RecentChanges
Recent changes to this wiki. Not to be confused with my history.
Complete source to the wiki is available on GitLab:
git clone http://gitlab.com/anarcat/anarc.at.git
fix typos, some spotted by claude-code
used this in a loop until it started spewing out useless
recommendations:
llm -m claude-opus-4.5 -s 'review for typos, gross errors, keep it really short, without praise' < 2026-03-05-wallabako-retirement.md
used this in a loop until it started spewing out useless
recommendations:
llm -m claude-opus-4.5 -s 'review for typos, gross errors, keep it really short, without praise' < 2026-03-05-wallabako-retirement.md
diff --git a/blog/2026-03-05-wallabako-retirement.md b/blog/2026-03-05-wallabako-retirement.md index 284329c9..4dde4fdc 100644 --- a/blog/2026-03-05-wallabako-retirement.md +++ b/blog/2026-03-05-wallabako-retirement.md @@ -20,11 +20,17 @@ better out there. I have switched away from [Wallabag](https://wallabag.org/) to [Readeck](https://readeck.org/)! And I'm also tired of maintaining "modern" software. Most of the -recent commits on Wallabag are [renovate-bot](https://gitlab.com/renovate-bot-anarcat). This feels futile +recent commits on Wallabako are from [renovate-bot](https://gitlab.com/renovate-bot-anarcat). This feels futile and pointless. I guess it *must* be done at some point, but it also -feels we went wrong somewhere there. Maybe [Filippo Valsord](https://filippo.io/) is +feels we went wrong somewhere there. Maybe [Filippo Valsorda](https://filippo.io/) is right and one should [turn dependabot off](https://words.filippo.io/dependabot/). +I did consider porting Wallabako to Readeck for a while, but there's a +[perfectly fine Koreader plugin](https://github.com/iceyear/readeck.koplugin) that I've been pretty happy to +use. I was worried it would be slow (because the Wallabag plugin *is* +slow), but it turns out that Readeck is fast enough that this doesn't +matter. + # Moving from Wallabag to Readeck Readeck is pretty fantastic: it's fast, it's lightweight, everything @@ -32,7 +38,7 @@ Just Works. All sorts of concerns I had with Wallabag are just gone: [questionable authentication](https://github.com/wallabag/wallabag/issues/2800), [questionable API](https://github.com/wallabag/wallabag/issues/2859), [weird bugs](https://github.com/wallabag/wallabag/issues/6532), mostly gone. I am still looking for [multiple tags filtering](https://github.com/wallabag/wallabag/issues/1197) but I have a much better feeling about Readeck than -Wallabag: it's written in Golang and under activ development. +Wallabag: it's written in Golang and under active development. In any case, I don't want to throw shade at the Wallabag folks either. They did [solve most of the issues I raised with them](https://github.com/wallabag/wallabag/issues?q=involves%3Aanarcat) and @@ -41,8 +47,8 @@ thousands of articles for a long time! It's just time to move on. The migration from Wallabag was impressively simple. The importer is well-tuned, fast, and just works. I wrote about the import in [this -issue](https://codeberg.org/readeck/readeck/issues/1119), but it took about 20 minutes to import essentially all the -articles, and another 5 hours to refresh all the contnts. +issue](https://codeberg.org/readeck/readeck/issues/1119), but it took about 20 minutes to import essentially all +articles, and another 5 hours to refresh all the contents. There are minor issues with Readeck which I have filed (after asking!): @@ -54,13 +60,13 @@ There are minor issues with Readeck which I have filed (after asking!): But overall I'm happy and impressed with the result. -I'm also a mix of happy and sad at letting go of my first (and only, +I'm also both happy and sad at letting go of my first (and only, so far) Golang project. I loved writing in Go: it's a clean language, fast to learn, and a beauty to write parallel code in (at the cost of a rather obscure runtime). It would have been *much* harder to write this in Python, but my -experience in Golang help me think about how to write more parallel +experience in Golang helped me think about how to write more parallel code in Python, which is kind of cool. The [GitLab project](https://gitlab.com/anarcat/wallabako/) will remain publicly accessible, but archived,
automatic federated post of /blog/2026-03-05-wallabako-retirement
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
diff --git a/blog/2026-03-05-wallabako-retirement.md b/blog/2026-03-05-wallabako-retirement.md index d266d2a3..284329c9 100644 --- a/blog/2026-03-05-wallabako-retirement.md +++ b/blog/2026-03-05-wallabako-retirement.md @@ -70,3 +70,7 @@ stewardship for this project, [contact me](https://anarc.at/contact/). Thanks Wallabag folks, it was a great ride! [[!tag wallabako debian-planet python-planet]] + + +<!-- posted to the federation on 2026-03-05T22:05:36.672330 --> +[[!mastodon "https://kolektiva.social/@Anarcat/116180014625645863"]] \ No newline at end of file
retiring wallabako
diff --git a/blog/2026-03-05-wallabako-retirement.md b/blog/2026-03-05-wallabako-retirement.md new file mode 100644 index 00000000..d266d2a3 --- /dev/null +++ b/blog/2026-03-05-wallabako-retirement.md @@ -0,0 +1,72 @@ +[[!meta title="Wallabako retirement and Readeck adoption"]] + +Today I have made the tough decision of retiring the [Wallabako](https://gitlab.com/anarcat/wallabako/) +project. I have rolled out a final (and trivial) 1.8.0 release which +fixes the uninstall procedure and rolls out a bunch of dependency +updates. + +[[!toc]] + +# Why? + +The main reason why I'm retiring Wallabako is that I have completely +stopped using it. It's not the first time: for a while, I wasn't +reading Wallabag articles on my Kobo anymore. But I had started +working on it again [about four years ago](https://anarc.at/blog/2022-05-06-wallabako-1.4.0-released/). Wallabako itself is +about to turn 10 years old. + +This time, I stopped using Wallabako because there's simply something +better out there. I have switched away from [Wallabag](https://wallabag.org/) to +[Readeck](https://readeck.org/)! + +And I'm also tired of maintaining "modern" software. Most of the +recent commits on Wallabag are [renovate-bot](https://gitlab.com/renovate-bot-anarcat). This feels futile +and pointless. I guess it *must* be done at some point, but it also +feels we went wrong somewhere there. Maybe [Filippo Valsord](https://filippo.io/) is +right and one should [turn dependabot off](https://words.filippo.io/dependabot/). + +# Moving from Wallabag to Readeck + +Readeck is pretty fantastic: it's fast, it's lightweight, everything +Just Works. All sorts of concerns I had with Wallabag are just gone: +[questionable authentication](https://github.com/wallabag/wallabag/issues/2800), [questionable API](https://github.com/wallabag/wallabag/issues/2859), [weird +bugs](https://github.com/wallabag/wallabag/issues/6532), mostly gone. I am still looking for [multiple tags +filtering](https://github.com/wallabag/wallabag/issues/1197) but I have a much better feeling about Readeck than +Wallabag: it's written in Golang and under activ development. + +In any case, I don't want to throw shade at the Wallabag folks +either. They did [solve most of the issues I raised with them](https://github.com/wallabag/wallabag/issues?q=involves%3Aanarcat) and +even accepted [my pull request](https://github.com/wallabag/wallabag/pull/7849). They have helped me collect +thousands of articles for a long time! It's just time to move on. + +The migration from Wallabag was impressively simple. The importer is +well-tuned, fast, and just works. I wrote about the import in [this +issue](https://codeberg.org/readeck/readeck/issues/1119), but it took about 20 minutes to import essentially all the +articles, and another 5 hours to refresh all the contnts. + +There are minor issues with Readeck which I have filed (after asking!): + +- [add justified view for articles](https://codeberg.org/gollyhatch/eckard/issues/19) (Android app) +- [more metadata in article display](https://codeberg.org/gollyhatch/eckard/issues/20) (Android app) +- [show the number of articles in the label browser](https://codeberg.org/readeck/readeck/issues/1126) +- [ignore duplicates](https://codeberg.org/readeck/readeck/issues/73#issuecomment-11025251) (Readeck will happily add duplicates, whereas + Wallabag at least *tries* to deduplicate articles -- but often fails) + +But overall I'm happy and impressed with the result. + +I'm also a mix of happy and sad at letting go of my first (and only, +so far) Golang project. I loved writing in Go: it's a clean language, +fast to learn, and a beauty to write parallel code in (at the cost of +a rather obscure runtime). + +It would have been *much* harder to write this in Python, but my +experience in Golang help me think about how to write more parallel +code in Python, which is kind of cool. + +The [GitLab project](https://gitlab.com/anarcat/wallabako/) will remain publicly accessible, but archived, +for the foreseeable future. If you're interested in taking over +stewardship for this project, [contact me](https://anarc.at/contact/). + +Thanks Wallabag folks, it was a great ride! + +[[!tag wallabako debian-planet python-planet]]
update on nuphy after moderate use
diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn index eac26f77..802a9323 100644 --- a/hardware/keyboard.mdwn +++ b/hardware/keyboard.mdwn @@ -175,6 +175,20 @@ The whole point of this was to try to get a scroll lock key to work. I haven't figured it out. I did find their [layout manual](https://cdn.shopifycdn.net/s/files/1/0268/7297/1373/files/NuPhy_Air75_V2_Q_A.pdf?v=1692772705) and the [quick guide](https://cdn.shopify.com/s/files/1/0268/7297/1373/files/NuPhy_Air75_V2_Quick_Guide.pdf?v=1696498123) but it doesn't seem to support those extra keys. +Ultimately, I bound the <kbd>meta k</kbd> key to `input type:keyboard +xkb_switch_layout next` (I don't use `focus left`) which worked for +the immediate fix. + +Update, 2026-03-02: I am using this keyboard more as I set it up with +a travel rack (a [Roost v3 Plus](https://www.therooststand.com/collections/roost-laptop-stand/products/roost-v3-plus-laptop-stand-copy)) and use it while working away +from home, paired with the Nuphy (because it's small). The first day +was fine, and it worked great (although it made me realize how loud it +is!), but during the second day, the keyboard seemed to hang about +half a dozen times. It would just get stuck on a key and keep sending +the same key over and over, as if I was holding it down. I have to +turn the keyboard off and then back on to fix this. Furthermore, it +looks like newer Nuphy keyboards [do *not* ship with QMK](https://github.com/qmk/qmk_firmware/pull/22751#issuecomment-3455721189). + ### Other reviews rtings reviewed [five models](https://www.rtings.com/keyboard/tools/table/141136) and outlined:
another sss hack
diff --git a/blog/secrets-recovery.md b/blog/secrets-recovery.md index 1fdcbee1..489f34c6 100644 --- a/blog/secrets-recovery.md +++ b/blog/secrets-recovery.md @@ -61,6 +61,7 @@ to review: https://news.ycombinator.com/item?id=37534615 128-bit metal punch card backup https://volution.ro/pckb/ +https://git.joeyh.name/index.cgi/gpg.git/tree/README.sss <!-- posted to the federation on 2025-06-01T23:04:28.772798 --> [[!mastodon "https://kolektiva.social/@Anarcat/114611550199170060"]]
update: anarc.at now at mythic beasts
diff --git a/services/dns.mdwn b/services/dns.mdwn
index 37e64614..009ffe8f 100644
--- a/services/dns.mdwn
+++ b/services/dns.mdwn
@@ -99,15 +99,17 @@ présentement:
simplement quitter / ignorer
* mythic-beasts: découvert que c'est un revendeur OpenSRS, donc moins
- intéressant, coûteux, mais trusted... pour l'instant un seul
- domaine là, à migrer vers OpenSRS?
+ intéressant, coûteux, mais trusted...
* OpenSRS: reste ~70$USD de crédit, intéressant parce que très
puissant, mais pas sûr que je veux être revendeur, j'aurais
probablement jamais le débit (1000 *nouveaux* par an!) pour avoir
des rabais, mais somme toute assez bon: DNSSEC fonctionnel, API,
comptes revendeurs, etc, autre problème: pas de facturation
- automatique sur VISA, il faut débiter manuellement
+ automatique sur VISA, il faut débiter manuellement. vraiment trop
+ compliqué.
+
+ * porkbun: pas cher, mais la [gestion multi-user](https://kb.porkbun.com/article/242-subaccounts-vs-authorized-users) st pas super
À considérer, sinon:
@@ -121,14 +123,13 @@ présentement:
Situation actuelle:
* opensrs: test account created, hosted: `debian-policy.info`
- (2025-10-15), not sure I want to keep, could be just for `anarc.at`
- * mythic beasts: idem, to be closed, hosted: `alterne.ca`
- (2025-09-11), maybe keep for `anarc.at` and close OpenSRS because
- it's too complicated?
+ (2025-10-15), way too complicated, to close, probably alongside
+ debian-policy.info
+ * mythic beasts: kept for `anarc.at`
* porkbun: `orangeseeds.net` `orangeseeds.org` (transfer started
2023-12-19), `vichama.ca` (2024-05-17)
- * gandi: `reseaulibre.ca` (2024-04-28), `anarc.at` (2024-09-06),
- `insomniaque.org` (2029-04-28)
+ * gandi: `reseaulibre.ca` (2024-04-28), `insomniaque.org`
+ (2029-04-28)
## Secondaires
.at lock is not specific to gandi
diff --git a/services/dns.mdwn b/services/dns.mdwn index 088a2f85..37e64614 100644 --- a/services/dns.mdwn +++ b/services/dns.mdwn @@ -65,7 +65,7 @@ n'y sont pas listés. | dnssimple.com | 14.50USD | 14.00USD | 16.00USD | 16.00CAD | 18.00USD | 21.60USD | also hosting, support for [RFC 8078][] | | dynadot.com | 11.99USD | 10.99USD | 11.99USD | 9.99USD | 13.25USD | 17.99USD | hosted wikileaks, blocked in india for cybersquatting | | easydns.com | 19.00USD | 19.00USD | 15.00USD | 12.53USD | 24.00USD | 26.00USD | 12.52USD = 15.00CAD, also hosting | -| gandi.net | 23.99USD | 24.99USD | 24.99USD | 24.99CAD | 29.99USD | 39.99USD | pas de transfer lock .at, [vendus][], prix explosés | +| gandi.net | 23.99USD | 24.99USD | 24.99USD | 24.99CAD | 29.99USD | 39.99USD | [vendus][], prix explosés | | glauca.digital | 22.34USD | 27.58USD | 30.09USD | 28.80CAD | 22.05EUR | 28.74USD | excellent API, support for [RFC 7344][] and [RFC 8078][] | | infomaniak.com | 12.23EUR | 14.70USD | 13.36USD | 14.86USD | 14.70USD | 20.06USD | 2,40 € / year extra for domain privacy, requires identity check | | joker.com | 16.99USD | 16.88USD | 18.67USD | N/A | 15.99USD | 28.80USD | |
cross-reference the ss article
diff --git a/blog/2026-02-18-iproute2.md b/blog/2026-02-18-iproute2.md index 41dbc465..ee3aac53 100644 --- a/blog/2026-02-18-iproute2.md +++ b/blog/2026-02-18-iproute2.md @@ -17,6 +17,9 @@ package to `net-tools` the new `iproute2`, about 10 years late: | `route del ROUTE` | `ip route del ROUTE` | `ip r d ROUTE` | remove `ROUTE` (e.g. `default`) | | `netstat -anpe` | `ss --all --numeric --processes --extended` | `ss -anpe` | list listening processes, less pretty | +Note that I wrote a [[whole +article|blog/2023-03-10-listening-processes]] about the latter. + # Another trick Also note that I often alias `ip` to `ip -br -c` as it provides a @@ -98,4 +101,4 @@ hilarious. <!-- posted to the federation on 2026-02-18T11:30:55.082264 --> -[[!mastodon "https://kolektiva.social/@Anarcat/116092584255984978"]] \ No newline at end of file +[[!mastodon "https://kolektiva.social/@Anarcat/116092584255984978"]]
another test
diff --git a/blog/list-tags.sh b/blog/list-tags.sh index 01f3d83e..b07d4ca5 100644 --- a/blog/list-tags.sh +++ b/blog/list-tags.sh @@ -1,2 +1,3 @@ #! /bin/sh + grep -P -h '(?<!\\)\[\[!tag' *.mdwn | sed 's/\[\[!tag//g;s/\]\]//g;s/"//g;s/ /\n/g' | sort | grep . | uniq -c | sort -n
yolo commit to test hook
diff --git a/blog.mdwn b/blog.mdwn index b46f05bf..626ea5ac 100644 --- a/blog.mdwn +++ b/blog.mdwn @@ -434,4 +434,5 @@ quick=yes * 2005-2015: [Blog Drupal](https://web.archive.org/web/20150209161332/http://anarcat.koumbit.org/) * 2005: [Pseudo-blog wiki](http://wiki.koumbit.net/TheAnarcatBlog) * 2003-2004: [Blog de l'Insomniaque](http://insomniaque.org/blog/5.html) + </div>
Revert "automatic federated post of /blog"
This reverts commit 82161a80d6f3ac6ac7ca22e56991a242338a04bf.
This reverts commit 82161a80d6f3ac6ac7ca22e56991a242338a04bf.
diff --git a/blog.mdwn b/blog.mdwn index 820ac066..b46f05bf 100644 --- a/blog.mdwn +++ b/blog.mdwn @@ -435,7 +435,3 @@ quick=yes * 2005: [Pseudo-blog wiki](http://wiki.koumbit.net/TheAnarcatBlog) * 2003-2004: [Blog de l'Insomniaque](http://insomniaque.org/blog/5.html) </div> - - -<!-- posted to the federation on 2026-02-23T14:39:17.330821 --> -[[!mastodon "https://kolektiva.social/@Anarcat/116121636514747968"]] \ No newline at end of file
automatic federated post of /blog
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
diff --git a/blog.mdwn b/blog.mdwn index b46f05bf..820ac066 100644 --- a/blog.mdwn +++ b/blog.mdwn @@ -435,3 +435,7 @@ quick=yes * 2005: [Pseudo-blog wiki](http://wiki.koumbit.net/TheAnarcatBlog) * 2003-2004: [Blog de l'Insomniaque](http://insomniaque.org/blog/5.html) </div> + + +<!-- posted to the federation on 2026-02-23T14:39:17.330821 --> +[[!mastodon "https://kolektiva.social/@Anarcat/116121636514747968"]] \ No newline at end of file
add 2026
diff --git a/blog.mdwn b/blog.mdwn index df76e9b4..b46f05bf 100644 --- a/blog.mdwn +++ b/blog.mdwn @@ -99,6 +99,22 @@ more socially acceptable and less politically controversial. <!-- end copy-paste --> ## 2025 +[[!inline pages=" +( + page(blog/*) + or tagged(blog) +) +and creation_year(2026) +and !blog/*/* +and !link(foo) +and !tagged(draft) +and !tagged(redirection)" +archive=yes +quick=yes +]] + +## 2025 + [[!inline pages=" ( page(blog/*)
automatic federated post of /blog/2026-02-23-dst-warning
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
diff --git a/blog/2026-02-23-dst-warning.md b/blog/2026-02-23-dst-warning.md index bee66209..0ddce923 100644 --- a/blog/2026-02-23-dst-warning.md +++ b/blog/2026-02-23-dst-warning.md @@ -188,3 +188,7 @@ was written, and curses found along the way, are also documented in duty. [[!tag news time debian-planet python-planet]] + + +<!-- posted to the federation on 2026-02-23T14:32:07.697000 --> +[[!mastodon "https://kolektiva.social/@Anarcat/116121608354789757"]] \ No newline at end of file
publish a blog about the DST
diff --git a/blog/2026-02-23-dst-warning.md b/blog/2026-02-23-dst-warning.md
new file mode 100644
index 00000000..bee66209
--- /dev/null
+++ b/blog/2026-02-23-dst-warning.md
@@ -0,0 +1,190 @@
+[[!meta title="PSA: North america changes time forward soon, Europe next"]]
+
+> This is a copy of an email I used to send internally at work and now
+> [made public](https://lists.torproject.org/mailman3/hyperkitty/list/tor-project@lists.torproject.org/thread/HR3ISDIVLOR5NNAN24F2TCHMPHFOI2XR/). I'm not sure I'll make a habit of posting it here,
+> especially not *twice a year*, unless people really like it. Right
+> now, it's mostly here to keep with my current writing spree going.
+
+This is your bi-yearly reminder that time is changing soon!
+
+# What's happening?
+
+For people not on tor-internal, you should know that I've been sending
+semi-regular announcements when daylight saving changes occur. Starting
+now, I'm making those announcements public so they can be shared with
+the wider community because, after all, this affects everyone (kind of).
+
+For those of you lucky enough to have no idea what I'm talking about,
+you should know that some places in the world implement what is called
+[Daylight saving time or DST](https://en.wikipedia.org/wiki/Daylight_saving_time).
+
+Normally, you shouldn't have to do anything: computers automatically
+change time following local rules, assuming they are correctly
+configured, provided recent updates have been applied in the case of a
+recent change in said rules (because yes, this happens).
+
+Appliances, of course, will likely *not* change time and will need to
+adjusted unless they are so-called "smart" (also known as "part of a bot
+net").
+
+If your clock is flashing "0:00" or "12:00", you have no action to take,
+congratulations on having the right time once or twice a day.
+
+If you haven't changed those clocks in six months, congratulations, they
+will be accurate again!
+
+In any case, you should still consider DST because it might affect some
+of your meeting schedules, particularly if you set up a new meeting
+schedule in the last 6 months and forgot to consider this
+change.
+
+# If your location does not have DST
+
+Properly scheduled meetings affecting multiple time zones are set in UTC
+time, which does *not* change. So if your location does not observer
+time changes, your (local!) meeting time will *not* change.
+
+But be aware that some other folks attending your meeting *might* have
+the DST bug and *their* meeting times will change. They might miss
+entire meetings or arrive late as you frantically ping them over IRC,
+Matrix, Signal, SMS, Ricochet, Mattermost, SimpleX, Whatsapp, Discord,
+Slack, Wechat, Snapchat, Telegram, XMPP, Briar, Zulip, RocketChat,
+DeltaChat, talk(1), write(1), actual telegrams, Meshtastic, Meshcore,
+Reticulum, APRS, snail mail, and, finally, flying a remote presence
+drone to their house, asking what's going on.
+
+(Sorry if I forgot your preferred messaging client here, I tried my
+best.)
+
+Be kind; those poor folks might be more sleep deprived as DST *steals*
+one hour of sleep from them on the night that implements the change.
+
+# If you do observe DST
+
+If you are affected by the DST bug, your *local* meeting times *will*
+change access the board. Normally, you can trust that your meetings are
+scheduled to take this change into account and the new time should still
+be reasonable.
+
+Trust, but verify; make sure the new times *are* adequate and there are
+no scheduling conflicts.
+
+Do this *now*: take a look at your calendar in two week *and* in
+April. See if any meeting need to be rescheduled because of an
+impossible or conflicting time.
+
+# When does time change, how and where?
+
+Notice how I mentioned "North America" in the subject? That's a
+lie. ("The doctor lies", as they say on the BBC.) Other places,
+including Europe, also changes times, just not all at once (and not all
+North America).
+
+We'll get into "where" soon, but first let's look at the "how". As you might
+already know, the trick is:
+
+> Spring forward, fall backwards.
+
+This northern-centric (sorry!) proverb says that clocks will move
+*forward* by an hour this "spring", after moving *backwards* last
+"fall". This is why we lose an hour of work, sorry, sleep. It sucks, to
+put it bluntly. I want it to stop and will keep writing those advisories
+until it does.
+
+To see where and when, we, unfortunately, still need to go into politics.
+
+## USA and Canada
+
+First, we start with "North America" which, really, is just some *parts*
+of USA[1] and Canada[2]. As usual, on the Second Sunday in March (the
+8th) at 02:00 local (not UTC!), the clocks will move forward.
+
+This means that properly set clocks will flip from 1:59 to 3:00, coldly
+depriving us from an hour of sleep that was perniciously granted 6
+months ago and making calendar software stupidly hard to write.
+
+Practically, set your wrist watch and alarm clocks[3] back one hour
+before going to bed and go to bed early.
+
+[1] except Arizona (except the Navajo nation), US territories, and
+ Hawaii
+
+[2] except Yukon, most of Saskatchewan, and parts of British Columbia
+ (northeast), one island in Nunavut (Southampton Island), one town in
+ Ontario (Atikokan) and small parts of Quebec (Le
+ Golfe-du-Saint-Laurent), a list which I keep recopying because I
+ find it just so amazing how chaotic it is. When your clock has its
+ [own Wikipedia page](https://en.wikipedia.org/wiki/Time_in_Saskatchewan), you know something is wrong.
+
+[3] hopefully not managed by a botnet, otherwise kindly ask your bot net
+ operator to apply proper software upgrades in a timely manner
+
+## Europe
+
+Next we look at our dear Europe, which will change time on the last
+Sunday in March (the 29th) at 01:00 *UTC* (not local!). I *think* it
+means that, Amsterdam-time, the clocks will flip from 1:59 to 3:00 AM
+*local* on that night.
+
+(Every time I write this, I have doubts. I would welcome independent
+confirmation from night owls that observe that funky behavior
+experimentally.)
+
+Just like your poor fellows out west, just fix your old-school clocks
+before going to bed, and go to sleep early, it's good for you.
+
+## Rest of the world with DST
+
+Renewed and recurring apologies again to the people of Cuba, Mexico,
+Moldova, Israel, Lebanon, Palestine, Egypt, Chile (except Magallanes
+Region), parts of Australia, and New Zealand which *all* have their own
+*individual* DST rules, omitted here for brevity.
+
+In general, changes also happen in March, but either on different
+times or different days, except in the south hemisphere, where they
+happen in April.
+
+## Rest of the world without DST
+
+All of you other folks without DST, rejoice! Thank you for reminding us
+how manage calendars and clocks normally. Sometimes, doing nothing is
+precisely the right thing to do. You're an inspiration for us all.
+
+# Changes since last time
+
+There were, again, no changes since last year on daylight savings that
+I'm aware of. It seems the [US congress debating switching to a
+"half-daylight" time zone](https://www.usatoday.com/story/news/nation/2026/02/19/daylight-act-of-2026-proposing-half-daylight-saving-time/88760725007/) which is an half-baked idea that I
+should have expected from the current USA politics.
+
+The plan is to, say, switch from "Eastern is UTC-4 in the summer" to
+"Eastern is UTC-4.5". The bill also proposes to do this 90 days after
+enactment, which is dangerously optimistic about our capacity at
+deploying any significant change in human society.
+
+In general, I rely on the [Wikipedia time nerds](https://en.wikipedia.org/wiki/Daylight_saving_time_by_country) for this and Paul
+Eggert which seems to singlehandledly be keeping everything in order
+for all of us, on the [tz-announce mailing list](https://lists.iana.org/hyperkitty/list/tz-announce@iana.org/latest).
+
+This time, I've also looked at the [tz mailing list](https://lists.iana.org/hyperkitty/list/tz@iana.org/latest) which is where
+I learned about the congress bill.
+
+If your country has changed time and no one above noticed, now would
+be an extremely late time to do something about this, typically
+writing to the above list. (Incredibly, *I* need to write to the list
+because of [this post](https://lists.iana.org/hyperkitty/list/tz@iana.org/thread/6HN5SWD2BJA7OVTPFR3VB42JIA6PFLPG/).)
+
+One thing that *did* change since last year is that I've implemented
+what I hope to be a robust calendar for this, which was surprisingly
+tricky.
+
+If you have access to our Nextcloud, it should be visible under the
+heading "Daylight saving times". If you don't, you can access it using
+[this direct link](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/time/dst.ics).
+
+The procedures around how this calendar was created, how this email
+was written, and curses found along the way, are also documented in
+[this wiki page](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/time), if someone ever needs to pick up the Time Lord
+duty.
+
+[[!tag news time debian-planet python-planet]]
update lots of meshtastic notes
diff --git a/services/meshtastic.md b/services/meshtastic.md
index 99257dee..14177aee 100644
--- a/services/meshtastic.md
+++ b/services/meshtastic.md
@@ -83,6 +83,55 @@ More concerning is his criticism of the core team culture:
He points at Meshcore and Reticulum as possible replacements.
+Many mesh nets have switched to MediumFast as a response to some
+scalability problems, which is also described on [this official blog
+post](https://meshtastic.org/blog/why-your-mesh-should-switch-from-longfast/), which include:
+
+- [Bay area, USA and Wellington, NZ](https://meshtastic.org/blog/why-your-mesh-should-switch-from-longfast/#real-world-success), from the above blog post
+- [mtnme.sh](https://mtnme.sh/mediumfast/)
+- puget mesh experimented with MediumFast, but seem to be moving to
+ Meshcore as of Q1-2026
+
+# Privacy and security
+
+Default security is pretty much non-existent: in the default channel,
+packets are encrypted, but with a known key.
+
+*Other* channels seem to use pretty solid encryption, but there's
+likely metadata leakage ("who is talking to who") in cleartext over
+the airwaves that can be easily sniffed by anyone in range. Joining a
+MQTT server makes that even easier to sniff.
+
+Also note that Meshtastic only does *encryption*: you don't get things
+like forward-secrecy, authentication, or integrity, see the
+[encryption section](https://meshtastic.org/docs/overview/encryption/). This sounds minor, but this is a significant
+threat vector as, for example, if someone knows you wrote "hi" to a
+channel, even if they don't have the encryption key, they can replay
+that "hi" by sending the exact same encrypted packet. Security is
+hard. It seems like [Reticulum does this better](https://reticulum.network/crypto.html).
+
+Nodes often transmit other telemetry like GPS location, temperature,
+and other sensors, by default. GPS location precision can be reduced
+(say "I'm in Montreal" instead of "I'm at 1234 boulevard
+Saint-Laurent") or completely turned off, but it might still possible
+to triangulate device's positions, as with any typical radio
+transmission. LoRa signals are "bursty" and low power, so that's more
+difficult than, say, classic ham radio signals though.
