The Anarcat anarcat@identi.ca

Sysadmin, programmer, geek-of-all-trades, ex-philosopher, ex-musician, future-writer? future-hasbeen?

2020-12-12T22:09:36Z via Identi.ca Web To: Public CC: Followers
in case people have not noticed, i am not posting here (on identica/pump.io/?) anymore. if people want to follow me, they should head towards https://social.weho.st/@anarcat or, maybe anarcat@social.weho.st also works, at this point i can't be bothered to try to figure out what works and what doesn't anymore, in fediverse land.

» The Anarcat:

“[...] in case people have not noticed, i am not posting here (on identica/pump.io/?) anymore. [...]”

That much was clear 😁
JanKusanagi at 2020-12-13T02:23:42Z
2018-01-24T18:23:01Z via Identi.ca Web To: Public CC: Followers
wondering what will happen with this place now that activity pub is standard... can i talk with #mastodon instances yet? i am https://social.weho.st/@anarcat in that silo...

Not yet, work to support ActivityPub in the Pump network is ongoing =)

But it's wrong to call Mastodon (or Pump, or GNU Social) a "silo". Silos are centralized, like the bird spysite or the big blue F spysite.

Mastodon, like Pump, is not centralized.
JanKusanagi at 2018-01-24T19:21:35Z
clacke@libranet.de ❌ likes this.
well... sure, it's decentralized, but it's yet another protocol. we have many of those silos: pump.io, gnu social, mastodon/activitypub, diaspora/salmon, and probably many more i'm forgetting. those can't talk to each other and even though they are "federated" in that multiple servers can talk to each other, they are still "silos" in that they can't globally interoperate.

hopefully the w3c adoption will fix that, but right now i'm a little doubtful: standards are not magic... they reflect implementation, most of the time, and it take a lot of energy to change implementation to reflect standards.

i doubt, for example, that diaspora and gnu social will implement the standard quickly...
The Anarcat at 2018-01-24T23:47:23Z
clacke@libranet.de ❌ likes this.
2017-09-12T18:31:48Z via Identi.ca Web To: Public CC: Followers
wrote a new RSS reader: https://anarcat.gitlab.io/feed2exec/

hoping to connect this with pump.io somehow - is there a quick "pump post FOO" commandline tool here?
Amitai Schleier, McClane, clacke@libranet.de ❌ likes this.
McClane, clacke@libranet.de ❌, clacke@libranet.de ❌, clacke@libranet.de ❌ shared this.
You can use the 'p' utility, for instance.
JanKusanagi at 2017-09-12T18:35:31Z
clacke@libranet.de ❌ likes this.
https://github.com/xray7224/p maybe?
gregor herrmann at 2017-09-12T20:05:06Z
2017-05-01T14:39:58Z via AndStatus To: Public
trying out #andstatus
o/
JanKusanagi at 2017-05-01T15:08:46Z
2017-04-24T17:49:57Z via Identi.ca Web To: Public CC: Followers
created an account on a #mastodon host. doesn't link here (nor the other way around), or diaspora, or twitter. yet another silo, lost in a sea of noise.
Not a silo, it's a federated system, and actually federates with pre-existing GNU Social servers and other OStatus-using services, besides the different Mastodon servers.

In the nearish future, it will also federate with Pump and other ActivityPub adopters, too (Diaspora might be in there).

Also, it's not possible to federate with Twitter.com, that's a given. Now that's a silo =)
JanKusanagi at 2017-04-24T18:30:37Z
brashley46 likes this.
2017-04-07T03:17:29Z via Identi.ca Web CC: Public
somehow my avatar was lost here - i guess i was away for too long and it bitrotted. (bitrat? bitrotten? bitroted? meh)
The Anarcat at 2017-04-07T03:18:22Z
It was probably still hosted at the old status.net domain, which no longer exists. Now it will be ok =)
JanKusanagi @identi.ca at 2017-04-07T08:47:06Z
2017-04-07T03:16:58Z via Identi.ca Web To: Public CC: Followers
actually, let's talk about this explicitly - can i talk to status.net folks here? what about mastodon? or diaspora?

shouldn't we aim to interoperate all that stuff? it seems really unreasonable to have (what) 5 different standards for this stuff...

we'll never win this way.
gregor herrmann shared this.
Show all 9 replies
Well, it means you'll be able to follow and talk to people on those networks once both the Pump.io network and any of those other networks who is willing, upgrade to the common protocol.

That's still in the future.
JanKusanagi @identi.ca at 2017-04-07T14:16:44Z
ActivityPub isn't aiming to be a standard that "bridges" interoperability across all existing instances without any work. It's a standard that people will either have to port to or bridge to. It's heaviliy informed by other standards, and we worked hard to get feedback from other groups... a number of decisions in ActivityPub happened due to feedback from talking to Friendica and Diaspora devs, for instance. And of course we've been working with linked data people.

ActivityPub is well informed, but it isn't magic pixie dust where it automatically makes interop happen. Recently I've been studying a lot of lisp history; that's also a place where many languages diverged. There is no magical route. Common Lisp was an effort to try to bring interoperability amongst the various lisps, and I think is probably the most successful language interop effort of all time; in that case, much of the code that existed did work with realtively little porting, but code did need to be ported. The good news is though, you can write lisp code today that applies to a large number of lisp implementations which have adapted the Common Lisp language... and those are the only languages in which lisp interoperability is easy. But of course there are a lot of lisps which don't do that, and even my favorite (scheme) is not common lisp interoperable, and barely interoperable between its own implementations.

