1. 4

    One thing that puts me off from using kore is the degree of magic that seems to come with being a “framework”. No main function. An obscure documentation system. A baked-in build system. A baked-in web server. That’s a lot of duplication of mature, well-known tools—make, httpd, and so on—with none of them being trivial at all. I guess C to me is synonymous with UNIX, and frameworks like this go against what UNIX means: manpages, doing a small thing well and fitting into a larger framework, etc. It would be nice, all that being said, to split these tools apart and use them separately. (A well-written HTTP server library would be very handy—and there are a lot of questionable ones out there.)

    1. 5

      Kore author here.

      You must have used Kore ages ago. The build tool and web server are two separate things and have been for a while.

      If you don’t want to use the build tool to help you get started, automatically properly build your app or have any benefits from it, you can roll your own Makefiles. The applications are normal dso files mapped into the server its address space by dlopen() anyway. Those aren’t magic.

      Not having a main function sort of goes hand in hand with the fact your apps are dso’s.

      Yes there are more things the build tool can help you with, like injecting assets or building a single binary out of your application instead of a dso.

      I fully agree that the 2 year old documentation is shit, and that’s something I’m fixing for the next release :)

      1. 3

        Not to mention writing a web app in C sounds like a masochistic security mine field due to all the string processing it normally entails. C++ wouldn’t be as bad with std::string, but even then it sounds dreadful.

        So it’s not for me, but it still looks like a solid project, and it’s filling an interesting niche.

        1. 6

          I don’t think kristapsdz got the memo about not writing web apps in C. https://learnbchs.org/ ;-)

      1. 4

        This looks very promising. As soon as I saw it I thought “plan9”, and sure enough, it’s somewhat related, using devdraw from plan9port.

        The widget set is complete enough to create functioning apps. The developer has created several demo apps, including a local mail reader, acme clone, and a simple database browser and query tool.

        And it’s pure Go.

        Very promising, indeed.

        1. 5

          I run OpenBSD as my daily driver and have for years. I’m a developer and a bit of a minimalist, preferring text-oriented tools, and lightweight window managers like cwm, xmonad, or rio. But that doesn’t mean it can’t be used by folks who want the “full” desktop experience if that’s what you’re looking for (Gnome, KDE, Xfce, Lumina).

          You’ll find approximately the same selection of open-source apps you run on Linux are available on OpenBSD (and the other BSDs). The edge cases in my experience are Linux-only ports (MS SQL Server), Linux api/kernel-dependent projects like Docker (FreeBSD has jails, a superior choice anyway), and commercial software (e.g., games, Skype, Dropbox). And strange abominations BSD users would rather avoid, like systemd.

          You also won’t find apps like VirtualBox, but you will find good alternatives like vmm(4) on OpenBSD, and bhyve on FreeBSD.


          Going on to OpenBSD-specific recommendations, a lot of legacy hardware (x86, amd64, SPARC, and PowerPC) still works on OpenBSD. And a lot of very current hardware as well (x86, amd64, arm, SPARC64, MIPS and other). x86 and amd64 are probably the best options for desktop/laptop use.

          Before getting to how my configuration and use, I’ll mention some gaps you might find troubling:

          • file systems (ffs, pick one) (ext2, dos, or fuse are available for interoperability)
          • GPUs (most will work, but you won’t be doing any CUDA on OpenBSD)

          My Laptop

          Currently I run OpenBSD on a Thinkpad T450s. Both wired and wireless (em(4), iwm(4)) work flawlessly.

          External monitors work very well with xrandr. At a previous job I had a 4k monitor. I ran it alone and together with the internal monitor without issue, though you’ll not be gaming on a 4k monitor at 60 fps with the Intel 5500 series.

          Suspend/resume works. I don’t use hibernate much, but it worked when I tried it.

          As far as I can tell all the sensors work. Battery status and charge remaining work.

          I have a docking station. When I dock/undock the switching is seamless. As with any OS, you have to connect/disconnect some devices during the process (e.g., USB disks … could be somewhat automated). Mice, keyboards and many peripherals connect/disconnect without issues. To manage switching between wired/wireless networking I wrote a script run by apm(8).