+
+There's a [Meshtastic ZPS](https://github.com/a-f-G-U-C/Meshtastic-ZPS) project that tries to implement GPS-less
+localization, but it's using external positioning systems and
+WiFi/Bluetooth scans instead of a GPS, so it's not triangulation per
+se.
+
+Weak default Bluetooth pairing codes (the "PIN") are often
+[luggage-strength](https://en.wikipedia.org/wiki/Spaceballs) like `1234` or `123456`. They should be changed
+unless you're okay with anyone within range taking control of your
+devices.
+
+Physical access to the devices also likely leads to full compromise as
+devices can generally be put in "DFU" ([Device firmware upgrade](https://en.wikipedia.org/wiki/USB#Device_Firmware_Upgrade_mechanism))
+mode relatively easily.
+
# Hardware
Below are some Meshtastic-compatible devices I found interesting.
@@ -229,7 +278,7 @@ the time:
button, 3200mAh battery, USB-C powered, 100$
- [WisMesh Solar Repeater](https://store.rakwireless.com/products/wismesh-meshtastic-solar-repeater): solar, battery, mast-mountable, unclear
if it can be setup without solar and if it supports MQTT/ethernet,
- 300$
+ 300$, SenseCAP Solar Node P1 (below) might be sturdier and cheaper
- [WishMesh Solar Repeater Mini](https://store.rakwireless.com/products/wishmesh-meshtastic-solar-repeater-mini): solar, battery, mast-mountable,
cheaper, 100$
- [WisMesh Ethernet Gateway](https://store.rakwireless.com/products/wismesh-ethernet-gateway): no battery, no solar, but ethernet
@@ -247,7 +296,7 @@ the time:
the nuts)
- 4 × M3 nuts
- 2 × M2.5 screws (*not* part of the above kit, [length unclear](https://www.printables.com/model/286664-rak19003-micro-case-for-meshtastic/comments/2516182),
- [here are M2.5x6mm](https://abra-electronics.com/hardware/metric-hardware-round-phillips-head-screws/1968p-machine-screw-m2.5-6mm-length-phillips-25-pack.html) or [this kit](https://abra-electronics.com/hardware/metric-hardware-kits/screws-bolts/repair-kit-for-eyeglasses-watches-screws-and-nuts-caps-m1m2m2.5-stainless.html)3)
+ [here are M2.5x6mm](https://abra-electronics.com/hardware/metric-hardware-round-phillips-head-screws/1968p-machine-screw-m2.5-6mm-length-phillips-25-pack.html) or [this kit](https://abra-electronics.com/hardware/metric-hardware-kits/screws-bolts/repair-kit-for-eyeglasses-watches-screws-and-nuts-caps-m1m2m2.5-stainless.html))
- 1 × battery ([Amazon](https://www.amazon.com/gp/product/B091FKGW8H), possibly the same as [Abra](https://abra-electronics.com/batteries-holders/batteries-polymer-lithium-ion/1578-ada-lithium-ion-polymer-battery-37v-500mah-1578-ada.html),
optional?)
- there's also an optional [battery cutoff switch](https://www.amazon.com/gp/product/B086L2GPGX), couldn't find
@@ -255,9 +304,9 @@ the time:
Those I haven't tested yet as I haven't laid hand on them:
-- [SenseCAP Solar Node P1](https://www.seeedstudio.com/SenseCAP-Solar-Node-P1-for-Meshtastic-LoRa-p-6425.html): pre-order (as of 2025-04-22), 70$USD,
- outdoors solar-powered relay with 4x18650 batteries, nRF4840, GNSS,
- BT 5.0, 3 power buttons, 5 LEDs, USB-C for debug
+- [SenseCAP Solar Node P1](https://www.seeedstudio.com/SenseCAP-Solar-Node-P1-for-Meshtastic-LoRa-p-6425.html): 90$USD, outdoors solar-powered relay
+ with 4x18650 batteries, nRF4840, GNSS, BT 5.0, 3 power buttons, 5
+ LEDs, USB-C for debug, [recommended by nyme.sh](https://nyme.sh/faq/)
- [T-Echo](https://lilygo.cc/products/t-echo-lilygo): e-ink display, GPS, BT 5.0, no wifi, only three
buttons, NFC, 850mAh battery, temperature/pressure sensor, 55$
- [T-Beam Supreme](https://lilygo.cc/products/t-beam-supreme?variant=43067944173749): 1.3" OLED display, 18650 battery socket,
@@ -274,7 +323,8 @@ Those I haven't tested yet as I haven't laid hand on them:
battery, and battery doesn't fit in the case), they also have an
[eink dev board](https://heltec.org/project/vision-master-e290/)
- [Muzi](https://muzi.works/) has builds on top of the Heltec, e.g. [this H2T](https://muzi.works/products/h2t-complete-device-heltec-t114-with-gps-running-meshtastic) made
- with a Heltec T114
+ with a Heltec T114, [this R1 Neo](https://muzi.works/products/r1-neo-complete-meshtastic-device) is similar to the WisMesh
+ Pocket, but smaller, better sealed, but more expensive
- [Lamp hack](https://hackaday.io/project/194509-harbor-breeze-meshtastic-hack)
- [Antennas](https://meshtastic.org/docs/hardware/antennas/) vary as well
- Power is a whole other question, see [power consumption
@@ -306,26 +356,50 @@ thing).
Note that you can also [flash firmware](https://meshtastic.org/docs/getting-started/flashing-firmware/) without a web UI, but the
flasher web UI is still useful to download the right firmware.
+## Mobile apps
+
+There's also an [Android app](https://meshtastic.org/docs/category/android-app/), also [shipped on F-Droid](https://f-droid.org/packages/com.geeksville.mesh/).
+
+And yes, there's also an [iOS app](https://meshtastic.org/docs/software/apple/installation/).
+
+Note that those won't work without a LoRa transmitter, to which you
+typically connect over Bluetooth.
+
## Linux
There's a [commandline client and Python library](https://github.com/meshtastic/python) that can be used
to talk to devices. There's even a rudimentary [GTK client](https://gitlab.com/kop316/gtk-meshtastic-client). Both
are packaged in Debian.
-There's also TUIs like [contact](https://github.com/pdxlocations/contact) (messaging), [connect](https://github.com/pdxlocations/connect)
-(LoRa-less client), [control](https://github.com/pdxlocations/control) (configuration).
+- TUIs
+ - [contact](https://github.com/pdxlocations/contact) (messaging)
+ - [connect](https://github.com/pdxlocations/connect) (LoRa-less client)
-I wrote a batch flashing tool that's called [reflashtic](https://gitlab.com/anarcat/scripts/-/blob/main/reflashtic.py?ref_type=heads), derived
-from work a friend did on a similar bash script.
+- [reflashtic](https://gitlab.com/anarcat/scripts/-/blob/main/reflashtic.py?ref_type=heads): batch flashing tool I wrote, derived from work a
+ friend did on a similar bash script
-## Mobile apps
+- [puget mesh](https://pugetmesh.org/) has a [bunch of interesting projects](https://pugetmesh.org/meshtastic/#member-projects):
-There's also an [Android app](https://meshtastic.org/docs/category/android-app/), also [shipped on F-Droid](https://f-droid.org/packages/com.geeksville.mesh/).
+ - [meshing-around](https://github.com/SpudGunMan/meshing-around): "BBS" like functionality, ping, weather alerts,
+ shell commands, games, quizzes, messaging, testing
-And yes, there's also an [iOS app](https://meshtastic.org/docs/software/apple/installation/).
+ - [aprstastic](https://github.com/afourney/aprstastic): APRS gateway
-Note that those won't work without a LoRa transmitter, to which you
-typically connect over Bluetooth.
+ - [meshfirmware](https://github.com/mikecarper/meshfirmware): "automatic" flasher, see also my reflashtic above
+
+- [TC2-BBS-mesh](https://github.com/TheCommsChannel/TC2-BBS-mesh): mail, channel directory, stats, fortune
+
+- [Frozen BBS](https://github.com/kstrauser/frozenbbs): another BBS, rust
+
+- [hops](https://github.com/morria/hops): bot from [nyme.sh](https://nyme.sh/)
+
+## Monitoring
+
+- <https://dash.mt.gt/>
+- <https://github.com/cordelster/mesh-metrics/>
+- <https://github.com/artiommocrenco/meshtastic-prometheus-exporter>
+- <https://github.com/tcivie/meshtastic-metrics-exporter>
+- [Meshmonitor](https://meshmonitor.org/): maps, analytics, traceroutes, triggers
# MQTT
@@ -379,57 +453,11 @@ well.
to Meshtastic!)
- HiveMQ public broker: `broker.hivemq.com`, see [their documentation](https://www.hivemq.com/mqtt/public-mqtt-broker/)
-# Privacy and security
-
-Default security is pretty much non-existent: in the default channel,
-packets are encrypted, but with a known key.
-
-*Other* channels seem to use pretty solid encryption, but there's
-likely metadata leakage ("who is talking to who") in cleartext over
-the airwaves that can be easily sniffed by anyone in range. Joining a
-MQTT server makes that even easier to sniff.
-
-Also note that Meshtastic only does *encryption*: you don't get things
-like forward-secrecy, authentication, or integrity, see the
-[encryption section](https://meshtastic.org/docs/overview/encryption/). This sounds minor, but this is a significant
-threat vector as, for example, if someone knows you wrote "hi" to a
-channel, even if they don't have the encryption key, they can replay
-that "hi" by sending the exact same encrypted packet. Security is
-hard. It seems like [Reticulum does this better](https://reticulum.network/crypto.html).
-
-Nodes often transmit other telemetry like GPS location, temperature,
-and other sensors, by default. GPS location precision can be reduced
-(say "I'm in Montreal" instead of "I'm at 1234 boulevard
-Saint-Laurent") or completely turned off, but it might still possible
-to triangulate device's positions, as with any typical radio
-transmission. LoRa signals are "bursty" and low power, so that's more
-difficult than, say, classic ham radio signals though.
-
-There's a [Meshtastic ZPS](https://github.com/a-f-G-U-C/Meshtastic-ZPS) project that tries to implement GPS-less
-localization, but it's using external positioning systems and
-WiFi/Bluetooth scans instead of a GPS, so it's not triangulation per
-se.
-
-Weak default Bluetooth pairing codes (the "PIN") are often
-[luggage-strength](https://en.wikipedia.org/wiki/Spaceballs) like `1234` or `123456`. They should be changed
-unless you're okay with anyone within range taking control of your
-devices.
(Diff truncated)
Changed pages:
hardware/server/marcos/v3
services/bookmarks
software/zfs
Changed by: anarcat
Commit type: git
Date:
more references
diff --git a/hardware/server/marcos/v3.md b/hardware/server/marcos/v3.md index 73c56914..b25c122c 100644 --- a/hardware/server/marcos/v3.md +++ b/hardware/server/marcos/v3.md @@ -241,6 +241,12 @@ Apparently, [this provider](https://serverpartdeals.com/collections/manufacturer ## Other cases - [Jonsbro](https://www.jonsbo.com/) comes up a lot, see e.g. the [N3](https://www.jonsbo.com/en/products/N3.html) +- [Terramaster](https://www.terra-master.com/) produces cheap, fully-built systems, see for + example this [300$USD 4-drive ARM NAS](https://www.terra-master.com/products/f4-212), or much larger units like + this [500USD 9-drive enclosure](https://www.terra-master.com/products/d9-320) is interesting, but of course + limited by the bandwidth of a single (!) USB-C cable, it seems to be + a "server-less" (ha) version of this more expensive, [1200USD + 9-drive server](https://www.terra-master.com/products/t9-450) ## Other reviews diff --git a/services/bookmarks.mdwn b/services/bookmarks.mdwn index 57433f64..318aed22 100644 --- a/services/bookmarks.mdwn +++ b/services/bookmarks.mdwn @@ -62,6 +62,8 @@ Possible alternatives Possible alternatives to zotero and/or wallabag include: + * [bibiman](https://codeberg.org/lukeflo/bibiman) - "TUI for fast and simple interacting with your + BibLaTeX database" * [i librarian](https://i-librarian.net/) * [inventaire](https://inventaire.io/) - book sharing/inventory app with an open data aspect * [jabref](http://www.jabref.org/) diff --git a/software/zfs.md b/software/zfs.md index dcf5cca2..3c8d042a 100644 --- a/software/zfs.md +++ b/software/zfs.md @@ -173,7 +173,11 @@ The most important thingto know about RAID-Z is that the layout can't be changed after the pool creation. If you have 3 drives in your RAIDZ1 pool, you're stuck with 3 drives until you rebuild the pool (although you *can* add spares). Arrays *can* be grown in *size* by -replacing the drives with bigger ones progressively, that said. +replacing the drives with bigger ones progressively, that +said. Update: RAID-Z expansion was [actually implemented in 2023](https://github.com/openzfs/zfs/pull/15022), +but has some caveats, most importantly that the stripe size of +existing data is not changed, so the existing data doesn't benefit +from the additional bandwidth of the new drives. Jim Salter [recommends mirrors instead of RAID-Z](https://jrs-s.net/2015/02/06/zfs-you-should-use-mirror-vdevs-not-raidz/), but the [rsync.net people recommend RAID-Z3 with 12-15 drives joined in 3-4
automatic federated post of /blog/2026-02-18-iproute2
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
diff --git a/blog/2026-02-18-iproute2.md b/blog/2026-02-18-iproute2.md index 5947d578..41dbc465 100644 --- a/blog/2026-02-18-iproute2.md +++ b/blog/2026-02-18-iproute2.md @@ -95,3 +95,7 @@ makes. The fact that it's called `iproute2` makes it only more hilarious. [[!tag debian-planet python-planet debian network sysadmin linux]] + + +<!-- posted to the federation on 2026-02-18T11:30:55.082264 --> +[[!mastodon "https://kolektiva.social/@Anarcat/116092584255984978"]] \ No newline at end of file
talk about iproute
diff --git a/blog/2026-02-18-iproute2.md b/blog/2026-02-18-iproute2.md new file mode 100644 index 00000000..5947d578 --- /dev/null +++ b/blog/2026-02-18-iproute2.md @@ -0,0 +1,97 @@ +[[!meta title="net-tools to iproute cheat sheet"]] + +This is also known as: "`ifconfig` is not installed by default +anymore, how do I do this only with the `ip` command?" + +I have been slowly training my brain to use the new commands but I +sometimes forget some. So, here's a couple of equivalence from the old +package to `net-tools` the new `iproute2`, about 10 years late: + +| `net-tools` | `iproute2` | shorter form | what it does | +|-----------------------------|----------------------------------------------|------------------------------|-----------------------------------------| +| `arp -an` | `ip neighbor` | `ip n` | | +| `ifconfig` | `ip address` | `ip a` | show current IP address | +| `ifconfig` | `ip link` | `ip l` | show link stats (up/down/packet counts) | +| `route` | `ip route` | `ip r` | show or modify the routing table | +| `route add default GATEWAY` | `ip route add default via GATEWAY` | `ip r a default via GATEWAY` | add default route to `GATEWAY` | +| `route del ROUTE` | `ip route del ROUTE` | `ip r d ROUTE` | remove `ROUTE` (e.g. `default`) | +| `netstat -anpe` | `ss --all --numeric --processes --extended` | `ss -anpe` | list listening processes, less pretty | + +# Another trick + +Also note that I often alias `ip` to `ip -br -c` as it provides a +much prettier output. + +Compare, before: + +``` +anarcat@angela:~> ip a +1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host noprefixroute + valid_lft forever preferred_lft forever +2: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 + link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff permaddr xx:xx:xx:xx:xx:xx + altname wlp166s0 + altname wlx8cf8c57333c7 +4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 + link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff + inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 + valid_lft forever preferred_lft forever +20: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff + inet 192.168.0.108/24 brd 192.168.0.255 scope global dynamic noprefixroute eth0 + valid_lft 40699sec preferred_lft 40699sec +``` + +After: + +``` +anarcat@angela:~> ip -br -c a +lo UNKNOWN 127.0.0.1/8 ::1/128 +wlan0 DOWN +virbr0 DOWN 192.168.122.1/24 +eth0 UP 192.168.0.108/24 +``` + +I don't even need to redact MAC addresses! It also affects the display +of the other commands, which look similarly neat. + +Also imagine pretty colors above. + +Finally, I don't have a cheat sheet for `iw` vs `iwconfig` (from +`wireless-tools`) yet. I just use NetworkManager now and rarely have +to mess with wireless interfaces directly. + +# Background and history + +For context, there are traditionally two ways of configuring the +network in Linux: + +- the old way, with commands like `ifconfig`, `arp`, `route` and + `netstat`, those are part of the [net-tools](https://sourceforge.net/projects/net-tools/) package +- the new way, mostly (but not entirely!) wrapped in a single `ip` + command, that is the [iproute2](https://wiki.linuxfoundation.org/networking/iproute2) package + +It seems like the latter was made "important" in Debian [in 2008](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487533), +which means every release since Debian 5 "lenny" (!) has featured the +`ip` command. + +The former `net-tools` package was [demoted in December 2016](https://lists.debian.org/debian-devel/2016/12/msg00775.html) which +means every release since Debian 9 "stretch" ships *without* an +`ifconfig` command unless explicitly requested. Note that this was +mentioned [in the release notes](https://www.debian.org/releases/stretch/amd64/release-notes) in a similar (but, IMHO, less +useful) table. + +(Technically, the `net-tools` Debian package source still indicates it +is `Priority: important` but that's [a bug I have just filed](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128342).) + +Finally, and perhaps more importantly, the name `iproute` is hilarious +if you are a bilingual french speaker: it can be read as "I proute" +which can be interpreted as "I fart" as "prout!" is the sound a fart +makes. The fact that it's called `iproute2` makes it only more +hilarious. + +[[!tag debian-planet python-planet debian network sysadmin linux]]
Changed pages:
hardware/server/marcos/v3
hardware/tubman3
software/zfs
Changed by: anarcat
Commit type: git
Date:
some research on TPMs
diff --git a/hardware/server/marcos/v3.md b/hardware/server/marcos/v3.md
index a99ed945..73c56914 100644
--- a/hardware/server/marcos/v3.md
+++ b/hardware/server/marcos/v3.md
@@ -58,6 +58,8 @@ here for future maintenance and clarity.
| **USB-3 adapter** | 20-pin USB-3.0 to 9-pin USB-2 converter | [14.99$ @ Amazon Canada](https://www.amazon.ca/gp/product/B0816C3ZV6?linkId=59fd3489f37c115eb4eb30b8b1e6a56f&language=en_US) |
| **NVMe PCI-e adapter** | Maiwo KT058 RGB Design PCIe x16 to NVMe | [$9.99 @ Canada Computers](https://www.canadacomputers.com/en/m-2-sata-controller-cards/255786/maiwo-kt058-rgb-design-pcie-x16-to-nvme-ssd-expansion-converter-kt058.html) |
+The server is also backed by a UPS, a [APC 1500VA BX1500m](https://www.apc.com/ca/en/product/BX1500M/apc-back-ups-1500-compact-tower-1500va-120v-avr-lcd-10-nema-outlets-5-surge/).
+
# Next steps
- build issues:
diff --git a/hardware/tubman3.md b/hardware/tubman3.md
index 3d59ee16..b7408caa 100644
--- a/hardware/tubman3.md
+++ b/hardware/tubman3.md
@@ -19,7 +19,9 @@ It reuses the [[hardware/server/marcos/v2]] hardware.
[manual]: https://www.supermicro.com/manuals/chassis/Mid-tower/SC733.pdf
-The server is also backed by a UPS, a [APC 1500VA BX1500m](https://www.apc.com/ca/en/product/BX1500M/apc-back-ups-1500-compact-tower-1500va-120v-avr-lcd-10-nema-outlets-5-surge/).
+Even though v2 was physically built in hardware from 2020 (and rebuilt
+in 2026), it doesn't seem to have a TPM2 device (although those are
+mandatory for Windows 10 certification since 2016).
[CSE-733TQ-500B]: https://www.supermicro.com/en/products/archive/chassis/SC733TQ-500B
[300$]: http://www.atic.ca/index.php?page=details&psku=63796
diff --git a/software/zfs.md b/software/zfs.md
index 8b6995e8..dcf5cca2 100644
--- a/software/zfs.md
+++ b/software/zfs.md
@@ -71,9 +71,8 @@ with standard LUKS instead of ZFS encryption:
The above will not ask you for any passphrase, but will make the
disks unrecoverable in case the on-disk keys are lost.
-
- TODO: a better approach for this would be to use `systemd-creds`
- instead of on-disk files.
+
+ TODO: use a TPM2 device instead, see [`systemd-cryptenroll`](https://wiki.archlinux.org/title/Systemd-cryptenroll)
4. Create the pool:
Changed pages:
hardware/server/marcos/v2
hardware/tubman
hardware/tubman3
Changed by: anarcat
Commit type: git
Date:
update old marcos and new tubman specs
diff --git a/hardware/server/marcos/v2.md b/hardware/server/marcos/v2.md
index 07cc3f66..27751ffe 100644
--- a/hardware/server/marcos/v2.md
+++ b/hardware/server/marcos/v2.md
@@ -23,7 +23,7 @@ The server is also backed by a UPS, a [APC 1500VA BX1500m](https://www.apc.com/c
[CSE-733TQ-500B]: https://www.supermicro.com/en/products/archive/chassis/SC733TQ-500B
[300$]: http://www.atic.ca/index.php?page=details&psku=63796
-[ASUS PRIME X470-PRO]: https://www.asus.com/us/Motherboards/PRIME-X470-PRO/
+[ASUS PRIME X470-PRO]: https://www.asus.com/supportonly/prime%20x470-pro/helpdesk_cpu/
[187$]: http://www.atic.ca/index.php?page=details&psku=196101
[detailed specs]: https://www.asus.com/us/Motherboards/PRIME-X470-PRO/specifications/
[Kingston KSM26ED8/16ME]:
diff --git a/hardware/tubman.md b/hardware/tubman.md
index 1a71dd9d..22876081 100644
--- a/hardware/tubman.md
+++ b/hardware/tubman.md
@@ -17,8 +17,37 @@ Tubman was an activist in the movement for women's suffrage.*"
# Specification
-tubman's install changed bodies and is now in "toutatis"'s body. so
-the specs below are inaccurate.
+## v3
+
+The new `tubman` build is a server technically named `tubman2`, but it
+should really just be named `tubman` and is referred to as either.
+
+It's the same hardware than [[hardware/server/marcos/v3]], 7th
+iteration.
+
+| Component | Model | Price @ supplier |
+|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **CPU** | [AMD Ryzen 5 5500GT 3.6 GHz 6-Core Processor](https://www.amd.com/en/support/downloads/drivers.html/processors/ryzen/ryzen-5000-series/amd-ryzen-5-5500gt.html) | [$159.99 @ Best Buy Canada](https://ca.pcpartpicker.com/product/VcvD4D/amd-ryzen-5-5500gt-36-ghz-6-core-processor-100-100001489box) |
+| **Motherboard** | [Gigabyte A520I AC Mini ITX AM4 Motherboard](https://download.gigabyte.com/FileList/Manual/mb_manual_a520i-ac_1402_e.pdf?v=59849968edde4af54c38e4c0c1bf2ea6) | [$171.99 @ PC-Canada](https://ca.pcpartpicker.com/product/s6tKHx/gigabyte-a520i-ac-mini-itx-am4-motherboard-a520i-ac) |
+| **Memory** | Kingston ValueRAM 16 GB (1 x 16 GB) DDR4-3200 CL22 Memory | [$70.00 @ Vuugo](https://ca.pcpartpicker.com/product/tz2bt6/kingston-valueram-16-gb-1-x-16-gb-ddr4-3200-cl22-memory-kvr32n22s816) |
+| **Storage** | 2 x Western Digital WD Blue 12 TB 3.5" 7200 RPM Internal Hard Drive | [$274.99 @ Western Digital](https://ca.pcpartpicker.com/product/mfkqqs/western-digital-wd-blue-12-tb-35-7200-rpm-internal-hard-drive-wd120eagz) |
+| **Storage** | 1 x WD Blue SN570 1TB NVMe | already bought |
+| **Case** | [Jonsbo N2 Mini ITX Desktop Case](https://www.jonsbo.com/en/products/N2Black.html) | [$243.00 @ Newegg Sellers](https://ca.pcpartpicker.com/product/FtVmP6/jonsbo-n2-mini-itx-desktop-case-n2-black) |
+| **Power Supply** | [Silverstone SFX 500 W 80+ Gold Certified Fully Modular SFX Power Supply](https://www.silverstonetek.com/en/product/info/power-supplies/ST30SF/) | [$173.26 @ Amazon Canada](https://ca.pcpartpicker.com/product/vrH48d/silverstone-sfx-500-w-80-gold-certified-fully-modular-sfx-power-supply-sst-sx500-lg) |
+| **Case Fan** | [Noctua A12x15 PWM 55.44 CFM 120 mm Fan](https://www.noctua.at/en/products/nf-a12x15-pwm) | [$27.95 @ Newegg Sellers](https://ca.pcpartpicker.com/product/rhQRsY/noctua-nf-a12x15-pwm-942-cfm-120mm-fan-nf-a12x15-pwm) |
+| **SATA cabling** | 6x elbowed SATA cables | [29.99$ @ Amazon Canada](https://www.amazon.ca/ADCAUDX-SATA-III-Cable-Right-Angle-Server-Raid/dp/B0B1CZHXZ1) |
+| **USB-E adapter** | USB "E" connector to 20-pin USB 3.2 connector | [15.99$ @ Amazon Canada](https://www.amazon.ca/EZDIY-FAB-USB3-1-Internal-Degrees-Adapter/dp/B0B5D5GZX9) |
+| **USB-3 adapter** | 20-pin USB-3.0 to 9-pin USB-2 converter | [14.99$ @ Amazon Canada](https://www.amazon.ca/gp/product/B0816C3ZV6?linkId=59fd3489f37c115eb4eb30b8b1e6a56f&language=en_US) |
+| **KVM** | [NanoKVM-PCIe](https://wiki.sipeed.com/hardware/en/kvm/NanoKVM_PCIe/introduction.html) | |
+
+The server has room for three more 3.5" drives, but only two are
+usable, because the motherboard only has 4 SATA slots. A PCI-e
+expansion card could be fitted, but the slot is currently taken by the
+NanoKVM.
+
+## v2
+
+This is the old `toutatis` build.
* motherboard: [MSI X58M (MS-7593)](https://www.msi.com/Motherboard/X58M/Specification)
* case: some alien atrocity
@@ -40,10 +69,14 @@ the specs below are inaccurate.
* Audio: Oland/Hainan/Cape Verde/Pitcairn HDMI Audio [Radeon HD 7000
Series]
-Note that tubman was originally built with the old marcos hardware,
-but transplanted in what used to be known as `toutatis`, see
-[[hardware/server/marcos/v1]] for the old spec. The `toutatis` install
-was kept install, on a stack of 5 disks (3x~2TB HDD, 2x128GB SSD).
+When `tubman` was reinstalled in `toutatis`, the `toutatis` install was
+kept install, on a stack of 5 disks (3x~2TB HDD, 2x128GB SSD).
+
+## v1
+
+`tubman` was originally built with the old `marcos` hardware, but
+transplanted in what used to be known as `toutatis`, see
+[[hardware/server/marcos/v1]] for the old spec.
[Nehalem]: https://en.wikipedia.org/wiki/Nehalem_(microarchitecture)
[bloomfield]: https://en.wikipedia.org/wiki/Bloomfield_(microprocessor)
diff --git a/hardware/tubman3.md b/hardware/tubman3.md
new file mode 100644
index 00000000..3d59ee16
--- /dev/null
+++ b/hardware/tubman3.md
@@ -0,0 +1,33 @@
+`tubman3` is the third incantation of the [[tubman]] server. it's not
+*exactly* related to `tubman2` in the sense that it has a different
+purpose: it's not a backup server, it's just a second storage server
+and I was running out of ideas.
+
+It reuses the [[hardware/server/marcos/v2]] hardware.
+
+# Specification
+
+ * Case: [CSE-733TQ-500B][] ([300$][]), incl. 80+ bronze 500W PSU,
+ 4x3.5" hotswap bays, 2x5.25" bays, 1x3.5" bay, 7" (4U) x 20.9" x
+ 16.8" or 178 x 531 x 427mm (WxDxL), 17Kg ([manual][])
+ * Motherboard: [ASUS PRIME X470-PRO][]: [187$][] (AM4/PGA 1331 ATX
+ 12"x9.6" 6 SATA Intel® I211-AT chipset, [detailed specs][])
+ * Memory: Kingston KSM26ED8/16ME (16GB RAM): [114$][]
+ * [AMD Ryzen 5 2600][] - replaced with a [2600x](http://www.atic.ca/index.php?page=details&psku=196096) at same cost (no
+ GPU, 6 cores, 95W 3.4GHz): [287$][]
+ * Total: 889$CAD
+
+ [manual]: https://www.supermicro.com/manuals/chassis/Mid-tower/SC733.pdf
+
+The server is also backed by a UPS, a [APC 1500VA BX1500m](https://www.apc.com/ca/en/product/BX1500M/apc-back-ups-1500-compact-tower-1500va-120v-avr-lcd-10-nema-outlets-5-surge/).