Will ActivityPub be the Common Lisp of the federation world? It would be great if it were. We could even build tools that will allow interop to be easier through bridging. But the best routes will happen due to porting. We've tried to be as informed as possible by all the federation implementations out there, but it hasn't been easy... even getting people to review and be part of the process was a large portion of what I did early on. But we studied all the major standards that were out there.

I'm not sure what answer you're looking for though. I don't know what result we will get. If ActivityPub could be to federation standards to what Common Lisp was to lisps in the 1980s, there may be hope for the federated web. I don't have a crystal ball to know... all I have is our efforts.
Christopher Allan Webber at 2017-04-07T14:18:17Z
ostfriesenmärz, Charles Stanhope, Jason Self likes this.
somehow the comparison with lisp makes the prospects of real federation really dim. :) let's hope we succeed in converting everyone to the standard!
The Anarcat at 2017-04-07T14:31:20Z
Christopher Allan Webber likes this.
From a simple user point of view it is easy to cheer for an effort to unify the scattered landscape of free social web services. But it it still a mistery in what direction to cheer to! pump.io will probably support AP, but what about others. What degrees of "support" can be expected? What is the result of putting an AP layer ontop of whatever else you are using? What if it isn't meant to be used as a brige but people end up using it like that? How easy will it be to blame bad user experience (messages get lost, nested replying fails, ...) on bad implementation of AP instead of a flaw of AP?

How realistic is it to hope for interoperability if there isn't even one 100% AP reference implementation?

As a user I'd like to cheer - but given that mess it is hard to see towards what direction. To me this looks more like a fun tool for developers with great ideas, less like the pump.io of tomorrow.
mray INACTIVE at 2017-04-07T15:41:57Z
2016-01-29T16:32:56Z via Identi.ca Web To: Bradley M. Kuhn, Software Freedom Conservancy, Public CC: Followers
the SFC and @bkuhn may be interested in my efforts to make billing and timetracking make sense in ledger https://github.com/anarcat/ledger-timetracking see also http://article.gmane.org/gmane.comp.finance.ledger.general/8087
Dana likes this.
Dana shared this.
2016-01-26T16:41:34Z via Identi.ca Web To: Public CC: Followers
sorry for the noise from spigot - filed 3 bugs about it here:
https://github.com/nathans/spigot/issues/2
https://github.com/nathans/spigot/issues/3
https://github.com/nathans/spigot/issues/4

i wish it was merged into feed2tweet and/or turpial, really https://github.com/satanas/Turpial/issues/392
Is it safe to use open wireless access points?
2016-01-26T16:36:28Z via Spigot To: Public
I sometimes get questions when people use my wireless access point, which, for as long as I can remember, has been open to everyone; that is without any form of password protection or encryption. I arguably don't use the access point much myself, as I prefer the wired connection for the higher bandwidth, security and reliability it provides.

Apart from convenience for myself and visitors, the main reason why I leave my wireless access open is that I believe in a free (both as in beer and freedom) internet, built with principles of solidarity rather than exploitation and profitability. In these days of ubiquitous surveillance, freedom often goes hand in hand with anonymity, which implies providing free internet access to everyone.

I also believe that, as more and more services get perniciously transferred to the global internet, access to the network is becoming a basic human right. This is therefore my small contribution to the struggle, now also part of the Réseau Libre project.

So here were my friends question, in essence:

My credit card info was stolen when I used a wifi hotspot in an airport... Should I use open wifi networks?

Is it safe to use my credit card for shopping online?

Here is a modified version of an answer I sent to a friend recently which I thought could be useful to the larger internet community. The short answer is "sorry about that", "it depends, you generally can, but be careful" and "your credit card company is supposed to protect you".

Sorry!

First off, sorry to hear that our credit card was stolen in an airport! That has to be annoying... Did the credit card company reimburse you? Normally, the whole point of credit cards is that they protect you in case of theft like this and they are supposed to reimburse you if you credit card gets stolen or abused...

The complexity and unreliability of passwords

Now of course, securing every bit of your internet infrastructure helps in protecting against such attacks. However: there is a trade-off! First off, it does makes it more complicated for people to join the network. You need to make up some silly password (which has its own security problems: passwords can be surprisingly easy to guess!) that you will post on the fridge or worst, forget all the time!

And if it's on the fridge, anyone with a view to that darn fridge, be it one-time visitor or sneaky neighbor, can find the password and steal your internet access (although, granted, that won't allow them to directly spy on your internet connection).

In any case, if you choose to use a password, you should use the tricks I wrote in the koumbit wiki to generate the password and avoid writing it on the fridge.

The false sense of security of wireless encryption

Second, it can also give a false sense of security: just because a wifi access point appears "secure" (ie. that the communication between your computer and the wifi access point is encrypted) doesn't mean the whole connection is secure.

In fact, one attack that can be done against access points is exactly to masquerade as an existing access point, with no security security at all. That way, instead of connecting to the real secure and trusted access point, you connect to an evil one which spies on our connection. Most computers will happily connect to such a hotspot even with degraded security without warning.

It may be what happened at the airport, in fact. Of course this particular attack would be less likely to happen if you live in the middle of the woods than an airport, but it's some important distinction to keep in mind, because the same attack can be performed after the wireless access point, for example by your countryside internet access provider or someone attacking it.