          Software (apps I use)

          • backups and syncing (rsync and unison)
          • cli (xterm, ksh, tmux)
          • dev (sed, awk, python, haskell, php, javascript, perl, c)
          • email (acme, mutt)
          • image viewing and manipulation (feh, ImageMagick)
          • media (mplayer)
          • office (LibreOffice)
          • printing (lpr)
          • reading (more, mupdf, Calibre for ebooks)
          • videos (mplayer, youtube-dl, Chrome)
          • web browsing (w3m, Chrome)
          • writing (ed, acme, pandoc)

          On the whole, I find OpenBSD a perfectly usable desktop OS, and it’s certainly my preference. I occasionally have to use other OSs due to work requirements, or where there’s no available software (see comments above about Skype).

          1. 1

            My initial searches proved worthless, I’ll try to set this up after work, thanks a ton! I’m mathuin from bsd.network by the way, so this is really on point.

            1. 2

              I had been thinking to write some articles about plan9 and Acme. Your question on https://bsd.network prompted me get started. Let me know how it goes.

              1. 1

                I was wondering why you chose msmtp over the openbsd smtp?

                1. 1

                  A couple of reasons:

                  1. I already have it configured for multiple services I send through (personal domain, gmail),
                  2. msmtp is more of a client that functions like sendmail(8) where smtpd(8) would need to be configured as relay host,
                  3. It also runs in user space.
            1. 2

              I’ve played with using a program called amail to read mail in acme, but can’t recommend it. It’s written in a literate style, which means the actual code produced is just a giant pile of slinkys and impossible to read by itself.

              It’s on my long list of projects to write a maildir adapter for Mail or add maildir support directly so that I can continue to use my mbsync+msmtp workflow.

              1. 2

                This might be overkill, but setup dovecot(1) on your local system. Let it serve email to Acme via IMAP. Your current workflow should continue to work.

                I used to do something similar when I used gnus on Emacs. The only difference is I used the doveadm(1) sync command to keep the local in sync with the primary server. For dovecot-to-dovecot syncing, doveadm(1) is the way to go.

              1. 1

                I cringe when I see practice of putting clear passwords in any text file, especially the dreaded .netrc.

                Supposedly secstore(1) could help with that, but I have never ventured further in those. Can somebody say anything about the security aspect of these programs in plan9port?

                1. 1

                  With msmtp(1) you should use the passwordeval option which will evaluate an expression and use whatever is returned on stdout as the password:

                  gpg2 --no-tty -q -d ~/.msmtp-password.gpg

                  Install pinentry-gtk2 and you’ll get a nice dialog box.

                  I intended to mention the passwordeval option, but the writing went into the wee hours and it was lost. :D I’ve updated the $HOME/.msmtprc example with a note referencing it.

                  As for secstore(1), that’s a backing store for factotum(4). I think you could use passwordeval with factotum(4).

                  1. 1

                    How does one set up factotum with secstore? Can I use it the same way I use pass? If I don’t explicitly use secstore will I have to set the secret everytime I start factotum?

                    1. 1

                      iirc, yeah, you’ll get prompted. Well, may get prompted. I don’t think things like auth/fgui(1) got brought over.

                1. 4

                  Rather than the video, I want to see the car’s telemetry stream just prior to the collision. Logs too, please.

                  1. 12

                    What’s the best way to use Mastodon? I appreciate its dedication to privacy, but the distributed nature of Mastodon confuses me. I feel like it’s the World of Warcraft server problem, where it’s impossible to find a server with all your friends on it without one server having everyone on it.

                    1. 11

                      You don’t have to be on the same server, you can follow accounts from other instances.

                      1. 10

                        Many of us in the BSD world went with https://bsd.network/.

                        You might try the instances.social finder: https://instances.social/.

                        One of the things I like about Mastodon is I can join a server (or servers) that are more closely aligned to my interests. By monitoring the instance timeline I see all the posts. I don’t have to find a bunch of people to follow immediately. I can grow the list by following the folks I notice posting things I enjoy reading.

                        1. 2

                          What network do Haskellers use?

                          1. 4
                          2. 1

                            Yeah that’s one of the things I really dig about it. It’s a metacommunity. You find an instance that focuses on your interests, or create one of your own if that’s what floats your boat, and it becomes a microcosm unto itself, but you all still share the global timeline.

                          3. 6

                            Replace instance with server and mastodon with e-mail. Then all these explanations become less confusing. Unless your server’s admin or your peer’s admin blocks your messages, you can write messages to every peer on every other server as you see fit.

