09.04.22

GNU/Linux

• Instructionals/Technical

  • Data Swamp ☛ Managing a fleet of NixOS Part 2 – A KISS design

    Let’s continue my series trying to design a NixOS fleet management.

  • Data Swamp ☛ Local peer to peer binary cache with NixOS and Peerix

    There is a cool project related to NixOS, called Peerix. It’s a local daemon exposed as a local substituter (a server providing binary packages) that will discover other Peerix daemon on the local network, and use them as a source of binary packages.

    Peerix is a simple way to reuse package already installed somewhere on the network instead of downloading it again. Packages delivered by Peerix substituters are signed with a private key, so you need to import each computer public key before being able to download/use their packages. While this can be cumbersome, this also mandatory to prevent someone on the network to spoof packages.

    Perrix should be used wisely, because secrets in your store could be leaked to others.

  • Dan Langille ☛ nsupdate – update failed: REFUSED – Dan Langille’s Other Diary

    A while back, the https://www.freebsddiary.org/topics.php#opteron – the colo facility was purchased and the new owners are not interested in donating services to open source projects.

    That host also acted as a DNS host for all my domain. I pressed a small VPS into service. It handled the query services fine, but updates were sluggish. It took a few hours for it to catch up to Let’s Encrypt renewals.

    To be fair, this $5 box does a decent job as an external monitoring host.

    Over the weekend, I configured another host as a name server.

    Monitoring proved it never lagged with updates.

  • Dan Langille ☛ Getting Home Assistant running in a FreeBSD 13.1 jail – Dan Langille’s Other Diary

    Home Assistant is not friendly for plain installs. It seems designed for containers or running everything out of pip install. That, in itself, is a disturbing trend I’ve seen on several projects (what? you’re not running a git cloned image?).

    I’ve seen reports of people running containers etc. However, I want to run this on FreeBSD. I don’t want to muck about with installing containers etc. If containers are the only way for a project to run, you’re doing it wrong.

    I tried recently and eventually succeeded after several failures. Open source should not be this difficult. The devs seem unware of the problems. A previous attempt in June involved an Ansible playbook. After terrible install this past Tuesday night, I’m going to amend that playbook.

  • RoseHosting ☛ How to Install OpenProject on Ubuntu 22.04 – RoseHosting

    OpenProject is an open-source and free project management software. It is designed to help individuals and businesses manage their project management, issue tracking, scheduling, and other entire project lifecycles. OpenProject is very helpful for team members to track their work and achieve their goals. With OpenProject, you can organize and prioritize your tasks and assign other tasks to other team members. In this tutorial, we will show you how to install OpenProject on Ubuntu 22.04.

  • ID Root ☛ How To Install VeraCrypt on Linux Mint 21 – idroot

    In this tutorial, we will show you how to install VeraCrypt on Linux Mint 21. For those of you who didn’t know, VeraCrypt is free open-source disk encryption software for Windows, macOS, and Linux. The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or the entire storage device with pre-boot authentication.

    This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of a VeraCrypt encryption tool on Linux Mint 21 (Vanessa).

• Games

  • Video ☛ The Steam Deck Is A Complete And Abject Failure *Reaction* – Invidious

    Well let’s see how this reaction goes someone claiming the Steam Deck is a complete and abject failure of a product… Well, will I end up bashing my head through a wall , or will this person actually have some valid points? Lets find out I guess.

  • Boiling Steam ☛ Top 15 New Games You Can Play on Linux with Proton in September 2022 – Boiling Steam

    We are back with our usual monthly update! Boiling Steam looks at the latest data dumps from ProtonDB to give you a quick list of new games that work (pretty much? see ratings) perfectly with Proton since they were released in August 2022 – all of them work out of the box or well enough with tweaks…

• Desktop Environments/WMs

  • K Desktop Environment/KDE SC/Qt

    • KPhotoAlbum 5.9.0 out now! | KPhotoAlbum

      It’s been a while, but now, we’re happy to announce the brand new release 5.9.0 of KPhotoAlbum, the KDE photo management program

Distributions and Operating Systems

• Bryan Lunduke ☛ Linux, Alternative OS, & Retro Computing News – Aug 27, 2022

• Bryan Lunduke ☛ Linux, Alternative OS, – Retro Computing News – Sep 3, 2022

  I’m a big fan of AppImage’s — single .ISO images that contain a piece of software, and all of the necessary dependencies to run it on a reasonably modern Linux system. But a big issue is making them. While some tools exist to aid in the packaging of AppImage’s, the process hasn’t exactly been automatic.