+
+[CSE-733TQ-500B]: https://www.supermicro.com/en/products/archive/chassis/SC733TQ-500B
+[300$]: http://www.atic.ca/index.php?page=details&psku=63796
+[ASUS PRIME X470-PRO]: https://www.asus.com/supportonly/prime%20x470-pro/helpdesk_cpu/
+[187$]: http://www.atic.ca/index.php?page=details&psku=196101
+[detailed specs]: https://www.asus.com/us/Motherboards/PRIME-X470-PRO/specifications/
+[Kingston KSM26ED8/16ME]:
+[114$]: http://www.atic.ca/index.php?page=details&psku=211327
+[AMD Ryzen 5 2400G]: http://www.atic.ca/index.php?page=details&psku=191280
+[AMD Ryzen 5 2600]: http://www.atic.ca/index.php?page=details&psku=196095
+[287$]: http://www.atic.ca/index.php?page=details&psku=196095
improve the dual-keyfile approach to reduce the number of prompts
diff --git a/software/zfs.md b/software/zfs.md
index 8f9fb214..8b6995e8 100644
--- a/software/zfs.md
+++ b/software/zfs.md
@@ -47,15 +47,15 @@ with standard LUKS instead of ZFS encryption:
recovery password:
for disk in sde1 sdd1 ; do
- cryptsetup luksFormat /dev/$disk &&
- cryptsetup luksOpen /dev/$disk crypt_dev_$disk &&
mkdir -p -m 0 /etc/luks &&
( umask 077 && dd if=/dev/random bs=64 count=128 of=/etc/luks/crypt_dev_$disk ) &&
- cryptsetup luksAddKey /dev/$disk /etc/luks/crypt_dev_$disk &&
+ cryptsetup luksFormat --key-file=/etc/luks/crypt_dev_$disk /dev/$disk &&
+ cryptsetup luksOpen --key-file=/etc/luks/crypt_dev_$disk /dev/$disk crypt_dev_$disk &&
+ cryptsetup luksAddKey /dev/$disk &&
echo crypt_dev_$disk UUID=$(lsblk -n -o UUID /dev/$disk | head -1) /etc/luks/crypt_dev_$disk luks,discard | tee -a /etc/crypttab
done
- The above will ask you for the encryption key *four* times, but
+ The above will ask you for the encryption key *two* times, but
will not require typing it on boot *while* simultaneously allowing
recovery without the key file.
@@ -69,9 +69,11 @@ with standard LUKS instead of ZFS encryption:
echo crypt_dev_$disk UUID=$(lsblk -n -o UUID /dev/$disk | head -1) /etc/luks/crypt_dev_$disk luks,discard | tee -a /etc/crypttab
done
- The above will ask you for the encryption key *four* times, but
- will not require typing it on boot *while* simultaneously allowing
- recovery without the key file.
+ The above will not ask you for any passphrase, but will make the
+ disks unrecoverable in case the on-disk keys are lost.
+
+ TODO: a better approach for this would be to use `systemd-creds`
+ instead of on-disk files.
4. Create the pool:
automatic federated post of /blog/2026-02-12-recording-decisions
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
diff --git a/blog/2026-02-12-recording-decisions.md b/blog/2026-02-12-recording-decisions.md index 9231684a..7f5e702e 100644 --- a/blog/2026-02-12-recording-decisions.md +++ b/blog/2026-02-12-recording-decisions.md @@ -175,3 +175,7 @@ will adopt one after reading this. > Note: this article was also published on the [Tor Blog](https://blog.torproject.org/tpa-adr). [[!tag tor sysadmin debian-planet python-planet documentation]] + + +<!-- posted to the federation on 2026-02-16T15:21:54.624815 --> +[[!mastodon "https://kolektiva.social/@Anarcat/116082167932519066"]] \ No newline at end of file
merge final batch of changes from blog, now online
diff --git a/blog/2026-02-12-recording-decisions.md b/blog/2026-02-12-recording-decisions.md
index 8576c4a6..9231684a 100644
--- a/blog/2026-02-12-recording-decisions.md
+++ b/blog/2026-02-12-recording-decisions.md
@@ -1,4 +1,4 @@
-[[!meta title="Recording better decisions"]]
+[[!meta title="Keeping track of decisions using the ADR model"]]
In the Tor Project system Administrator's team (colloquially known as
TPA), we've recently changed how we take decisions, which means you'll
@@ -8,8 +8,8 @@ get clearer communications from us about upcoming changes or
Note that this change only affects the TPA team. At Tor, each team has
its own way of coordinating and making decisions, and so far this
process is only used inside TPA. We encourage other teams inside and
-outside Tor to evaluate this process to see if it might help improve
-your processes and documentation.
+outside Tor to evaluate this process to see if it can improve your
+processes and documentation.
# The new process
@@ -74,14 +74,14 @@ well:
> adoption.
Now, of course, the devil is in the details (and [ADR-101][]), but the
-point is to keep things SIMPLE.
+point is to keep things simple.
[ADR-101]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/0101-adr-process
A crucial aspect of the proposal, which Jacob Kaplan-Moss calls the
[one weird trick][], is to "decide who decides". Our previous process
was vague about who makes the decision and the new template (and
-process) clarifies decision makes, for each decision.
+process) clarifies decision makers, for each decision.
[one weird trick]: https://jacobian.org/2023/dec/5/how-to-decide/
@@ -106,7 +106,7 @@ Accountable, Consulted, Informed).
## Communication guidelines
-Finally, a crucial part of the process (by [ADR-102][]) is to decouple
+Finally, a crucial part of the process ([ADR-102][]) is to decouple
the act of making and recording decisions from *communicating* about
the decision. Those are two *radically* different problems to
solve. We have found that a single document can't serve both purposes.
@@ -121,13 +121,13 @@ method (Who? What? When? Where? Why?) and, again, to keep things simple.
# How we got there
-The [ADR process][] is not something I invented. I first stumbled
-upon it in the [Thunderbird Android project][]. Then, in parallel, I
-was in the [process of reviewing the RFC process we had previously
-adopted][], following Jacob Kaplan-Moss's [criticism of the RFC
-process][]. Essentially, Kaplan-Moss argues that:
+The [ADR process][] is not something I invented. I first stumbled upon
+it in the [Thunderbird Android project][]. Then, in parallel, I was in
+the [process of reviewing the RFC process][], following Jacob
+Kaplan-Moss's [criticism of the RFC process][]. Essentially, he argues
+that:
- [process of reviewing the RFC process we had previously adopted]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/41428
+ [process of reviewing the RFC process]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/41428
[Thunderbird Android project]: https://github.com/thunderbird/thunderbird-android/blob/be2af5c6a0bce08385fc3f654c1185ccf9db3859/docs/architecture/adr/README.md
1. the RFC process "doesn't include any sort of decision-making framework"
@@ -137,8 +137,8 @@ process][]. Essentially, Kaplan-Moss argues that:
power structures"
And, indeed, I have been guilty of a lot of those issues. A verbose
-writer, I have written [extremely long proposals][] that I doubt anyone
-has read in full. Some proposals were adopted by exhaustion, or
+writer, I have written [extremely long proposals][] that I suspect no
+one has ever fully read. Some proposals were adopted by exhaustion, or
ignored because not looping in the right stakeholders.
[extremely long proposals]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-33-monitoring
@@ -159,19 +159,18 @@ allowed us to document a staggering number of changes and decisions
We're still experimenting with the communication around decisions, as
this text might suggest. Because it's a separate step, we also have a
-tendency to forget it or postpone it, like today's message, which
-comes a couple of months late.
+tendency to forget or postpone it, like this post, which comes a
+couple of months late.
Previously, we'd just ship a copy of the RFC to everyone, which was
-easy and quick, but incomprehensible to most users. Now we need to
-write a separate communication, which is more work but, hopefully, if
-you're still reading this, it's worth it as the result is more
-digestible.
+easy and quick, but incomprehensible to most. Now we need to write a
+separate communication, which is more work but, hopefully, worth the
+as the result is more digestible.
We can't wait to hear what you think of the new process and how it
-works for you, here or in the [discussion issue][] of course! We're
-particularly interested in people that are already using a RFC or ADR
-process, or that will adopt one after reading this.
+works for you, here or in the [discussion issue][]! We're particularly
+interested in people that are already using a similar process, or that
+will adopt one after reading this.
> Note: this article was also published on the [Tor Blog](https://blog.torproject.org/tpa-adr).
fix syntax
diff --git a/hardware/server/marcos/v3.md b/hardware/server/marcos/v3.md index cebd2e3e..a99ed945 100644 --- a/hardware/server/marcos/v3.md +++ b/hardware/server/marcos/v3.md @@ -94,10 +94,10 @@ here for future maintenance and clarity. - [x] nano-kvm-pcie installation - [x] move box - [x] install m2 drive - - [~] move 1xSSD drive in new box - - [~] move 1x8TB and 1x4TB into new box - - [~] resync array - - [~] remove 1x8tb drive, add 1x4tb (end result: 16TB storage) + - [x] ~~move 1xSSD drive in new box~~ + - [x] ~~move 1x8TB and 1x4TB into new box~~ + - [x] ~~resync array~~ + - [x] ~~remove 1x8tb drive, add 1x4tb (end result: 16TB storage)~~ - [x] bring back 2x8TB and 2x4TB for tubman3 - [ ] tubman3 setup (ex-marcos body) - [x] install new memory stick
try to fix image scaling
diff --git a/hardware/server/marcos/v3.md b/hardware/server/marcos/v3.md index 7ab1e160..cebd2e3e 100644 --- a/hardware/server/marcos/v3.md +++ b/hardware/server/marcos/v3.md @@ -28,7 +28,7 @@ marcos was put online in the new case on 2026-02-13. the impact on the disk temperature was immediate and clear, going from a max of about 80 degrees Celsius to about 38-48: -[[!img grafana-temp-dashboard.png alt="plot of disk temperatures, ranging from 60 to 80 degrees celcius before to 38-48 after"]] +[[!img grafana-temp-dashboard.png size="600x" alt="plot of disk temperatures, ranging from 60 to 80 degrees celcius before to 38-48 after"]] The box is full. 4 of the 5 front physical hard disk slots are taken, but there's no room for a 5th drive because there are only 4 SATA
more power adapters
diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md index 11a1d318..3df30cbf 100644 --- a/blog/2023-02-10-usb-c.md +++ b/blog/2023-02-10-usb-c.md @@ -117,6 +117,9 @@ trips however, especially the TOFU for conferences and the Oneworld for hotel rooms (and having *both* means I can leave the latter in the hotel room!). +I've also bought a [Pine64 PinePower GaN charger](https://pine64.com/product/pinepower-65w-gan-2c1a-charger-with-international-plugs/) but I regret it: +it doesn't bring anything particular on top of all the others here. + ### Sharge I also bought [this @@ -398,6 +401,13 @@ the clever "180 degrees" system of the [new Nano](https://www.anker.com/ca/produ there. I was totally turned off by the Anker website (which loads really slow and was all black on my phone) and AI slop support. +Other models: + +- [iFixit](https://www.ifixit.com) have a see-through [65W USB-C GaN charger](https://www.ifixit.com/products/ifixit-65w-usb-c-ac-adapter) that can + be taken apart with a pick and a soldering iron +- [recable](https://en.recable.eu) have [this 65W charger](https://en.recable.eu/products/usb-a-2x-usb-c-65-watt-charger-the-recable-dual-port-charger-2-0?variant=56351158239497) that's *really* small +- [baseus](https://eu.baseus.com/products/picogo-ae21-fast-charger-2c-u-100w) have a nice-looking 100W charger with a power meter + ## USB testers Now that a USB cable isn't a simple 5V electric signal, cables and
Changed pages:
hardware/server/marcos
hardware/server/marcos/grafana-temp-dashboard.png
hardware/server/marcos/v2
hardware/server/marcos/v3
Changed by: anarcat
Commit type: git
Date:
marcos deploy status update
diff --git a/hardware/server/marcos.mdwn b/hardware/server/marcos.mdwn
index b48d3668..444264a3 100644
--- a/hardware/server/marcos.mdwn
+++ b/hardware/server/marcos.mdwn
@@ -19,8 +19,8 @@ particulier [[services/mail]] et [[services/backup]].
Marcos had many incarnations and each is tracked in its own page
because otherwise tracking history here gets messy:
-- [[v3]]: 2025-present, home lab / NAS
-- [[v2]]: 2020-2025, home server/NAS, being replaced because of overheating
+- [[v3]]: 2026-present, home lab / NAS
+- [[v2]]: 2020-2025, home server/NAS, replaced because of overheating
- [[v1]]: 2011-2020: home cinema/server, replaced because too old,
lacking expansion capacity
diff --git a/hardware/server/marcos/grafana-temp-dashboard.png b/hardware/server/marcos/grafana-temp-dashboard.png
new file mode 100644
index 00000000..75d70a2d
Binary files /dev/null and b/hardware/server/marcos/grafana-temp-dashboard.png differ
diff --git a/hardware/server/marcos/v2.md b/hardware/server/marcos/v2.md
index df41fce7..07cc3f66 100644
--- a/hardware/server/marcos/v2.md
+++ b/hardware/server/marcos/v2.md
@@ -1,7 +1,7 @@
This page documents the [[hardware/server/marcos]] v2 build, which
-lived from 2020 to 2025 or so. It is scheduled for retirement (as of
-2025-03-30) for overheating issues, but could be used as a (kind of
-huge) desktop.
+lived from 2020 to 2025 or so. It was scheduled for retirement (as of
+2025-03-30) for overheating issues, and was redeployed as a secondary
+storage server called `tubman3` in February 2026.
[[!toc levels=3]]
diff --git a/hardware/server/marcos/v3.md b/hardware/server/marcos/v3.md
index b257bd3f..7ab1e160 100644
--- a/hardware/server/marcos/v3.md
+++ b/hardware/server/marcos/v3.md
@@ -24,6 +24,40 @@ tubman has 2x8TB, 2x4TB and 2xSSD, can't fit inside this build without
an expansion card or moving data from 8/4TB into 12TB. or by using a
new NVMe drive.
+marcos was put online in the new case on 2026-02-13. the impact on the
+disk temperature was immediate and clear, going from a max of about 80
+degrees Celsius to about 38-48:
+
+[[!img grafana-temp-dashboard.png alt="plot of disk temperatures, ranging from 60 to 80 degrees celcius before to 38-48 after"]]
+
+The box is full. 4 of the 5 front physical hard disk slots are taken,
+but there's no room for a 5th drive because there are only 4 SATA
+connectors on board, and the PCIe slot is taken by the NVMe adapter,
+because there's only one NVMe slot on board.
+
+Having a board with either two onboard NVMe slots, more SATA slots, or
+PCIe slots would have been a better use of that case.
+
+# Specifications
+
+This is essentially a copy of the "iteration 7" below, but surfaced
+here for future maintenance and clarity.
+
+| Component | Model | Price @ supplier |
+|------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **CPU** | [AMD Ryzen 5 5500GT 3.6 GHz 6-Core Processor](https://www.amd.com/en/support/downloads/drivers.html/processors/ryzen/ryzen-5000-series/amd-ryzen-5-5500gt.html) | [$159.99 @ Best Buy Canada](https://ca.pcpartpicker.com/product/VcvD4D/amd-ryzen-5-5500gt-36-ghz-6-core-processor-100-100001489box) |
+| **Motherboard** | [Gigabyte A520I AC Mini ITX AM4 Motherboard](https://download.gigabyte.com/FileList/Manual/mb_manual_a520i-ac_1402_e.pdf?v=59849968edde4af54c38e4c0c1bf2ea6) | [$171.99 @ PC-Canada](https://ca.pcpartpicker.com/product/s6tKHx/gigabyte-a520i-ac-mini-itx-am4-motherboard-a520i-ac) |
+| **Memory** | Kingston ValueRAM 16 GB (1 x 16 GB) DDR4-3200 CL22 Memory | [$70.00 @ Vuugo](https://ca.pcpartpicker.com/product/tz2bt6/kingston-valueram-16-gb-1-x-16-gb-ddr4-3200-cl22-memory-kvr32n22s816) |
+| **Storage** | 2 x 8TB Ironwolf | from marcos |
+| **Storage** | 2 x 1TB Samsung and Intel blue NVMe | from marcos |
+| **Case** | [Jonsbo N2 Mini ITX Desktop Case](https://www.jonsbo.com/en/products/N2Black.html) | [$243.00 @ Newegg Sellers](https://ca.pcpartpicker.com/product/FtVmP6/jonsbo-n2-mini-itx-desktop-case-n2-black) |
+| **Power Supply** | [Silverstone SFX 500 W 80+ Gold Certified Fully Modular SFX Power Supply](https://www.silverstonetek.com/en/product/info/power-supplies/ST30SF/) | [$173.26 @ Amazon Canada](https://ca.pcpartpicker.com/product/vrH48d/silverstone-sfx-500-w-80-gold-certified-fully-modular-sfx-power-supply-sst-sx500-lg) |
+| **Case Fan** | [Noctua A12x15 PWM 55.44 CFM 120 mm Fan](https://www.noctua.at/en/products/nf-a12x15-pwm) | [$27.95 @ Newegg Sellers](https://ca.pcpartpicker.com/product/rhQRsY/noctua-nf-a12x15-pwm-942-cfm-120mm-fan-nf-a12x15-pwm) |
+| **SATA cabling** | 6x elbowed SATA cables | [29.99$ @ Amazon Canada](https://www.amazon.ca/ADCAUDX-SATA-III-Cable-Right-Angle-Server-Raid/dp/B0B1CZHXZ1) |
+| **USB-E adapter** | USB "E" connector to 20-pin USB 3.2 connector | [15.99$ @ Amazon Canada](https://www.amazon.ca/EZDIY-FAB-USB3-1-Internal-Degrees-Adapter/dp/B0B5D5GZX9) |
+| **USB-3 adapter** | 20-pin USB-3.0 to 9-pin USB-2 converter | [14.99$ @ Amazon Canada](https://www.amazon.ca/gp/product/B0816C3ZV6?linkId=59fd3489f37c115eb4eb30b8b1e6a56f&language=en_US) |
+| **NVMe PCI-e adapter** | Maiwo KT058 RGB Design PCIe x16 to NVMe | [$9.99 @ Canada Computers](https://www.canadacomputers.com/en/m-2-sata-controller-cards/255786/maiwo-kt058-rgb-design-pcie-x16-to-nvme-ssd-expansion-converter-kt058.html) |
+
# Next steps
- build issues:
@@ -35,19 +69,9 @@ new NVMe drive.
- [x] figure out which machine and disk goes where
- box-02 will be remote, box-01 will be local... i meant it the
other way, but installed the kvm on box-02 because it was closer
-- [ ] marcos replacement
- - [ ] label marcos2 (box-01)
- - [ ] order new 1TB SSD drive?
- - [ ] install new SSD drive
- - [ ] halt
- - [ ] move *one* NVMe drive
- - [ ] install two old 8TB drives
- - [ ] move the two 8TB drives
- - [ ] boot the new box
- - [ ] nano-kvm-pcie order
- - [ ] nano-kvme-pcie installation
+- [x] marcos replacement
- [x] tubman replacement
- - [ ] label tubman2 (box-02)
+ - [x] label tubman2 (box-02)
- [x] install 2x12tb drives
- [ ] test all ports
- front
@@ -76,9 +100,9 @@ new NVMe drive.
- [~] remove 1x8tb drive, add 1x4tb (end result: 16TB storage)
- [x] bring back 2x8TB and 2x4TB for tubman3
- [ ] tubman3 setup (ex-marcos body)
- - [ ] install new memory stick
- - [ ] nano-kvm-pcie order
- - [ ] nano-kvm-pcie installation
+ - [x] install new memory stick
+ - [x] ~~nano-kvm-pcie order~~
+ - [x] ~~nano-kvm-pcie installation~~
# Requirements
Changed pages:
blog/2026-02-15-kernel-only-network-configuration
Changed by: anarcat
Commit type: git
Date:
document more fields, understand how dns-ip can work nicely
diff --git a/blog/2026-02-15-kernel-only-network-configuration.md b/blog/2026-02-15-kernel-only-network-configuration.md
index 36d2c999..81b74f69 100644
--- a/blog/2026-02-15-kernel-only-network-configuration.md
+++ b/blog/2026-02-15-kernel-only-network-configuration.md
@@ -80,6 +80,18 @@ ones:
- `off` or `none`: no autoconfiguration (static)
- `on` or `any`: use any protocol (default)
- `dhcp`, essentially like `on` for all intents and purposes
+- `<dns0-ip>`, `<dns1-ip>`: IP address of primary and secondary name
+ servers, exported to `/proc/net/pnp`, can by symlinked to
+ `/etc/resolv.conf`
+
+We're ignoring the options:
+
+- `<server-ip>`: IP address of the NFS server, exported to `/proc/net/pnp`
+- `<hostnname>`: Name of the client, typically sent over the DHCP
+ requests, which may lead to a DNS record to be created in some
+ networks
+- `<ntp0-ip>`: exported to `/proc/net/ipconfig/ntp_servers`, unused by
+ the kernel
Note that the [Red Hat manual](https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/networking_guide/sec-configuring_ip_networking_from_the_kernel_command_line) has a different opinion:
@@ -190,8 +202,9 @@ Also known as: "wait, that works?" Yes, it does! That said...
not change after boot. Of course, this won't work on laptops or
any mobile device.
- 2. This only works for single interface configurations. If you have
- multiple interfaces, bridges, VLANs, wifi, none of this will work.
+ 2. This only works for configuring a single, simple, interface. You
+ can't configure multiple interfaces, WiFi, bridges, VLAN, bonding,
+ etc.
3. It does support IPv6 and feels like the best way to configure IPv6
hosts: true zero configuration.
@@ -210,11 +223,11 @@ Also known as: "wait, that works?" Yes, it does! That said...
6. It will not automatically reconfigure the interface on link
changes, but `ifupdown` does not either.
- 7. It will *not* write a good `resolv.conf` for you, that you need to
- configure separately. *Maybe* passing those `dns0-ip` settings
- will work? Untested, but DNS is, after all, a mostly user-level
- implementation (typically in `libc`), the kernel doesn't (again,
- typically) care about DNS.
+ 7. It will *not* write `/etc/resolv.conf` for you *but* the `dns0-ip`
+ and `dns1-ip` do end up in `/proc/net/pnp` which has a compatible
+ syntax, so a common configuration is:
+
+ ln -s /proc/net/pnp /etc/resolv.conf
8. I have not really tested this [at scale](https://db.torproject.org/machines.cgi): only a single, test
server at home.
Changed pages:
blog/2026-02-15-kernel-only-network-configuration
Changed by: anarcat
Commit type: git
Date:
reorder toc
diff --git a/blog/2026-02-15-kernel-only-network-configuration.md b/blog/2026-02-15-kernel-only-network-configuration.md index e62eeae7..36d2c999 100644 --- a/blog/2026-02-15-kernel-only-network-configuration.md +++ b/blog/2026-02-15-kernel-only-network-configuration.md @@ -1,7 +1,5 @@ [[!meta title="Kernel-only network configuration on Linux"]] -[[!toc levels=3]] - What if I told you there is a way to configure the network on any Linux server that: @@ -14,6 +12,8 @@ Linux server that: It has literally 8 different caveats on top of that, but is still totally worth your time. +[[!toc levels=3]] + # Known options in Debian People following Debian development might have noticed there are now @@ -244,6 +244,5 @@ This whole idea came from the [A/I](https://www.autistici.org/) folks (not to be [[!tag debian-planet python-planet debian sysadmin network]] - <!-- posted to the federation on 2026-02-15T23:18:35.829447 --> -[[!mastodon "https://kolektiva.social/@Anarcat/116078380029066513"]] \ No newline at end of file +[[!mastodon "https://kolektiva.social/@Anarcat/116078380029066513"]]
Changed pages:
blog/2026-02-15-kernel-only-network-configuration
Changed by: anarcat
Commit type: git
Date:
add toc
diff --git a/blog/2026-02-15-kernel-only-network-configuration.md b/blog/2026-02-15-kernel-only-network-configuration.md index 399e445c..e62eeae7 100644 --- a/blog/2026-02-15-kernel-only-network-configuration.md +++ b/blog/2026-02-15-kernel-only-network-configuration.md @@ -1,5 +1,7 @@ [[!meta title="Kernel-only network configuration on Linux"]] +[[!toc levels=3]] + What if I told you there is a way to configure the network on any Linux server that:
Changed pages:
blog/2026-02-15-kernel-only-network-configuration
Changed by: root
Commit type: git
Date:
automatic federated post of /blog/2026-02-15-kernel-only-network-configuration
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
diff --git a/blog/2026-02-15-kernel-only-network-configuration.md b/blog/2026-02-15-kernel-only-network-configuration.md index 89acc69c..399e445c 100644 --- a/blog/2026-02-15-kernel-only-network-configuration.md +++ b/blog/2026-02-15-kernel-only-network-configuration.md @@ -241,3 +241,7 @@ This whole idea came from the [A/I](https://www.autistici.org/) folks (not to be [AI](https://en.wikipedia.org/wiki/Bullshit)) who have been doing this forever, thanks! [[!tag debian-planet python-planet debian sysadmin network]] + + +<!-- posted to the federation on 2026-02-15T23:18:35.829447 --> +[[!mastodon "https://kolektiva.social/@Anarcat/116078380029066513"]] \ No newline at end of file
Changed pages:
blog/2026-02-15-kernel-only-network-configuration
Changed by: anarcat
Commit type: git
Date:
new network configuration trick
diff --git a/blog/2026-02-15-kernel-only-network-configuration.md b/blog/2026-02-15-kernel-only-network-configuration.md new file mode 100644 index 00000000..89acc69c --- /dev/null +++ b/blog/2026-02-15-kernel-only-network-configuration.md @@ -0,0 +1,243 @@ +[[!meta title="Kernel-only network configuration on Linux"]] + +What if I told you there is a way to configure the network on any +Linux server that: + + 1. works across all distributions + 2. doesn't require any software installed apart from the kernel and a + boot loader (no `systemd-networkd`, `ifupdown`, `NetworkManager`, + nothing) + 3. is backwards compatible all the way back to Linux 2.0, in 1996 + +It has literally 8 different caveats on top of that, but is still +totally worth your time. + +# Known options in Debian + +People following Debian development might have noticed there are now +*four* ways of configuring the network Debian system. At least that is +what the [Debian wiki claims](https://wiki.debian.org/NetworkConfiguration#A4_ways_to_configure_the_network), namely: + +* `ifupdown` (`/etc/network/interfaces`): traditional static + configuration system, mostly for workstations and servers that has + been there forever in Debian (since [at least 2000](https://sources.debian.org/src/ifupdown/0.8.45/debian/changelog#L1948-L1952)), documented + [in the Debian wiki](https://wiki.debian.org/NetworkConfiguration) + +* [NetworkManager](https://networkmanager.dev/): self-proclaimed "standard Linux network + configuration", mostly used on desktops but technically supports + servers as well, see the [Debian wiki page]() (introduced in 2004) + +* `systemd-network`: used more for servers, see [Debian reference Doc + Chapter 5](https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_modern_network_configuration_without_gui) (introduced some time around Debian 8 "jessie", in + 2015) + +* [Netplan](https://netplan.io/): latest entry (2018), YAML-based configuration + abstraction layer on top of the above two, see also [Debian + reference Doc Chapter 5](https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_modern_network_configuration_for_cloud) and [the Debian wiki](https://wiki.debian.org/Netplan) + +At this point, I feel `ifupdown` is on its way out, possibly replaced +by `systemd-networkd`. NetworkManager already manages most desktop +configurations. + +# A "new" network configuration system + +The method is this: + +* `ip=` on the [Linux kernel command line][nfsroot.txt]: for servers with a + single IPv4 or IPv6 address, no software required other than the + kernel and a boot loader (since 2002 or older) + +> So by "new" I mean "new to me". This option is *really* old. The +> `nfsroot.txt` where it is documented predates the git import of the +> Linux kernel: it's part of the 2005 git import of 2.6.12-rc2. That's +> already 20+ years old already. +> +> The oldest trace I found is in this [2002 commit](https://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git/commit/Documentation/nfsroot.txt?id=7a2deb32924142696b8174cdf9b38cd72a11fc96), which imports +> the whole file at once, but the option might goes back as far as +> 1996-1997, if the copyright on the file is correct and the option +> was present back then. + +# What are you doing. + +The trick is to add an `ip=` parameter to the kernel's +command-line. The syntax, as mentioned above, is in [nfsroot.txt][] +and looks like this: + + ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip> + +[nfsroot.txt]: https://docs.kernel.org/admin-guide/nfs/nfsroot.html + +Most settings are pretty self-explanatory, if you ignore the useless +ones: + +- `<client-ip>`: IP address of the server +- `<gw-ip>`: address of the gateway +- `<netmask>`: netmask, in quad notation +- `<device>`: interface name, if multiple available +- `<autoconf>`: how to configure the interface, namely: + - `off` or `none`: no autoconfiguration (static) + - `on` or `any`: use any protocol (default) + - `dhcp`, essentially like `on` for all intents and purposes + +Note that the [Red Hat manual](https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/networking_guide/sec-configuring_ip_networking_from_the_kernel_command_line) has a different opinion: + + ip=[<server-id>]:<gateway-IP-number>:<netmask>:<client-hostname>:inteface:[dhcp|dhcp6|auto6|on|any|none|off] + +It's essentially the same (although `server-id` is weird), and the +`autoconf` variable has other settings, so that's a bit odd. + +# Examples + +For example, this command-line setting: + + ip=192.0.2.42::192.0.2.1:255.255.255.0:::off + +... will set the IP address to 192.0.2.42/24 and the gateway to +192.0.2.1. This will properly guess the network interface if there's a +single one. + +A DHCP only configuration will look like this: + + ip=::::::dhcp + +Of course, you don't want to type this by hand every time you boot the +machine. That wouldn't work. You need to configure the kernel +commandline, and that depends on your boot loader. + +## GRUB + +With GRUB, you need to edit (on Debian), the file `/etc/default/grub` +(ugh) and find a line like: + + GRUB_CMDLINE_LINUX= + +and change it to: + + GRUB_CMDLINE_LINUX=ip=::::::dhcp + +## systemd-boot and UKI setups + +For `systemd-boot` UKI setups, it's simpler: just add the setting to +the `/etc/kernel/cmdline` file. Don't forget to include anything +that's non-default from `/proc/cmdline`. + +This assumes that is the `Cmdline=@` setting in +`/etc/kernel/uki.conf`. See [[2025-08-20-luks-ukify-conversion]] for +my minimal documentation on this. + +## Other systems + +This is perhaps where this is much less portable than it might first +look, because of course each distribution has its own way of +configuring those options. Here are some that I know of: + +- [Arch](https://wiki.archlinux.org/title/Kernel_parameters) (11 options, mostly `/etc/default/grub`, + `/boot/loader/entries/arch.conf` for `systemd-boot` or + `/etc/kernel/cmdline` for UKI) +- [Fedora](https://fedoramagazine.org/setting-kernel-command-line-arguments-with-fedora-30/) (mostly `/etc/default/grub`, may be more [RHEL mentions + grubby](https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_monitoring_and_updating_the_kernel/configuring-kernel-command-line-parameters_managing-monitoring-and-updating-the-kernel), possibly some `systemd-boot` things here as well) +- [Gentoo](https://wiki.gentoo.org/wiki/Kernel/Command-line_parameters) (5 options, mostly `/etc/default/grub`, + `/efi/loader/entries/gentoo-sources-kernel.conf` for `systemd-boot`, + or `/etc/kernel/install.d/95-uki-with-custom-opts.install`) + +It's interesting that `/etc/default/grub` is consistent across all +distributions above, while the `systemd-boot` setups are *all over the +place* (except for the UKI case), while I would have expected those be +*more* standard than GRUB. + +## dropbear-initramfs + +If `dropbear-initramfs` is setup, it already *requires* you to have +such a configuration, and it might not work out of the box. + +This is because, by default, it *disables* the interfaces configured +in the kernel after completing its tasks (typically unlocking the +encrypted disks). + +To fix this, you need to *disable* that "feature": + + IFDOWN="none" + +This will keep `dropbear-initramfs` from disabling the configured +interface. + +# Why? + +Traditionally, I've always setup my servers with `ifupdown` on servers +and NetworkManager on laptops, because that's essentially the +default. But on some machines, I've started using `systemd-networkd` +because `ifupdown` has ... issues, particularly with reloading network +configurations. `ifupdown` is a old hack, feels like legacy, and is +Debian-specific. + +Not excited about configuring another service, I figured I would try +something else: just configure the network at boot, through the kernel +command-line. + +I was already doing such configurations for [dropbear-initramfs](https://packages.debian.org/unstable/dropbear-initramfs) +(see [this documentation](https://wiki.debian.org/DropBear)), which requires the network the be up +for unlocking the full-disk encryption keys. + +So in a sense, this is a "Don't Repeat Yourself" solution. + +# Caveats + +Also known as: "wait, that works?" Yes, it does! That said... + + 1. This is useful for servers where the network configuration will + not change after boot. Of course, this won't work on laptops or + any mobile device. + + 2. This only works for single interface configurations. If you have + multiple interfaces, bridges, VLANs, wifi, none of this will work. + + 3. It does support IPv6 and feels like the best way to configure IPv6 (Diff truncated)
Revert "automatic federated post of /blog/list-tags"
graah
This reverts commit 62cacd79169a7bc96f0329fdc1f4f4eba6591d5d.
