1. 1

    This is, generally, why I just use puppet or ansible to install stuff.

    1. 1

      The nice thing about pash is that it is so simple that it is easy to modify, and more importantly, it can read the pass password store – You simply have to set the right path.

      By the way, does any one seriously use the list command? It prints a tree, which is totally hostile to grep. Here is my fork that changes it to simply list things instead (and moves the original list to tree) which makes it easy to search using grep.

      1. 2

        Your fork shows the tree output above the fold in the readme.

        1. 1

          Are you dylanaraps? If so thank you for adding it! (Btw: Why did you choose to use find instead of shell globs?)

          1. 1

            I am not, as others have said.

            1. 1

              No, he isn’t. I haven’t used this program yet, but POSIX shell globs can’t match things recursively.

              1. 1

                Oh OK, good to know. At the time I forked, he was still using globs, so was simply using the same style.

                1. 1

                  Yes, that was before he rewrote it in POSIX sh (from Bash). ** is globstar, which is Bash-specific.

        1. 7

          As a pass user my immediate question was how does this differ from it? The FAQ says:

          How does this differ from pass or etc?

          I was looking for a CLI password manager (written in shell) and wasn’t happy with the options I had found. They either had multiple instances of eval (on user inputted data), lots of unsafe shell (nowhere near being shellcheck compliant.) or they were overly complex. The opposites for what I’d want in a password manager.

          I decided to write my own. pash is written in POSIX sh and the codebase is minimal (100~ lines).

          1. 2

            On the other hand, it’s not packaged in apt, so if there’s a vulnerability discovered, you’re on your own to manually update it.

            1. 1

              This made me realize that I never use the actual pass CLI - I either use the Android app, qtPass (on windows) on vim.

              1. 1

                What do you use pass in vim for? Also, is it this plugin? https://github.com/tsuyoshicho/vim-pass

                1. 3

                  I just use the GPG plugin: https://github.com/jamessan/vim-gnupg

            1. 1

              Console-based browsers are not an accessibility tool. Saying that google doesn’t care about blind users because of dropping support for a browser that an incredibly tiny number of people use is quite disingenuous.

              1. 4

                If you can set your font to be something you can see, I don’t see why they wouldn’t be. They are more deterministic than any GUI. They have just as good keyboard shortcuts. They are generally higher contrast. They don’t have much of the visual noise that makes the web tougher to use. What accessibility tools do you need that are insufficient in a terminal?

                1. 1

                  Yeah, it can be set up like an accessibility tool, but it doesn’t need to be supported like one. If google somehow made its website completely inaccessible to screen readers, for instance, that would be a definite transgression for those who rely on screen readers. There are better solutions than terminals, and it doesn’t make sense to have to support every single platform that “might” be accessibility-improving.

                  Also, there’s the whole fact that maybe lynx just needs to be updated to conform with modern web standards if it’s not able to render a page properly anymore.

                  1. 16

                    “Modern web standards” and “web standards” aren’t necessarily the same thing, whatever the governing body says. World Wide Web perhaps isn’t even the best description of what it’s become; it’s much more of an application platform now than simply a hyperlinked system for sharing information. Lynx is an excellent application for what it was made to do. It’s not really fair to criticise lynx for failing after the goalposts have been moved.

                    Also, regardless of what can be done with modern web standards, Google is still essentially a page of links. If those links can’t be accessed without a heavyweight browser and a load of Javascript, the only culprit is Google; just because new tags are available doesn’t mean that <a href="url"> isn’t the standard way to create a hyperlink.

              1. 1

                I really enjoyed this as a quick summary of in the trenches Linux performance monitoring. So often I run into a random misbehaving host and need to decide if it is hardware or software, and if it is exhaustion of a resource, which resource.

                I come from the old days of netstat and top and need some of these new counter based metrics for the newer kernels. I do wish that each of these were being ported to macOS and BSD, as I am becoming more and more unfamiliar with the command line tools on that side of the fence.

                1. 1

                  Mac OS and Solaris use dtrace (not sure about the other BSDs) to gather those metrics. dtrace was also written by Brendan Gregg, the person giving this presentation. I’ve played a bit with dtrace (since we use Solaris at work) and I wish it was available under Linux because there’s so much you can do with it. Want to profile? dtrace can do it, without a special build. How long is read() taking? Which process do you care about? And what file descriptor?