                            Does that make sense to you?

                            1. 4

                              You don’t need to find a server with everyone in it since federation allows you to follow people on other servers. I do recommend to simply find a community you enjoy and use that as home-base.

                              1. 1

                                With sites like joinmastodon.org or instances.social, I haven’t experienced this to be too much of a problem. Yes, it takes a while, but you can always delete an account and create a new one on another instance.

                                To me, the real problem seems to be the difficulty to find interesting accounts to follow, and create a informative, fun and interesting stream. There are a lot of inactive accounts, regardless of the server (mine is one of these), and some active ones, but I can’t really re-create the same level of experience as on twitter, reddit or image boards, for example, even though I have stopped using all of these by now.

                                1. 1

                                  Just use mastodon.social. The other commenters are correct that you can communicate cross-instance though. I host a single-user instance for myself so I can experiment with patches.

                                  1. 6

                                    The flagship instance is overloaded and has some trouble scaling; I’d recommend finding something else, if only to ease the burden on the poor folks doing ops on it.

                                1. 2

                                  Interested in doing this myself. At my previous job, I did iOS development, among other things. So macOS was pretty much a requirement. Now I’m unemployed and don’t have that machine any more, and I haven’t been in a hurry to find a replacement. I want something serviceable, preferably ARM-based, and with good battery life.

                                  Those new Windows 10 ARM machines (e.g. HP Envy x2) are quite tempting, but they’re prolly glue sandwiches like everything else. Recommendations are most welcome!

                                  (Also there’s a link to my website in this post; that was unexpected. 🙂)

                                  1. 14

                                    If you have the time and inclination to try various options, may I suggest one the BSDs? A lot of folks run OpenBSD as their daily driver, including a number of us here on lobste.rs (@mulander, @qbit, @stsp, @jcs, to name a few). You might also try FreeBSD or TrueOS (the more end-user focused version).

                                    I’ll be honest, as far as OpenBSD goes, you’ll find there are few thing you won’t be able to run. GPU stuff is pretty much out of the question. And you’ll stumble across the odd app that hasn’t been ported yet. For general productivity, you’ll find pretty much every desktop environment, LibreOffice, etc. As a development platform you’ll find lots of choices and options. And let’s not forget stellar doc.

                                    If you like gaming, the past year or so has been very good to OpenBSD. Check out this list at GOG.

                                    I’m not as up on the ARM options as I’d like for laptops. The one I can think of off the top of my head is the PineBook. It’s still a work-in-progress as far as OpenBSD goes. The company that make it do have a Linux-based OS for it.

                                    If you’re looking for hacking-on-the-system options, OpenBSD and a PineBook might be just right. ;-)

                                    Good luck finding something that meets your interests and needs!

                                    1. 3

                                      I ran FreeBSD on my home and work desktops (and most of my servers) for almost 10 years. I use a Mac these days, but I still have a soft spot for FreeBSD on the desktop.

                                      @wezm - For Dropbox on FreeBSD, I found just installing the CLI (pkg install dropbox-api-command) and then calling “dropbox-api sync” in cron ever 10 minutes was good enough.

                                      1. 3

                                        I use FreeBSD on my server and like it for that, and was eyeing TrueOS for my cheapo desktop, but it seems to lack ARM support so that didn’t work. Definitely a bigger fan of *BSD than the Linuxes. I really wish I could use Haiku, but it’s also lacking ARM support and is more of a fantasy/pipe dream. 🙂

                                        Checking out the PineBook, thanks!

                                      2. 1

                                        Chromebook Pixel 2?

                                      1. 2

                                        Nice write up. Better … I now know about Elfeed, an emacs feed reader. https://github.com/skeeto/elfeed

                                        1. 1

                                          I’m interested to see what you think of elfeed.

                                          I tried it a while back but eventually gave up on it. Configuration was a pain and it didn’t match my “workflow” very well. And since the author’s moved to Vim, it seemed unlikely to improve much.

                                          It wasn’t terrible, I just couldn’t get used to it.

                                          1. 1

                                            Maybe he came back. The repo shows a commit 2 days ago.

                                            I just started using it. The jury’s still out on whether I like it. So far, not bad.