graah
This reverts commit 62cacd79169a7bc96f0329fdc1f4f4eba6591d5d.
diff --git a/blog/list-tags.sh b/blog/list-tags.sh index 7ffc21d1..01f3d83e 100644 --- a/blog/list-tags.sh +++ b/blog/list-tags.sh @@ -1,6 +1,2 @@ #! /bin/sh grep -P -h '(?<!\\)\[\[!tag' *.mdwn | sed 's/\[\[!tag//g;s/\]\]//g;s/"//g;s/ /\n/g' | sort | grep . | uniq -c | sort -n - - -<!-- posted to the federation on 2026-02-14T16:00:31.425403 --> -[[!mastodon "https://kolektiva.social/@Anarcat/116070995150232838"]] \ No newline at end of file
automatic federated post of /blog/list-tags
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
diff --git a/blog/list-tags.sh b/blog/list-tags.sh index 01f3d83e..7ffc21d1 100644 --- a/blog/list-tags.sh +++ b/blog/list-tags.sh @@ -1,2 +1,6 @@ #! /bin/sh grep -P -h '(?<!\\)\[\[!tag' *.mdwn | sed 's/\[\[!tag//g;s/\]\]//g;s/"//g;s/ /\n/g' | sort | grep . | uniq -c | sort -n + + +<!-- posted to the federation on 2026-02-14T16:00:31.425403 --> +[[!mastodon "https://kolektiva.social/@Anarcat/116070995150232838"]] \ No newline at end of file
Revert "automatic federated post of /blog/list-tags"
wtf.
This reverts commit 8de5fcda2cecdae7458614b3f2c59e3d115a363c.
wtf.
This reverts commit 8de5fcda2cecdae7458614b3f2c59e3d115a363c.
diff --git a/blog/list-tags.sh b/blog/list-tags.sh index caa36105..01f3d83e 100644 --- a/blog/list-tags.sh +++ b/blog/list-tags.sh @@ -1,6 +1,2 @@ #! /bin/sh grep -P -h '(?<!\\)\[\[!tag' *.mdwn | sed 's/\[\[!tag//g;s/\]\]//g;s/"//g;s/ /\n/g' | sort | grep . | uniq -c | sort -n - - -<!-- posted to the federation on 2026-02-14T15:56:42.711636 --> -[[!mastodon "https://kolektiva.social/@Anarcat/116070980160319520"]] \ No newline at end of file
automatic federated post of /blog/list-tags
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
diff --git a/blog/list-tags.sh b/blog/list-tags.sh index 01f3d83e..caa36105 100644 --- a/blog/list-tags.sh +++ b/blog/list-tags.sh @@ -1,2 +1,6 @@ #! /bin/sh grep -P -h '(?<!\\)\[\[!tag' *.mdwn | sed 's/\[\[!tag//g;s/\]\]//g;s/"//g;s/ /\n/g' | sort | grep . | uniq -c | sort -n + + +<!-- posted to the federation on 2026-02-14T15:56:42.711636 --> +[[!mastodon "https://kolektiva.social/@Anarcat/116070980160319520"]] \ No newline at end of file
Changed pages:
blog/2022-11-17-zfs-migration
software/zfs
Changed by: anarcat
Commit type: git
Date:
more zfs notes
diff --git a/blog/2022-11-17-zfs-migration.md b/blog/2022-11-17-zfs-migration.md
index b33a5f6a..0b5b5472 100644
--- a/blog/2022-11-17-zfs-migration.md
+++ b/blog/2022-11-17-zfs-migration.md
@@ -830,11 +830,13 @@ partition from the first disk to an external, identical drive:
Update, thanks to [Vincent Bernat](https://vincent.bernat.ch/en/blog/2026-unequal-linux-raid), the `sgdisk` version is:
- sgdisk --replicate=/dev/nvme0n1 /dev/sda
+ sgdisk --replicate=/dev/sda /dev/nvme0n1
sgdisk --randomize-guids /dev/sda
-The latter is not, AFAIK, done with `sfdisk` which is actually a
-problem!
+The GUID change is not, AFAIK, done with `sfdisk` which is actually a
+problem! Be extremely careful with the first command, however: it
+*writes* to the first argument (`--replicate`) and reads from the
+second, which I found counter-intuitive.
## Pool creation
@@ -1439,4 +1441,4 @@ and [[hardware/tubman]] for another installation and migration procedure.
<!-- posted to the federation on 2026-01-28T13:38:37.933654 -->
-[[!mastodon "https://kolektiva.social/@Anarcat/115974177925871146"]]
\ No newline at end of file
+[[!mastodon "https://kolektiva.social/@Anarcat/115974177925871146"]]
diff --git a/software/zfs.md b/software/zfs.md
index 7455b838..8f9fb214 100644
--- a/software/zfs.md
+++ b/software/zfs.md
@@ -59,6 +59,20 @@ with standard LUKS instead of ZFS encryption:
will not require typing it on boot *while* simultaneously allowing
recovery without the key file.
+ This is a `--keyfile` only setup:
+
+ for disk in sde1 sdd1 ; do
+ mkdir -p -m 0 /etc/luks &&
+ ( umask 077 && dd if=/dev/random bs=64 count=128 of=/etc/luks/crypt_dev_$disk ) &&
+ cryptsetup luksFormat --key-file=/etc/luks/crypt_dev_$disk /dev/$disk &&
+ cryptsetup luksOpen --key-file=/etc/luks/crypt_dev_$disk /dev/$disk crypt_dev_$disk &&
+ echo crypt_dev_$disk UUID=$(lsblk -n -o UUID /dev/$disk | head -1) /etc/luks/crypt_dev_$disk luks,discard | tee -a /etc/crypttab
+ done
+
+ The above will ask you for the encryption key *four* times, but
+ will not require typing it on boot *while* simultaneously allowing
+ recovery without the key file.
+
4. Create the pool:
zpool create \
merge a bunch of fixes from the blog
diff --git a/blog/2026-02-12-recording-decisions.md b/blog/2026-02-12-recording-decisions.md
index d8f69e64..8576c4a6 100644
--- a/blog/2026-02-12-recording-decisions.md
+++ b/blog/2026-02-12-recording-decisions.md
@@ -1,20 +1,22 @@
[[!meta title="Recording better decisions"]]
In the Tor Project system Administrator's team (colloquially known as
-TPA), we've recently changed how we take and record decisions, which
-means you'll get clearer communications from us.
+TPA), we've recently changed how we take decisions, which means you'll
+get clearer communications from us about upcoming changes or
+*targeted* questions about a proposal.
-We had traditionally been using a "RFC" ("Request For Comments")
-process and have recently switched to "ADR" ("Architecture Decision
-Record"), a process which your team could use as well.
-
-The immediate impact of this is you are less likely to see long,
-obscure, "TPA-RFC" emails from us. What you should expect are clearer
-communications about upcoming changes or *targeted* questions about a
-*pending* ADR, requiring specific input from you.
+Note that this change only affects the TPA team. At Tor, each team has
+its own way of coordinating and making decisions, and so far this
+process is only used inside TPA. We encourage other teams inside and
+outside Tor to evaluate this process to see if it might help improve
+your processes and documentation.
# The new process
+We had traditionally been using a "RFC" ("Request For Comments")
+process and have recently switched to "ADR" ("Architecture Decision
+Record").
+
The ADR process is, for us, pretty simple. It consists of three
things:
@@ -24,10 +26,10 @@ things:
## The template
-The first thing I did was to propose a new template (in [ADR-100][]),
-a variation of the [Nygard template][]. The [TPA variation of the
-template][] is quite simple, as it has only 5 headings, and is worth
-quoting in full:
+As team lead, the first thing I did was to propose a new template (in
+[ADR-100][]), a variation of the [Nygard template][]. The [TPA
+variation of the template][] is similarly simple, as it has only 5
+headings, and is worth quoting in full:
[ADR-100]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/0100-adr-template
[Nygard template]: https://github.com/joelparkerhenderson/architecture-decision-record/blob/main/locales/en/templates/decision-record-template-by-michael-nygard/index.md
@@ -44,10 +46,8 @@ quoting in full:
- **More Information** (optional): What else should we know? For
larger projects, consider including a timeline and cost estimate,
along with the impact on affected users (perhaps including existing
- Personas).
-
- Generally, this includes a short evaluation of various alternatives
- considered.
+ Personas). Generally, this includes a short evaluation of
+ alternatives considered.
- **Metadata**: status, decision date, decision makers, consulted,
informed users, and link to a discussion forum
@@ -61,7 +61,7 @@ easier to read and digest at one glance.
An immediate effect of this is that I've started using GitLab issues
more for comparisons and brainstorming. Instead of dumping in a
document all sorts of details like pricing or in-depth alternatives
-comparison, those are recorded in the discussion issue, keeping the
+comparison, we record those in the discussion issue, keeping the
document shorter.
## The process
@@ -73,21 +73,19 @@ well:
> ones by email. A delay allows people to submit final comments before
> adoption.
-Now, of course, the devil is in the details (and [ADR-101][] has
-those, in the "More information" section, obviously), but the point is
-to keep things SIMPLE.
+Now, of course, the devil is in the details (and [ADR-101][]), but the
+point is to keep things SIMPLE.
[ADR-101]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/0101-adr-process
A crucial aspect of the proposal, which Jacob Kaplan-Moss calls the
[one weird trick][], is to "decide who decides". Our previous process
was vague about who makes the decision and the new template (and
-process) more clearly defines how to define that person, for each
-decision.
+process) clarifies decision makes, for each decision.
[one weird trick]: https://jacobian.org/2023/dec/5/how-to-decide/
-Inversely, many decisions degenerate into endless discussions around
+Inversely, some decisions degenerate into endless discussions around
trivial issues because *too many* stakeholders are consulted, a
problem known as the [Law of triviality][], also known as the "Bike
Shed syndrome".
@@ -100,10 +98,9 @@ The new process better identifies stakeholders:
- "consulted" (previously undefined!)
- "decision maker" (instead of the vague "approval")
-It is still tricky to figure out those stakeholders, but our
-definitions are at least more explicit, and more aligned to the
-classic [RACI matrix][] (Responsible, Accountable, Consulted,
-Informed).
+Picking those stakeholders is still tricky, but our definitions are
+more explicit and aligned to the classic [RACI matrix][] (Responsible,
+Accountable, Consulted, Informed).
[RACI matrix]: https://en.wikipedia.org/wiki/Responsibility_assignment_matrix
@@ -111,20 +108,20 @@ Informed).
Finally, a crucial part of the process (by [ADR-102][]) is to decouple
the act of making and recording decisions from *communicating* about
-the decision. Those are two *radically* different problems to solve
-and a single document can't serve both purposes.
+the decision. Those are two *radically* different problems to
+solve. We have found that a single document can't serve both purposes.
[ADR-102]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/0102-adr-communications
Because ADRs can affect a wide range of things, we don't have a
-specific template. At most we advise to follow the [Five Ws][] method
-(Who? What? When? Where? Why?) and, again, keep things simple.
+specific template for communications. We suggest the [Five Ws][]
+method (Who? What? When? Where? Why?) and, again, to keep things simple.
[Five Ws]: https://en.wikipedia.org/wiki/Five_Ws
# How we got there
-The [ADR process][] is not something we invented. I first stumbled
+The [ADR process][] is not something I invented. I first stumbled
upon it in the [Thunderbird Android project][]. Then, in parallel, I
was in the [process of reviewing the RFC process we had previously
adopted][], following Jacob Kaplan-Moss's [criticism of the RFC
@@ -133,19 +130,26 @@ process][]. Essentially, Kaplan-Moss argues that:
[process of reviewing the RFC process we had previously adopted]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/41428
[Thunderbird Android project]: https://github.com/thunderbird/thunderbird-android/blob/be2af5c6a0bce08385fc3f654c1185ccf9db3859/docs/architecture/adr/README.md
-1. the RFC process "doesn’t include any sort of decision-making framework"
+1. the RFC process "doesn't include any sort of decision-making framework"
2. "RFC processes tend to lead to endless discussion"
3. the process "rewards people who can write to exhaustion"
4. "these processes are insensitive to expertise", "power dynamics and
power structures"
And, indeed, I have been guilty of a lot of those issues. A verbose
-writer, I have written extremely long proposals that I doubt anyone
-has read in full. Many proposals were adopted by exhaustion, or
-ignored because not looping in the right stakeholders. Our [discussion
-issue][] on the topic has more details on the issues I found with our
-RFC process but we should also note the RFC process *did* serve us
-well while it was there: it's better than nothing!
+writer, I have written [extremely long proposals][] that I doubt anyone
+has read in full. Some proposals were adopted by exhaustion, or
+ignored because not looping in the right stakeholders.
+
+ [extremely long proposals]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/tpa-rfc-33-monitoring
+
+Our [discussion issue][] on the topic has more details on the issues I
+found with our RFC process. But to give credit to the old process, it
+did serve us well while it was there: it's better than nothing, and it
+allowed us to document a staggering number of changes and decisions
+([95 RFCs][]!) made over the course of 6 years of work.
+
+ [95 RFCs]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy
[criticism of the RFC process]: https://jacobian.org/2023/dec/1/against-rfcs/
[ADR process]: https://adr.github.io/
@@ -153,10 +157,8 @@ well while it was there: it's better than nothing!
# What's next?
-This new process was adopted at the end of December 2025.
-
-We're still experimenting with the communication side of things, as
-this text clearly shows. Because it's a separate step, we also have a
+We're still experimenting with the communication around decisions, as
+this text might suggest. Because it's a separate step, we also have a
tendency to forget it or postpone it, like today's message, which
comes a couple of months late.
new article about the ADR process
diff --git a/blog/2026-02-12-recording-decisions.md b/blog/2026-02-12-recording-decisions.md
new file mode 100644
index 00000000..d8f69e64
--- /dev/null
+++ b/blog/2026-02-12-recording-decisions.md
@@ -0,0 +1,176 @@
+[[!meta title="Recording better decisions"]]
+
+In the Tor Project system Administrator's team (colloquially known as
+TPA), we've recently changed how we take and record decisions, which
+means you'll get clearer communications from us.
+
+We had traditionally been using a "RFC" ("Request For Comments")
+process and have recently switched to "ADR" ("Architecture Decision
+Record"), a process which your team could use as well.
+
+The immediate impact of this is you are less likely to see long,
+obscure, "TPA-RFC" emails from us. What you should expect are clearer
+communications about upcoming changes or *targeted* questions about a
+*pending* ADR, requiring specific input from you.
+
+# The new process
+
+The ADR process is, for us, pretty simple. It consists of three
+things:
+
+ 1. a simpler template
+ 2. a simpler process
+ 3. communication guidelines separate from the decision record
+
+## The template
+
+The first thing I did was to propose a new template (in [ADR-100][]),
+a variation of the [Nygard template][]. The [TPA variation of the
+template][] is quite simple, as it has only 5 headings, and is worth
+quoting in full:
+
+ [ADR-100]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/0100-adr-template
+ [Nygard template]: https://github.com/joelparkerhenderson/architecture-decision-record/blob/main/locales/en/templates/decision-record-template-by-michael-nygard/index.md
+ [TPA variation of the template]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/template
+
+- **Context**: What is the issue that we're seeing that is motivating
+ this decision or change?
+
+- **Decision**: What is the change that we're proposing and/or doing?
+
+- **Consequences**: What becomes easier or more difficult to do
+ because of this change?
+
+- **More Information** (optional): What else should we know? For
+ larger projects, consider including a timeline and cost estimate,
+ along with the impact on affected users (perhaps including existing
+ Personas).
+
+ Generally, this includes a short evaluation of various alternatives
+ considered.
+
+- **Metadata**: status, decision date, decision makers, consulted,
+ informed users, and link to a discussion forum
+
+The [previous RFC template][] had **17** (seventeen!) headings, which
+encouraged much longer documents. Now, the decision record will be
+easier to read and digest at one glance.
+
+ [previous RFC template]: https://gitlab.torproject.org/tpo/tpa/wiki-replica/-/blob/d52de1828d3ee406996345704d12663dd30f5513/policy/template.md
+
+An immediate effect of this is that I've started using GitLab issues
+more for comparisons and brainstorming. Instead of dumping in a
+document all sorts of details like pricing or in-depth alternatives
+comparison, those are recorded in the discussion issue, keeping the
+document shorter.
+
+## The process
+
+The whole process is simple enough that it's worth quoting in full as
+well:
+
+> Major decisions are introduced to stakeholders in a meeting, smaller
+> ones by email. A delay allows people to submit final comments before
+> adoption.
+
+Now, of course, the devil is in the details (and [ADR-101][] has
+those, in the "More information" section, obviously), but the point is
+to keep things SIMPLE.
+
+ [ADR-101]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/0101-adr-process
+
+A crucial aspect of the proposal, which Jacob Kaplan-Moss calls the
+[one weird trick][], is to "decide who decides". Our previous process
+was vague about who makes the decision and the new template (and
+process) more clearly defines how to define that person, for each
+decision.
+
+ [one weird trick]: https://jacobian.org/2023/dec/5/how-to-decide/
+
+Inversely, many decisions degenerate into endless discussions around
+trivial issues because *too many* stakeholders are consulted, a
+problem known as the [Law of triviality][], also known as the "Bike
+Shed syndrome".
+
+ [Law of triviality]: https://en.wikipedia.org/wiki/Bike_shedding
+
+The new process better identifies stakeholders:
+
+- "informed" users (previously "affected users")
+- "consulted" (previously undefined!)
+- "decision maker" (instead of the vague "approval")
+
+It is still tricky to figure out those stakeholders, but our
+definitions are at least more explicit, and more aligned to the
+classic [RACI matrix][] (Responsible, Accountable, Consulted,
+Informed).
+
+ [RACI matrix]: https://en.wikipedia.org/wiki/Responsibility_assignment_matrix
+
+## Communication guidelines
+
+Finally, a crucial part of the process (by [ADR-102][]) is to decouple
+the act of making and recording decisions from *communicating* about
+the decision. Those are two *radically* different problems to solve
+and a single document can't serve both purposes.
+
+[ADR-102]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/policy/0102-adr-communications
+
+Because ADRs can affect a wide range of things, we don't have a
+specific template. At most we advise to follow the [Five Ws][] method
+(Who? What? When? Where? Why?) and, again, keep things simple.
+
+ [Five Ws]: https://en.wikipedia.org/wiki/Five_Ws
+
+# How we got there
+
+The [ADR process][] is not something we invented. I first stumbled
+upon it in the [Thunderbird Android project][]. Then, in parallel, I
+was in the [process of reviewing the RFC process we had previously
+adopted][], following Jacob Kaplan-Moss's [criticism of the RFC
+process][]. Essentially, Kaplan-Moss argues that:
+
+ [process of reviewing the RFC process we had previously adopted]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/41428
+ [Thunderbird Android project]: https://github.com/thunderbird/thunderbird-android/blob/be2af5c6a0bce08385fc3f654c1185ccf9db3859/docs/architecture/adr/README.md
+
+1. the RFC process "doesn’t include any sort of decision-making framework"
+2. "RFC processes tend to lead to endless discussion"
+3. the process "rewards people who can write to exhaustion"
+4. "these processes are insensitive to expertise", "power dynamics and
+ power structures"
+
+And, indeed, I have been guilty of a lot of those issues. A verbose
+writer, I have written extremely long proposals that I doubt anyone
+has read in full. Many proposals were adopted by exhaustion, or
+ignored because not looping in the right stakeholders. Our [discussion
+issue][] on the topic has more details on the issues I found with our
+RFC process but we should also note the RFC process *did* serve us
+well while it was there: it's better than nothing!
+
+ [criticism of the RFC process]: https://jacobian.org/2023/dec/1/against-rfcs/
+ [ADR process]: https://adr.github.io/
+ [discussion issue]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/41428
+
+# What's next?
+
+This new process was adopted at the end of December 2025.
+
+We're still experimenting with the communication side of things, as
+this text clearly shows. Because it's a separate step, we also have a
+tendency to forget it or postpone it, like today's message, which
+comes a couple of months late.
+
+Previously, we'd just ship a copy of the RFC to everyone, which was
+easy and quick, but incomprehensible to most users. Now we need to
+write a separate communication, which is more work but, hopefully, if
+you're still reading this, it's worth it as the result is more
+digestible.
+
+We can't wait to hear what you think of the new process and how it
+works for you, here or in the [discussion issue][] of course! We're
+particularly interested in people that are already using a RFC or ADR
+process, or that will adopt one after reading this.
+
+> Note: this article was also published on the [Tor Blog](https://blog.torproject.org/tpa-adr).
+
+[[!tag tor sysadmin debian-planet python-planet documentation]]
fix list-tags following pcregrep removal
diff --git a/blog/list-tags.sh b/blog/list-tags.sh index a42aa48a..01f3d83e 100644 --- a/blog/list-tags.sh +++ b/blog/list-tags.sh @@ -1,2 +1,2 @@ #! /bin/sh -pcregrep -h '(?<!\\)\[\[!tag' *.mdwn | sed 's/\[\[!tag//g;s/\]\]//g;s/"//g;s/ /\n/g' | sort | grep . | uniq -c | sort -n +grep -P -h '(?<!\\)\[\[!tag' *.mdwn | sed 's/\[\[!tag//g;s/\]\]//g;s/"//g;s/ /\n/g' | sort | grep . | uniq -c | sort -n
try to update really old docs
diff --git a/hardware/radio.mdwn b/hardware/radio.mdwn index f2ada375..808f8664 100644 --- a/hardware/radio.mdwn +++ b/hardware/radio.mdwn @@ -225,6 +225,11 @@ I had a lot of problems finding proper parts (pipes, raw materials like wiring a Je collecte ici des bons sites au sujet du ham radio. +Avertissement: beaucoup de ces liens datent d'il y a très longtemps +(2010!) et ne sont plus fonctionels. [Ce guide](https://lid.radio/ham-study-stuff/) a de meilleures +resources. Si vous cherchez un guide d'étude, [ces flash cards](https://hamstudy.org/canadaBasic2025) me +semblent très bien. + * Manuals, courses * [Good overview](http://www.visi.com/~tneu/whatsham.html) * [Emergencyradio.ca online course](http://www.emergencyradio.ca/course/)
Changed pages:
blog/2019-03-20-locking-down-registration-mail
Changed by: anarcat
Commit type: git
Date:
explain how to revert
diff --git a/blog/2019-03-20-locking-down-registration-mail.mdwn b/blog/2019-03-20-locking-down-registration-mail.mdwn index e6beccde..41c0c9a4 100644 --- a/blog/2019-03-20-locking-down-registration-mail.mdwn +++ b/blog/2019-03-20-locking-down-registration-mail.mdwn @@ -13,6 +13,13 @@ TL;DR: if you can, create a second email address to register on websites and use stronger protections on that account from your regular mail. +Update: I ended up reverting essentially all of this, although I *did* +reuse those instructions to split "work" and "personal" emails. As it +turns out, it was too inconvenient to *not* have constant access to +the `register` email, so I actually always pulling mail from that +mailbox like I did with the other. There was no separation, so the +whole original goal was ineffective and I re-merged the mailboxes. + Hacking accounts through email ============================== @@ -175,6 +182,33 @@ bruteforce attacks. Your advice and comments are of course very welcome, as usual +# Reverting + +Reverting this is relatively easy: + + cd /home/register + mv Maildir/.INBOX/cur/* Maildir/cur/ + mv Maildir/.register/cur/* /home/anarcat/Maildir/.register/cur/ + +That's because there was this weird .INBOX subdir, all mail was read, +and there was still some mail left in the normal mailbox. + +But for safety: + + mv /home/register/Maildir/.register/new/* /home/anarcat/Maildir/.register/new/ + +Then fix perms: + + chown -R anarcat /home/register/Maildir/.register + +Then reset the alias to point back to the original mailbox. + +Then: + + deluser register + +And deconfigure the register account from Dovecot and mbsync. + [[!tag debian-planet security python-planet linux passwords hack sieve syncmaildir email]]
mention reflashtic
diff --git a/services/meshtastic.md b/services/meshtastic.md index a634eb56..99257dee 100644 --- a/services/meshtastic.md +++ b/services/meshtastic.md @@ -315,6 +315,9 @@ are packaged in Debian. There's also TUIs like [contact](https://github.com/pdxlocations/contact) (messaging), [connect](https://github.com/pdxlocations/connect) (LoRa-less client), [control](https://github.com/pdxlocations/control) (configuration). +I wrote a batch flashing tool that's called [reflashtic](https://gitlab.com/anarcat/scripts/-/blob/main/reflashtic.py?ref_type=heads), derived +from work a friend did on a similar bash script. + ## Mobile apps There's also an [Android app](https://meshtastic.org/docs/category/android-app/), also [shipped on F-Droid](https://f-droid.org/packages/com.geeksville.mesh/).
Changed pages:
blog/2019-03-20-locking-down-registration-mail
Changed by: root
Commit type: git
Date:
automatic federated post of /blog/2019-03-20-locking-down-registration-mail
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
diff --git a/blog/2019-03-20-locking-down-registration-mail.mdwn b/blog/2019-03-20-locking-down-registration-mail.mdwn index a6f845f0..e6beccde 100644 --- a/blog/2019-03-20-locking-down-registration-mail.mdwn +++ b/blog/2019-03-20-locking-down-registration-mail.mdwn @@ -176,3 +176,7 @@ bruteforce attacks. Your advice and comments are of course very welcome, as usual [[!tag debian-planet security python-planet linux passwords hack sieve syncmaildir email]] + + +<!-- posted to the federation on 2026-02-11T12:01:19.066062 --> +[[!mastodon "https://kolektiva.social/@Anarcat/116053067614045148"]] \ No newline at end of file
Changed pages:
blog/2019-03-20-locking-down-registration-mail
Changed by: anarcat
Commit type: git
Date:
fix typo
diff --git a/blog/2019-03-20-locking-down-registration-mail.mdwn b/blog/2019-03-20-locking-down-registration-mail.mdwn index c55bc9c1..a6f845f0 100644 --- a/blog/2019-03-20-locking-down-registration-mail.mdwn +++ b/blog/2019-03-20-locking-down-registration-mail.mdwn @@ -21,7 +21,7 @@ attacker could do to *other* accounts I hold with that email address. Because basically *every* online service is backed by an email address, if someone controls my email address, they can do a password reset on *every* account I have online. In fact, some -authentication systems just gave up on passwords algother and [use the +authentication systems just gave up on passwords altogether and [use the email system itself for authentication](https://ikiwiki.info/todo/emailauth/), essentially using the "password reset" feature as the authentication mechanism.
another meshgizmo
diff --git a/services/meshtastic.md b/services/meshtastic.md index ba102542..a634eb56 100644 --- a/services/meshtastic.md +++ b/services/meshtastic.md @@ -273,6 +273,8 @@ Those I haven't tested yet as I haven't laid hand on them: prominently in Meshtastic docs, also 20$ with the case (but no battery, and battery doesn't fit in the case), they also have an [eink dev board](https://heltec.org/project/vision-master-e290/) +- [Muzi](https://muzi.works/) has builds on top of the Heltec, e.g. [this H2T](https://muzi.works/products/h2t-complete-device-heltec-t114-with-gps-running-meshtastic) made + with a Heltec T114 - [Lamp hack](https://hackaday.io/project/194509-harbor-breeze-meshtastic-hack) - [Antennas](https://meshtastic.org/docs/hardware/antennas/) vary as well - Power is a whole other question, see [power consumption
switching to per-device mail passwords
diff --git a/services/mail.mdwn b/services/mail.mdwn
index 05105a6b..af6feac8 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -889,9 +889,60 @@ when the cert is renewed. I use those simple symlink:
I also configured filtering and many more things that are documented
in [[blog/2016-05-12-email-setup]].