Your best protection for your banking details is to rely on good passwords (for your back account) but also, and more importantly, what we call end-to-end encryption. That is usually implemented using the "HTTPS" with a pad lock icon in your address bar. This ensures that the communication between your computer and the bank or credit card company is secure, that is: that no wifi access point or attacker between your computer and them can intercept your credit card number.

The flaws of internet security

Now unfortunately, even the HTTPS protocol doesn't bring complete security. For example, one attack that can be done is similar to the previous one and that is to masquerade as a legitimate bank site, but either strip out the encryption or even fake the encryption.

So you also need to look at the address of the website you are visiting. Attackers are often pretty clever and will use many tricks to hide the real address of the website in the address bar. To work around this, I always explicitly type my bank website address (https://accesd.desjardins.com/ in my case) directly myself instead of clicking on links, bookmarks or using a search engine to find my bank site.

In the case of credit cards, it is much trickier because when you buy stuff online, you end up putting that credit card number on different sites which you do not necessarily trust. There's no good solution but complaining to your credit card company if you believe a website you used has stolen your credit card details. You can also use services like Paypal, Dwolla or Bitcoin that hide your credit card details from the seller, if they support the service.

I usually try to avoid putting my credit card details on sites I do not trust, and limit myself to known parties (e.g. Via Rail, Air Canada, etc). Also, in general, I try to assume the network connection between me and the website I visit is compromised. This forced me to get familiar with online security and use of encryption. It is more accessible to me than trying to secure the infrastructure i am using, because i often do not control it at all (e.g. internet cafes...).

Internet security is unfortunately a hard problem, and things are not getting easier as more things move online. The burden is on us programmers and system administrators to create systems that are more secure and intuitive for our users so, as I said earlier, sorry the internet sucks so much, we didn't think so many people would join the acid trip of the 70s.
Fun experiments with laptop battery
2016-01-26T16:36:00Z via Spigot To: Public
After reading up on a eye-opening blog from Petter Reinholdtsen about laptop batteries, or more specifically Lithium-Ion laptop batteries, I figured I needed to try out the "TLP Linux Advanced Power Management" that I had been keeping an eye on for a while. tlp is yet another tool to control power usage on laptops (mostly Thinkpad, mine is a X120e). The novelty of tlp is the "hands off" approach: everything should be automatically configured for you...

Obviously, that means I then went on working for a few hours on breaking and fixing my laptop in random operations. I opened a bunch of pull requests on the interesting battery status package that Petter produced to make it work with my setup and make it display graphs directly (instead of into a file). I also rewrote the graphing tool in Python with SciPy in order to have cleaner labels and be able to deduce the date at which a battery would be completely unusuable because it can't recharge high enough. (At the time of writing, the battery estimated death time is december 7th, but that data is skewed because of a quick change in the battery charge after the BIOS upgrade, below.)

I then went on to try to limit my laptop charging to 80%, since this seems to make the battery last longer (sources from Petter: 1, 2, 3). Unfortunately, even after building a local (and trivial) backport of the tlp package to Debian stable (8.2/Jessie), I still couldn't access those controls, as TLP is really just a set of shell scripts that glue a bunch of stuff together.
The backport was simply:
```
apt-get source tlp
cd tlp*/
debuild
sudo dpkg -i ../tlp*.deb
```
I read here and there (and in Petter's post) that I needed the tp-smapi-dkms package, so I went ahead an installed it:
```
sudo apt install tp-smapi-dkms
```
(Yes, Jessie has a neat apt command now, it's great, upgrade now.)

Unfortunately, this still didn't work. I think the error back then was something like:
```
thinkpad_ec: thinkpad_ec_request_row: arg0 rejected: (0x01:0x00)->0x00
thinkpad_ec: thinkpad_ec_read_row: failed requesting row: (0x01:0x00)->0xfffffffb
thinkpad_ec: initial ec test failed
```
I have seen suggestions here and there to try the acpi-call-dkms package, but that was useless as it doesn't support my model (but may work with others!). The error there was:
```
acpi_call: Cannot get handle: Error: AE_NOT_FOUND
```
Note: I still have it installed - it's unclear what impact it has, and I do not want to break my current setup.

So I then started to look at upgrading my BIOS, for some reason. I was running version 1.13 (8FET29WW) from 05/06/2011. I was able to update to 1.17 (8FET33WW) from 11/07/2012, using the memdisk binary from the syslinux-common package, with some help from the quite useful grub-imageboot package:
```
sudo apt install syslinux-common grub-imageboot
wget https://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/8fuj10uc.iso
sudo mkdir /boot/images
sudo mv 8fuj10uc.iso /boot/images
sudo reboot
```
I found the image on the Thinkpad x120e support page from Lenovo (which happily bounces around, so don't rely on the above URLs too much). When I rebooted, I was offered to boot from the image by grub, which went on fine, considering it was running some version of DOS, which is always a bit scary considering it is software that is somewhat almost as old as me.

I wish I could have installed some free software in the BIOS instead of the outdated crap that Lenovo provides, but unfortunately, it seems this will never be possible with Libreboot or Coreboot, mostly because Intel is evil and installs backdoors in all their computers. Fun times.