  A new Python script entitled “arch2appimage” — gotta love on-the-nose naming — fixes this issue by taking an Arch package (such as from the AUR) and auto-magically turning it into an AppImage. Dependencies and all.

• Mobile Systems/Mobile Applications

  • postmarketOS // v22.06 SP2: The One That Swipes

    Here it is, after a bit of delay to figure out why the new Phosh version didn’t boot on the Samsung Galaxy S III. Now that the reason is known and a workaround is in place, we also happened to hit the timeframe where fixup versions of these huge Phosh and Phoc releases were made. Enjoy the following changes on stable!

Free, Libre, and Open Source Software

• GNU Projects

  • GNUnet ☛ GNUnet 0.17.5

    This is a bugfix release for gnunet 0.17.4..

    [...]

    Note that due to mirror synchronization, not all links may be functional early after the release.

• Programming/Development

  • Matt Rickard ☛ The Value is in the API

    Not the implementation.
    At my first job, I spent a lot of time digging into the fintech stack. I had become convinced that reverse engineering mobile banking APIs was the technically superior option to screen-scraping. I even took my unsolicited opinion to Hacker News, running into one of the Plaid founders (Plaid, like Yodlee before it, originally used screen-scraping). Plaid turned out to be wildly successful. I learned that the value is in the API, not the implementation. Sometimes a dirty implementation gets the job done.

  • Bozhidar Batsov ☛ nREPL 1.0

    Yesterday I released nREPL 1.0. I hadn’t really planned to have the release then, but after cutting CIDER 1.5 (“Strasbourg”) a bit earlier that day, I decided that this was The Day.

    [...]

    This was quite the journey and I’m happy that we’ve made it to this massive milestone. If I knew how much work I’d need to put in to make nREPL 1.0 a reality back in 2018, I’d probably wouldn’t have volunteered for this task. But I’m very glad that I did! Working on nREPL was much trickier than working on CIDER in many ways and taught me a lot about patience2 and the value of maintaining backward compatibility. Outside of the initial namespace changes we didn’t break backward compatibility at all! Following in the footsteps of my one of my Clojure Heroes (Chas) wasn’t easy either, as I had quite the shoes to fill!

    I’m really glad that mine & Chas’s theory that moving nREPL out of Clojure Contrib would result in more contributions turned out to be correct. We got where we did through the work of many people and I am thankful to all of them! And recently we’ve celebrated the 12th million download of nREPL after it’s development was restarted and I became the project’s maintainer. I hope this means we’re doing something right.

  • Matt Rickard ☛ How to Increase Developer Velocity

    Developer velocity is something that every engineering organization wants, but the steps aren’t always clear on how to get it.

  • Xe’s Blog ☛ waifud Progress Report #2 – Xe

    One of the biggest pain points in waifud for me has been the fact that I’ve needed to SSH into one of my development machines in order to do things with it. This is fine, most of the time I usually have an SSH session open to one of those machines and can easily do what I need while hacking away.

  • Rolisteam – Rolisteam Monthly update #3 – August 2022

    Short introduction, the RCSE allows you to create charactersheet for any TTRPG. It is based on a visual editor to draw fields directly upon an image of the charactersheet. The editor part is using: QGraphicsView/QGraphicsScene and a table view to edit each field. Then the final result can be generated to get the sheet in QML.

  • Jussi Pakkanen ☛ Jussi Pakkanen: Questions to ask a prospective employer during a job interview

    Question: Do developers in your organization have full admin rights on their own computer?

    Rationale: While blocking admin rights might make sense for regular office workers it is a massive hindrance for software developers. They do need admin access for many things and not giving it to them is a direct productivity hit. You might also note that Google does give all their developers root access to their own dev machines and see how they respond.

    Question: Are developers free to choose and install the operating system on their development machines? If yes, can you do all administrative and bureaucracy task from “non-official” operating systems?

    Rationale: Most software projects nowadays deal with Linux somehow and many people are thus more productive (and happier) if they can use a Linux desktop for their development. If the company mandates the use of “IT-approved” Windows install where 50% of all CPU time is spent on virus scanners and the like, productivity takes a big hit. There are also some web services that either just don’t work on Linux or are a massive pain to use if they do (the web UI of Outlook being a major guilty party here).

  • Perl / Raku

    • Assuming optionality | Playing Perl 6␛b6xA Raku

      PWC 180 Task 1 asks us to find the first unique character in a string. I wanted to have a nice interface where I would write:

      [...]