-## Client certs
+## Plain password authentication per-device passwords
+
+Trick here is to use an external password file and override the `uid`
+and `home` fields to match the original. Here's the config, which
+completely disconnects authentication from the system auth:
+
+```
+passdb passwd-file {
+ default_password_scheme = plain-md5
+ auth_username_format = %{user | username}
+ passwd_file_path = /etc/dovecot/shadow
+}
+userdb passwd-file {
+ auth_username_format = %{user | username}
+ passwd_file_path = /etc/dovecot/shadow
+ fields {
+ uid:default = mail
+ gid:default = mail
+ home:default = /home/%{user}
+ }
+}
+
+# if not found, fallback to /etc/passwd
+#userdb passwd {
+#}
+
+#passdb pam {
+#}
+```
+
+Then the password database looks like this:
+
+```
+anarcat-phone:REDACTED:1000:::/home/anarcat::
+anarcat-laptop:REDACTED:1000:::/home/anarcat::
+```
+
+And yeah, passwords are hardcoded everywhere. That is, essentially,
+pretty similar to having TLS certs anyways, except the entropy is a
+little lower.
-### Creating a self-signed ed25519 private CA
+## Todo
+
+On the fly [OpenPGP encryption of incoming emails](https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve)?
+
+# Client certs
+
+I have experimented with TLS cert authentication for mail, in
+replacement for the previous SSH-based authentication. This was done
+in the hope that it would be more compatible across clients.
+
+See the end of this section for why I reverted this.
+
+## Creating a self-signed ed25519 private CA
We copied over the `/usr/lib/ssl/openssl.cnf` config file. We have
actually tried a configuration-file-less setup, but it breaks down
@@ -921,7 +972,7 @@ Then generate a self-signed cert:
Alternatives include OpenVPN's [easy-rsa](https://github.com/OpenVPN/easy-rsa/) and [cfssl](https://github.com/cloudflare/cfssl), which
also has a [puppet module](https://forge.puppet.com/modules/mmack/cfssl/).
-### Client key and certificate creation
+## Client key and certificate creation
Then the client key is generated, *on the client*, again with (but without encryption):
@@ -975,7 +1026,7 @@ Or, if this is not your first cert:
cat cacert.pem crl.pem > cacrl.pem
-### Postfix server configuration
+## Postfix server configuration
Before:
@@ -1034,7 +1085,7 @@ Then this should work:
swaks --tls --tls-cert ~/.config/x509/angela.anarc.at2.crt --tls-key ~/.config/x509/angela.anarc.at.key -s marcos.anarc.at -t anarcat@torproject.org -p 587
-### Postfix client configuration
+## Postfix client configuration
This is relatively simple. First, we create a new transport to
encapsulate our configuration because we have *other* relays with
@@ -1075,7 +1126,7 @@ Turn up the logging level on the client:
... if you have issues.
-### Dovecot configuration
+## Dovecot configuration
The [dovecot SSL configuration docs](https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/#client-certificate-verification-authentication) are quite limited. So we're
using [another guide](https://blog.mortis.eu/blog/2017/06/dovecot-and-postfix-with-client-cert-auth.html) instead. The also have [limited SSL
@@ -1184,7 +1235,7 @@ a kick after revocation, a `reload` might be sufficient as well.
[Another guide](https://pub.nethence.com/mail/dovecot-clientcert) has instructions on how to disable TLS certs for
some services, e.g. if Postfix would still require SASL auth.
-### Adding a new satellite
+## Adding a new satellite
To add a new satellite to this setup, you need to generate a new key
on the client, and a CSR, based on the following config. Typically,
@@ -1249,7 +1300,7 @@ be able to send mail. Test with:
mail -s test anarcat@example.com < /dev/null
-### Renewing a key
+## Renewing a key
If a certificate expired, you need to renew it.
@@ -1286,7 +1337,7 @@ If a certificate expired, you need to renew it.
cat cacert.pem crl.pem > cacrl.pem
service dovecot reload
-### Easy-RSA CA notes
+## Easy-RSA CA notes
I tested building a CA with easy-rsa but ended up not using it because
my end goal is to do this in Puppet, so I couldn't rely on such a
@@ -1348,7 +1399,7 @@ configuration, with `permit_tls_all_clientcerts`, which leads me to
think it *might* be possible to avoid listing all fingerprints. To be
tested/confirmed.
-### Conversion effect on performance
+## Conversion effect on performance
I have sampled the last ~100 `mbsync` runs, which is from April 08
01:52:56 to April 09 14:42:37 (non-inclusively), with:
@@ -1380,14 +1431,49 @@ Given that this work was done for security reasons and not
optimization reasons, I'm satisfied with the results since there's no
meaningful regression.
-### Remaining work
+## Remaining work
* TODO: switch to easyrsa fully?
* TODO: generate and distribute certs with Puppet
-## Todo
-On the fly [OpenPGP encryption of incoming emails](https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve)?
+## Eventual failure
+
+Unfortunately, the flagship free software mail client (Thunderbird)
+doesn't even *support* sending mail with client TLS authentication
+anymore, which I find just mind-boggling at this point. But even if it
+*could*, it turns out that *Postfix* has [trouble with EXTERNA
+auth](https://marc.info/?l=postfix-devel&m=154748967225540&w=2) which makes client authentication buggy... There's also [this
+discussion on Dovecot's sid](https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/thread/Z6SHNFCGKMP4AM7J2ADKY7TTJ2UWEBEN/).
+
+What's worse is that Thunderbird expects PKCS#12 files, not a plain
+`.crt` file. So you first need to convert it with:
+
+ openssl pkcs12 -export -out server.p12 -inkey server.key -in server.crt -certfile cacert.pem
+
+And even *that* doesn't work: Thunderbird won't load that `.p12` file
+correctly, the above fails with [this cryptic error](https://bugzilla.mozilla.org/show_bug.cgi?id=549418):
+
+ The PKCS #12 operation failed for unknown reasons.
+
+I remember that there was something peculiar in the way that PKCS#12
+file should be generated, because there's some incompatibility between
+OpenSSL and Mozilla's NSS here. At some point I *was* able to build a
+working PKCS#12 cert for use in Thunderbird (well, specifically,
+Thunderbird Android), but I *never* got it to work to *send* mail.
+
+And of course, you can forget about something "reasonable" (as in
+"current popular thing kind of standard") like OAuth here, as
+[Thunderbird only supports a set of hardcoded, proprietary
+providers](https://bugzilla.mozilla.org/show_bug.cgi?id=1602166) even though [according to this guide](https://documentation.open-xchange.com/8/middleware/mail/dovecot/oauth_2.0_with_postfix_and_dovecot.html) the server side
+*should* work fine. *Presumably* there is [this way](https://blog.linux-ng.de/2025/10/12/oauth-oidc-for-dovecot-and-postfix/) that could
+work (in this case with Keycloak) with a [thunderbird plugin](https://github.com/ttaeschn/Thunderbird-OAuth2-Provider-Plugin) but
+at this point I'm well ready to wait for this whole thing to stop
+moving and mature a bit before I waste anymore time on it.
+
+So below are instructions on how I performed the client setup. It
+worked with a Postfix and a mbsync client, but I abandoned this for
+[multiple, per-device passwords](https://doc.dovecot.org/2.4.2/core/config/auth/mutltiple.html).
# Webmail
more radio hardware
diff --git a/hardware/radio.mdwn b/hardware/radio.mdwn
index 8549111a..f2ada375 100644
--- a/hardware/radio.mdwn
+++ b/hardware/radio.mdwn
@@ -100,7 +100,28 @@ that we might want to learn from. In particular, it ships:
really excited](https://unsigned.io/articles/2024_05_16_Are_We_There_Yet.html)
- [CHA MPAS 2.0](https://chameleonantenna.com/products/cha-mpas-modular-portable-antenna-system-2-0): fancy multi-band "mobile" HF antenna, but
expensive (900$CAD+)
- - [ARRL EFHW kit](https://home.arrl.org/action/Store/Product-Details/productId/133267) (80$)
+ - [ARRL EFHW kit](https://home.arrl.org/action/Store/Product-Details/productId/133267) (80$), the [UK Antennas kit](https://www.ukantennas.co.uk/product/multi-band-with-bracket-40-20-15-10m/) is similarly
+ priced (£69) and already built, would need insulators like those
+ [Super Dog End Insulators](https://www.radioworld.ca/product/jet-jtbdogwhite/super-dog-end-insulators-white) (2$ at radiowold)
+ - [Buckaster DX-OCF-40](https://www.dxengineering.com/parts/bmt-dx-ocf-40) (276$) might fit in my backyard but is
+ more expensive than the [Palomar PAL-OCF4010-100](https://palomar-engineers.com/catalog/Best-Off-Center-Fed-Dipole-Antenna-40-6-Meters-100-500-1-5KW-5KW-PEP-POTA-Field-Day-FREE-shipping-in-USA-p153923527) (165$CAD)
+ which would be a little tighter but still fits (cf. 2025B p. 58),
+ also [available at Radioworld](https://www.radioworld.ca/product/palomar-bullet4006100/end-fed-ocf-antenna-system-100w-55-feet-40-6-meters-including-warc-bands) but inexplicably much more
+ expensive (230$CAD)
+ - the [Chameleon OCF-40](https://www.dxengineering.com/parts/cha-ocf-40) seems like a good portable option, would
+ be easier to setup than my G5RV, nice carrying pouch, designed to
+ be lifted by the middle instead of the ends, something I should
+ really do with my G5RV in the field anyways
+ - the [Alpha Delta Parallel Dipole DX-EE](https://www.dxengineering.com/parts/alf-dx-ee) is interesting because
+ "40ft overall", but a different design than the above EFHW and OCF,
+ lots of wires!
+ - there's also verticals, but those are much more intrusive and
+ risky, wind-wise, e.g. the [Hustler 4-BTV 10-40M](https://www.nevadaradio.co.uk/hustler-4-btv-10-40m-hf-vertical) is 6.52m high,
+ that's over 20 feet! it's as big as my house!
+ - i might need a [wall mount as well](https://www.dxengineering.com/parts/roh-wm212)
+
+See also notebook 2025A p73, 2025B p. 17, 25 & 55-58 for other notes,
+measurements, and diagrams.
### Old stuff
tweak some details of mail tls setup
diff --git a/services/mail.mdwn b/services/mail.mdwn
index b571cd6e..05105a6b 100644
--- a/services/mail.mdwn
+++ b/services/mail.mdwn
@@ -927,7 +927,8 @@ Then the client key is generated, *on the client*, again with (but without encry
openssl genpkey -algorithm ed25519 -out angela.anarc.at.key
-The `openssl.cnf` file for the certificate request:
+The `openssl.cnf` (actually called `angela.anarc.at.cnf` here) file
+for the certificate request:
[client-cert]
keyUsage = cRLSign, keyCertSign
@@ -944,16 +945,16 @@ The `openssl.cnf` file for the certificate request:
Create the CSR with:
- openssl req -key angela.anarc.at.key -out angela.anarc.at.csr -config openssl.cnf -new
+ openssl req -key angela.anarc.at-tor.key -out angela.anarc.at-tor.csr -config angela.anarc.at-tor.cnf -new
-Copy the CSR and CRT files to the CA server and sign the request with:
+Copy the CSR file to the CA server and sign the request with:
- openssl ca -days 365 -in req/test.anarc.at.csr -out certs/test.anarc.at.crt
+ openssl ca -days 365 -in req/angela.anarc.at.csr -out certs/angela.anarc.at.crt
... from [this guide](https://pub.nethence.com/security/sslhappy-ca). Alternatively, this can be done without the
CA, with the lower-level `x509` command:
- openssl x509 -req -in req/angela.anarc.at.csr -CA cacert.pem -CAkey private/cakey.pem -days 365 -out certs/angela.anarc.at.crt
+ openssl x509 -req -in req/angela.anarc.at-tor.csr -CA cacert.pem -CAkey private/cakey.pem -days 365 -out certs/angela.anarc.at-tor.crt
Again, from [RHEL](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/securing_networks/creating-and-managing-tls-keys-and-certificates_securing-networks#using-a-private-ca-to-issue-certificates-for-csrs-with-openssl_creating-and-managing-tls-keys-and-certificates).
@@ -970,6 +971,10 @@ revoked anything yet:
cp cacert.pem cacrl.pem
+Or, if this is not your first cert:
+
+ cat cacert.pem crl.pem > cacrl.pem
+
### Postfix server configuration
Before:
automatic federated post of /blog/2022-11-17-zfs-migration
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
diff --git a/blog/2022-11-17-zfs-migration.md b/blog/2022-11-17-zfs-migration.md index fc0077c5..b33a5f6a 100644 --- a/blog/2022-11-17-zfs-migration.md +++ b/blog/2022-11-17-zfs-migration.md @@ -1436,3 +1436,7 @@ See the [[software/zfs]] documentation for more information about ZFS, and [[hardware/tubman]] for another installation and migration procedure. [[!tag zfs debian-planet sysadmin debian backup]] + + +<!-- posted to the federation on 2026-01-28T13:38:37.933654 --> +[[!mastodon "https://kolektiva.social/@Anarcat/115974177925871146"]] \ No newline at end of file
document my borg hacks a little
diff --git a/services/backup.mdwn b/services/backup.mdwn index 71d9ce05..3eea2f0f 100644 --- a/services/backup.mdwn +++ b/services/backup.mdwn @@ -61,6 +61,38 @@ remotes. This server has been replaced with a dedicated server called `tubman` and git-annex encryption was removed, see [encrypted remotes](#encrypted-remotes). +## Offsite automation + +Offsite automated backups with borg are non-trivial because you want +the repository to have a copy of the key encrypted with a strong +password (which repokey provides) but not having to encrypt that key +repeatedly (which repokey certainly doesn't). + +The approach I've found is to use the `keyfile` approach, but with a +trivial password. The trick is to first set the repository with a +strong passphrase, export the key to the server, then reset the key to +a trivial password so backups can be automated. + +Not sure that works, asked https://github.com/borgbackup/borg/discussions/9158 + +For the moment, i've reinited all annex repos on the remote, next +steps: + + - [x] finish fsck on remaining repos: + - [x] incoming + - [x] photos + - [x] mp3 + - [x] video + - [x] video-maison + - [x] sync above repos + - [ ] inject private repos into borg repo? see https://git-annex.branchable.com/special_remotes/borg/ + - [ ] remove private repos + - [ ] stop ignoring private repos in borg backups + - [ ] backup the rest of /srv + - [x] figure out above keyfile question + - [ ] automate git-annex backups + - [ ] merge this ad-hoc section with the rest of this frigging page + ## Offsite (squirrel mode) Those are archives that were disseminated in different locations.
more font tricks
diff --git a/blog/2024-05-29-playing-with-fonts-again.md b/blog/2024-05-29-playing-with-fonts-again.md index 7e6a15ad..776e62a8 100644 --- a/blog/2024-05-29-playing-with-fonts-again.md +++ b/blog/2024-05-29-playing-with-fonts-again.md @@ -283,7 +283,9 @@ Iosevka, Monoki and Intel One Mono are also good options, but have alignment problems. Iosevka is particularly disappointing as the `EM DASH` metrics are just completely wrong (much too wide). -This was tested using the [Programming fonts](https://www.programmingfonts.org/) site which has *all* +# Other tricks + +The above was tested using the [Programming fonts](https://www.programmingfonts.org/) site which has *all* the above fonts, which cannot be said of [Font Squirrel](https://www.fontsquirrel.com/) or [Google Fonts](fonts.google.com/), amazingly. Other such tools: @@ -297,7 +299,15 @@ Also note that there is now a package in Debian called [fnt](https://github.com/ manage fonts like this locally, including in-line previews (that don't work in bookworm but should be improved in trixie and later). +Finally, you can list all currently available fonts with: + + fc-list ':' file + +The `:` string essentially means "everything" and is only there to +pass the second `file` parameter which says "only print filenames". + [[!tag debian-planet python-planet typography meta theming usability]] <!-- posted to the federation on 2024-05-29T17:44:57.933852 --> [[!mastodon "https://kolektiva.social/@Anarcat/112526563590503074"]] +
found out about sgdisk --replicate, real nice
diff --git a/blog/2022-11-17-zfs-migration.md b/blog/2022-11-17-zfs-migration.md
index 62a907aa..fc0077c5 100644
--- a/blog/2022-11-17-zfs-migration.md
+++ b/blog/2022-11-17-zfs-migration.md
@@ -828,6 +828,14 @@ partition from the first disk to an external, identical drive:
sfdisk -d /dev/nvme0n1 | sfdisk --no-reread /dev/sda --force
+Update, thanks to [Vincent Bernat](https://vincent.bernat.ch/en/blog/2026-unequal-linux-raid), the `sgdisk` version is:
+
+ sgdisk --replicate=/dev/nvme0n1 /dev/sda
+ sgdisk --randomize-guids /dev/sda
+
+The latter is not, AFAIK, done with `sfdisk` which is actually a
+problem!
+
## Pool creation
This is similar to the main pool creation, except we tweaked a few
document something that constantly stomps me in qalculate
diff --git a/blog/2025-02-08-qalculate-hacks.md b/blog/2025-02-08-qalculate-hacks.md index 15695774..69239404 100644 --- a/blog/2025-02-08-qalculate-hacks.md +++ b/blog/2025-02-08-qalculate-hacks.md @@ -459,6 +459,75 @@ And it's pink! Use it! [Maple]: https://en.wikipedia.org/wiki/Maple_(software) [R]: https://en.wikipedia.org/wiki/R_(programming_language) +# Gotchas + +There are a couple of things that get me with Qalc, unfortunately. + +## Decimals precision + +I mentioned `set precision` above: + +``` +> set precision 6 +> 1/7 + + 1 / 7 ≈ 0.142857 +> set precision 20 +> pi + + pi ≈ 3.1415926535897932385 +``` + +## Fractional displays + +But sometimes, I *want* fractional displays (obviously not for π +because it is [irrational](https://en.wikipedia.org/wiki/Irrational_number)). For example, sometimes I work in +inches, and this would look better as a fraction: + +``` +> 8973/12 + + 8973 / 12 = 747.75 +``` + +The trick here is to change the `fraction` setting, from the qalc(1) manual: + +``` + fractions, fr (-1* = auto, 0 = off, 1 = exact, 2 = on, 3 = mixed, 4 = + long, 5 = dual, 1/n) + Determines how rational numbers are displayed (e.g. 5/4 = 1 + 1/4 + = 1.25). 'long' removes limits on the size of the numerator and + denonimator. + +``` + +Normally, this should be set to `auto`, so if you've changed it, +change it back: + +``` +set fractions auto +``` + +Then you get the nice mixed output: + +``` +> 8973/12 + + 8973 / 12 = 747 + 3/4 = 747.75 +``` + +The `dual` setting is also nice: + +``` +> set fractions dual + + 747.75 = 2991/4 = 747 + 3/4 = 747.75 +``` + +Strangely, I couldn't figure out how to get the same output in the +graphical interface. The closest menu item is Mode > Rational Number +Form. + # Further reading and installation This is just scratching the surface, the [fine manual](https://qalculate.github.io/manual/) has more
add more rsync.net examples, stop making a fool of myself with those PBs
the size of those pools is closer to 300-400TB.
the size of those pools is closer to 300-400TB.
diff --git a/software/zfs.md b/software/zfs.md index 27604e7d..7455b838 100644 --- a/software/zfs.md +++ b/software/zfs.md @@ -143,6 +143,8 @@ Examples with 8TB disks: | RAIDZ1 / RAID-5 | 3 | 1 | 4 | 0.25 | 24 | 0.75 | | RAIDZ2 / RAID-6 | 3 | 2 | 5 | 0.4 | 24 | 0.6 | | RAIDZ1 / RAID-5 | 4 | 1 | 5 | 0.2 | 32 | 0.8 | +| RAIDZ3 / RAID-7 | 9 | 3 | 12 | 0.25 | 72 | 0.75 | +| RAIDZ3 / RAID-7 | 12 | 3 | 15 | 0.25 | 96 | 0.75 | In the above table, we use the term "parity" loosely: for RAID-1 and RAID-10, it's *not* a parity system, the data is *mirrored* to the @@ -160,10 +162,9 @@ replacing the drives with bigger ones progressively, that said. Jim Salter [recommends mirrors instead of RAID-Z](https://jrs-s.net/2015/02/06/zfs-you-should-use-mirror-vdevs-not-raidz/), but the [rsync.net people recommend RAID-Z3 with 12-15 drives joined in 3-4 -vdev pools](https://news.ycombinator.com/item?id=25360013) (which would make ~20-36PiB arrays with 8TiB drives, by -the way). Note that this means *three* spares in a 12-15 drive array, -or a 20-25% ratio, which, in the above table, is the ratio of 4 or 5 -RAID-5 arrays with one spare, although there's a qualitative +vdev pools](https://news.ycombinator.com/item?id=25360013). Note that this means *three* spares in a 12-15 drive +array, or a 20-25% ratio, which, in the above table, is the ratio of 4 +or 5 RAID-5 arrays with one spare, although there's a qualitative difference between having *one* spare and *two or more*. [dRAID](https://openzfs.github.io/openzfs-docs/Basic%20Concepts/dRAID%20Howto.html) is similar, except resilvering is faster, as the spare is
more stuff about the anker and chargers
diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md index 574f23d3..11a1d318 100644 --- a/blog/2023-02-10-usb-c.md +++ b/blog/2023-02-10-usb-c.md @@ -59,10 +59,14 @@ Here are the devices I'm considering right now... ## USB chargers -The spec here is at least 65W USB-C with international plugs. +The spec here is at least 65W USB-C with international plugs. Update: +the TOFU (at 45W) is often enough to keep the laptop charged (if not +actually topping up the battery), so maybe we can live with 45W +chargers for travel. * [Anker nano II](https://us.anker.com/pages/ankernano2): 50$USD sold out, not international? they have - the [PowerPort III](https://www.amazon.com/dp/B0885SPJDZ) (65W, UK/US/EU, not AU), but it's sold out + the [PowerPort III](https://www.amazon.com/dp/B0885SPJDZ) (65W, UK/US/EU, not AU), but it's sold out, + update: the [45W nano looks pretty neat too](https://www.anker.com/ca/products/a121d-45w-usb-c-fast-charger-foldable-plug-compact?variant=52842009919856&collections_usb-c-charger=undefined&Sort_by=Recommended) * [Ugreen 65W 2 USB-C 1 USB-A UK/US/EU](https://ca.ugreen.com/collections/charger/products/ugreen-65w-nexode-gan-usb-c-3-port-charger-with-us-uk-eu-plug-for-travel): 56$ USD (disappeared?) * [Thinkpad power adapter](https://www.lenovo.com/ca/en/p/accessories-and-software/chargers-and-batteries/chargers/gx20p92530): 54$USD, basically your normal ThinkPad charger, meh * [TOFU Power station](https://www.elvesfactory.com/worldshop/EN/TPS-UN): 95$USD 2 USB-A (15W), 2 USB-C (30-45W PD), @@ -388,7 +392,11 @@ not quite in the same range of things as the above, but could serve well as a home charger. [This review](https://www.lttlabs.com/articles/2026/01/21/what-is-50-w-charging-who-needs-50-w-charging) suggests Apple, UGREEN, Anker, or even IKEA chargers, -and specifically [this 40W Apple](https://www.apple.com/ca/shop/product/mgkn4am/a/40w-dynamic-power-adapter-with-60w-max) or [the Anker 45W Nano](https://www.anker.com/ca/products/a121d-45w-usb-c-fast-charger-foldable-plug-compact). +and specifically [this 40W Apple](https://www.apple.com/ca/shop/product/mgkn4am/a/40w-dynamic-power-adapter-with-60w-max) or [the Anker 45W Nano](https://www.anker.com/ca/products/a121d-45w-usb-c-fast-charger-foldable-plug-compact). They +also [reviewed the newer 45W Nano](https://www.lttlabs.com/articles/2026/01/27/anker-nano-charger-45w-testing) and had good things to say about +the clever "180 degrees" system of the [new Nano](https://www.anker.com/ca/products/a121d-45w-usb-c-fast-charger-foldable-plug-compact?variant=52842009919856&collections_usb-c-charger=undefined&Sort_by=Recommended) they had on +there. I was totally turned off by the Anker website (which loads +really slow and was all black on my phone) and AI slop support. ## USB testers
expand notes on ZFS and RAID layouts
diff --git a/software/zfs.md b/software/zfs.md
index 8059097a..27604e7d 100644
--- a/software/zfs.md
+++ b/software/zfs.md
@@ -74,8 +74,8 @@ with standard LUKS instead of ZFS encryption:
That creatures a "mirror" pool with the two drives, which is
essentially a RAID-1 mirror. You could also do a RAID-Z pool, if
- you have an odd number of drives, which is sort of like a RAID-5
- array, except you have a flexible number of spares:
+ you have more drives drives, which similar to RAID-5, RAID-6 and
+ so on, see below for a discusion on those different layouts.
zpool create \
-o ashift=12 \
@@ -88,29 +88,6 @@ with standard LUKS instead of ZFS encryption:
tank \
raidz sda1 sdb1 sdc1
- To calculate the tradeoff, you can compute the final size of the
- array with the formula `(N-P)*X`, where N is the number of drives,
- P is the parity, and X is the size.
-
- As a rule of thumb, with 1 spare, it's like RAID-5. Note that
- RAID-Z cannot be resized, so in the above, you will be stuck with
- 3 drives in that array forever. It *can* be grown in *size* by
- replacing the drives with bigger ones progressively, that said.
-
- Jim Salter [recommends mirrors instead of RAID-Z](https://jrs-s.net/2015/02/06/zfs-you-should-use-mirror-vdevs-not-raidz/), but the
- [rsync.net people recommend RAID-Z3 with 12-15 drives joined in
- 3-4 vdev pools](https://news.ycombinator.com/item?id=25360013) (which would make ~20-36PiB arrays with 8TiB
- drives, by the way). Note that this means *three* spares in a
- 12-15 drive array, or a 20-25% ratio.
-
- [dRAID](https://openzfs.github.io/openzfs-docs/Basic%20Concepts/dRAID%20Howto.html) is similar, except resilvering is faster, as the spare
- is distributed among all the devices. The [TrueNAS
- documentation](https://www.truenas.com/docs/references/draidprimer/) doesn't recommend dRAID except in special
- circumstances.
-
- [This guide](https://calomel.org/zfs_raid_speed_capacity.html) talks more about the different RAID types and
- compares performance.
-
5. Make an actual filesystem:
zfs create -o mountpoint=/srv-zfs tank/srv
@@ -139,6 +116,63 @@ tank 600K 7.14T 96K none
tank/srv 96K 7.14T 96K /srv-zfs
```
+### Side note on disk layouts
+
+There are *many* other ways to do this, and ZFS sometimes makes
+classic, well-known things like RAID-1 or RAID-5 harder to understand
+that it really should be.
+
+(There's a reason for that: ZFS has a better layout and implementation
+of, say, RAID-5, partly because of how it fixes the "write hole"
+issue, with different approach than [the way mdadm does it in
+Linux](https://docs.kernel.org/driver-api/md/raid5-cache.html). So while RAIDZ1 is not *exactly* the same as RAID-5, as far
+as disk size calculation goes, it *is* the same.)
+
+To calculate the tradeoff between mirrors and spare counts, you can
+compute the final size of the array with the formula `(N-P)*X`, where
+N is the number of drives, P is the parity, and X is the size.
+
+Examples with 8TB disks:
+
+| RAID type | data | parity | count | parity ratio | total size | efficiency ratio |
+|------------------|------|--------|-------|--------------|------------|------------------|
+| RAID-1 | 1 | 1 | 2 | 0.5 | 8 | 0.5 |
+| RAID-1 / RAID-10 | 2 | 2 | 4 | 0.5 | 16 | 0.5 |
+| RAIDZ2 / RAID-6 | 2 | 2 | 4 | 0.5 | 16 | 0.5 |
+| RAIDZ1 / RAID-5 | 2 | 1 | 3 | 0.33 | 16 | 0.67 |
+| RAIDZ1 / RAID-5 | 3 | 1 | 4 | 0.25 | 24 | 0.75 |
+| RAIDZ2 / RAID-6 | 3 | 2 | 5 | 0.4 | 24 | 0.6 |
+| RAIDZ1 / RAID-5 | 4 | 1 | 5 | 0.2 | 32 | 0.8 |
+
+In the above table, we use the term "parity" loosely: for RAID-1 and
+RAID-10, it's *not* a parity system, the data is *mirrored* to the
+other drives. But as far as disk size and ratio calculation goes, it
+*is* the same.