Fortunately and surprisingly, the update worked and went on pretty smoothly. After that, I was able to set the charge limit with:
```
echo 80 | sudo tee /sys/devices/platform/smapi/BAT0/stop_charge_thresh
```
Amazing! I had almost forgotten why I almost bricked my system on a thursday, good thing that worked! Now the fun part was that, after some reboots or something I did, I am not sure what, the above stopped working: I couldn't load the drivers at all anymore, dmesg treating me with a nasty:
```
thinkpad_ec: thinkpad_ec_read_row: failed requesting row: (0x01:0x00)->0xfffffff0
thinkpad_ec: initial ec test failed
```
Now that is some obscure error message material! Fun stuff. I tried uninstalling tlp, the smapi modules, the acpi-call modules, rebooting, turning the machine off, removing the battery, nothing worked. Even more hilarious, the charge controler was now stuck at 80%: I had artificially destroyed 20% of the battery capacity in software. Ouch.

I think this may have been related to uninstalling the tp-smapi-dkms package without unloading it at first. I found some weird entries in my kern.log like this:
```
tp_smapi unloaded.
thinkpad_ec: thinkpad_ec_read_row: failed requesting row: (0x14:0x00)->0xfffffff0
hdaps: cannot power off
hdaps: driver unloaded.
thinkpad_ec: unloaded.
```
I think that after that point, I couldn't load either module, not even thinkpad_ec...

After tearing out a few more hairs and hammering my head on the keyboard randomly, I thought I could just try another BIOS upgrade, just for the fun of it. Turns out you actually can't rerun the upgrade, but you can change the model number through the same software, and this seems to reset some stuff. So I went back in the ISO image I had loaded earlier, and went on to change the model number (actually setting it to the same value, but whatever, it still ran the update). It turns out this seems to have reset a bunch of stuff and now everything works. I can use tlp setcharge and all the neat tools go well.

The two key commands are:
```
# limit charging to 80% of the battery, but not lower than 40%
sudo tlp setcharge 40 80
# clear the above setting and just charge the battery to 100%
sudo tlp fullcharge
```
It seems that the 40% bit isn't supported by my laptop, but whatever: the battery stays charged when on AC power anyways, so I don't really understand what the setting is for in the first place. The error there is:
```
smapi smapi: smapi_request: SMAPI error: Function is not supported by SMAPI BIOS (func=2116)
smapi smapi: __get_real_thresh: cannot get start_thresh of bat=0: Function is not supported by SMAPI BIOS
```
The second command is what I will need to remember to run before I unplug the laptop for a trip. I suspect this will be really annoying and I may end up disabling all this stuff and just yank the power cable out when the battery reaches 80%, by hand, when I need to.

But it was a fun geeking out, and hopefully this will be useful for others. And of course, the graphs from Petter will be interesting in a few months... Before the BIOS upgrade, the battery capacity was reported as 100% (actually, at 100.03%, which was strange). Now, the capacity is at 98.09%, which is probably just a more accurate reading that was fixed in the BIOS upgrade.

Finally, also see the useful thinkwiki troubleshooting page and especially their interesting BIOS upgrade documentation which inspired me to write my own version. I would have gladly contributed to theirs, but I seem to have lost my password on this site, with no recovery possible... The arch linux wiki has obviously excellent documentation as well, as usual.

Finding Debian release history with etckeeper

2016-01-26T16:36:00Z via Spigot To: Public

I praise etckeeper enough. That you use or not formal configuration management tools, you should have etckeeper installed, even if to do ad-hoc changes in an emergency.

For example, I just thought I could use it to figure out which Debian release I originally installed on this machine, and when I did the upgrades. Turns out it's amazingly easy:

cd /etc
sudo git log --oneline -p --no-prefix  /etc/issue

Here is the result here:

root@marcos:/etc# git log --oneline -p --no-prefix --pretty=format:'%s (%ai)' /etc/issue | cat
Initial commit (2011-02-23 00:14:08 -0500)
diff --git issue issue
new file mode 100644
index 0000000..9d52ed2
--- /dev/null
+++ issue
@@ -0,0 +1,2 @@
+Debian GNU/Linux 6.0 \n \l
+

saving uncommitted changes in /etc prior to apt run (2011-05-22 19:08:20 -0400)
diff --git issue issue
index 9d52ed2..647d490 100644
--- issue
+++ issue
@@ -1,2 +1,2 @@
-Debian GNU/Linux 6.0 \n \l
+Debian GNU/Linux wheezy/sid \n \l


committing changes in /etc after apt run (2013-01-23 09:40:27 -0500)
diff --git issue issue
index 647d490..d363ace 100644
--- issue
+++ issue
@@ -1,2 +1,2 @@
-Debian GNU/Linux wheezy/sid \n \l
+Debian GNU/Linux 7.0 \n \l


committing changes in /etc after apt run (2013-06-15 13:02:04 -0400)
diff --git issue issue
index d363ace..efc8255 100644
--- issue
+++ issue
@@ -1,2 +1,2 @@
-Debian GNU/Linux 7.0 \n \l
+Debian GNU/Linux 7 \n \l


committing changes in /etc after apt run (2014-02-02 23:28:12 -0500)
diff --git issue issue
index efc8255..e65d112 100644
--- issue
+++ issue
@@ -1,2 +1,2 @@
-Debian GNU/Linux 7 \n \l
+Debian GNU/Linux jessie/sid \n \l


committing changes in /etc after apt run (2014-12-18 11:32:43 -0500)
diff --git issue issue
index e65d112..6478eed 100644
--- issue
+++ issue
@@ -1,2 +1,2 @@
-Debian GNU/Linux jessie/sid \n \l
+Debian GNU/Linux 8 \n \l

In other words:

2011-02-23: installed etckeeper, running Debian 6.0 ("squeeze", fresh from the stable release from 2011-02-06)
2011-05-22: upgraded to wheezy/sid ("testing", at that point)
2013-01-23: some upgrade to testing, unclear (although wheezy is in freeze since 2012-06-30 at that point, it seems the version string changed then in base-files 7)
2013-06-15: wheezy 7.1 point release drops the digit
2014-02-02: switch to jessie/sid (back to "testing", a few months after the freeze is announced)
2014-12-18: upgrade to Debian 8 (one month after the freeze, still not released)

Unfortunately, there isn't much more details about the exact upgrade points, especially since /etc/os-release is a symlink starting with Jessie. Besides things are much more in flux than we would like to believe, especially when you run a rolling distribution like "testing", but it still gives a good idea of my upgrade history:

i ran 3 different major releases of Debian on this machine, always upgrading from the previous one without reinstalling
i probably installed etckeeper from the start, as configuration mentions the machine was online on 2011-03-08
i generally run stable until i get tired and upgrade to testing, generally at some point close to the freeze time

There is of course more information available directly in git log, namely the exact package version changes. With some more commandline filtering, we can see exactly when each upgrade was done, including minor releases:

# git log --date iso --grep base-files --reverse | egrep "^commit|^Date|base-files"
commit 34ad962ff10c6e4e201378698e0fe0d4b03c8c39
Date:   2011-04-02 22:21:11 -0400
    -base-files 6.0
    +base-files 6.0squeeze1
commit 1cba7d2e097091e86eba1a2d8e4f5a9771e746a1
Date:   2011-07-09 19:40:05 -0400
    -base-files 6.3
    +base-files 6.4
commit cb409a0fbe2f95c3cd6a7c1ff0af263b55c7d597
Date:   2011-09-28 17:54:57 -0400
    -base-files 6.4
    +base-files 6.5
commit cf6d9dab6f79f4b50e5bd80dcba1769b0aa6c84b
Date:   2012-03-25 19:18:44 -0400
    -base-files 6.5
    +base-files 6.7
commit bb1b6aab4406276388542cefd7b4eff92d960533
Date:   2012-06-29 00:42:32 -0400
    -base-files 6.7
    +base-files 6.9
commit c6d9218ba75b3276ea44d949ef3410c35713d487
Date:   2012-09-29 14:25:01 -0400
    -base-files 6.9
    +base-files 6.11
commit bd730398e572c8403b2b9c0421df64a407669877
Date:   2013-01-23 09:40:27 -0500
    -base-files 6.11
    +base-files 7.1
commit af42616d72c4fe5c4a0e43ee8948031732735ec5
Date:   2013-06-15 13:02:04 -0400
    -base-files 7.1
    +base-files 7.1wheezy1
commit d2ef5df9c689073b62b4898a12e42bb8488c8cdc
Date:   2013-10-14 18:15:11 -0400
    -base-files 7.1wheezy1
    +base-files 7.1wheezy2
commit 104ea49559eb2b6b2aff21817b3980b274882a28
Date:   2013-12-14 11:07:09 -0500
    -base-files 7.1wheezy2
    +base-files 7.1wheezy3
commit bfa19b7ad737cb22c495af9429e922e6ec46202d
Date:   2014-02-02 23:28:12 -0500
    -base-files 7.1wheezy3
    +base-files 7.2
commit 830570ca4083af0c4b87c6c7c746c9513e260cf7
Date:   2014-05-15 11:20:13 -0400
    -base-files 7.2
    +base-files 7.3
commit 4c9e6ca21bb8189810199e6d518250432a62391d
Date:   2014-07-27 19:50:14 -0400
    -base-files 7.3
    +base-files 7.5
commit 4bc6abe2ba193cb6fac4eae00fa855eb32b86400
Date:   2014-10-20 16:14:09 -0400
    -base-files 7.5
    +base-files 7.6
commit a5e2ce476982201338220a314b1f9ccb03c99517
Date:   2014-11-28 19:45:56 -0500
    -base-files 7.6
    +base-files 7.10
commit eaa69b112fee60ef71938d9a725c07f9f29b2011
Date:   2014-12-18 11:32:43 -0500
    -base-files 7.10
    +base-files 8
commit f95a199df77030dc9ee6ab55bf4fa246fa88c959
Date:   2015-07-24 12:34:04 -0400
    -base-files 8
    +base-files 8+deb8u1
commit db4ab55b7327cecea54c5fe6a65560ba0e385978
Date:   2015-09-07 19:09:47 -0400
    -base-files 8+deb8u1
    +base-files 8+deb8u2

Switched to bootstrap theme
2016-01-26T16:35:59Z via Spigot To: Public
I finally gave up and drank the cool-aid of the Bootstrap theme. The main reason was that I noticed the site was basically unusable on any mobile device, including tablet computers like the iPad, which are unfortunately very, very common. Phones wouldn't render the site in a legible way either, unfortunately. The change is rather drastic, so I figured it was important to mention it here.

I am ~~not so satisfied~~ pretty exctied with the result: the theme is very basic, if not absent. I actually like that purified form now, and it works across devices now much better.

But I do feel I just made my blog look like everyone else that uses Bootstrap. We seem to enter an era where non-graphic designers (like me) are back to building web pages that all look the same, not very different, in a way, from the old days of plain HTML, like the default ikiwiki theme. I did some work to change the look at least minimally, but the top black navbar is really a killer giveaway this is a bootstrap theme. Bootstrap does a lot for the typography, at least when checking the presslabs checklist or the practical typography checklist, but I still had to change the main body width, which helped a lot I think.