                  1. 1

                    Why did Apple prevent running dtrace without disabling SIP?

                    1. 1

                      That I do no know, but I suspect it might have something to do with “security”.

                    2. 1

                      he did not write dtrace, he wrote the book and the dtracetoolkit.

                      1. 1

                        Ah, my mistake then.

                  1. 4

                    punkt phones may be an option.

                    1. 4

                      Why would you build one of those on top of AOSP?

                      1. 2

                        Because there is no alternative; the baseband based dumbphone OSes went away in LTE, so now pretty much everything that’s a dumbphone, let alone a featurephone, is running Android.

                        1. 1

                          Well, that’s just sad.

                      2. 3

                        I have one of these too, and while the hardware is really nice to hold and use, the software has been incredibly buggy. (not to mention that you really have to consider whether nothing but phone calls and texting are enough for you) There was a recent software update that purports to have fixed most issues, but I haven’t had a chance to really put it through its paces yet.

                        1. 6

                          It’s silly that this is using Android, and has 4G, since it seems to only to phone/sms.

                          1. 3

                            This.

                            It seems interesting at first glance, and it looks like they nailed the desire for minimality. Then you look at what’s below minimality and you find it’s not minimal at all :)

                            1. 3

                              Having 4G is probably good to be future-proof. Taiwan for example has sunset GSM in 2018 and in 2019 UMTS was completely turned off, with LTE the only remaining option. Other countries are following suit over time.

                              1. 3

                                It’s also for the tethering. If you want to be intentional about internet usage, what better than having to get out a purpose built device?

                              2. 1

                                IIRC the MP02 didn’t support group texting when it launched, but they said they might support it with a future software update. Does it support group texting now?

                                1. 1

                                  I can’t say, I’ve never tried group texting. Sorry.

                              3. 2

                                It’d be perfect if it came with a QWERTY keyboard (and shipped to India).

                              1. 23

                                I think Josh addresses a good point here: systemd provides features that distributions want, but other init systems are actively calling non-features. That’s a classic culture clash, and it shows in the systemd debates - people hate it or love it (FWIW, I love it). I’m also highly sympathetic to systemd’s approach of shipping a software suite.

                                Still, it’s always important to have a way out of a component. But the problem here seems to be that the scope of an init system is ill-defined and there’s fundamentally different ideas where the Linux world should move. systemd moves away from the “kernel with rather free userspace on top” model, others don’t agree.

                                1. 17

                                  Since systemd is Linux-only, no one who wants to be portable to, say, BSD (which I think includes a lot of people) can depend on its features anyway.

                                  1. 12

                                    Which is why I wrote “Linux world” and not “Unix world”.

                                    systemd has a vision for Linux only and I’m okay with that. It’s culture clashing, I agree.

                                    1. 6

                                      What I find so confusing - and please know this comes from a “BSD guy” and a place of admitted ignorance - is that it seems obvious the natural conclusion of these greater processes must be that “Linux” is eventually something closer to a complete operating system (not a bazaar of GNU/Linux distributions). This seems to be explicitly the point.

                                      Not only am I making no value judgement on that outcome, but I already live in that world of coherent design and personally prefer it. I just find it baffling to watch distributions marching themselves towards it.

                                      1. 6

                                        But it does create a monoculture. What if you want to run service x on BSD or Redox or Haiku. A lot of Linux tools can be compiled on those operating systems with a little work, sometimes for free. If we start seeing hard dependencies on systemd, you’re also hurting new-OS development. Your service wont’ be able to run in an Alpine docker container either, or on distributions like Void Linux, or default Gentoo (although Gentoo does have a systemd option; it too is in the mess of supporting both init systems).

                                        1. 7

                                          We’ve had wildly divergent Unix and Unix-like systems for years. Haiku and Mac OS have no native X11. BSDs and System V have different init systems, OpenBSD has extended libc for security reasons. Many System V based OSes (looking at you, AIX) take POSIX to malicious compliance levels. What do you think ./configure is supposed to do if not but cope with this reality?