                                        1. 1

                                          I would love to know the validity of this claim. It seems fishy that a patent was filed but no white paper was submitted to journal for peer review (that I can find). If anyone with more expertise can provide their take on the matter, I would greatly enjoy it!

                                          1. 19

                                            The inventor has a website called boundedfloatingpoint.com. There he describes it in a bit more detail than the article, but not much.

                                            Note carefully how he describes it:

                                            This invention provides a device that performs floating point operations while calculating and retaining a bound on floating point error.

                                            And “[t]his invention provides error notification by comparing the lost bits”.

                                            It’s a solution to the problem of “unreported errors”. His solution provides extra fields in the floating point representation to carry information about ’lost bits” and allows the operator to specify how many significant digits must be retained before an error is flagged.

                                            This is an advantage over the current technology that does not permit any control on the allowable error. This invention, not only permits the detection of loss of significant bits, but also allows the number of required retained significant digits to be specified.

                                            At a cursory glance one might be inclined to think he’s solved the problem of floating point, but the reality is he’s developed a standard for communicating error in floating-point operations that can be implemented in hardware.

                                            Not to detract from his solution, but it doesn’t seem like he’s invented anything that will surprise hardware designers.

                                            1. 7

                                              Thank you for that analysis. This is a real problem with floating point numbers, but hardly the only one.

                                              People who haven’t seen it might be interested in this post from last year about a new number representation called “posits”, which addresses some completely orthogonal issues with fixed-size number representations. :)

                                              1. 1

                                                Nice! Thanks for the link.

                                              2. 1

                                                It’s a solution to the problem of “unreported errors”. His solution provides extra fields in the floating point representation to carry information about ’lost bits” and allows the operator to specify how many significant digits must be retained before an error is flagged.

                                                SIGNAL ON LOSTDIGITS;
                                                NUMERIC DIGITS 10;
                                                NUMERIC FUZZ 2;

                                                We just need to do all our math in REXX.

                                            1. 4

                                              Aha, glad to see more people thinking of replacing prelude, especially Snoyman!

                                              The Foundation project aims towards the same goal, but I guess having a FP-complete backed alternative cannot hurt!

                                              [edit] Right, posted this comment too soon! This is a different approach, they plan to actually reuse the existing libraries. This is definitely nice, hopefully the prelude problem will definitely be fixed in 2~3 years from now.

                                              1. 3

                                                What “Prelude problem” ?

                                                1. 5

                                                  The project README more or less states the problem:

                                                  The RIO module works as a prelude replacement, providing more functionality and types out of the box than the standard prelude (such as common data types like ByteString and Text), as well as removing common “gotchas”, like partial functions and lazy I/O. The guiding principle here is:

                                                  • If something is safe to use in general and has no expected naming conflicts, expose it from RIO
                                                  • If something should not always be used, or has naming conflicts, expose it from another module in the RIO. hierarchy.

                                                  Snoyman and FP-complete are trying to move Haskell more in the direction of a batteries-included solution for software development. The Haskell Foundation project mentioned by @NinjaTrappeur above is attempting the same thing.

                                                  Many of the changes RIO makes as a Prelude replacement solve problems beginners don’t know they have until they’ve been coding a while in Haskell. Using String rather than Text or ByteString is one of the most common mistakes beginners make. And why shouldn’t they? It’s right there in the “base” of the language. And then you learn, often after months of coding, String performance is a disaster.

                                                  Whether RIO is the right solution, time will tell. That it’s a step in the right direction, is beyond doubt.

                                                  1. 5

                                                    I personally use Protolude. The problems it solves (for my projects, on my computer, for my use cases) are:

                                                    • head :: [a] -> a becomes head :: [a] -> Maybe a (and all the other partial functions that throw error "message", like tail and so on…)
                                                    • everything is Text
                                                    • convenience functions that I used to copy in all my project, for example: toS which convert from any string-like (Text, String, ByteString, …) to any other string-like.
                                                    • foldl, head, … are on traversable not just lists
                                                    • a lot of other stuff, that I’m missing at the top of my head
                                                    1. 2

                                                      afaik, it’s the issues connected with the standard prelude, either concerning inefficient data structures (String is defined as [Char], ie. a linked list) or simple lack of utilities, which are then afterwards commonly installed by many uses (eg. Data.Vector). Many other “alternative” preludes have tried to replace the standard, but most of them can’t manage to get any significant adoption.