+
+As a rule of thumb, a RAIDZ1 (so 1 spare), it's essentially like
+RAID-5.
+
+The most important thingto know about RAID-Z is that the layout can't
+be changed after the pool creation. If you have 3 drives in your
+RAIDZ1 pool, you're stuck with 3 drives until you rebuild the pool
+(although you *can* add spares). Arrays *can* be grown in *size* by
+replacing the drives with bigger ones progressively, that said.
+
+Jim Salter [recommends mirrors instead of RAID-Z](https://jrs-s.net/2015/02/06/zfs-you-should-use-mirror-vdevs-not-raidz/), but the
+[rsync.net people recommend RAID-Z3 with 12-15 drives joined in 3-4
+vdev pools](https://news.ycombinator.com/item?id=25360013) (which would make ~20-36PiB arrays with 8TiB drives, by
+the way). Note that this means *three* spares in a 12-15 drive array,
+or a 20-25% ratio, which, in the above table, is the ratio of 4 or 5
+RAID-5 arrays with one spare, although there's a qualitative
+difference between having *one* spare and *two or more*.
+
+[dRAID](https://openzfs.github.io/openzfs-docs/Basic%20Concepts/dRAID%20Howto.html) is similar, except resilvering is faster, as the spare is
+distributed among all the devices. The [TrueNAS documentation](https://www.truenas.com/docs/references/draidprimer/)
+doesn't recommend dRAID except in special circumstances.
+
+[This guide](https://calomel.org/zfs_raid_speed_capacity.html) talks more about the different RAID types and compares
+performance.
+
## Issues
### Swap
more chargers and advice
diff --git a/blog/2023-02-10-usb-c.md b/blog/2023-02-10-usb-c.md index d84ab2c2..574f23d3 100644 --- a/blog/2023-02-10-usb-c.md +++ b/blog/2023-02-10-usb-c.md @@ -387,6 +387,9 @@ Russell Coker [bought](https://etbe.coker.com.au/2024/04/29/usb-psus/) [this dev not quite in the same range of things as the above, but could serve well as a home charger. +[This review](https://www.lttlabs.com/articles/2026/01/21/what-is-50-w-charging-who-needs-50-w-charging) suggests Apple, UGREEN, Anker, or even IKEA chargers, +and specifically [this 40W Apple](https://www.apple.com/ca/shop/product/mgkn4am/a/40w-dynamic-power-adapter-with-60w-max) or [the Anker 45W Nano](https://www.anker.com/ca/products/a121d-45w-usb-c-fast-charger-foldable-plug-compact). + ## USB testers Now that a USB cable isn't a simple 5V electric signal, cables and
a bunch more wayland tools
diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 3dc3cfa1..fd9e1e83 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -183,6 +183,7 @@ Other options include:
* [dwl][]: tiling, minimalist, dwm for Wayland, not in Debian
* [hikari][]: tiling/stacking, not in Debian
* [Hyprland][]: tiling, fancy animations, not in Debian ([1040971][])
+ * [MagoWC][]: tiling, scrolling, tagging,
* [niri][]: scrolling, paper-vm like, Rust, not in Debian ([1065355][])
* [Qtile][]: tiling, extensible, Python, in Debian since trixie ([1015267][])
* [river][]: Zig, stackable, tagging, not in Debian ([1006593][])
@@ -213,6 +214,7 @@ Other options include:
[smithay]: https://github.com/Smithay/smithay
[niri]: https://github.com/YaLTeR/niri
[1065355]: https://bugs.debian.org/1065355
+[MagoWC]: https://mangowc.vercel.app/
## Status bar: py3status → waybar
@@ -267,6 +269,7 @@ Other alternatives include:
* [hybridbar](https://github.com/hcsubser/hybridbar)
* [HybridBar](https://github.com/vars1ty/HybridBar) (yes, another)
+ * [Quickshell](https://quickshell.org/)
* [rootbar](https://hg.sr.ht/~scoopta/rootbar)
* [sandbar](https://github.com/kolunmi/sandbar)
* [sfwbar](https://github.com/LBCrion/sfwbar) (now in Debian)
@@ -1088,11 +1091,10 @@ how many things you were using are tightly bound to X.
basically)
* notifications: previously [dunst][] in some places, which works
- well in both Xorg and Wayland, not a blocker, [salut][] (not in
- Debian), [fnott][]. possible alternatives: damjan [uses
- mako][]. Eventually migrated to [sway-nc][], but found it too
- complicated for my needs. Ended up with a simple mako-based setup
- with inhibition.
+ well in both Xorg and Wayland, not a blocker. currently using
+ [mako][] with inhibitions, after testing [sway-nc][] which was too
+ complicated. possible alternatives: damjan [uses mako][], [salut][]
+ (not in Debian), [fnott][], [histui][].
* notification area: I had trouble making `nm-applet` work. based on
[this nm-applet.service][], I found that you need to pass `--indicator`. In
@@ -1157,6 +1159,8 @@ See also [this list of useful addons][] and [this other list][] for other app al
[this other list]: https://github.com/swaywm/sway/wiki/i3-Migration-Guide
[fnott]: https://codeberg.org/dnkl/fnott
[azote]: https://github.com/nwg-piotr/azote
+[histui]: https://jmylchreest.github.io/histui/
+[mako]: https://wayland.emersion.fr/mako/
## More X11 / Wayland equivalents
@@ -1616,6 +1620,10 @@ percentage, so i still have a brightness module in waybar.
Other alternatives:
* [Avizo][], not in Debian, requires keybinding wrapper
+ * [DankMaterialShell][], "replaces waybar, swaylock, swayidle, mako,
+ fuzzel, polkit, and everything else you'd normally stitch together
+ to make a desktop"
+ * [noctalia-shell][]
* [SwayOSD][], [entered Debian NEW, hopefully in trixie](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057301), requires
keybinding wrapper or libinput access, [sample sway config](https://codeberg.org/werdahias/graffe/src/commit/76c109b2ead688fad2ab5ddbe81419d5acbf270e/.config/sway/config#L58-L67)
* [wayout][], also provides a way to write stuff on the display, but
@@ -1628,6 +1636,8 @@ Other alternatives:
[sway-nc]: https://github.com/ErikReider/SwayNotificationCenter
[wob]: https://github.com/francma/wob
[wayout]: https://git.sr.ht/~proycon/wayout
+[noctalia-shell]: https://github.com/noctalia-dev/noctalia-shell
+[DankMaterialShell]: https://github.com/AvengeMedia/DankMaterialShell
# Debugging tricks
Changed pages:
blog/2022-06-17-matrix-notes
hardware/laptop/framework-12th-gen
Changed by: anarcat
Commit type: git
Date:
more updates to old articles
diff --git a/blog/2022-06-17-matrix-notes.md b/blog/2022-06-17-matrix-notes.md index fdd5d7f3..f9a89adc 100644 --- a/blog/2022-06-17-matrix-notes.md +++ b/blog/2022-06-17-matrix-notes.md @@ -21,6 +21,14 @@ your tablet, or dead trees, and lean back and relax as I show you around the Matrix. Or, alternatively, just jump to a section that interest you, most likely the [conclusion](#conclusion). +Update, 2026-01-12: this article is now a little under 4 years old and +is bound to have grown some inaccuracies compared to the current state +of Matrix. A quick review of the main points made here doesn't seem to +indicate any radical change that warrants anything else than this +notice, that said. Multiple updates are also appended at the end of +the article, mostly reinforcing suspected or noted issues I had +shared. + [[!toc levels=2]] # Introduction to Matrix diff --git a/hardware/laptop/framework-12th-gen.md b/hardware/laptop/framework-12th-gen.md index 8c96187f..ad117a5c 100644 --- a/hardware/laptop/framework-12th-gen.md +++ b/hardware/laptop/framework-12th-gen.md @@ -8,6 +8,10 @@ scoring an "exceedingly rare" [10/10 score from ifixit.com](https://www.ifixit.c There are two generations of the laptop's main board (both compatible with the same body): the Intel 11th and 12th gen chipsets. +> Note that this article is about the 13" laptop, there are now multiple +> generations of Framework laptops. I also own a green 12" laptop, see +> [[framework-12]] for that review. + I have received my Framework, 12th generation "DIY", device in late September 2022 and will update this page as I go along in the process of ordering, burning-in, setting up and using the device over the @@ -63,6 +67,17 @@ asncounter benchmarks, although the fan is noisier, it's great! Presumably power management is better too. Lots in here needs to be updated to reflect that, but I lack the time to do so. +Update, 2026-01-12: this article is now over 3 years old. I still use +this laptop on a daily basis, it's my daily driver. My biggest concern +with it is the sturdiness: I have already changed the mouse pad, and +the keyboard is next (the <kbd>e</kbd> key frequently misses hits), +even though the machine itself is not *that* old. This is especially +a concern because I rarely use the keyboard: most of the laptop's life +is spent sitting in a tray, tethered to my monitor. So while Framework +laptops are great at repair, they *will* need frequent repairs, and I +have had trouble getting refunds for broken parts (like the audio +expansion card). + [[!toc levels=5]] # Advice for buyers
fix links, add rofimoji
diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md
index 0e0e1233..3dc3cfa1 100644
--- a/software/desktop/wayland.md
+++ b/software/desktop/wayland.md
@@ -721,12 +721,14 @@ scripts. I wrote the following:
which is basically all available commands in your `$PATH`, also
saves the command in your `.history` file (also required me to bump
the size of that file to really be useful)
- * [pass-dmenu](https://gitlab.com/anarcat/scripts/-/blob/main/pass-dmenu): was already in use, just a little patch to support
+ * [dmenu-pass](https://gitlab.com/anarcat/scripts/-/blob/main/dmenu-pass): was already in use, just a little patch to support
Wayland, basically list the pass entries sorted by domains
([pass-domains](https://gitlab.com/anarcat/scripts/-/blob/main/pass-domains)) and piped the picked password to the clipboard
or `wl-type`
* [dmenu-unicode](https://gitlab.com/anarcat/scripts/-/blob/main/dmenu-unicode): (NEW!) grep around the unicode database for
- emojis and other stuff, see also [jome](https://github.com/eepp/jome) for a standalone solution
+ emojis and other stuff, see also [jome](https://github.com/eepp/jome) or [rofimoji](https://github.com/fdw/rofimoji) ([ITP
+ 1112008](
+ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112008)) for a standalone solution
With those, I can basically use fuzzel or any other `dmenu`-compatible
program and not care, it will "just work".
automatic federated post of /software/desktop/calibre
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn index 4a1650af..49dc1e73 100644 --- a/software/desktop/calibre.mdwn +++ b/software/desktop/calibre.mdwn @@ -684,3 +684,7 @@ Python modules. Update: this post generated some activity on Mastodon, [follow the conversation here or on your favorite Mastodon instance](https://social.weho.st/@anarcat/102917682883043910). + + +<!-- posted to the federation on 2026-01-05T14:28:30.119170 --> +[[!mastodon "https://kolektiva.social/@Anarcat/115844140883320100"]] \ No newline at end of file
hopefully finaly trixie upgrade procedure update
diff --git a/services/upgrades/trixie.md b/services/upgrades/trixie.md index 10abfc28..a76a47cf 100644 --- a/services/upgrades/trixie.md +++ b/services/upgrades/trixie.md @@ -37,6 +37,19 @@ to handle `clean_conflicts` output. This procedure *may* kill your graphical session, so make sure you can log back in over a serial console or virtual terminal. +## Common procedure + +Before you start on anything, follow those steps: + + 1. consider [taking a few screenshots of your desktop](https://utcc.utoronto.ca/~cks/space/blog/linux/TakeScreenshotsBeforeUpgrades) if this is + a graphical interface, to compare if things break. + + 2. make backups. the automated script will prompt you to make sure + you did, but it is better to do this early (and, ideally, + automatically). + + 3. review [release notes](https://www.debian.org/releases/trixie/release-notes/upgrading.en.html) (see below) + ## Automated procedure Starting from Trixie, TPA started scripting the upgrade procedure @@ -246,45 +259,14 @@ section below as well. # Notable changes -Here are some packages with notable version changes that I -noticed. - -TODO: merge or point at blog/2024-08-15-why-trixie +I typically have a list of major new packages and upgrades here, but +didn't find the time to do so. I did post about [[why upgrading to +trixie in 2024|blog/2024-08-15-why-trixie]] though. See also the [wiki page about trixie](https://wiki.debian.org/NewInTrixie) for another list. -## New packages - -This is a curated list of packages that were introduced in -trixie. There are actually *thousands* of new packages in the new -Debian release, but this is a small selection of projects I found -particularly interesting: - -TODO - -## My packages - -In packages I maintain, those are the important changes: - -TODO - -## Updated packages - -This table summarizes package version changes I find interesting. - -| Package | Bookworm | Trixie | Notes | -|---------|----------|--------|-------| -| TODO | | | | - -Note that this table may not be up to date with the current -release. See the [official release -notes](https://www.debian.org/releases/trixie/release-notes/whats-new.en.html#desktops-and-well-known-packages) -for a more up to date list. - ## Removed packages -TODO - - deborphan! ouch! see below - cpufrequtils, presumably replaced by cpupowerutils, but not in Debian ([1073079](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073079))
another ebook viewer
diff --git a/software/desktop/calibre.mdwn b/software/desktop/calibre.mdwn
index 2abed170..4a1650af 100644
--- a/software/desktop/calibre.mdwn
+++ b/software/desktop/calibre.mdwn
@@ -135,6 +135,7 @@ replace Calibre here:
doesn't seem to), but fails to load certain ebooks (book #1459 for
example)
* [baca][] is a TUI interface that also looks interesting
+ * [bookorat][], similar, TUI, rust
* [Bookworm][] looks very promising, not in Debian ([883867][]), but
[Flathub][flathub-bookworm]. scans books on exit, and can take a
loong time to scan an entire library (took 24+ hours here, and had
@@ -213,6 +214,7 @@ See also the [pdf-viewer metapackage](https://packages.debian.org/sid/pdf-viewer
[kavita]: https://github.com/Kareadita/Kavita
[flow]: https://www.flowoss.com/
[Thorium]: https://github.com/edrlab/thorium-reader
+[bookorat]: https://bugzmanov.github.io/bookokrat/
## ebook editor
automatic federated post of /blog/2018-07-27-signal-metadata
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
diff --git a/blog/2018-07-27-signal-metadata.mdwn b/blog/2018-07-27-signal-metadata.mdwn index a1047994..6e55334e 100644 --- a/blog/2018-07-27-signal-metadata.mdwn +++ b/blog/2018-07-27-signal-metadata.mdwn @@ -182,3 +182,7 @@ timing attack to decide various device states (sleeping, active) or location changes (wifi, mobile,). Wild stuff. [[!tag debian-planet signal security review]] + + +<!-- posted to the federation on 2025-12-17T21:37:18.767936 --> +[[!mastodon "https://kolektiva.social/@Anarcat/115738243140997368"]] \ No newline at end of file
add reference to other research paper, fix typos
diff --git a/blog/2018-07-27-signal-metadata.mdwn b/blog/2018-07-27-signal-metadata.mdwn index a3ca889a..a1047994 100644 --- a/blog/2018-07-27-signal-metadata.mdwn +++ b/blog/2018-07-27-signal-metadata.mdwn @@ -49,7 +49,7 @@ those in detail.) Then another notification comes in: Notice the device number there? It changed from `1` to `2`. This tells me this is a *different* device than the first one. Device 1 will most likely be the phone app and device 2 will most likely be Signal -Desktop. (In my case, I tried so *many* different configurations thatI +Desktop. (In my case, I tried so *many* different configurations that I have device numbers up to 8, but my phone is still device 1.) An attacker can use those notifications to tell when my phone goes @@ -163,7 +163,7 @@ other members of the group, a bit like how carbon-copies in emails reveals a social network. Compared with groups and new users notifications, the receipt -notification issue is a little more pernicions: the leak is not +notification issue is a little more pernicious: the leak is not visible at all to users except if they run signal-cli... While people clearly see each other's presence in a group, they definitely will not know that those little checkmark disclose more information than they @@ -177,4 +177,8 @@ thought they knew about the security properties of the system, so I am worried about my fellow non-technical friends and their expectations of privacy... +Update: [this paper](https://github.com/gommzystudio/device-activity-tracker) goes one step further than this and does a +timing attack to decide various device states (sleeping, active) or +location changes (wifi, mobile,). Wild stuff. + [[!tag debian-planet signal security review]]
another launcher
diff --git a/software/desktop/wayland.md b/software/desktop/wayland.md index a9980a74..0e0e1233 100644 --- a/software/desktop/wayland.md +++ b/software/desktop/wayland.md @@ -622,6 +622,7 @@ profusion of options: | [cerebro][] | no | Javascript ... uh... thing | | [dmenu-wl][] | no | fork of [dmenu][], straight port to Wayland | | [Fuzzel][] | yes, bookworm+ | dmenu/drun replacement, app icon overlay | +| [hyprlauncher][] | [ITP 1121541][] | launcher, unicode, math/calculator | | [gmenu][] | no | drun replacement, with app icons | | [kickoff][] | no | dmenu/run replacement, fuzzy search, "snappy", history, copy-paste, Rust | | [krunner][] | yes | KDE's runner | @@ -703,6 +704,8 @@ Note that [wlogout][] could be a partial replacement (just for the [yofi]: https://github.com/l4l/yofi [πmenu]: https://github.com/phillbush/pmenu [walker]: https://github.com/abenz1267/walker +[hyprlauncher]: https://wiki.hypr.land/Hypr-Ecosystem/hyprlauncher/ +[ITP 1121541]: https://bugs.debian.org/1121541 ### Fuzzel
answer a comment
diff --git a/blog/2023-03-10-listening-processes.md b/blog/2023-03-10-listening-processes.md
index 3922d282..a357dbe5 100644
--- a/blog/2023-03-10-listening-processes.md
+++ b/blog/2023-03-10-listening-processes.md
@@ -117,7 +117,6 @@ ports on my machine:
52938 users:(("avahi-daemon",pid=1423))
54029 users:(("avahi-daemon",pid=1423))
-
Surely there *must* be a better way. It turns out that `lsof` can do
some of this, and it's relatively straightforward. This lists all
listening TCP sockets:
@@ -190,6 +189,118 @@ sure looks nice:
Better ideas welcome.
+Update, one of the comments on mastodon suggested this:
+
+ ss -pluntO '! ( src = localhost )' | awk '{ printf("%-5s\t%-7s\t%-40s\t%s\n", $1, $2, $5, $6); }'
+
+Which looks like this right now:
+
+```
+ss -pluntO '! ( src = localhost )' | awk '{ printf("%-5s\t%-7s\t%-40s\t%s\n", $1, $2, $5, $6); }'
+Netid State Local Address:Port
+udp UNCONN 192.168.122.1:53 0.0.0.0:*
+udp UNCONN 0.0.0.0%virbr0:67 0.0.0.0:*
+udp UNCONN 0.0.0.0:53478 0.0.0.0:*
+udp UNCONN 0.0.0.0:53706 0.0.0.0:*
+udp UNCONN 0.0.0.0:21027 0.0.0.0:*
+udp UNCONN 0.0.0.0:53823 0.0.0.0:*
+udp UNCONN 0.0.0.0:5353 0.0.0.0:*
+udp UNCONN 0.0.0.0:5353 0.0.0.0:*
+udp UNCONN 0.0.0.0:55250 0.0.0.0:*
+udp UNCONN 0.0.0.0:38874 0.0.0.0:*
+udp UNCONN 0.0.0.0:57321 0.0.0.0:*
+udp UNCONN 0.0.0.0:41844 0.0.0.0:*
+udp UNCONN [::]:45441 [::]:*
+udp UNCONN [fe80::239a:8c0:9d46:2d08]%wlan0:546 [::]:*
+udp UNCONN *:49909 *:*
+udp UNCONN *:1716 *:*
+udp UNCONN [::]:21027 [::]:*
+udp UNCONN [::]:5353 [::]:*
+udp UNCONN *:5353 *:*
+udp UNCONN *:22000 *:*
+udp UNCONN [::]:42853 [::]:*
+tcp LISTEN 0.0.0.0:22 0.0.0.0:*
+tcp LISTEN 192.168.122.1:53 0.0.0.0:*
+tcp LISTEN [::]:22 [::]:*
+tcp LISTEN *:1716 *:*
+tcp LISTEN *:6600 *:*
+tcp LISTEN *:22000 *:*
+```
+
+I'm not sure: it loses the process information, and adds a needless
+`Address:Port` that's mostly null. But I like the awk idea, but would
+strip this down to:
+
+ ss -pluntO '! ( src = localhost )' | awk '{ printf("%-5s\t%-40s\t%s\n", $1, $5, $7); }'
+
+Which looks like this:
+
+```
+anarcat@angela:~> sudo ss -pluntO '! ( src = localhost )' | awk '{ printf("%-5s\t%-40s\t%s\n", $1, $5, $7); }'
+Netid Local Peer
+udp 192.168.122.1:53 users:(("dnsmasq",pid=4448,fd=5))
+udp 0.0.0.0%virbr0:67 users:(("dnsmasq",pid=4448,fd=3))
+udp 0.0.0.0:53478 users:(("syncthing",pid=6573,fd=18))
+udp 0.0.0.0:21027 users:(("syncthing",pid=6573,fd=17))
+udp 0.0.0.0:53823 users:(("mosh-client",pid=212545,fd=4))
+udp 0.0.0.0:5353 users:(("avahi-daemon",pid=2541,fd=12))
+udp 0.0.0.0:41844 users:(("avahi-daemon",pid=2541,fd=14))
+udp [::]:45441 users:(("avahi-daemon",pid=2541,fd=15))
+udp [fe80::239a:8c0:9d46:2d08]%wlan0:546 users:(("NetworkManager",pid=2693,fd=31))
+udp [::]:21027 users:(("syncthing",pid=6573,fd=19))
+udp [::]:5353 users:(("avahi-daemon",pid=2541,fd=13))
+udp *:22000 users:(("syncthing",pid=6573,fd=14))
+udp [::]:42853 users:(("syncthing",pid=6573,fd=16))
+tcp 0.0.0.0:22 users:(("sshd",pid=2949,fd=7))
+tcp 192.168.122.1:53 users:(("dnsmasq",pid=4448,fd=6))
+tcp [::]:22 users:(("sshd",pid=2949,fd=6))
+tcp *:6600 users:(("systemd",pid=6289,fd=67))
+tcp *:22000 users:(("syncthing",pid=6573,fd=12))
+```
+
+Not bad! We still have a bunch of noise on the `Local` column because
+we have a lot of `*:`, `[::]:` and `0.0.0.0:` and lots of noise in the
+`Peer` column because of that weird `users:` syntax.
+
+But i think it still works pretty well.
+
+One could add another `sed` in that pipeline to clear out at least the
+`Peer` garbage like this:
+
+ ss -pluntO '! ( src = localhost )' | awk '{ printf("%-5s\t%-40s\t%s\n", $1, $5, $7); }' | sed 's/users:(("//;s/".*//'
+
+... which then looks like:
+
+```
+anarcat@angela:~> sudo ss -pluntO '! ( src = localhost )' | awk '{ printf("%-5s\t%-40s\t%s\n", $1, $5, $7); }' | sed 's/users:(("//;s/".*//'
+Netid Local Peer
+udp 192.168.122.1:53 dnsmasq
+udp 0.0.0.0%virbr0:67 dnsmasq
+udp 0.0.0.0:53478 syncthing
+udp 0.0.0.0:21027 syncthing
+udp 0.0.0.0:53823 mosh-client
+udp 0.0.0.0:5353 avahi-daemon
+udp 0.0.0.0:41844 avahi-daemon
+udp [::]:45441 avahi-daemon
+udp [fe80::239a:8c0:9d46:2d08]%wlan0:546 NetworkManager
+udp [::]:21027 syncthing
+udp [::]:5353 avahi-daemon
+udp *:22000 syncthing
+udp [::]:42853 syncthing
+tcp 0.0.0.0:22 sshd
+tcp 192.168.122.1:53 dnsmasq
+tcp [::]:22 sshd
+tcp *:6600 systemd
+tcp *:22000 syncthing
+```
+
+But we've sailed past the land of reasonable one-liner one can type by
+heart there. I think our best bet is `ss -pluntO '! ( src = localhost
+)'`, if we can remember that...
+
+Just remember to run `ss` as root otherwise it can't figure out who
+owns all those sockets unless it's you.
+
[[!tag debian-planet python-planet sysadmin]]
merge the two wasd sections, wasd died
diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn index ce29e0fa..eac26f77 100644 --- a/hardware/keyboard.mdwn +++ b/hardware/keyboard.mdwn @@ -193,10 +193,16 @@ rtings reviewed [five models](https://www.rtings.com/keyboard/tools/table/141136 ## WASD -I have a [Custom 87-key mechanical keyboard](https://www.wasdkeyboards.com/index.php/products/mechanical-keyboard/wasd-v3-87-key-custom-mechanical-keyboard.html) with cherry MX "brown" -switches and a custom coloring and labeling layout. I first ordered it -with cherry MX "red" by mistake, and WASD were nice enough to accept a -return, but I had to pay shipping costs. +Update: I still own two WASD keyboards, but do not use them except as +extras anymore. The company also seems to have [closed down as of +2025](https://www.adamsdesk.com/posts/wasd-keyboards-defunct/) which is kind of sad, they were nice! Jeff Atwood, who worked +on the CODE keyboard with them, [confirmed it](https://discourse.codinghorror.com/t/what-happened-to-wasd-keyboards/10143/3) (with ChatGPT, +sic). What follows is my old update from a long time ago (~2021). + +I have a [WASD](http://www.wasdkeyboards.com/) [Custom 87-key mechanical keyboard](https://www.wasdkeyboards.com/index.php/products/mechanical-keyboard/wasd-v3-87-key-custom-mechanical-keyboard.html) with cherry +MX "brown" switches and a custom coloring and labeling layout. I first +ordered it with cherry MX "red" by mistake, and WASD were nice enough +to accept a return, but I had to pay shipping costs. The keys worn out pretty fast, which is kind of sad, otherwise it's absolutely gorgeous: @@ -229,6 +235,25 @@ less, and it's still really pretty. The V3 is kind of nice because you can reprogram the LED, although it's really complicated how you do that. I made caps lock red and scroll lock green. +Specs of the [WASD V2 87-Key Custom Mechanical Keyboard](http://www.wasdkeyboards.com/index.php/products/mechanical-keyboard/wasd-v2-87-key-custom-mechanical-keyboard.html): + + * 104/87/61 keys + * customizale layout and colors + * 2.0 lbs + * USB/PS2 (with adapter) + * made in taiwan, assembled in USA + * includes keycap puller + * DIP switches to control behavior + * no led backlight + * custom switches + * no windows logo (customizable) + * 145$, 185$ with o-rings and MX-clear + * latency around 14ms according to manufacturer: + > Debounce delay: after key press delay *12ms* + > Algorithm: Time base=1ms, Fixed time =4ms, continuous 3 times with same + > result, KEY state can be determined. + + ## Rosewill I first bought a Rosewill RK-9000 with, I believe, Cherry MX blue @@ -310,29 +335,6 @@ removing the debouncing algorithm. So here is inventory of the (surprisingly) expensive alternatives... -## WASD - -The [WASD](http://www.wasdkeyboards.com/) family has interesting -model. The [WASD V2 87-Key Custom Mechanical Keyboard](http://www.wasdkeyboards.com/index.php/products/mechanical-keyboard/wasd-v2-87-key-custom-mechanical-keyboard.html) has the -interesting feature of *not* having a numpad at all and customizable -everything. - - * 104/87/61 keys - * customizale layout and colors - * 2.0 lbs - * USB/PS2 (with adapter) - * made in taiwan, assembled in USA - * includes keycap puller - * DIP switches to control behavior - * no led backlight - * custom switches - * no windows logo (customizable) - * 145$, 185$ with o-rings and MX-clear - * latency around 14ms according to manufacturer: - > Debounce delay: after key press delay *12ms* - > Algorithm: Time base=1ms, Fixed time =4ms, continuous 3 times with same - > result, KEY state can be determined. - ## CODE The [CODE keyboard](http://codekeyboards.com/) is also made by WASD but has special specs.