                                      2. 2

                                        Has anyone considered or proposed something like systemd’s feature set but portable to more than just linux? Are BSD distros content with SysV-style init?

                                        1. 11

                                          A couple of pedantic nits. BSDs aren’t distros. They are each district operating systems that share a common lineage. Some code and ideas are shared back and forth, but the big 3, FreeBSD, NetBSD and OpenBSD diverged in the 90s. 1BSD was released in 1978. FreeBSD and NetBSD forked from 386BSD in 1993. OpenBSD from NetBSD in 1995. So that’s about 15 years, give or take, of BSD before the modern BSDs forked.

                                          Since then there has been 26 years of separate evolution.

                                          The BSDs also use BSD init, so it’s different from SysV-style. There is a brief overview here: https://en.m.wikipedia.org/wiki/Init#Research_Unix-style/BSD-style

                                          1. 2

                                            I think the answer to that is yes and no. Maybe the closets would be (open) solaris smf. Or maybe GNU Shepherd or runit/daemontools.

                                            But IMNHO there are no good arguments for the sprawl/feature creep of systemd - and people haven’t tried to copy it, because it’s flawed.

                                        2. 6

                                          It’s true that systemd is comparatively featureful, and I’ll extend your notion of shipping a software suite by justifying some of its expansion into other aspects of system management in terms of it unifying a number of different concerns that are pretty coupled in practice.

                                          But, and because of how this topic often goes, I feel compelled to provide the disclaimer that I mostly find systemd just fine to use on a daily basis: as I see it, the problem, though, isn’t that it moves away from the “free userspace” model, but that its expansion into other areas seems governed more by political than by technical concerns, and with that comes the problem that there’s an incentive to add extra friction to having a way out. I understand that there’s a lot of spurious enmity directed at Poettering, but I think the blatant contempt he’s shown towards maintaining conventions when there’s no cost in doing so or even just sneering at simple bug reports is good evidence that there’s a sort of embattled conqueror’s mindset underlying the project at its highest levels. systemd the software is mostly fine, but the ideological trajectory guiding it really worries me.

                                          1. 1

                                            I’m also highly sympathetic to systemd’s approach of shipping a software suite.

                                            What do you mean here? Bulling all distro maintainers until they are forced to setup your software as default, up to the point of provoking the suicide of people who don’t want to? That’s quite a heavy sarcasm you are using here.

                                            1. 11

                                              up to the point of provoking the suicide of people who don’t want to

                                              Link?

                                              1. 23

                                                How was anyone bullied into running systemd? For Arch Linux this meant we no longer had to maintain initscripts anymore and could rely on systemd service files which are a lot nicer. In the end it saved us work and that’s exactly what systemd tries to be a toolkit for initscripts and related system critical services and now also unifying Linux distro’s.

                                                1. 0

                                                  huh? Red Hat and Poettering strongarmed distribution after distribution and stuffed the debian developer ballots. This is all a matter of the public record.

                                                  1. 10

                                                    stuffed the debian developer ballots

                                                    Link? This is the first time I am hearing about it.

                                                    1. 4

                                                      I’m also confused, I followed the Debian process, and found it very through and good. The documents coming out of it are still a great reference.

                                                2. 2

                                                  I don’t think skade intended to be sarcastic or combative. I personally have some gripes with systemd, but I’m curious about that quote as well.

                                                  I read the quote as being sympathetic towards a more unified init system. Linux sometimes suffers from having too many options (a reason I like BSD). But I’m not sure if that was the point being made

                                                  Edit: grammar

                                                  1. 5

                                                    I value pieces that are intended to work well together and come from the same team, even if they are separate parts. systemd provides that. systemd has a vision and is also very active in making it happen. I highly respect that.

                                                    I also have gripes with systemd, but in general like to use it. But as long as no other project with an attitude to move the world away from systemd by being better and also by being better at convincing people, I’ll stick with it.

                                                  2. 2

                                                    I interpreted it as having fewer edges where you don’t have control. Similar situations happen with omnibus packages that ship all dependencies and the idea of Docker/containers. It makes it more monolithic, but easier to not have to integrate with every logging system or mail system.