                                                      That’s at least what I understand when someone says “Prelude problem”.

                                                      1. 2

                                                        The Foundation README gives some information about this “problem”, RIO gives other arguments. The two main issues people have with Prelude is partial functions and Lazy IO, as fas as I can tell.

                                                        1. 1

                                                          @akpoff, @zge and @lthms pretty much summed up the problem.

                                                          I would also come up with another problem class: “legacy semantics”.

                                                          [EDIT] The following statement is wrong.

                                                          The most notable offender is the Monad typeclass. As it is defined in base (prelude is re-exporting parts of the base library), Applicative is not a superclass of monad. Those two typeclasses are actually completely unrelated as it’s implemented. In other terms, you could end up with a Monad not being an Applicative. Some people are trying to fix that directly in base, some are trying to fix that in external libraries such as Foundation.

                                                          In the end, it is not such of a big deal for an intermediate/experienced developer; however, it is quite confusing for newcomers. Not knowing what you can safely use from the standard library is not a really nice user experience in my opinion.

                                                          [Edit] As a side note, I am saddened to see that the return keyword is preferred over pure. This keyword has a totally different meaning in procedural languages (ie. 90% of the languages), using it in this context is just a constant source of confusion for newcomers…

                                                          1. 1

                                                            Applicative has been a superclass of Monad for quite some time in GHC base. I disagree with the change (breaks compatibility) but understand why they did it.

                                                            1. 1

                                                              Oh yes, you’re right, my bad!

                                                              See monoid and semigroup, the problem is quite similar.

                                                      1. 3

                                                        This is pretty sleazy. NVidia used to make it hard enough to use consumer cards in lights-out scenarios. Some settings can only be adjusted via the GUI control panel, whereas the drivers for the workstation cards can be adjusted from the command line. But to add the prohibition to the driver EULA is pretty low.

                                                        1. 2

                                                          I’m adding spfwalk to spf_fetch as a tool, and support for spfwalk and the smtpctl version to spf_fetch. The scripts in spf_fetch, along with a bit of config and cron(8), handle the work of updating pf(4) records.

                                                          1. 2

                                                            This is crazy. I chalked the root-without-password problem up to Apple not caring much about MacOS anymore since they make so much more money from mobile devices. But this makes me think they just gave up.

                                                            1. 2

                                                              Once an intruder gains access to the user’s iPhone and knows (or recovers) the passcode, there is no single extra layer of protection left.

                                                              Is this such a big deal? With physical access to the device, anything is one password away. What do you expect once an intruder gains access to your MacBook and knows (or recovers) the password? The whole point of two factor authentication is just, in addition to knowing the password, you need physical access to a trusted device.

                                                              1. 7

                                                                The issue is that before Apple would require you to enter other passwords to accomplish certain action.

                                                                For example, before if you wanted to change your backup encryption password Apple would require you to type it in. Otherwise it would refuse to reset the password.

                                                                Now you can remove the backup encryption password without entering the older password first. This allows the possessor to create a new backup password, back the phone up, grab the backup and with other tools dump all other passwords in the Keychain, like all their Safari-saved passwords for other websites.

                                                                In this new world if the user happens to have setup two-factor auth, from the compromised device they can (quoting the article):

                                                                • Change the user’s Apple ID password
                                                                • Remove iCloud lock (then reset and re-activate the iPhone on another account)
                                                                • Discover physical location of their other devices registered on the same Apple account
                                                                • Remotely lock or erase those devices
                                                                • Replace original user’s trusted phone number (from then on, you’ll be receiving that user’s 2FA codes to your own SIM card)
                                                                • Access everything stored in the user’s iCloud account

                                                                All this because you have the device in hand and either guessed or coerced their PIN from them. Whereas before Apple had layers to their security model. With an iOS 11 device you can totally own everything Apple they own and possibly a lot more.

                                                                That’s why it’s a big deal.

                                                                1. 3

                                                                  With physical access to the device, anything is one password away.

                                                                  I would not expect physical access to the device alone to yield administrator-level control of my iCloud account and the ability to wipe any of my other devices (to which the attacker did not have physical access). I think that’s a genuinely non-intuitive behavior.

                                                              1. 2

                                                                Anyone else amazed to see WIPO handed down their decision in less than 3 months? Is that normal?