reorder keyboard section
diff --git a/hardware/keyboard.mdwn b/hardware/keyboard.mdwn index 739dbb53..ce29e0fa 100644 --- a/hardware/keyboard.mdwn +++ b/hardware/keyboard.mdwn @@ -2,133 +2,7 @@ I [type so much](http://anarcat.koumbit.org/2010-03-22-working-too-much-computer [[!toc levels=2]] -# Actual keyboards - -## Rosewill - -I first bought a Rosewill RK-9000 with, I believe, Cherry MX blue -keys. That turned out to be too noisy, even with my roommates being -*in the next room*, so I do not use the keyboard except as a spare -now. - -## WASD - -I have a [Custom 87-key mechanical keyboard](https://www.wasdkeyboards.com/index.php/products/mechanical-keyboard/wasd-v3-87-key-custom-mechanical-keyboard.html) with cherry MX "brown" -switches and a custom coloring and labeling layout. I first ordered it -with cherry MX "red" by mistake, and WASD were nice enough to accept a -return, but I had to pay shipping costs. - -The keys worn out pretty fast, which is kind of sad, otherwise it's -absolutely gorgeous: - -<figure> <img src="IMG_0560.jpg" alt="A photo of the keyboard which -has mostly white keys, except control keys in grey, enter and escape -in red. Key labels are in the middle of keys which is unusual." /> -<figcaption>My fancy keyboard with a key extractor on top. The escape -key has the <a -href="https://archive.iww.org/history/icons/black_cat/">IWW black -cat</a> on the escape key, and an <a -href="https://0xacab.org/anarcat/apt-get-install-anarchism">apt-get -install anarchism swirl</a> on the meta keys </figcaption> </figure> - -It looks pretty much like the rendering they give you in their online -design tool: - -<figure> -<img src="wasd-final2.PNG" alt="A rendering of the keyboard layout" /> -</figure> - -I have ordered [reprints](https://www.wasdkeyboards.com/index.php/products/printed-keycap-singles/reprinted-key.html) of those worn-out keys, on the upside, -but it's still a bit of a luxury, especially because of the design -with the key labels in the middle. (There's a reason why that design -has gone away, and that's because the labels wear out faster!) - -I have *also* ordered a less exotic [WASD V3 87-Key Doubleshot PBT -Black/Slate Mechanical Keyboard](https://www.wasdkeyboards.com/index.php/products/mechanical-keyboard/wasd-87-key-doubleshot-pbt-black-slate-mechanical-keyboard.html), because they keys wear out much -less, and it's still really pretty. The V3 is kind of nice because you -can reprogram the LED, although it's really complicated how you do -that. I made caps lock red and scroll lock green. - -## Nuphy - -[Nuphy](https://nuphy.com/) has interesting mechanical keyboards, with a special focus on the -sound and design of the keyboards. - -They have QMK-compatible firmware and pretty designs, with slim and -TKL keyboards. - -### Short review - -I have found a second hand [Air75](https://nuphy.com/collections/in-stock-keyboards/products/air75-v2) at some Amazon overflow thing here, -and it is *really* nice. - -- QMK -- wireless (BT 4 devices, RF), wired (USB-C) -- 220h battery (~10days?) -- 84-keys -- [Cowberry red switches](https://nuphy.com/products/nuphy-cowberry-l45-low-profile-switches), hotswappable -- double-shot keycaps -- RGB backlights -- 13.5-21mm x 132.5mm x 316.4mm -- 598 grams -- n-key rollover - -It's really slim, I (surprisingly) like the short travel and the sound -is exquisite, even with the red switches. It's nice to have -the combo Bluetooth / USB-C setup, and there's even a "2.4GHz -transmitter" in there for non-BT operation, but somehow the adapter -for that was missing from the case. - -Two major downsides: - -- it's a bit on the heavy side, which would otherwise make this an - incredible travel keyboard -- the TKL layout is a bit too narrow for me, i can't get used to the - vertical pgup/pgdown pad - -I have also heard first-hand reports of a full USB controller failure -and a failure of support to provide proper followup, so that's a bit -concerning. - -I have looked at [upgrading the firmware](https://nuphy.com/pages/qmk-firmwares) and it says that "Dongle -and firmware updates required for this release", which means I need to -flash the "RF firmware" and the "dongle firmware", and I'm not sure -what those are. - -Apparently the "RF firmware" is flashed [from a phone](https://nuphy.com/pages/instructions-on-flashing-the-rf-firmwares) (?!) so you -need to install [this Bluetooth app](https://play.google.com/store/apps/details?id=no.nordicsemi.android.mcp) to do a "Device Firmware -Update" (DFU) and while some of Nordic Semi apps are free software, -that particular one [seems like docs-only](https://github.com/NordicSemiconductor/Android-nRF-Connect). There *might* be other -ways to do DFUs with free software (see [this adafruit thing](https://learn.adafruit.com/introducing-adafruit-ble-bluetooth-low-energy-friend/dfu-on-android-4-dot-3-plus) for -example) but wow this is getting complicated. - -The "dongle firmware" update is totally opaque: it seems it can only -be done from Windows or Mac. - -So while in theory the keyboard has a QMK-compatible firmware, in -practice the published firmware doesn't actually come with source code -which is likely a GPL violation, as [qmk_firmware](https://github.com/qmk/qmk_firmware) is GPL. Someone -is [keeping track of the various third-party firmwares](https://github.com/zhogov/nuphy-state-of-qmk-firmware). - -The whole point of this was to try to get a scroll lock key to work. I -haven't figured it out. I did find their [layout manual](https://cdn.shopifycdn.net/s/files/1/0268/7297/1373/files/NuPhy_Air75_V2_Q_A.pdf?v=1692772705) and the -[quick guide](https://cdn.shopify.com/s/files/1/0268/7297/1373/files/NuPhy_Air75_V2_Quick_Guide.pdf?v=1696498123) but it doesn't seem to support those extra keys. - -### Other reviews - -rtings reviewed [five models](https://www.rtings.com/keyboard/tools/table/141136) and outlined: - - * [Halo75 v2](https://nuphy.com/collections/keyboards/products/halo75-v2-qmk-via-wireless-custom-mechanical-keyboard): "[Best Mid-Range Mechanical Keyboard](https://www.rtings.com/keyboard/reviews/best/mechanical)" ([full review](https://www.rtings.com/keyboard/reviews/nuphy/air75-v2-air60-v2-air96-v2)) - * [Gem 80](https://nuphy.com/collections/keyboards/products/gem80): "[Best TKL Keyboard For Enthusiasts](https://www.rtings.com/keyboard/reviews/best/tkl)" and "Best - modular mechanical keyboard" ([full review](https://www.rtings.com/keyboard/reviews/nuphy/gem80)) - * [Air75 v2](https://nuphy.com/collections/keyboards/products/air75-v2): "[Best Low-Profile Keyboard](https://www.rtings.com/keyboard/reviews/best/low-profile)", "[Best Mid-Range - Wireless Keyboard](https://www.rtings.com/keyboard/reviews/best/by-type/wireless)", "[Best Office Keyboard Without A - Numpad](https://www.rtings.com/keyboard/reviews/best/work)", "[Best Mid-Range Keyboard For Programming](https://www.rtings.com/keyboard/reviews/best/by-usage/programming)" ([full - review](https://www.rtings.com/keyboard/reviews/nuphy/air75-v2-air60-v2-air96-v2)) - * [Halo96](https://nuphy.com/collections/keyboards/products/halo96): "[Best Upper Mid-Range Keyboard For Typing](https://www.rtings.com/keyboard/reviews/best/by-usage/writers)" and - "[Best Mid-Range RGB Keyboard](https://www.rtings.com/keyboard/reviews/best/rgb#recommendation_313370)" ([full review](https://www.rtings.com/keyboard/reviews/nuphy/halo96-halo65-halo75)), replaced by - the Halo96 v2 and Halo75 v2 - * [Field75](https://nuphy.com/collections/keyboards/products/field75): not best in anything ([full review](https://www.rtings.com/keyboard/reviews/nuphy/field75)) +# Current keyboards ## Keychron @@ -236,6 +110,132 @@ I also bought one of them "coiled cables" because I thought it would look cool, but that was a bit of a waste: it's too short and I ended up reusing the old cable I already had. +## Nuphy + +[Nuphy](https://nuphy.com/) has interesting mechanical keyboards, with a special focus on the +sound and design of the keyboards. + +They have QMK-compatible firmware and pretty designs, with slim and +TKL keyboards. + +### Short review + +I have found a second hand [Air75](https://nuphy.com/collections/in-stock-keyboards/products/air75-v2) at some Amazon overflow thing here, +and it is *really* nice. + +- QMK +- wireless (BT 4 devices, RF), wired (USB-C) +- 220h battery (~10days?) +- 84-keys +- [Cowberry red switches](https://nuphy.com/products/nuphy-cowberry-l45-low-profile-switches), hotswappable +- double-shot keycaps +- RGB backlights +- 13.5-21mm x 132.5mm x 316.4mm +- 598 grams +- n-key rollover + +It's really slim, I (surprisingly) like the short travel and the sound +is exquisite, even with the red switches. It's nice to have +the combo Bluetooth / USB-C setup, and there's even a "2.4GHz +transmitter" in there for non-BT operation, but somehow the adapter +for that was missing from the case. + +Two major downsides: + +- it's a bit on the heavy side, which would otherwise make this an + incredible travel keyboard +- the TKL layout is a bit too narrow for me, i can't get used to the + vertical pgup/pgdown pad + +I have also heard first-hand reports of a full USB controller failure +and a failure of support to provide proper followup, so that's a bit +concerning. + +I have looked at [upgrading the firmware](https://nuphy.com/pages/qmk-firmwares) and it says that "Dongle +and firmware updates required for this release", which means I need to +flash the "RF firmware" and the "dongle firmware", and I'm not sure +what those are. + +Apparently the "RF firmware" is flashed [from a phone](https://nuphy.com/pages/instructions-on-flashing-the-rf-firmwares) (?!) so you +need to install [this Bluetooth app](https://play.google.com/store/apps/details?id=no.nordicsemi.android.mcp) to do a "Device Firmware +Update" (DFU) and while some of Nordic Semi apps are free software, +that particular one [seems like docs-only](https://github.com/NordicSemiconductor/Android-nRF-Connect). There *might* be other +ways to do DFUs with free software (see [this adafruit thing](https://learn.adafruit.com/introducing-adafruit-ble-bluetooth-low-energy-friend/dfu-on-android-4-dot-3-plus) for +example) but wow this is getting complicated. + +The "dongle firmware" update is totally opaque: it seems it can only +be done from Windows or Mac. + +So while in theory the keyboard has a QMK-compatible firmware, in (Diff truncated)
add missing dep to zfs setup, required on tubman2
diff --git a/software/zfs.md b/software/zfs.md
index 952fe31f..8059097a 100644
--- a/software/zfs.md
+++ b/software/zfs.md
@@ -25,7 +25,7 @@ with standard LUKS instead of ZFS encryption:
1. Install requirements
- apt install zfs-dkms zfsutils-linux
+ apt install zfs-dkms zfsutils-linux linux-headers-amd64
modprobe zfs
2. Partition the disks:
mention the advantage of the xtar hack
diff --git a/hardware/battery.md b/hardware/battery.md index 73e8d25b..3b1790e7 100644 --- a/hardware/battery.md +++ b/hardware/battery.md @@ -198,8 +198,15 @@ poor unless proven otherwise. [This thread](https://old.reddit.com/r/18650masterrace/comments/qpx456/power_bank_options/) pointed at the [PBS2 charger](https://www.xtar.cc/product/XTAR-PB2S-Charger-122.html) which features swappable batteries, but is limited to ~25W output if I read it right. +The [PBSL2 v2](https://www.xtar.cc/product/xtar-pb2sl-charger-213-html.html) is the next generation of this, relatively similar. + 30$. +The great advantage of this is that it's also a 18650 battery charger, +so it goes both ways: you can use it to charge other devices (like a +normal battery pack), but you can also use it to charge 18650 +batteries for other devices! + ## Folomov An extreme case is the [Folomov A1](http://www.folomov.com/content/?126.html) which is just two terminals
hack to ignore a directory only on a certain host
this is important for directories backed by, say, syncthing because we
may want them backed up *somewhere*
this is important for directories backed by, say, syncthing because we
may want them backed up *somewhere*
diff --git a/services/backup.mdwn b/services/backup.mdwn
index 6964a813..71d9ce05 100644
--- a/services/backup.mdwn
+++ b/services/backup.mdwn
@@ -790,6 +790,8 @@ essentially:
exclude_caches: true
exclude_if_present:
- .nobackup
+ # would be nice to have placeholders here, like {hostname}
+ - .nobackup-angela
keep_exclude_tags: true
exclude_patterns:
- "*/.cache/*"
backupninja sys replacement
diff --git a/services/backup.mdwn b/services/backup.mdwn
index 13d8f577..6964a813 100644
--- a/services/backup.mdwn
+++ b/services/backup.mdwn
@@ -854,6 +854,9 @@ essentially:
# restore with while read origin pkg; do flatpak install --user --assumeyes $origin $pkg; done < flatpaks.txt
# this should be easier: https://github.com/flatpak/flatpak/issues/1356
- flatpak list --columns=origin,application --app | tail -n +1 | sort | sponge /var/backups/flatpaks.txt
+ # approximate replacement for backupninja's "sys" handler
+ - echo saving system/hardware information with grml-hwinfo
+ - grml-hwinfo --force -d --output-directory=/var/backups/grml-hwinfo
1. initialize repository:
flatpak backup procedures
diff --git a/services/backup.mdwn b/services/backup.mdwn
index f3ddd6ae..13d8f577 100644
--- a/services/backup.mdwn
+++ b/services/backup.mdwn
@@ -837,7 +837,7 @@ essentially:
other backup types back, as "backups selected by previous rules do
not count towards those of later rules".
- 9. sugar on top:
+ 9. other configs:
# compress backups with zstd (default is no compression)
compression: zstd
@@ -849,6 +849,12 @@ essentially:
# statistics: true
# list_details: true
+ before_backup:
+ - echo backing up flatpak configuration
+ # restore with while read origin pkg; do flatpak install --user --assumeyes $origin $pkg; done < flatpaks.txt
+ # this should be easier: https://github.com/flatpak/flatpak/issues/1356
+ - flatpak list --columns=origin,application --app | tail -n +1 | sort | sponge /var/backups/flatpaks.txt
+
1. initialize repository:
borgmatic init --encryption repokey --append-only
borg: make exclude patterns more generic
diff --git a/services/backup.mdwn b/services/backup.mdwn
index 3882122c..f3ddd6ae 100644
--- a/services/backup.mdwn
+++ b/services/backup.mdwn
@@ -792,23 +792,22 @@ essentially:
- .nobackup
keep_exclude_tags: true
exclude_patterns:
- - /home/anarcat/.fuse
- - /home/anarcat/fuse
- - /home/anarcat/isos/
- - /home/anarcat/VirtualMachines
- - /home/anarcat/VirtualBox VMs
- - /home/*/.cache/
- - '*/.Trash-*/'
- - '*/.bitcoin/blocks/'
- - '*/build-area/*'
- - /var/cache/*
- - /var/lib/apt/lists/
- - /var/lib/flatpak/
- - /var/lib/docker/overlay2/
- - /var/lib/mlocate/mlocate.db
- - /tmp/*
- - /var/tmp/*
- - /srv/chroot
+ - "*/.cache/*"
+ - "*/.local/share/digikam/facesengine/*"
+ - "*/.var/app/*/cache/*"
+ - "*/.var/app/app.organicmaps.desktop/data/OMaps/*/*.mwm"
+ - "*/VirtualBox VMs"
+ - "*/VirtualMachines"
+ - "*/.Trash-*/"
+ - "*/build-area/*"
+ - "/swapfile"
+ - "/tmp/*"
+ - "/var/cache/*"
+ - "/var/lib/apt/lists/*"
+ - "/var/lib/docker/overlay2/"
+ - "/var/lib/flatpak/*"
+ - "/var/lib/mlocate/mlocate.db"
+ - "/var/tmp/*"
7. fetch the backup password from [systemd-creds][]
fix links to trixie
diff --git a/services/upgrades/trixie.md b/services/upgrades/trixie.md
index 5dbacaa5..10abfc28 100644
--- a/services/upgrades/trixie.md
+++ b/services/upgrades/trixie.md
@@ -214,7 +214,7 @@ packages at the end automatically.
dpkg -l 'linux-image*' | less &&
printf "End of Step 8\a\n"
-[this guide to free up space]: https://www.debian.org/releases/testing/release-notes/upgrading.en.html#make-sure-you-have-sufficient-space-for-the-upgrade
+[this guide to free up space]: https://www.debian.org/releases/trixie/release-notes/upgrading.en.html#make-sure-you-have-sufficient-space-for-the-upgrade
One last reboot, with Fabric:
@@ -278,7 +278,7 @@ This table summarizes package version changes I find interesting.
Note that this table may not be up to date with the current
release. See the [official release
-notes](https://www.debian.org/releases/testing/release-notes/whats-new.en.html#desktops-and-well-known-packages)
+notes](https://www.debian.org/releases/trixie/release-notes/whats-new.en.html#desktops-and-well-known-packages)
for a more up to date list.
## Removed packages
@@ -289,7 +289,7 @@ TODO
- cpufrequtils, presumably replaced by cpupowerutils, but not in
Debian ([1073079](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073079))
-See also the [noteworthy obsolete packages](https://www.debian.org/releases/testing/release-notes/issues.en.html#noteworthy-obsolete-packages) list.
+See also the [noteworthy obsolete packages](https://www.debian.org/releases/trixie/release-notes/issues.en.html#noteworthy-obsolete-packages) list.
## Other improvements
@@ -303,7 +303,7 @@ See also the [noteworthy obsolete packages](https://www.debian.org/releases/test
# Issues
-See also the official list of [known issues](https://www.debian.org/releases/testing/release-notes/issues.en.html#known-severe-bugs).
+See also the official list of [known issues](https://www.debian.org/releases/trixie/release-notes/issues.en.html#known-severe-bugs).
## Pending
@@ -317,8 +317,8 @@ See also the official list of [known issues](https://www.debian.org/releases/tes
The venerable `deborphan` package has been removed ([1065310](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065310))!
That's a bit of a surprise, and kind of a big concern, because we were
using it in our upgrade procedure, to cleanup things after
-upgrades. It's also part of the [official upgrade procedures](https://www.debian.org/releases/testing/release-notes/upgrading.en.html#obsolete-packages), or
-at least it [was in bookworm](https://www.debian.org/releases/testing/release-notes/upgrading.en.html#transitional-dummy-packages):
+upgrades. It's also part of the [official upgrade procedures](https://www.debian.org/releases/trixie/release-notes/upgrading.en.html#obsolete-packages), or
+at least it [was in bookworm](https://www.debian.org/releases/trixie/release-notes/upgrading.en.html#transitional-dummy-packages):
> The package descriptions for transitional dummy packages usually
> indicate their purpose. However, they are not uniform; in
@@ -514,18 +514,18 @@ that were failing, one at a time.
## Upgrade failures
Instructions on errors during upgrades can be found in [the release
-notes "possible issues" section](https://www.debian.org/releases/testing/release-notes/upgrading.en.html#possible-issues-during-upgrade).
+notes "possible issues" section](https://www.debian.org/releases/trixie/release-notes/upgrading.en.html#possible-issues-during-upgrade).
## Reboot failures
If there's any trouble during reboots, you should use some recovery
system. The [release notes actually have good documentation on
-that](https://www.debian.org/releases/testing/release-notes/upgrading.en.html#prepare-for-recovery), on top of "use a live filesystem".
+that](https://www.debian.org/releases/trixie/release-notes/upgrading.en.html#prepare-for-recovery), on top of "use a live filesystem".
# References
- * [Official guide](https://www.debian.org/releases/testing/release-notes/upgrading.en.html)
- * [Release notes](https://www.debian.org/releases/testing/release-notes/whats-new.en.html)
+ * [Official guide](https://www.debian.org/releases/trixie/release-notes/upgrading.en.html)
+ * [Release notes](https://www.debian.org/releases/trixie/release-notes/whats-new.en.html)
* [Koumbit guide](https://wiki.koumbit.net/TrixieUpgrade) (in progress, last checked 2025-09-04, they
switched to bolt, so a little more opaque)
* [DSA guide](https://dsa.debian.org/howto/upgrade-to-trixie/) (in progress, last checked 2025-09-04)
@@ -533,6 +533,3 @@ that](https://www.debian.org/releases/testing/release-notes/upgrading.en.html#pr
* [Solution proposal to automate this](https://wiki.debian.org/AutomatedUpgrade)
[TPA guide]: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/upgrades/trixie
-
-TODO: replace `releases/testing` with `releases/trixie` after the
-release notes are published.
explain append-only, no need for --overwrite i think
diff --git a/services/backup.mdwn b/services/backup.mdwn
index 599e4572..3882122c 100644
--- a/services/backup.mdwn
+++ b/services/backup.mdwn
@@ -751,10 +751,9 @@ essentially:
upstream quite a bit, see [1106814](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106814). Things still generally
work, but watch out for version notes in upstream docs.
- 2. regenerate the base config file, the one shipped with the Debian
- package isn't necessarily up to date:
+ 2. generate the base config file:
- borgmatic config generate --overwrite
+ borgmatic config generate
2. open the configuration:
@@ -866,7 +865,17 @@ essentially:
be unlocked. By default, above, it's stored on the server in
`/etc/credstore.encrypted/borgmatic`, but you won't have access to
that, so save a copy of that password elsewhere. See also [my
- twisted way of managing keyfiles which I should elaborate on here](https://github.com/borgbackup/borg/discussions/9158).
+ twisted way of managing keyfiles which I should elaborate on
+ here](https://github.com/borgbackup/borg/discussions/9158).
+
+ Also note that this sets up the repository in "append-only" mode,
+ which has significant caveats in Borg, see [this
+ documentation](https://borgbackup.readthedocs.io/en/stable/usage/notes.html#append-only-mode). Concretely, it means space from purged archives
+ is never reclaimed until compaction is ran without `--append-only`
+ and then the repository applies all the purges, which defeats the
+ point of the `--append-only` flag (which is to protect against
+ total server compromise and ransomware attacks which would delete
+ backups).
2. perform first backup:
document borgmatic backup basically
diff --git a/services/backup.mdwn b/services/backup.mdwn
index 62a59a05..599e4572 100644
--- a/services/backup.mdwn
+++ b/services/backup.mdwn
@@ -737,6 +737,150 @@ Chunk index: 1842235 5951877
------------------------------------------------------------------------------
```
+## borgmatic backups
+
+I setup borgmatic! This page is *really* chaotic now, but i want to
+write this down for friends (and myself). The basic setup is
+essentially:
+
+ 1. install borgmatic
+
+ apt install borgmatic
+
+ Note that the Debian package needs work! It's lagging behind
+ upstream quite a bit, see [1106814](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106814). Things still generally
+ work, but watch out for version notes in upstream docs.
+
+ 2. regenerate the base config file, the one shipped with the Debian
+ package isn't necessarily up to date:
+
+ borgmatic config generate --overwrite
+
+ 2. open the configuration:
+
+ $EDITOR /etc/borgmatic/config.yaml
+
+ 3. set the repository endpoint, for example with `rsync.net` and
+ another SSH server::
+
+ repositories:
+ - path: ssh://fm1702@fm1702.rsync.net/./borg-{hostname}/
+ label: rsync.net
+ - path: ssh://borg-{hostname}@example.com/srv/borg/{hostname}/
+ label: offsite
+
+ Note that borgmatic will backup to *all* of those serially.
+
+ 4. setup which directories to backup:
+
+ source_directories:
+ - /
+ - /boot
+ - /var
+ - /home
+ - /srv
+
+ I backup all my filesystems, above, and use excludes to keep large
+ files out. This goes in pair with:
+
+ one_file_system: true
+
+ 5. setup excludes. this is also one area that varies wildly depending
+ on your config:
+
+ exclude_caches: true
+ exclude_if_present:
+ - .nobackup
+ keep_exclude_tags: true
+ exclude_patterns:
+ - /home/anarcat/.fuse
+ - /home/anarcat/fuse
+ - /home/anarcat/isos/
+ - /home/anarcat/VirtualMachines
+ - /home/anarcat/VirtualBox VMs
+ - /home/*/.cache/
+ - '*/.Trash-*/'
+ - '*/.bitcoin/blocks/'
+ - '*/build-area/*'
+ - /var/cache/*
+ - /var/lib/apt/lists/
+ - /var/lib/flatpak/
+ - /var/lib/docker/overlay2/
+ - /var/lib/mlocate/mlocate.db
+ - /tmp/*
+ - /var/tmp/*
+ - /srv/chroot
+
+ 7. fetch the backup password from [systemd-creds][]
+
+ encryption_passphrase: "{credential systemd borgmatic}"
+
+ Note that the default is `borgmatic.pw` in the Debian package, but
+ this older borgmatic release has a bug with keys with a dot in
+ them. You also need to override the systemd unit to change that
+ key, with `systemctl edit borgmatic` and then:
+
+ [Service]
+ LoadCredentialEncrypted=
+ LoadCredentialEncrypted=borgmatic
+
+ 8. configure retention, i keep dailies for a week, weeklies for a
+ month, monthlies for 6 months, and yearlies for a decade:
+
+ keep_within: 7d
+ keep_weekly: 4
+ keep_monthly: 6
+ keep_yearly: 10
+
+ We use `keep_within` instead of `keep_daily` because we don't
+ *necessarily* backup daily (for example, if the laptop is
+ suspended or on AC power). In case we skip a day, `keep_daily`
+ would count backups going way too far back because it "pushes" the
+ other backup types back, as "backups selected by previous rules do
+ not count towards those of later rules".
+
+ 9. sugar on top:
+
+ # compress backups with zstd (default is no compression)
+ compression: zstd
+
+ # make filesystem snapshots (doesn't work well in 1.9)
+ lvm:
+
+ # only in 2.0
+ # statistics: true
+ # list_details: true
+
+ 1. initialize repository:
+
+ borgmatic init --encryption repokey --append-only
+
+ You might need to save the password you type there in
+ [systemd-creds][] with:
+
+ systemd-ask-password -n | systemd-creds encrypt - /etc/credstore.encrypted/borgmatic
+
+ See the [upstream docs about creds for how that works](https://torsion.org/borgmatic/reference/configuration/credentials/systemd/).
+
+ Note that the `repokey` mode will need that key you just typed to
+ be unlocked. By default, above, it's stored on the server in
+ `/etc/credstore.encrypted/borgmatic`, but you won't have access to
+ that, so save a copy of that password elsewhere. See also [my
+ twisted way of managing keyfiles which I should elaborate on here](https://github.com/borgbackup/borg/discussions/9158).
+
+ 2. perform first backup:
+
+ systemctl start borgmatic &
+ journalctl -f -u borgmatic
+
+ 1. enable systemd timer:
+
+ systemctl enable --now borgmatic.timer
+
+[systemd-creds]: https://www.freedesktop.org/software/systemd/man/latest/systemd-creds.html
+
+See also the [upstream startup guide](https://torsion.org/borgmatic/how-to/set-up-backups/).
+
## References
Borg:
beamers and screens
diff --git a/hardware/monitor.mdwn b/hardware/monitor.mdwn index 16a7a01b..027c0ed7 100644 --- a/hardware/monitor.mdwn +++ b/hardware/monitor.mdwn @@ -409,8 +409,7 @@ Note that none of those links work anymore, just a few years later. Another idea: a [USB C monitor](https://etbe.coker.com.au/2020/07/02/desklab-portable-usb-c-monitor/) -Mounts -====== +# Mounts A friend recommends the [VIVO STAND-V001JB](https://www.vivo-us.com/collections/monitor-mounts/products/stand-v001jb). Unfortunately, it's hard to find and basically only available on Amazon in Canada. So @@ -421,7 +420,12 @@ here's a little shopping list while I'm there: * [APC 1500VA](https://www.amazon.ca/gp/product/B06VY6FXMM/ref=ox_sc_act_title_1?smid=A3DWYIK6Y9EEQB&psc=1) - same, for upstairs * [VIVO STAND-V001JB](https://www.amazon.ca/gp/product/B07BR9YRNC/ref=ox_sc_act_title_3?smid=AX105E1SOBX1B&psc=1) - the damn thing -Resources -========= +# Resources * [TFT Central](https://www.tftcentral.co.uk): monitor database and reviews + +# Beamers and screens + +- [distance / size calculators](https://www.rtings.com/tv/reviews/by-size/size-to-distance-relationship) +- [wirecutters 2025 screens](https://www.nytimes.com/wirecutter/reviews/best-projector-screen/) +- [wirecutters 2025 projectors](https://www.nytimes.com/wirecutter/reviews/best-projectors/)
another mono font
diff --git a/blog/2024-05-29-playing-with-fonts-again.md b/blog/2024-05-29-playing-with-fonts-again.md index 6dfe9aef..7e6a15ad 100644 --- a/blog/2024-05-29-playing-with-fonts-again.md +++ b/blog/2024-05-29-playing-with-fonts-again.md @@ -214,6 +214,11 @@ I'm not using them: the alignment test but Fira Mono fails to show the X signs properly! packaged as [fonts-firacode](https://tracker.debian.org/fonts-firacode) +- [Julia Mono](https://juliamono.netlify.app/): ligatures (can be disabled), good alternative, good + unicode coverage, seems to pass most tests, italics, even better + than Commit mono at alignment (in the dash test, Commit mono's + `HORIZONTAL BAR` is misaligned or missing) + - [Hack](https://sourcefoundry.org/hack/): no ligatures, very similar to Fira, italics, good alternative, fails the X test in box alignment, packaged as [fonts-hack](https://tracker.debian.org/fonts-hack)
another audio interface
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index 952243eb..f771b0e8 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -251,6 +251,9 @@ jacks.
towards high-end productions, 6/4 USB audio interface, mic, line,
6xXLR inputs, -120dB mic preamps, built-in SD-card multi-track
recorder, works well in Linux, [970$ L&M](https://www.long-mcquade.com/142600/Pro-Audio---Recording/Multi-track-Recorders/Zoom/F6-MultiTrack-Field-Recorder.htm)
+ * Universal Audio [Volt 2 USB](https://www.uaudio.com/products/volt-2-usb): also recommended, 2xXLR/TRS combo,
+ 24-bit / 192 kHz, "direct monitoring", phantom, 111dB dynamic
+ range, 1kg, 130 x 174 x 53 mm, [3d mount](https://www.thingiverse.com/thing:6753373), [289$ L&M](https://www.long-mcquade.com/252196/Pro-Audio-Recording/Audio-Interfaces-DAW-Controllers/Universal-Audio/Volt-2-USB-Interface.htm)
# Setup
more openpgp locations updates
diff --git a/.well-known/openpgpkey/Makefile b/.well-known/openpgpkey/Makefile index e65f2667..fb314116 100644 --- a/.well-known/openpgpkey/Makefile +++ b/.well-known/openpgpkey/Makefile @@ -27,15 +27,23 @@ upload: gpg --keyserver keyring.debian.org --send-keys $(FINGERPRINT) gpg --keyserver pgpkeys.eu --send-keys $(FINGERPRINT) gpg --keyserver keys.openpgp.org --send-keys $(FINGERPRINT) - @echo "Not covered: GitLab and GitHub accounts:" - @echo "https://gitlab.torproject.org/-/user_settings/gpg_keys" - @echo "https://gitlab.com/-/user_settings/gpg_keys" - @echo "https://salsa.debian.org/-/user_settings/gpg_keys" - @echo "https://github.com/settings/keys" + @echo "Not covered:" + @echo "# GitLab and GitHub accounts" + @echo + @echo "- https://gitlab.torproject.org/-/user_settings/gpg_keys" + @echo "- https://gitlab.com/-/user_settings/gpg_keys" + @echo "- https://salsa.debian.org/-/user_settings/gpg_keys" + @echo "- https://github.com/settings/keys" + @echo @echo "most involves deleting the old key then reuploading the new one" @echo "next time, try using GitLab API: https://docs.gitlab.com/ee/api/users.html#list-all-gpg-keys" @echo "list, parse for fingerprint, delete, then upload" @echo "last test with plain 'python-gitlab' CLI failed though" + @echo + @echo "# other locations" + @echo + @echo "- tor-puppet/openpgp-policy.toml" + @echo gpg --export --export-options export-minimal -a $(FINGERPRINT) | wl-copy @echo "key copied to clipboard"
some clarifications for malte, hopefully
diff --git a/blog/2025-08-20-luks-ukify-conversion.md b/blog/2025-08-20-luks-ukify-conversion.md
index 9f80e6de..3563e4c8 100644
--- a/blog/2025-08-20-luks-ukify-conversion.md
+++ b/blog/2025-08-20-luks-ukify-conversion.md
@@ -236,6 +236,9 @@ We assume 512 byte sectors here. Check your sector size with `fdisk
echo root=/dev/mapper/crypt_dev_nvme0n1p2 > /etc/kernel/cmdline
+ You might also want to look at the `options:` field in `bootctl
+ list` to set the right thing here.