                                                    If your philosophy of Linux is Legos, you probably feel limited by this. If you philosophy is platform, then this probably frees you. If the constraints are doable, they often prevent subtle mistakes.

                                                1. 1

                                                  We use this on all of our development machines: https://github.com/braintreeps/vim_dotfiles

                                                  Our leader key is \.

                                                  It has enough plugins to give you similar ergonomics in most languages. I’ve heard we inherited most of it from thought works, but I actually don’t know the history.

                                                  The biggest thing about this is the consistency it provides. Anywhere from my home nas to the places I develop at work. If you don’t have a simple git clone and ./activate, you are losing ergonomics on any improvements you make to vim.

                                                  Also, there is lots of tribal knowledgebase about how to do things and what’s possible, so that consistency is multiplied across people and not just hosts.

                                                  1. 17

                                                    Ugh. It’s spreading.

                                                    It could be worse, but this sort of licensing is toxic to community and basically turns open source into just a marketing exercise. You can’t really build a community out of something like this, which means the entire project is vulnerable when the parent company is bought, fails, or loses interest, changes management, whatever.

                                                    I have sympathy for open source companies dealing with unscrupulous competitors that don’t give back, and I hope they’re putting a lawyer on any company that’s copying documentation or marketing copy. But this approach… well, it sucks.

                                                    1. 35

                                                      “You can’t really build a community out of something like this”

                                                      There’s communities built around all kinds of proprietary software, esp Windows and Mac. So, you definitely can. If anything, a more open, but still paid, license might lead to even more community contribution than the proprietary ones get. More important, being able to charge for it lets them just hire developers.

                                                      1. 6

                                                        These communities last as long as the company lasts and maintains the standards that produced the community. It’s much like living under a dictatorship: a good dictatorship will keep things working efficiently and trundling along well. But a bad dictatorship will let it all fall apart very quickly and there’s nothing anyone can do. How many open source contributors work on Java or OpenOffice now, really?

                                                        1. 16

                                                          “These communities last as long as the company lasts and maintains the standards that produced the community.”

                                                          This is again wrong as proven by all the people doing retro and vintage computing. Not even counting those that take care of popular, legacy systems. Communities do what they want to do.

                                                          “a good dictatorship will keep things working efficiently and trundling along well. But a bad dictatorship will let it all fall apart very quickly and there’s nothing anyone can do. “

                                                          I agree that company-driven work, whether writing code or community management, will go down if the company does. Thing is, F/OSS projects natural state is to not get supported by their own developers or even used by 3rd parties. Those that have success often get abandoned.

                                                          The advantage of F/OSS over restrictive proprietary is a third party can pick up where others left off. However, that could be built into these source-available licenses where the license is perpetual and irrevocable for paying customers with forks allowed internally and to be distributed among paying customers. It shocks me that I’m the only one bringing up this possibility given the precedents. Goes back to (IIRC) Burroughs giving out source of its mainframe OS in 1960’s with customers sharing improvements that sometimes got rolled back into main OS.

                                                          “How many open source contributors work on Java or OpenOffice now, really?”

                                                          Most people don’t voluntarily work on projects that seem big with potentially a lot of people on them. Java and OpenOffice are examples. Your examples are unusual, though. Probably intentionally. One is owned by sue-happy Oracle with all kinds of legal and ethical considerations around contributing to that product. The OpenOffice vs LibreOffice situation would probably make most contribute to LibreOffice. The Document Foundation supports LibreOffice.

                                                          So, both being infected by Oracle makes me think they’re not representative of the general situation. Do note that I often call for setting up the company owning the software to be a non-profit or public-benefit company with user-protecting goals chartered and contracted in. That should prevent or reduce some of these problems. If it’s a VC-backed or profit-focused company, I don’t trust their claims until the protections are solidified in writing with stiff penalties for abuses.

                                                      2. 30

                                                        I think what’s spreading is enormous cloud providers legally cloning open-source software businesses and reselling their products for enormous profit without giving back, destroying the original businesses.

                                                        Something like this is better than sticking with BSD, Apache, etc licensing: the source code eventually turns free-as-in-freedom, but with enough time delay that the original developers can still run a business selling it. With the existing permissive licenses, you can either run a business or you can have free software, but in the long-ish run not both.