Anyways, the old Night City theme is still available for download and I could still flip it back on here if I need to.

What changed

The new theme keeps the distractions away, but ironically, it's slower than the previous theme even though there are no images and basically no colors at all. On my tests, it now loads in about 3.42 seconds on the "Regular 2G (250Kbps)" simulation of Chromium with 72KB in 12 requests. Whereas my tests with the previous theme were taking 3.25 seconds with 43.5KB in 17 requests. This is due to the Bootstrap CSS, which takes a whopping 19KB itself, but especially because I now load JQuery, which takes a whopping 32.8KB! And that is probably gzip-compressed, as the original is more around 90KB.

But at least the thing is readable on phones and tablets now. Compare:

Samsung S3, before

Samsung S3, after

I like this: much simpler, purer version on smaller devices. And we see what counts: the freaking text.

Of course, on tablets, it doesn't fare as well: the top menu gets wrapped around...

Apple iPad, before

Apple iPad, after

Apparently, the fix would be for me to "customize the @grid-float-breakpoint variable" in LESS (which I thought was a pager, but seems to be a CSS preprocessor, graaah).

Still, I think it's better that way, more readable, and less crufty.

How it was done

After doing a thorough evaluation of all the Bootstrap ikiwiki themes I could find (there are more than 4 at least!), I figured I prefered the Jak Linux one. It seemed to be better implemented than the others, cleaner, and I liked the mean black border on top. Black is cool. Oh, and I liked the subtle footer as well. Subtle is cool.

Unfortunately, that theme originally required a custom plugin to have a menu on top, which i thought was silly. So I patched it to make it work with the sidebar plugin, which turned out to be trivially simple: just dump the sidebar content, and make the sidebar page have explicit HTML tags in it that match Bootstrap's required classes. I also added the regular action links in the top navbar, but that does overload it quite a bit. I also did some code cleanups and various other small changes, all of which are available in my personnal git repo.

What doesn't work

So of course, there are always problems. The first problem is the extra bandwidth usage. Not sure that can be fixed, other than switching to the upcoming Bootstrap 4, which is smaller than Bootstrap 3, bizarrely.

The more annoying problems are weird alignment issues. If the screen gets two narrow without kicking some collapse rules in place (the iPad bug above), the navbar rows overflow and look ugly. Even more bizarre, in some cases the right navbar can just completely disappear, in fact, that's the only fix I could find: to assign the hidden-xs and hidden-sm classes to the navbar-right <UL> element. But then it just goes away, which is pretty darn stupid. Still - I assigned the classes to a few actions that seemed low priority, both in the theme and in the sidebar page.
~~Similarly, the search form at the bottom of the page doesn't seem to want to fit in the footer properly. No idea why and I can't bother to figure that one out.~~
I ended up merging this with the backlinks, tags and trails navigation items.
Oh, and amazingly enough: comments are simply not rendered at all right now. Oops. I seemed to have picked the single bootstrap Ikiwiki theme that does *not* have comments rendering... Aaaargh. For now I just copy-pasted stuff from the [ramseydsilva][] theme and it looks pretty ugly, but at least it works.
I ended up theming comments the same way i did for Night City, which looks pretty good, but is not in sync with the LESS stuff in Bootstrap.

I also add to add back trails, backlinks and favicon... looks like the Jak theme wasn't made for a blog after all... but that's now fixed!

Another improvement would be to change the font from the canonical Helvetica to something prettier, like suggested in Practical Typography, in the font recommendations section, or the presslabs checklist. So far I have settled on Mozilla's Fira font (which means, yes, one set of objects is actually loading from the CDN, sorry). Feedback welcome.
Is it safe to use open wireless access points?
2016-01-26T16:35:59Z via Spigot To: Public
I sometimes get questions when people use my wireless access point, which, for as long as I can remember, has been open to everyone; that is without any form of password protection or encryption. I arguably don't use the access point much myself, as I prefer the wired connection for the higher bandwidth, security and reliability it provides.

Apart from convenience for myself and visitors, the main reason why I leave my wireless access open is that I believe in a free (both as in beer and freedom) internet, built with principles of solidarity rather than exploitation and profitability. In these days of ubiquitous surveillance, freedom often goes hand in hand with anonymity, which implies providing free internet access to everyone.

I also believe that, as more and more services get perniciously transferred to the global internet, access to the network is becoming a basic human right. This is therefore my small contribution to the struggle, now also part of the Réseau Libre project.

So here were my friends question, in essence:

My credit card info was stolen when I used a wifi hotspot in an airport... Should I use open wifi networks?

Is it safe to use my credit card for shopping online?

Here is a modified version of an answer I sent to a friend recently which I thought could be useful to the larger internet community. The short answer is "sorry about that", "it depends, you generally can, but be careful" and "your credit card company is supposed to protect you".

Sorry!

First off, sorry to hear that our credit card was stolen in an airport! That has to be annoying... Did the credit card company reimburse you? Normally, the whole point of credit cards is that they protect you in case of theft like this and they are supposed to reimburse you if you credit card gets stolen or abused...

The complexity and unreliability of passwords

Now of course, securing every bit of your internet infrastructure helps in protecting against such attacks. However: there is a trade-off! First off, it does makes it more complicated for people to join the network. You need to make up some silly password (which has its own security problems: passwords can be surprisingly easy to guess!) that you will post on the fridge or worst, forget all the time!