+
2. Regenerate UKI:
dpkg-reconfigure linux-image-$(uname -r)
@@ -247,6 +250,10 @@ We assume 512 byte sectors here. Check your sector size with `fdisk
possible to workaround this issue by tweaking the arguments at
boot time, that said.
+ Also, the above will reconfigure the package named after the
+ *running* kernel, it will only work if that's exactly the same
+ version as the *installed* kernel.
+
3. Exit chroot and reboot
exit
two more typos, thanks malte
diff --git a/blog/2025-08-20-luks-ukify-conversion.md b/blog/2025-08-20-luks-ukify-conversion.md
index 6154a2e8..9f80e6de 100644
--- a/blog/2025-08-20-luks-ukify-conversion.md
+++ b/blog/2025-08-20-luks-ukify-conversion.md
@@ -188,7 +188,7 @@ We assume 512 byte sectors here. Check your sector size with `fdisk
6. Re-encrypt filesystem:
- cryptsetup reencrypt --encrypt /dev/nvme0n1p2 --resize-device-size=32M
+ cryptsetup reencrypt --encrypt /dev/nvme0n1p2 --reduce-device-size=32M
This is it! This is the most important step! Make sure your laptop
is plugged in and try not to interrupt it. This can, apparently,
@@ -227,7 +227,7 @@ We assume 512 byte sectors here. Check your sector size with `fdisk
1. Adjust root filesystem in `/etc/fstab`, make sure you have a line
like this:
- /dev/mapper/crypt_dev-nvme0n1p2 / ext4 errors=remount-ro 0 1
+ /dev/mapper/crypt_dev_nvme0n1p2 / ext4 errors=remount-ro 0 1
If you were already using a UUID entry for this, there's nothing
to change!
even more ratings
diff --git a/hardware/camera.mdwn b/hardware/camera.mdwn index 91cdff62..b09d919f 100644 --- a/hardware/camera.mdwn +++ b/hardware/camera.mdwn @@ -169,6 +169,7 @@ and here is my progress: - 2025-09-14: 8503 (-2000~! on a roll! rated all of 2013, lots of photos were not grouped properly by darktable, probably because of the shotwell import, fixed with autogrouping and my script) +- 2025-10-19: 6123 (-2000+), 2014, 2015, 2017 left Inventaire ==========
moar ratings
diff --git a/hardware/camera.mdwn b/hardware/camera.mdwn index c49bcde1..91cdff62 100644 --- a/hardware/camera.mdwn +++ b/hardware/camera.mdwn @@ -164,8 +164,11 @@ and here is my progress: didn't have ratings in the sidecar... lots was fixed, processed new pics and this weeks photos *and* 1000 from 2021. somehow 2022 got done without being noted here) -- 2025-09-13: 10579 (-1700~, rated 2005, 2006, 2007, 2012, 2013, lots +- 2025-09-13: 10579 (-1700~, rated 2005, 2006, 2007, 2012, lots of dupes found) +- 2025-09-14: 8503 (-2000~! on a roll! rated all of 2013, lots of + photos were not grouped properly by darktable, probably because of + the shotwell import, fixed with autogrouping and my script) Inventaire ==========
cleanup radio formatting, update with newest
diff --git a/hardware/radio.mdwn b/hardware/radio.mdwn index 265b8efa..8549111a 100644 --- a/hardware/radio.mdwn +++ b/hardware/radio.mdwn @@ -13,28 +13,30 @@ See also [[services/meshtastic]] (think DIY text mesh) and # Hardware * Hand helds: - * Baofeng UV-3R MKII radio (<50$) * [Baofeng UV-5R](https://baofengtech.com/uv-5r) * Wouxun KG-UVD1P * [Yaesu FT-60R](https://www.yaesu.com/indexVS.cfm?cmd=DisplayProducts&encProdID=6EC43B29CEF0EC2B4E19BB7371688B7F) + * [Quansheng UV-K5](https://qsfj.com/products/3002): similar to baofeng UV-5R, but more hackable, + see [custom firmware](https://github.com/nikant/kamilsss655-uv-k5-firmware-custom-nkk?tab=readme-ov-file), [also](https://whosmatt.github.io/uvmod/) * Transceiver: Yaesu FT-100D, bought around 600$ on ebay in 2010 -* Antenna/tuner kit: - * MFJ-941E - antenna tuner and switch [155$ at radioworld](http://radioworld.ca/product_info.php?products_id=2885) - * MAP-G5RV 1/2 - G5RV 50' dipole antenna (10-40m) [85$ at radioworld](http://radioworld.ca/product_info.php?manufacturers_id=121&products_id=7788) - * 100' of RG8 coax cabling [65$ at radioworld](http://radioworld.ca/product_info.php?cPath=73_394&products_id=6831) - * 3 PL259 connectors [4$ at radioworld](http://radioworld.ca/product_info.php?cPath=73_394&products_id=3244) - * Total, incl. shipping: 452.35$ - * [S&K Open Stub J-Pole Antenna](https://signalstuff.com/product/signal-staff-osj/) (OSJ) from [Signalstuff.com](https://signalstuff.com/), - can be mounted on a mast *or* a camera tripod *or* even hanged from - a tree! (60$USD) -* VHF/UHF meter: [workman 50$](http://www.ebay.com/itm/SWR-Power-500-Watt-METER-120-500-MHz-UHF-VHF-Ham-Radio-w-RG8X-Jumper-/380424888249) ([17 reviews: 3.5/5](http://www.eham.net/reviews/detail/3905)) -* Ferrites: ~40$ + 24$ customs fees (PN: 2643167851 from [IBS electronics](http://www.ibselectronics.com/search_r.asp?mfgpn=2643167851)) -* some PL259 connectors, usually around 2$ each +* Tuner wiring kit: + * MFJ-941E - antenna tuner and switch [155$ at radioworld](http://radioworld.ca/product_info.php?products_id=2885) + * 100' of RG8 coax cabling [65$ at radioworld](http://radioworld.ca/product_info.php?cPath=73_394&products_id=6831) + * PL259 connectors [4$ at radioworld](http://radioworld.ca/product_info.php?cPath=73_394&products_id=3244) + * VHF/UHF meter: [workman 50$](http://www.ebay.com/itm/SWR-Power-500-Watt-METER-120-500-MHz-UHF-VHF-Ham-Radio-w-RG8X-Jumper-/380424888249) ([17 reviews: 3.5/5](http://www.eham.net/reviews/detail/3905)) + * Ferrites: ~40$ + 24$ customs fees (PN: 2643167851 from [IBS electronics](http://www.ibselectronics.com/search_r.asp?mfgpn=2643167851)) +* Antennas + * MAP-G5RV 1/2 - G5RV 50' dipole antenna (10-40m) [85$ at radioworld](http://radioworld.ca/product_info.php?manufacturers_id=121&products_id=7788) + * [S&K Open Stub J-Pole Antenna](https://signalstuff.com/product/signal-staff-osj/) (OSJ) from [Signalstuff.com](https://signalstuff.com/), + can be mounted on a mast *or* a camera tripod *or* even hanged from + a tree! (60$USD) + * DIY copper J-pole + * Mag-mount VHF antenna (spec missing) * Books: - * [Canadian Amateur Radio Basic Qualification Study Guide](http://www.coaxpublications.ca/ ): 40$ - * [The RAC Operating Manual](https://www.rac.ca/store/operating-manual.htm): 42$ - * ARRL Handbook 2011, Softcover: 49.95$USD - * ARRL Antenna Book: 44.95$USD + * [Canadian Amateur Radio Basic Qualification Study Guide](http://www.coaxpublications.ca/ ): 40$ + * [The RAC Operating Manual](https://www.rac.ca/store/operating-manual.htm): 42$ + * ARRL Handbook 2011, Softcover: 49.95$USD + * ARRL Antenna Book: 44.95$USD Total rig cost so far: 1242.60$ (not counting the quad project below) @@ -44,18 +46,30 @@ I uploaded a few photos [in this album](https://photos.anarc.at/documentation/ra ### Modern -- [sBITX](https://www.sbitx.net/): 80-20m (receive 500KHz-30MHz, 25W), SSB, CW, FT8, - packet, SDR, 400$ with a raspi kit, 10"x6"x2", 4lbs, back-order as - of 2025-03-29, but [should be back in stock "in a month" so in - March](https://groups.io/g/BITX20/message/115582?p=%2C%2C%2C20%2C0%2C0%2C0%3A%3Acreated%2C%2Csbitx%20out%20of%20stock%2C20%2C2%2C0%2C111139360), [sbitx v3](https://www.hfsignals.com/index.php/sbitx-v3/) and others can apparently [run Debian!](https://www.cybertec-postgresql.com/en/the-debian-conference-2025-in-brest/) -- [uBITX v6](https://www.hfsignals.com/index.php/ubitx-v6/): 10W HF, SSB/CW, SDR, arduino-based, GPL-3, 210$ for - kit +- [HF Signals](https://www.hfsignals.com/) have built tons of awesome open hardware kits and + products, my main challenge for adoption are the BNC connectors (I + have everything in PL259, maybe a [simple adapter like this](https://addison-electronique.com/en/uhf-female-to-bnc-male-adaptor.html) or + [this BNC male to UHF SO239 female adapter](https://www.radioworld.ca/product/con-210/bnc-male-uhf-female-adapter) (2.99$), which i + might already have, [signalstuff also has more expensive ones](https://signalstuff.com/products/so239-bncm/) + - [sBITX](https://www.sbitx.net/): 25W, 80-10m, 10W on 20-10m, receive 500KHz-30MHz, idle + 600mA, xmit 9A, SSB/CW/CW-Reverse/FT8/FLdigi, 7" touch screen + display, built-in mic and speaker, on-screen keyboard, 4 memories + per band, A/B VFOs, [N1MM](https://n1mmwp.hamdocs.com/)-style logger, real time clock, HDMI + output, WAV recording, QRZ.com lookups, telnet/BBS (RBN/DX + clusters), can be powered off RC/drone batteries with the XT60 + connector, BNC connector, web interface, [sbitx v3](https://www.hfsignals.com/index.php/sbitx-v3/) and others + can apparently [run Debian!](https://www.cybertec-postgresql.com/en/the-debian-conference-2025-in-brest/), [open source](https://github.com/afarhan/sbitx), 10"x6"x2", + 4lbs, 430$USD + - [zBitx](https://www.hfsignals.com/index.php/zbitx/): 5W HF, 80-10m, CW/SSB/FreeDV/FT8/SSTV, 480×320 touch + screen, 156mm x 80mm x 35mm, 250g, 410g with 2x18650 LiPO + batteries, same software as the sBitx, 6V-9V PSU, 300mA standby, + 1.5-3A transmit, 197$USD + - [uBITX v6](https://www.hfsignals.com/index.php/ubitx-v6/): 10W HF, SSB/CW, SDR, arduino-based, GPL-3, 210$, + seems like the older version of the other two - [QMX](https://qrp-labs.com/qmx.html): low power QRP transceiver HF 20-80M, SDR / CW, packet, *not* voice - [(tr)uSDX](https://dl2man.de/): tiny, low power (80mA/500mA) QRP HF (20-80m, CW/LSB/USB/AM/FM) transceiver, example [portable kit](https://imgur.com/gallery/ultralightish-tr-usdx-sota-shack-box-kit-QPuv1d9), ~140$ -- [Quansheng UV-K5](https://qsfj.com/products/3002): similar to baofeng UV-5R, but more hackable, - see [custom firmware](https://github.com/nikant/kamilsss655-uv-k5-firmware-custom-nkk?tab=readme-ov-file), [also](https://whosmatt.github.io/uvmod/) - [kv4p](https://www.kv4p.com/): ham radio adapter (VHF, USB-C) for Android phones, GPL-3 There's a [great guide](https://www.tothewoods.net/Comms-Yaesu-817-818-Manpack-Mobile-QRP-Ham-Radio-Kit.php) on how to setup a mobile HF rig that I @@ -99,6 +113,10 @@ that we might want to learn from. In particular, it ships: * [Call those guys?](http://www.paratonnerres.qc.ca/produits.html) * <del>J146/440 - dual band VHF/UHF antenna (2m-70cm) [40$ at radioworld](http://radioworld.ca/product_info.php?cPath=73_191_193&products_id=886)</del> /!\ backorder * <del>MFJ-260C - 300W dummy load 0-150Mhz dry [50$ at radiowrodl](http://radioworld.ca/product_info.php?products_id=8098)</del> built into the tuner now +* Baofeng UV-3R MKII radio (<50$) - really liked those radios, gave + them all away, can't find anything as good anymore, except maybe the + [Quansheng UV-K5](https://qsfj.com/products/3002) but that's closer to the UV-5R: bigger, less + sturdy, and more complicated to operate than the UV-3R I did a review of [[FmTransmitter]]s a long time ago that is probably now completely useless.
mention my new upgrade system
diff --git a/blog/2021-09-05-bullseye-upgrade-notes.mdwn b/blog/2021-09-05-bullseye-upgrade-notes.mdwn index 32407350..a026c7e6 100644 --- a/blog/2021-09-05-bullseye-upgrade-notes.mdwn +++ b/blog/2021-09-05-bullseye-upgrade-notes.mdwn @@ -106,6 +106,9 @@ grouping using [Cumin](https://doc.wikimedia.org/cumin/master/introduction.html) experimenting with [Puppet Bolt](https://puppet.com/docs/bolt/latest/bolt.html) in the bullseye upgrade process, but that feels too site-specific to be useful more broadly. +Update: I *have* implemented an automated upgrade procedure for work +now, see [tpo/tpa/team#41485](https://gitlab.torproject.org/tpo/tpa/team/-/issues/41485) and [the upgrade scripts](https://gitlab.torproject.org/tpo/tpa/fabric-tasks/-/blob/main/fabric_tpa/upgrade.py?ref_type=heads). + # Trade-offs I am not sure where this stands in the [XKCD time trade-off](https://xkcd.com/1205/)
update on audio interface research
hesitant between the zoom and focusrite right now, leaning a bit
towards the latter because of the availability of the mount, but the
zoom is more compact and possibly better supported
hesitant between the zoom and focusrite right now, leaning a bit
towards the latter because of the availability of the mount, but the
zoom is more compact and possibly better supported
diff --git a/hardware/audio.mdwn b/hardware/audio.mdwn
index 0407c247..952243eb 100644
--- a/hardware/audio.mdwn
+++ b/hardware/audio.mdwn
@@ -232,11 +232,18 @@ jacks.
* [Scarlett 2i2](https://store.focusrite.com/en-gb/product/scarlett-2i2-3rd-gen/MOSC0025): older versions work well in Linux, 3rd rumored
to be problematic, [Linux GUI](https://github.com/geoffreybennett/alsa-scarlett-gui), [requires extra config](https://linuxmusicians.com/viewtopic.php?f=6&t=20669&p=146733&hilit=Zoom+f6#p146733) (see
- [USAGE.md](https://github.com/geoffreybennett/alsa-scarlett-gui/blob/master/USAGE.md)), [positive review](https://linuxgamecast.com/2021/10/interfacing-linux-focusrite-scarlett-solo-gen3/), [250$ L&M](https://www.long-mcquade.com/146276/Pro-Audio---Recording/Audio-Interfaces---DAW-Controllers/Focusrite/Scarlett-2i2-3rd-Generation-USB-2-0-Audio-Interface.htm), [250$ Steve's](https://stevesmusic.com/en/product/focusrite-scarlett-2i2-gen-3-2288.html)
+ [USAGE.md](https://github.com/geoffreybennett/alsa-scarlett-gui/blob/master/USAGE.md)), [positive review](https://linuxgamecast.com/2021/10/interfacing-linux-focusrite-scarlett-solo-gen3/), [300$ diplomate](https://www.musiquediplomate.com/fr/produit/focusrite-scarlett-2i2-audio-interface/), [270$
+ L&M](https://www.long-mcquade.com/344251/Pro-Audio-Recording/Audio-Interfaces-DAW-Controllers/Focusrite/Scarlett-2i2-4th-Gen-USB-C-Audio-Interface.htm), [270$ Steve's](https://stevesmusic.com/products/focusrite-scarlett-2i2-35919), 120dB dynamic range, 595g, 117mm x
+ 180mm x 47.5mm, 2x XLR, 2x TRS (mixed, not combo), phantom,
+ headphone jack, USB-2 (USB-C), 24bit 192KHz, [lots of 3d-printed
+ mounts](https://www.thingiverse.com/search?q=Focusrite&page=1&sort=popular), [this one seems best](https://www.thingiverse.com/thing:3309292/files), but could be improved by
+ [printing sideways (only made for the 2i4)](https://www.printables.com/model/163864-focusrite-scarlett-2i4-2nd-gen-bracket-easier-prin)
* [Behringer UMC204HD](https://www.behringer.com/product.html?modelCode=P0BK0): much cheaper, mentioned in the above
review, Behringer has a bad rep though, not on sale locally, [review](https://discourse.ardour.org/t/behringer-umc204hd-and-umc404hd/104756)
* MOTU M2: [250$ Steve's](https://stevesmusic.com/en/product/motu-m2-4683.html), might have trouble in Linux
- * Zoom [UAC-2](https://zoomcorp.com/fr/ca/interfaces-audio/audio-interfaces/uac-2/): [320$ L&M](https://www.long-mcquade.com/61635/Pro_Audio_Recording/Audio_Interfaces/Zoom/24-bit_192_kHz_2x2_USB_3_0_Audio_Interface.htm)
+ * Zoom [UAC-2](https://zoomcorp.com/fr/ca/interfaces-audio/audio-interfaces/uac-2/): [320$ L&M, 250$ on sale](https://www.long-mcquade.com/61635/Pro_Audio_Recording/Audio_Interfaces/Zoom/24-bit_192_kHz_2x2_USB_3_0_Audio_Interface.htm), 714g, 113,9 mm (P) x
+ 176,0 mm (L) x 46,2 mm (H), 2x combo XLR/TRS, midi in/out, phantom,
+ headphone jack, USB-3, 24bits 192KHz, no under-desk mounts
* Zoom [AMS line](https://zoomcorp.com/fr/ca/interfaces-audio/audio-interfaces/ams-series/): smaller, cheaper, the AMS 22 ([110$ L&M](https://www.long-mcquade.com/288191/Pro-Audio---Recording/Audio-Interfaces---DAW-Controllers/Zoom/AMS-22-Audio-Interface.htm)),
has a 3.5mm ⅛" jack input, the AMS 24 ([160$ L&M](https://www.long-mcquade.com/288201/Pro-Audio---Recording/Audio-Interfaces---DAW-Controllers/Zoom/AMS-24-Audio-Interface.htm)) is 2xXLR/TRS
combo
automatic federated post of /blog/on-dying
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
diff --git a/blog/on-dying.mdwn b/blog/on-dying.mdwn index 8df34c22..7a589485 100644 --- a/blog/on-dying.mdwn +++ b/blog/on-dying.mdwn @@ -239,3 +239,7 @@ take care of reassigning copyright, see id:3c73defb03d3dc44df52aefa1655edf9@debi customer data mid:/64127ce6-d4e3-4108-ac0c-b113d9d7cb5a.*/ + following [[!tag draft]] + + +<!-- posted to the federation on 2025-10-07T15:37:08.216083 --> +[[!mastodon "https://kolektiva.social/@Anarcat/115334566904968092"]] \ No newline at end of file
automatic federated post of /blog/2020-09-30-presentation-tools
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn index 5bf9f95a..22366663 100644 --- a/blog/2020-09-30-presentation-tools.mdwn +++ b/blog/2020-09-30-presentation-tools.mdwn @@ -206,3 +206,7 @@ See also [this X11 list][] and [this Wayland list][]. [the README file accompanying the Kubecon rant presentation]: https://gitlab.com/anarcat/presentation-ethics/-/blob/master/README.md [[!tag debian-planet python-planet software review]] + + +<!-- posted to the federation on 2025-10-07T15:36:59.966403 --> +[[!mastodon "https://kolektiva.social/@Anarcat/115334566363687946"]] \ No newline at end of file
automatic federated post of /blog/2019-10-16-bus-factor
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
Command: ['/usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py', '--post-receive', '--base-url', 'https://anarc.at/']
Plugin file: /usr/lib/python3/dist-packages/feed2exec/plugins/ikiwikitoot.py
Source directory: /home/w-anarcat/source
Running on: marcos
diff --git a/blog/2019-10-16-bus-factor.mdwn b/blog/2019-10-16-bus-factor.mdwn index 45a205fd..81a75329 100644 --- a/blog/2019-10-16-bus-factor.mdwn +++ b/blog/2019-10-16-bus-factor.mdwn @@ -146,3 +146,7 @@ person" and "about half of the 13,000 most downloaded NPM packages are ONE PERSON". [[!tag debian-planet python-planet python software debian]] + + +<!-- posted to the federation on 2025-10-07T15:36:51.747441 --> +[[!mastodon "https://kolektiva.social/@Anarcat/115334565824547685"]] \ No newline at end of file
zfs progress update
diff --git a/software/zfs.md b/software/zfs.md
index 1a7726b6..952fe31f 100644
--- a/software/zfs.md
+++ b/software/zfs.md
@@ -471,7 +471,10 @@ example, how the `tank` was synced from marcos to its backup
zfs snapshot tank/srv@tubman-$(date +%Y%m%d%H%M%S%z)
zfs list -t snapshot
- zfs send tank/srv@tubman-20251002220034-0400 | pv -s 7.16T | ssh root@192.168.0.55 'zfs recv tank/srv'
+ zfs send tank/srv@tubman-20251002220034-0400 | pv -s 7.16T | ssh root@192.168.0.55 'zfs recv -s tank/srv'
+
+The `-s` flag allows for interrupted transfers to be resumed and
+requires the `extensible_dataset` feature to be enabled.
This is not magic, and takes a long time:
@@ -479,7 +482,10 @@ This is not magic, and takes a long time:
11.9GiB 0:01:53 [ 105MiB/s] [> ] 0% ETA 18:56:15
... but future syncs can be done incrementally with `-i -R`, see [this
-arch wiki doc](https://wiki.archlinux.org/title/ZFS#Incremental_Backups).
+arch wiki doc](https://wiki.archlinux.org/title/ZFS#Incremental_Backups). Notice how the `-s` flag was unfortunately not used
+here. This turned out to be:
+
+ 7.18TiB 19:58:31 [ 104MiB/s]
But of course, there are tools that do all of this for you, see below.
progress update
diff --git a/hardware/server/marcos/v3.md b/hardware/server/marcos/v3.md
index b6483bf4..b257bd3f 100644
--- a/hardware/server/marcos/v3.md
+++ b/hardware/server/marcos/v3.md
@@ -46,7 +46,7 @@ new NVMe drive.
- [ ] boot the new box
- [ ] nano-kvm-pcie order
- [ ] nano-kvme-pcie installation
-- [ ] tubman replacement
+- [x] tubman replacement
- [ ] label tubman2 (box-02)
- [x] install 2x12tb drives
- [ ] test all ports
@@ -66,15 +66,15 @@ new NVMe drive.
- [x] line out (green)
- [ ] mic in
- [ ] headphones
- - [ ] sync ZFS snapshot
+ - [x] sync ZFS snapshot
- [x] nano-kvm-pcie installation
- - [ ] move box
- - [ ] install m2 drive
- - [ ] move 1xSSD drive in new box
- - [ ] move 1x8TB and 1x4TB into new box
- - [ ] resync array
- - [ ] remove 1x8tb drive, add 1x4tb (end result: 16TB storage)
- - [ ] bring back 2x8TB for tubman2
+ - [x] move box
+ - [x] install m2 drive
+ - [~] move 1xSSD drive in new box
+ - [~] move 1x8TB and 1x4TB into new box
+ - [~] resync array
+ - [~] remove 1x8tb drive, add 1x4tb (end result: 16TB storage)
+ - [x] bring back 2x8TB and 2x4TB for tubman3
- [ ] tubman3 setup (ex-marcos body)
- [ ] install new memory stick
- [ ] nano-kvm-pcie order
more presentation tools
diff --git a/blog/2020-09-30-presentation-tools.mdwn b/blog/2020-09-30-presentation-tools.mdwn index 0d2178b0..5bf9f95a 100644 --- a/blog/2020-09-30-presentation-tools.mdwn +++ b/blog/2020-09-30-presentation-tools.mdwn @@ -86,6 +86,11 @@ keep up to date. * PDF export, presenter notes, outline view, etc * [Home page](https://libreoffice.org/discover/impress/), [screenshots](https://libreoffice.org/discover/screenshots/) +## Lookatme + + * TUI, markdown + * [Github](https://github.com/d0c-s4vage/lookatme) + ## Magicpoint * ancestor of everyone else (1997!) @@ -94,11 +99,10 @@ keep up to date. * no release since 2008 * [Home page](http://member.wide.ad.jp/wg/mgp/) -## mdp and lookatme (commandline) +## mdp * Commandline-only, markdown * [Home page](https://github.com/visit1985/mdp) - * [lookatme](https://github.com/d0c-s4vage/lookatme) is similar ## Pampi @@ -134,6 +138,11 @@ Others just [use their IDE directly](https://staltz.com/your-ide-as-a-presentati * [Home page](https://wiki.gnome.org/Attic/Pinpoint) * Abandoned since at least 2019 +## Presenterm + + * TUI, markdown, rust + * [Homepage](https://mfontanini.github.io/presenterm/) + ## Remark * In-browser, HTML/Markdown/Javascript based
another bus factor article
diff --git a/blog/2019-10-16-bus-factor.mdwn b/blog/2019-10-16-bus-factor.mdwn index af35c843..45a205fd 100644 --- a/blog/2019-10-16-bus-factor.mdwn +++ b/blog/2019-10-16-bus-factor.mdwn @@ -141,4 +141,8 @@ I should probably rephrase as "most projects have a bus factor of one" The new research also implies that the trend is getting worse, with the kernel moving from 57 to 12, for example. +Another update: [this blog post](https://opensourcesecurity.io/2025/08-oss-one-person/) argues that "Open Source is one +person" and "about half of the 13,000 most downloaded NPM packages are +ONE PERSON". + [[!tag debian-planet python-planet python software debian]]
more ratings
diff --git a/hardware/camera.mdwn b/hardware/camera.mdwn index 44dbcf65..c49bcde1 100644 --- a/hardware/camera.mdwn +++ b/hardware/camera.mdwn @@ -159,6 +159,13 @@ and here is my progress: - 2025-06-07: 12044 (-859, plus some new shots) - 2025-06-27: 11346 (-658, plus +452 new, done back to 2023, 2005-2022 to go (!), 2 weeks missed) +- 2025-09-12: 12222 (??, lots happened. summer vacations, new laptop + where entire collection was reimported, which showed lots of files + didn't have ratings in the sidecar... lots was fixed, processed new + pics and this weeks photos *and* 1000 from 2021. somehow 2022 got + done without being noted here) +- 2025-09-13: 10579 (-1700~, rated 2005, 2006, 2007, 2012, 2013, lots + of dupes found) Inventaire ==========
link to matrix
diff --git a/blog/2022-06-17-matrix-notes.md b/blog/2022-06-17-matrix-notes.md index 04e0cf9f..fdd5d7f3 100644 --- a/blog/2022-06-17-matrix-notes.md +++ b/blog/2022-06-17-matrix-notes.md @@ -1,6 +1,6 @@ [[!meta title="Matrix notes"]] -I have some concerns about Matrix (the protocol, not the movie that +I have some concerns about [Matrix](https://matrix.org) (the protocol, not the movie that came out recently, although I do have concerns about that as well). I've been watching the project for a long time, and it seems more a promising alternative to many protocols like IRC, XMPP, and
Archival link:
The above link creates a machine-readable RSS feed that can be used to easily archive new changes to the site. It is used by internal scripts to do sanity checks on new entries in the wiki.
Created .
Edited .