                                                        1. 15

                                                          the entire project is vulnerable when the parent company is bought, fails, or loses interest, changes management, whatever.

                                                          From the article:

                                                          It’s important to remember that Sentry “the project” has been developed almost exclusively by employees of Sentry “the company”;

                                                          So I think that’s going to be the case anyway.

                                                          To make money, you need some element that’s “scarce”. Open source software means that’s a bit trickier to figure out:

                                                          https://journal.dedasys.com/2007/02/03/in-thrall-to-scarcity/

                                                          1. 3

                                                            Notably, it isn’t really open source anymore. Per OSI’s definition rule 6 or rule 0 of FSF’s free software definition. Now it is just source-available, and it is misleading to call it open-source anymore.

                                                            1. 8

                                                              Although we’ve come to refer to the BSL as eventually open-source since it converts to an OSI-approved license at the conversion date, due to the grant restriction, it is formally not an open-source license.

                                                          1. 4

                                                            If the intent is to redirect users to a different network just to display a fail whale page when absolutely everything else is on fire, having more than 1 minute delay is probably acceptable.

                                                            I disagree. On L3 volumetric DDoS you might need to nullroute/blackhole an IP address, and migrate your service away. It’s totally valid to null + move to another IP. Many L3 attacks do not follow DNS. It’s very important to be able to shift your service between many IP addresses promptly.

                                                            Also, a 1 minute TTL means that if authoritative DNS servers are hosed for more than 1 minute, no one would be able to access the dependant services any longer.

                                                            This train of thought seem to imply that the reliability of DNS auth is the same as reliability of L7 application. This is not true… You can with large confidence assume that if you are using reasonable DNS auth provider it’s reliability is good. There are PNI links between opendns and major players, or google dns and major dns auth servers. I would argue world’s DNS system is pretty healthy, surprisingly reliable and definitely NOT the most vulnerable part of your stack.

                                                            In other words - dns resolvers caching your dns answers for long time is not a pragmatic “improved reliability” argument.

                                                            1. 1

                                                              Will the DDoS just cache the old dns entries? They know your IP, and they can just direct the DoS to that instead of the new provider.

                                                              1. 1

                                                                I’m talking from a provider point of view - they move services across IP’s all the time.

                                                                If you are a simple website, for sure you should not expose your direct server IP to the public internet ever.

                                                            1. 3

                                                              Note that U2F keys are a new OpenSSH key type, so the server must support it too.

                                                              Anyone know why this would be the case? I was hoping the keypair could just be presented to the server as a regular ECDSA key.

                                                              1. 4

                                                                It was not possible to enable U2F keys using the existing SSH ECDSA key format because, despite U2F devices using ECDSA for signatures, the signature format differs from the plain signatures used in SSH by including some additional fields.

                                                                1. 1

                                                                  I noticed that, but I didn’t understand why those additional fields are there, or why it would cause a problem.

                                                                  My best guess now, after seeing ClashTheBunny’s reply, is that 1) the additional fields allow for at least the signature counter, and 2) the existing signature validation mechanism doesn’t tolerate unknown, additional fields (which would be a reasonable choice, really.)

                                                                  1. 2

                                                                    In most crypto schemes the thing that is signed is actually a digest of some more complex byte structure. That they don’t match here is not surprising. U2F for example requires adding origin (domain name) and a challenge. Even if the required data were the same the binary encoding could be different and that alone would make the signatures incompatible.

                                                                2. 3

                                                                  I get the question now.

                                                                  I wonder if it is to “promise” that the secret key material is on a hardware store and not a software store?

                                                                  1. 4

                                                                    It does seem that there is attestation PROTOCOL.u2f:

                                                                    U2F also offers a number of features that are attractive in the context of SSH authentication. They can be configured to require indication of “user presence” for each signature operation (typically achieved by requiring the user touch the key). They also offer an attestation mechanism at key enrollment time that can be used to prove that a given key is backed by hardware. Finally the signature format includes a monotonic signature counter that can be used (at scale) to detect concurrent use of a private key, should it be extracted from hardware.

                                                                1. 1

                                                                  It really depends on where you are and where you want to go.