And if it's on the fridge, anyone with a view to that darn fridge, be it one-time visitor or sneaky neighbor, can find the password and steal your internet access (although, granted, that won't allow them to directly spy on your internet connection).

In any case, if you choose to use a password, you should use the tricks I wrote in the koumbit wiki to generate the password and avoid writing it on the fridge.

The false sense of security of wireless encryption

Second, it can also give a false sense of security: just because a wifi access point appears "secure" (ie. that the communication between your computer and the wifi access point is encrypted) doesn't mean the whole connection is secure.

In fact, one attack that can be done against access points is exactly to masquerade as an existing access point, with no security security at all. That way, instead of connecting to the real secure and trusted access point, you connect to an evil one which spies on our connection. Most computers will happily connect to such a hotspot even with degraded security without warning.

It may be what happened at the airport, in fact. Of course this particular attack would be less likely to happen if you live in the middle of the woods than an airport, but it's some important distinction to keep in mind, because the same attack can be performed after the wireless access point, for example by your countryside internet access provider or someone attacking it.

Your best protection for your banking details is to rely on good passwords (for your back account) but also, and more importantly, what we call end-to-end encryption. That is usually implemented using the "HTTPS" with a pad lock icon in your address bar. This ensures that the communication between your computer and the bank or credit card company is secure, that is: that no wifi access point or attacker between your computer and them can intercept your credit card number.

The flaws of internet security

Now unfortunately, even the HTTPS protocol doesn't bring complete security. For example, one attack that can be done is similar to the previous one and that is to masquerade as a legitimate bank site, but either strip out the encryption or even fake the encryption.

So you also need to look at the address of the website you are visiting. Attackers are often pretty clever and will use many tricks to hide the real address of the website in the address bar. To work around this, I always explicitly type my bank website address (https://accesd.desjardins.com/ in my case) directly myself instead of clicking on links, bookmarks or using a search engine to find my bank site.

In the case of credit cards, it is much trickier because when you buy stuff online, you end up putting that credit card number on different sites which you do not necessarily trust. There's no good solution but complaining to your credit card company if you believe a website you used has stolen your credit card details. You can also use services like Paypal, Dwolla or Bitcoin that hide your credit card details from the seller, if they support the service.

I usually try to avoid putting my credit card details on sites I do not trust, and limit myself to known parties (e.g. Via Rail, Air Canada, etc). Also, in general, I try to assume the network connection between me and the website I visit is compromised. This forced me to get familiar with online security and use of encryption. It is more accessible to me than trying to secure the infrastructure i am using, because i often do not control it at all (e.g. internet cafes...).

Internet security is unfortunately a hard problem, and things are not getting easier as more things move online. The burden is on us programmers and system administrators to create systems that are more secure and intuitive for our users so, as I said earlier, sorry the internet sucks so much, we didn't think so many people would join the acid trip of the 70s.
2016-01-26T16:24:40Z via Identi.ca Web To: Public CC: Followers
published a blog post about the cuban internet and possible censorship, see https://anarc.at/blog/2016-01-24-internet-in-cuba/
... since i can't figure out spigot...
The Anarcat at 2016-01-26T16:24:52Z
anarc.at back online, again
2016-01-23T20:49:31Z via Spigot To: Public
The story of the dying internet

So my internet went down again this week. And again, it took a few days to fix, but nothing compared to the almost 2 weeks long outage that happened earlier this month. This time is was partly my upstream's fault, as they misinterpreted a message from Bell.

At the same time, Bell announced they would come onsite basically an hour before arriving, so that was a little problematic. Given the fact that the problem wasn't actually within the premises, it is quite frustrating that they expect people to be home during work hours to fix their internet...

I haven't migrated any services this time, being too busy with work, and hoping the situation would resolve quickly. It hasn't, but hopefully not too many mails were lost during the downtime.

All services should now be back to normal.

Full timeline

Here's the detailed timeline of the outage, mostly based on the email exchanges i had with my upstream provider, EI Catalyst (EIC, below). Other parties involved are Bell Canada (Bell, below) and Teksavvy Internet (TSI), for some obscure reason.
- 2015-05-26 (tuesday)
  - ~04:30 DSL sync goes down
  - 06:03 ticket opened with upstream EIC
  - 12:09 first response from EIC: "still no sync?"
  - 12:55 ticket opened with Bell by TSI
  - 14:01 followup from TSI: "what is the OID?"
- 2015-05-27 (wednesday)
  - 08:22 test completed at Bell
  - 09:25 update requested from EIC: "still no sync"
  - 12:58 mail from Bell to EIC announcing visit before 18h00
  - 13:33 response from EIC: "bell say they fixed it"
  - 13:55 ticket "assigned" at Bell
  - probaby around that time: first visit from a Bell operator onsite, not present
  - 14:33 response to EIC: "they did not fix it, still no network"
  - 16:36 bell updates shared by EIC, now expecting bell to show up thursday
- 2015-05-28 (thursday)
  - 07:30 still no sync
  - 12:36 talked with neighbor, mentionned Bell visited the day before
  - 12:44 call with EIC: "they came yesterday!"
  - 13:04 call back from EIC: "escalated upstream, visit expected by 18:00
  - 14:30 visit from Bell operator, traced the line to the telephone pole
  - 15:00 Bell operator still working on te pole
  - 15:29 DSL sync restored, the line was hooked to the wrong terminal
The line was originally synced at 8mbps upstream, i requested that to be tuned to 11mbps as previously.