      The idea was to curry postcircumfix:<{ }> so it will be bound to a BagHash and always ask for :!exists. Alas, .assuming doesn’t do the right thing if the proto contains optional positions. I found a workaround utilising once.

  • Shell/Bash/Zsh/Ksh

    • Getting USB TEMPer2 temperature sensor readings into Prometheus (on Linux)

      For reasons outside of the scope of this entry, we recently decided to get some inexpensive USB temperature sensors (we already have a number of old, industrial style temperature sensor boxes). What we wound up getting is the PCsensor TEMPer2; this model and PCsensor’s USB temperature sensors in general seem to be a quite common choice (often resold under some other name). Getting our model going on Linux and getting metrics into our Prometheus setup took some work and head scratching, which I’d like to save other people.

• Standards/Consortia

  • Daniel Aleksandersen ☛ TP-Link band-steers 2,4 to 5 GHz Wi-Fi even when the radio is off

    My TP-Link EAP653 (available on Amazon) Wi-Fi access point (AP) has some features that don’t work well together. Who would have thought that its proprietary extensions to the Wi-Fi standard would cause compatibility issues with clients?

    I’ve configured the AP to power down the fast 5 GHz radio at night to reduce its power consumption.
    The 5 GHz band uses less power than 2,4 GHz (faster means shorter transmission time). However, not all devices are compatible with the former. The power savings is about the same during off-peak hours anyway.
    Clients should fall back to the slower 2,4 GHz network and remain connected throughout the night.

  • Business Wire ☛ USB4 Version 2.0 Announced

Leftovers

• Ruben Schade ☛ Rubenerd: The Mentour Pilot on responsibility

  Petter produces my favourite aviation videos on YouTube. He’s sincere, thorough, avoids sensationalism, and takes the time to explore human and procedural factors when discussing everything from incidents to aircraft design. He’s also just really engaging and fun to watch, and has been responsible for getting me back into playing flight sims again.

• Security

  • Ruben Schade ☛ Rubenerd: Answering “yeah, but is the solution secure?”

    Secure from what? From whom? Where? And for how long?

    Moving from dev and ops to solution architecture has been an eye-opening experience. The first thing you notice is that prospective clients rarely know what they want, and those that do may be confused, have conflicting requirements, or are acting under dangerous misconceptions. I’m sure everyone from business analysts to support engineers know exactly what I’m talking about.

    The challenge with being the interface between sales and engineering is being able to speak to both groups. The former are motivated by KPIs and balance sheets to say “yes!” to everything, and the latter need to build something to a spec. But a sales person who commits to something infeasible is as useful as an engineer who implements an unworkable solution with bad data.

    Security is a perfect example of this struggle in practice. Nobody wants insecure systems, save for pen testers and bounty hunters! Yet ask a businessperson to quantify what they mean when they say a system “has to be secure”, and most can’t. You may get some vague references to encryption, firewalls, VPNs, keys, securing data in flight and at rest, and maybe a tender for flavour, but nothing about how it fits together, or what problems each component is attempting to solve atomically and in aggregate.

  • Earthly ☛ Kube-Bench

    CIS security is a community driven and non-profit organization that aims at improving security around the internet. It is the one that creates and updates CIS controls and CIS benchmarks. You can read more about the CIS

  • Video ☛ Enterprise Linux Security Episode 40 – Continuous Integration / Continuous Delivery – Invidious

    Continuous Integration/Continuous Delivery is huge concept when it comes to application deployment nowadays, and with good reason. Automating the compilation, testing, and other aspects of the development process increases efficiency and reliability. Security is another layer of a good CI/CD system, and in this episode, Jay and Joao discuss CI/CD and the security aspects of the popular deployment style.

• Defence/Aggression

  • Ruben Schade ☛ Rubenerd: Latvia’s Soviet-era monument removed 🇱🇻

    I’ve talked about this many times, but I have tremendous affection for the Baltic states, and Latvia in particular. It’s had an oversized influence over my life, from family friends I grew up with and consider family, to schoolmates, colleagues, and their excellent contributions to my industry. I wrote most of my high school assignments on the country and their Lithuanian neighbours, much to the chagrin of one teacher who “had to do extra work” to grade it. 🎻

    I always smiled when I saw Latvia in the headlines, but recently those feelings have turned to concern. Their country, and their neighbours, border an increasingly hostile state, and their NATO allies are connected by a strip of land far too small for comfort, and incursions into their airspace and political sphere are all too common.