                                                                  Have you started up Linux in a VM and tried to use it for email and lobster.rs? I find that you can slowly find the edges of the world as you try to do more and more. You could say “I know how to do x in a gui on Linux, I’ll search how to do the same thing in the terminal”. You also don’t hit the very hard edges of hardware support and failure in this mode.

                                                                  You could then increase the difficulty by choosing a more from scratch distribution or trying it on physical hardware. I learned so much when trying to get a random thing working or from trying to fix something. I also experienced how Linux is very much like Legos, in that you can switch out many things and still make it work.

                                                                  Try something like Arch, Gentoo, or Linux from scratch at some point, trying to replicate your current working system in a new VM. One advantage of this is you see the trade offs that many system integrators go through. “Ok, it works with xorg, let me try the same thing with Wayland.” Or “okay, it works with Arch, let me try the same thing with Debian”. There are so many choices to make with Linux that it’s good to understand some of the defaults that are common across distributions. Filesystems, display systems, process managers, container managers, mail servers, web servers, etc.

                                                                  If you have more specifics about where you are in your journey, maybe one of us could give deeper insight into what we ran into and how we got past our problems.

                                                                  1. 6

                                                                    I would say that the article answers the question well for people who would or should ask the question. I doubt it’s targeted at most people deep in the Python community.

                                                                    1. 5

                                                                      There is a reason our entire foundation of our profession is based off the work of people using this script. From the numerals being called ‘Arabic’ to using ‘Al-gebra’ (from Arabic word الْجَبْر‎ (al-jabr, “reunion, resetting of broken parts”)) and ‘Al-gorithms’ (transliteration of the Arabic form of the name of the Persian mathematician al-Khwārizmī (الخَوَارِزْمِيّ‎ (al-ḵawārizmiyy, “native of Khwarezm”)). My gravatar is the name of the person who helped us learn about many of those things in the same Kufic script the art of the algorithms are done in. (Stolen from http://jeffe.cs.illinois.edu/teaching/algorithms/)

                                                                      I do wish I could perspective take a bit better with how people with different scripts and grammars understand our “bicycles for thought”.

                                                                      1. 6

                                                                        There is a reason our entire foundation of our profession is based off the work of people using this script.

                                                                        I hope I don’t sound rude, but I didn’t quite understand the reason? The origin of digits and the names of disciplines doesn’t really look like an argument…

                                                                        1. 1

                                                                          I suspect their point was that the reason those disciplines have those names is because they originated with speakers of Arabic.

                                                                        1. 19

                                                                          I’m going to address the title directly:

                                                                          What can software authors do to help Linux distributions and BSDs package their software?

                                                                          Step one is actually build your software on more than Linux. Shake out the Linuxisms by building on the BSDs. This will uncover often trivial but common issues like:

                                                                          • Assuming make Is GNU make
                                                                          • Using behaviours of GNU sed
                                                                          • Assuming /bin/sh is `bash’
                                                                          • Hardcoding paths to tools that are in different locations on BSD for example /usr/bin vs. /usr/local/bin
                                                                          • Relying on systemd being present. Consider OpenRC, runit, BSD init systems.
                                                                          • Relying on Docker for development workflows. Instead document the process for when Docker is not an option.
                                                                          1. 3

                                                                            Assuming make Is GNU make

                                                                            I wrote a crypto library. Single file, zero dependency. Not even libc. I do need to perform some tests, though. And even for such a simple thing, not assuming GNU make is just too hard. How come the following does not even work?

                                                                            test.out : lib/test.o  lib/monocypher.o lib/sha512.o
                                                                            speed.out: lib/speed.o lib/monocypher.o lib/sha512.o
                                                                            test.out speed.out:
                                                                            	$(CC) $(CFLAGS) -I src -I src/optional -o $@ $^
                                                                            

                                                                            If I recall correctly, $^ is not available on good old obsolete pmake. So what do I do, put every single dependency list in a variable?

                                                                            Another little hassle:

                                                                            ifeq ($(findstring -DED25519_SHA512, $(CFLAGS)),)
                                                                            LINK_SHA512=
                                                                            else
                                                                            LINK_SHA512=lib/sha512.o
                                                                            endif
                                                                            

                                                                            Depending on that pre-processor flag, I need to include the optional code… or not. Is there any “portable” way to do so?