The stats are now:
```
Mode:   VDSL2 Annex A
Traffic Type:   PTM
Status: Up
Link Power State:   L0
Copper Loop(kft):   0.0

    Downstream  Upstream
Line Coding(Trellis):   On  On
SNR Margin (0.1 dB):    230 84
Attenuation (0.1 dB):   141 0
Output Power (0.1 dBm): 142 -33
Attainable Rate (Kbps): 62629   14792

    Path 0      Path 1   
    Downstream  Upstream    Downstream  Upstream
Rate (Kbps):    26943   11321   0   0

B (# of bytes in Mux Data Frame):   237 240 0   0
M (# of Mux Data Frames in an RS codeword): 1   1   0   0
T (# of Mux Data Frames in an OH sub-frame):    64  22  0   0
R (# of redundancy bytes in the RS codeword):   16  14  0   0
S (# of data symbols over which the RS code word spans):    0.2810  0.6764  0.0000  0.0000
L (# of bits transmitted in each data symbol):  7232    3016    0   0
D (interleaver depth):  1   1   0   0
I (interleaver block size in bytes):    254 255 0   0
N (RS codeword size):   254 255 0   0
Delay (msec):   0   0   0   0
INP (DMT symbol):   0.00    0.00    0.00    0.00

OH Frames:  0   0   0   0
OH Frame Errors:    2074    1   0   0
RS Words:   13003820    1127732 0   0
RS Correctable Errors:  0   0   0   0
RS Uncorrectable Errors:    0   0   0   0

HEC Errors: 14  0   0   0
OCD Errors: 0   0   0   0
LCD Errors: 0   0   0   0
Total Cells:    47565692    0   0   0
Data Cells: 4204814 0   0   0
Bit Errors: 0   0   0   0

Total ES:   10  2
Total SES:  10  1
Total UAS:  171 161
```
Your Spigot seems to be working fine =)
JanKusanagi @identi.ca at 2016-01-23T21:03:14Z
>> JanKusanagi:

“Your Spigot seems to be working fine =)”

no it's not, that's a post from months ago, and it's not linking to the blog, and i don't understand how spigot works.
The Anarcat at 2016-01-23T21:22:11Z
2016-01-23T20:46:52Z via Dianara To: Public CC: Followers
testing spigot to get my blog posts in here... it's a little painful right now, hopefullly it won't make too much noise here...
Show all 5 replies
>> JanKusanagi:

“I hope you configured a sane interval, and set it up to use titles!”

what is a sane interval? how do i use titles? how do i link to the blog post? why do i have to bother with all that stuff?
The Anarcat at 2016-01-23T21:23:07Z
>> The Anarcat:

“what is a sane interval? how do i use titles? how do i link to the blog post? why do i have to bother with all that stuff?”

1.- A matter of opinion, but I'd say +30 minutes, at least.

2.- Your first Spigot post already uses the title field, so that's fine.

3.- Spigot's "assistant" instructs you to use variables such as %title% and %link% anywhere inside the post's "pattern" to give it the structure you want.

4.- You don't have to, it's something you do if you wish to do it.
JanKusanagi @identi.ca at 2016-01-23T21:38:18Z
>> JanKusanagi:

“>> The Anarcat:
“what is a sane interval? how do i use titles? how do i link to the blog post? why do i have to bother with all that stuff?”
1.- A matter of opinion, but I'd say +30 minutes, at least.
2.- Your first Spigot post already uses the title field, so that's fine.
3.- Spigot's "assistant" instructs you to use variables such as %title% and %link% anywhere inside the post's "pattern" to give it the structure you want.
4.- You don't have to, it's something you do if you wish to do it.”

4. i meant "why isn't that all configured automatically?" RSS is standard, why ask me where i want to put the %pubdate%? sane defaults would help here... same for the sane interval...
The Anarcat at 2016-01-23T21:54:27Z
I'm not involved in the development of Spigot (one of so many tools), but you could ask its developers/suggest better defaults here:

https://github.com/nathans/spigot/issues
JanKusanagi @identi.ca at 2016-01-23T21:57:56Z
2015-12-29T06:02:49Z via Identi.ca Web To: Public CC: Followers
i keep on forgetting about this place because of the lack of irc bridge. i don't want to have yet another client, yet another browser window... plus how do i automatically bridge my ikiwiki blog with here? probably a FAQ even if just for me.
If your blog has a RSS feed, there are automated ways to post stuff from RSS here, such as Spigot.
JanKusanagi @identi.ca at 2016-01-04T00:38:06Z
2015-05-20T15:32:15Z via Identi.ca Web To: Public CC: Followers
dear #lazyweb: what would be a simple daemon that will watch a directory and transcode videos to predefined formats? nothing fancy #FLOSS
JanKusanagi @identi.ca shared this.
crontab?
Efraim Flashner at 2015-05-20T16:13:09Z
Jason Self likes this.
before more people try to teach me about cron, at, `&` and inotify: i know. i'm trying to find something a little more out of the box here... and scaling to multiple servers would be great. oh and integrate with git-annex please.
The Anarcat at 2015-05-20T22:27:42Z
2014-06-15T14:03:44Z via Identi.ca Web To: Public CC: Followers
#koumbitstatus beginning major HAG upgrade, intermittent downtimes should begin soon, starting with a Wheezy upgrade
Evan Prodromou likes this.
how was it?
hellofgames at 2015-04-30T12:32:51Z