• AstroTurf/Lobbying/Politics

  • Michael West Media ☛ Vale Mikhail Gorbachev – a true leader who gave us hope

    Mikhail Gorbachev was not a man of grand gestures, nor an orator who could move the masses. But he single-handedly changed the world to a more peaceful place, at least for a few short years. He was undone by the greed for power of those that didn’t understand him, nor appreciated the magnitude of what he wanted to achieve.

    Even his biographer, William Taubman, failed to adequately explain how it was possible for a man of pacifist leanings, a true believer in socialism (but not in Stalin or communist dogma) managed to survive and eventually thrive in the Soviet system of distrust and division. He survived the aggressions of Nikita Khrushchev and the oppressive ways of Leonid Brezhnev, and continued his slow ascendancy to the top job as general secretary in 1985.

  • Michael West Media ☛ Rex Patrick: will Timor-Leste become China’s latest aircraft carrier? – Michael West

    In the wake of Scott Morrison and Marise Payne’s disastrous foreign affairs stewardship, Penny Wong jets to Timor-Leste today in what may be another rescue mission to save a Pacific neighbour from China’s expansion in the region. Rex Patrick has long warned the young nation might spurn Australia in favour of Chinese investment.

    When Penny Wong arrives in Timor-Leste today, I’d like to think she’s had the good sense to refuse to allow the Department of Foreign Affairs and Trade to accompany her, because the problem she’s going there to solve, China taking a larger foothold in Timor, is a problem of DFAT’s exclusive making.

  • Michael West Media ☛ Punishment by partiality: Lendlease white-collars stick to the right side of the law no matter what

    The law is meant to wear a blindfold, meting out equal treatment to rich, poor and everyone in between. And the taxman is supposed to make rulings without fear or favour. Does the handling of corporate high fliers show otherwise? Michael West reports on the big Lendlease tax scam.

    The Australian Tax Office published its latest Tax Crime Prosecution Studies just last month. It features a South Australian man receiving a criminal conviction for providing false documents, a swimming teacher going to jail for attempting to claim $250k of false GST refunds, a doctor sentenced to seven months jail for non-lodgements, a bank manager sentenced to three years’ jail for trying to defraud the Commonwealth of $390,000, a NSW man in for two years for defrauding $171,000, and so on.

• Civil Rights/Policing

  • Peter Eckersley, may his memory be a blessing – Praise – Let’s Encrypt Community Support

    I’m devastated to report that Peter Eckersley (@pde), one of the original founders of Let’s Encrypt, died earlier this evening at CPMC Davies Hospital in San Francisco.

    Peter was the leader of EFF’s contributions to Let’s Encrypt and ACME over the course of several years during which these technologies turned from a wild idea into an important part of Internet infrastructure. He also took a lot of initiative in coalescing the EFF, Mozilla, and University of Michigan teams into a single team and a single project. He later served on the initial board of directors of the Internet Security Research Group.

    You can find a very abbreviated version of this history in the Let’s Encrypt paper, to which Peter and I both contributed.

  • LWN ☛ Peter Eckersley RIP [LWN.net]

    Peter Eckersley, one of the original founders of the Let’s Encrypt non-profit TLS certificate authority, has died suddenly, as reported by Seth Schoen

Gemini* and Gopher

• Personal

  • Music over the years

    Long term music life: 1981 we moved to Portugal and my parents had a tape of Elvis and I loved him. There was also a tape with Icelandic folk songs. A friend of my sisters gave me a tape copy of Bruce Springsteen‘s Born in the USA and Live/1975–85. Back to Switzerland somewhere around 1987, then off to Thailand in 1991. Before we left we bought a CD player and I remember a disc or two of Vangelis and The Cure‘s Desintegration. Back in Switzerland in 1991 I remember getting into U2 with Achtung Baby and Zooropa, as well as discovering The Doors. My interest in Arab music came via Transglobal Underground with singer Natacha Atlas. My wife started oriental dancing around that time and we had a gazillion CDs with music from Morocco to Turkey as she started teaching.

• Technical

  • —God damn, the Google Play Store is so frustrating…

    God damn, the Google Play Store is so frustrating at times. The other day I wrote about how fast our (Vivaldi browser’s) turn around was for getting out a new build with a critical security fix from upstream. Well to be clear we have a build out for desktop but not Android. Why? … because our build, which was ready at the same time as desktop, is stuck in “review” in the Play Store and hence cannot be made live. This is despite the fact that it has a single fix (for the security issue). A fix I might add that was written by a Google dev and is included in Chrome, which they immediately updated.

  • Managing a fleet of NixOS Part 3 – Welcome to Bento

    I finally wrote an implementation for the NixOS fleet management, it’s called Bento.