                                                                            Sure, assuming GNU everywhere is not a good idea. But some GNU extensions are just such a no brainer. Why don’t BSD tools adopt some of them? Why not even $^?

                                                                            1. 6

                                                                              Feel free to assume use GNU make (IMO), just make sure your sub-invocations are $(MAKE) instead of “make”.

                                                                              1. 3

                                                                                That could work indeed. My current makefiles aren’t recursive, but I’ll keep that in mind, thanks.

                                                                                1. 2

                                                                                  Same with bash instead of sh: it’s fine to use bash, just be conscious about it (“I want bash feature X”) and use #!/usr/bin/env bash. The problem is assuming /bin/sh is /bin/bash, which can lead to some rather confusing errors.

                                                                                2. 3

                                                                                  So my suggestion wasn’t to not use GNU make it was to not assume make == GNU make. What this means is if building requires GNU make then call that out explicitly in build instructions. This makes it easier for packagers to know they need to add a dependency on gmake.

                                                                                  If there are scripts or other automation that call make then allow the name of the command to easily be overridden or check for gmake and use that if found rather than calling make directly and assuming it’s gnu make.

                                                                                3. 1

                                                                                  Why would any generic userland application want to build their software beyond Linux environments?! Eg, is Slack or Skype actively doing this? If anything I would assume attempting to assure my application builds against legacy Linux build tools (and yes even assuming GNU make) is a good thing…

                                                                                  To ask the question another, what segment of my user base is BSD based? I suppose you’re answering wrt the BSD adoption portion of the parent question. I guess my own comment is that unless ones software application is massively popular all the genericity considerations of the build tooling you’ve described sounds like massive overkill.

                                                                                  1. 4

                                                                                    I think if you take this argument one step further, you end up building only for Windows. That’s not a fun world. Would we then just invest a bunch of effort into Wine? It’s what we used to do.

                                                                                    Portability allows for using your favorite platform. It’s something we all have valued from time to time.

                                                                                    If you make the right choices, you can develop very portable software these days in most languages. So, the way I read it, learning how to make those choices is what the OP is suggesting.

                                                                                1. 1

                                                                                  Ikiwiki is what we use for git based workflows. It supports a blindingly large set of syntax and fits in our normal tmux-git environment but allows people to use whatever editor.

                                                                                  1. 2

                                                                                    Honest question: Do you know why Theo holds the copyright? Is it better than having the Foundation holding it?

                                                                                    “Copyright 1997-2019, Theo de Raadt.”

                                                                                    1. 3

                                                                                      I would assume that it is because it makes a relicense easier. Like if something more appropriate than a BSD 3 Clause is released. If he becomes evil, we have the right to form an new organization and fork. So we have all the guarantees of the current license plus the ability to move forward in a case where it is appropriate.

                                                                                      Think about the current state of Linux. Let’s say BSD or Apache were considered? It would be impossible to move because of all the people who would have to agree to the move or the rewrite of the code they own.

                                                                                      Or am I totally off base?

                                                                                      1. 1

                                                                                        As far as I can tell, he just holds the copyright for the overall distribution I guess. All the code has copyright notices by a bunch of other people. It really doesn’t matter who has it, in that sense.

                                                                                      1. 9

                                                                                        Happy to answer questions about WireGuard from the lobste.rs crowd, by the way.

                                                                                        1. 1

                                                                                          Is there something like Algo for WireGuard?

                                                                                          1. 2

                                                                                            Algo VPN is a set of Ansible scripts that simplify the setup of a personal Wireguard and IPSEC VPN.

                                                                                            From the first sentence of the readme for algo.

                                                                                            1. 1

                                                                                              yup, my fault, saw algo long time ago

                                                                                        1. 8

                                                                                          Please, someone add pagination to “Your Threads” page so you can see all your old comments. You can only see the most recent 20 right now.

                                                                                          1. 2

                                                                                            Is there a bug you can link me to?

                                                                                            1. 6

                                                                                              Yep, it’s here. You can solve it for that one page or (optional hard mode) help clean up the inconsistent pagination across the site.

                                                                                          1. 4

                                                                                            Not that you can pay people to truly care either….