                                                                1. 12

                                                                  Try http://paperswelove.org.

                                                                  | Papers We Love is a repository of academic computer science papers and a community who loves reading them.

                                                                  It’s a git repo of classic CS papers and a website for people who want to get together to discuss them. Some of the papers are easy, some hard, but a treasure trove to work your way through.

                                                                  1. 6

                                                                    Thanks for the PWL shout-out. PWL was started as a reading group within our old company, and we began with Out of the Tarpit and Communicating Sequential Processes. Those were the first papers I read, and I found them widely applicable, interesting, and approachable.

                                                                    1. 3

                                                                      In the same spirit, I really enjoy Fermat’s Library. I don’t really read the annotated versions most of the times, as the website is set up in a way that makes it annoying for me (which is a shame, the comments are normally pretty great), but use it mostly as a feed of interesting papers to read on different areas.

                                                                      1. 1

                                                                        It’s a huge repo, any guidelines to find the ones which are easy/beginner friendly?

                                                                        1. 6

                                                                          The section on design is a good start, especially “No Silver Bullet” (NSB) and “Out of the Tarpit” mentioned above.

                                                                          Fred Brooks, who wrote NSB, also wrote another classic before that called “The Mythical Man Month” which is sold on Amazon as a collection of papers, including NSB.

                                                                          A Mathematical Theory of Communication” by Claude Shannon is the foundational work in information theory.

                                                                          Reflections on Trusting Trust” is a great read and eye opening as an intro to security.

                                                                          The Unix Time-Sharing System” by Dennis Ritchie and Ken Thompson is the classic intro to Unix.

                                                                          In addition to these and others from PWL, I’d also add Dijkstra’s paper “Go To Statement Considered Harmful”. Whether you agree or disagree, it’s the seminal paper on structured programming.

                                                                          I’d start with those, follow interesting footnotes and references to see where they lead you.

                                                                      1. 1

                                                                        I added auto detecting and joining of known wireless networks to netctl. It’s not ready for boot time, but it works once booted. In particular, it works well with apmd(8) scripts like resume.

                                                                        I also added some quickstart details to the README.md in the github repo.

                                                                        1. 1

                                                                          Are you aware of ArchLinux’s netctl project? It’s based around systemd so it’s not portable to *BSD but the UX might be useful to draw inspiration from. Also, it’s an established project with the name ‘netctl’. :)

                                                                          1. 1

                                                                            Not until just now. Given that systemd will never be ported to OpenBSD, I’m Ok with the name collision. ;-)

                                                                            Thanks for the UX ideas!

                                                                          1. 6

                                                                            Working on a cli network configuration manager for OpenBSD. So far it can enable/disable/start/stop/restart interfaces as well as create/destroy and switch between locations. Locations are currently limited to just one wap config for wireless interfaces. I’m tidying up the man page later today.

                                                                            I have some older code that will connect to the strongest wap from a group of configurations. I’ll integrate that next.

                                                                            It’s not a replacement for ifconfig(8)…it’s written in pure shell (using no commands outside of shell, /bin and /sbin), modeled after rcctl(8). I think I can get automated wap connecting working at boot time. Keeping it in pure shell (or c) is the only way to ensure it will work at boot time.

                                                                            I’m using it on my my laptop to switch between work and home. I should have a preview ready for general consumption pretty soon.

                                                                            1. 1

                                                                              Are you aware of nsh? http://www.nmedia.net/nsh/

                                                                              1. 1

                                                                                No, I don’t recall hearing anything about it before.

                                                                                nsh looks nice, but it requires changing your system from default. It replaces the functions of netstart(8) and some parts of rc(8). You have to delete things like /etc/hostname.* and /etc/mygate and give nsh management of some networking daemons.

                                                                                My project is less ambitious. It’s modeled after rcctl(8) and works with netstart(8). Other than creating symlinks to manage hostname.if(5) configuration files, it’s bog-standard OpenBSD.

                                                                                Still, very cool stuff.

                                                                                1. 1

                                                                                  I like the sound of it. Please post a link on the board when you decide to release it.

                                                                                  1. 2

                                                                                    Thanks. I’ll definitely post it here, hopefully in a couple of days.

                                                                                    I’ll also post it to http://github.com/akpoff.

                                                                                    1. 2

                                                                                      Initial version posted on github, and article submitted to lobste.rs.