucker muß zum Gären sein.

Tricks for using Googlemail at work 2015-04-17 by t.glaser@tarent.de (EvolvisForge blog) Tags: work debian For these who similarily suffer from having to use Googlemail at work. If anyone else has more of these, please do share. Deactivate the spamfilter The site admins can do that. Otherwise, you will have work-relevant eMails, for example from your own OTRS system, end up in Spam (where you don’t see it, as their IMAP sucks) and deleted without asking 30 days later. (AIUI, the only way to get eMails actually deleted from Google…) Do not use their SMTP service Use your own outgoing MTA. This brings back the, well, not feature but should-have-been-granted-but-Google-doesn’t-do-it-anyway that, when you write to a mailing list, you also get your own messages into your own INBOX. Calendars… I have no solutions for this. I stopped using the Googlemail calendars because they didn’t think it a problem that, when I accept an invitation in Kontact (KDEPIM as packaged in Debian sid), the organiser of the calendar item in the sender’s calendar (for which I do not have write permissions) changes to me (so the actual meeting organiser cannot change anything afterwards) and/or calendar items get doubled. I now run a local uw-imapd (forward-ported to sid by means of a binNMU) for sent-mail folders etc. and a local iCalendar directory for calendars.

mksh R50f coming soon 2015-04-11 by tg@ Tags: mksh pcli Please test mksh-current from CVS (or the inofficial git mirror)! There are security-related fixes I’ll MFC in a few days, for which I’d prefer for them (and the other changes) to not introduce any regressions. Thanks!

exciting news, or so 2015-04-07 by tg@ Tags: debian event fun geocache mksh news personal pkgsrc plan rant security work I implemented <? support (including <?php …) script embedding support for *.inc in MirWebseite today; the specific syntax was explicitely requested by Natureshadow. Ugh. My own hacking activities are progressing, even if slowly. I do some other interesting, funny, social, beneficial, etc. stuff in between, though. I’ll even have to get some of my DD buddies to sponsor me some QA uploads of packages I formerly maintained, whereever changes are queued up… such as better old-format repo compatibility in cvs(GNU) ☺ Though some of the stuff I do at work is currently done only there… sorry. Also: prepare to be fully enlightened about just what evil (nice picture) Docker is. I especially liked the comparison of containers to a herd of cattle, mere numbers, replaceable, whereas VMs are cats, each with their individual name, lovely petted each day, etc. ObHint: Some may have noticed I do have a Twitter account now. I do not really use it much. I got it because I wanted to rant at someone who only gave Twitter as means to contact them (a European company running a lottery for USA citizens only). But I found one nice thing: @HourlyCats (though @FacesPics and @BahnAnsagen are funny too, and the Postillon anyway). The internet is there for cat content, anyway.

Ahem. Do not contact me there, use IRC, more specifically, the Freenode network, and possibly memoserv to mirabilos instead, I can’t fit things into 140 chars, that’s just ridiculous. Also, don’t follow me. It may contain rants, it’s NSFW, and I’m not censoring there. As I said: I do not use it. So should you. (But kudos for having a mostly functional “fallback” site (the “mobile” one), which even works in PocketIE (Windows Mobile) and Opera 9, though not so much lynx(1)…) odc (from #!/bin/mksh on IRC) is hacking support to use mksh instead of GNU bash for bootstrapping pkgsrc® (e.g. on Solaris). Nice! Good luck! … à propos mksh(1), dear Debian armel and armhf buildd maintainer colleagues, pretty please with strawberries and chocolate ice on top (I just had that on waffles at my favourite ice salon, so I may be biased), do like s390x and update your chroots and wanna-build give-back mksh, as we requested, so the privacy fix makes it into jessie. Thanks in advance! Oh, and Y_Plentyn and I both have been putting more and updated packages into my APT repository. XTaran held a talk at CLT 2015 mentioning it… maybe I should write up some docs about how to use it for which purposes (e.g. how to avoid systemd but not get the other packages from it, or how to use it with systemd (trivial but has to be stated, it’s freedom of choice after all), etc.)? Besides decent fanfiction (the stories in the Uzumaki Naruto universe seem, on average, to be much longer than those in the Harry Potter one), the weather is becoming good, so I’ve already been enjoying going out for some geocaching and will have the bike fixed at the shop RSN (it suffers a bit each winter, as it stands outside, since our basement is mouldy, which is worse than a bit of rust IMHO) to get more activity in. Also planning to head to the GPS Maze in Mainz and, besides what time FrOSCon (including preparation) allows, heading to DebConf for a while. … to my shame I must admit I fucked up, and we still do not have support in libssl for SHA2-signed X.509 certificates. Also, StartSSL fucked up, so currently https for www.mirbsd.org is toast. Also more on the rant side, services offered by web-based platforms, be they web (e.g. Groundspeak’s GC.COM) or not (Googlemail, which $orkplace switched to against my express veto some time ago) are getting worse and worse over time. I had hoped they realise that and improve, especially when seeing small signs (such as GC.COM pages shrinking to 20% of the formerly served bloat) but… no.

I have to give you that one 2015-03-05 by t.glaser@tarent.de (EvolvisForge blog) Tags: work debian After seeing what the Wildfly (formerly JBoss AS) and Liferay combo does to /tmp , and somewhat attempting to fix it, I saw JVM_TMP in the Debian tomcat7 init script and thought, oh no, not another one. Is that even safe, what they do here, or is that a possibility to instantly pwn? The net is full of literature for how to obtain temporary files and directories, but there is nothing about how to reliably obtain paths under /tmp or, more generally, directories not just writable for one single user (think the g+w thing that got FusionForge CVE-2013-1423). The scenario here is: I am root, and I want to start something as another user, and pass it a stable path, such as /tmp/liferay . So I can just mkdir /tmp/liferay || die; chown thatuser /tmp/liferay and, in the “stop” process, rm -rf /tmp/liferay , right? (Of course not. Also, bad example, as the liferay thing can also be started as thatuser, and our devs regularily need to do that, the init script is there just for the admin convenience and reboot-safety. But I still am interested if there is a secure way to achieve this.) The tomcat7 scenario is “trivial”: on That Other Init System™, it would just get its private /tmp declared in the .service file, and good is, no more hassle. That's one I have to give you. (No idea if this is actually shipped in jessie. Our production systems run wheezy anyway, so there is not even the slightest bit of temptation. Plus, it would not solve the liferay issue, see above. Still, a point for going into the right direction.) The idea here is the same. It creates a directory on start and tears it down on stop. If there was nothing to do on start, the init script could just use mktemp -d . Heck, maybe it still should, but it would need to note down, and communicate to the stop instance, the actual name used. What a drag… This is something I see popping up from time to time. I want to use stable paths for SSH session multiplexing control sockets in my ssh_config(5) file, but have them on tmpfs (Linux) or mfs (BSD) so they get properly removed on reboot. No Unix traditionally has per-user temporary directories that are clean and created after reboot. (Adjusting the paths is trivial once you have them.) Android has it worse, what with not having a world-writable tmp directory, which the shell needs e.g. for here documents; there are two components here, to have a directory the current user can write to, and to know its location. Some fail at the first, some at the second, some at both, and the classic /tmp is not the cure, as we have seen. (But if you ever see mksh erroring out due to lack of write permissions somewhere (including /sqlite_stmt_journals which used to be it) as non-root on Android, or even as root, set TMPDIR to something writable; it's tracked, so the change gets active immediately.)

tomcat7 log encoding 2015-02-26 by t.glaser@tarent.de (EvolvisForge blog) Tags: work debian TIL: the encod