Threads for javier-lopez

  1. 1

    I’ve been working / using over the last 8 years~ an Ubuntu respin called minos that is configured to use i3 for common tasks, http://javier.io/blog/en/2018/08/22/minos-a-tiling-wm-linux-distro.html , https://github.com/minos-org , if you’re into minimalist systems this may give you some fun hours

    1. 3

      Cool article, I’m often amazed by how ppl accept unoptimal procedures as normal, I’ve been using http://wcd.sourceforge.net with great success for some years now, it’s quite similiar to j, http://javier.io/blog/en/2011/04/05/dont-let-cd-slow-you-down-wcd-commacd.html

      1. 1

        Indeed Docker and docker swarm mode are great, I’ve recently finished a similar setup, I’ve replaced caddy with traefik which is able to listen to docker events and redirect automatically to the desired service without constantly editing a conf file (an alternative could be to use consul template). Also I’ve setup keepalive/haproxy in front of traefik to provide HA to traefik through a virtual IP. I’ll clean up the ansible recipes a little bit before uploading to Internet, although surely there are already similar setups online.

        https://imgur.com/a/pFT1U

        1. 4

          would love to hear one about 0install, or any other descentralized package manager

          1. 2

            Why is the theme for this obfuscated?

            1. 2

              To save some kbs and avoid ruining the script readability, the html code contain some minimized css code which has some really long lines

              1. 2

                I’d like to see the those elements in a separate file in that case, I think it would be more useful. I am too paranoid to run it :)

            1. 2

              I’ll be working in a status page tool for single servers, mostly filtering free, ps, df, etc output to html, I already have the basic template, https://github.com/chilicuil/learn/blob/master/sh/tools/staticus , ideas and contributions welcome

                1. 1

                  Starting at a new job, learning as much mongodb as possible, this week probably reading the little mongodb book and the definitive guide by kristina chodorow, other resources are welcome

                  1. 5

                    What do people do with these when a website becomes compromised and they need ot change their password?

                    1. 1

                      they can use a suffix or prefix in the site name, eg;, twitter.com, twitter.com:1, twitter.com:2 …

                      1. 14

                        Sounds like state, to me!

                        1. 2

                          oneshallpass is the best implemention of this idea I’ve seen, so far. Yes, there’s state involved, but that state keeps track of options, and requirements for the site, only.

                          I think there’s an opportunity for the password requirements part to be put in a block chain of sorts and shared publicly. Then, the only state you’d need to store would be the generation, and the strength params of your generated password. It’d be pretty easy to encrypt this state with a key derived from the master password and add it to Dropbox so it’s readily available.

                          Of course, that leaves master password rotation, which, if you want something that supports that, you’re best bet is probably to use the master password to encrypt your state file, which has some strong pregenerated entropy that is actually used for your generating your passwords.

                          The state file has the potential to leak sites you have accounts on (since you need to store the generation with an identifier of some sort), but it’s unlikely to matter as you only need to store the generation after a site has been compromised (public information, usually), and if they get access to your encrypted state file, they’d have access to entropy your passwords are based on, or in the case that you don’t require master password rotation, the password that derived the key to open the prefs file (e.g. your master password).

                          So, stateless as a goal seems great, but totally impractical, from my perspective.

                          1. 1

                            How much would be lost in maintaining an unencrypted, publicely available, file that mapes twitter.com -> twitter.com:1 or similar? So the “name” you’ve given a website is publicly available people probably already know (or have a good idea) you’re using the domain name previously anyways, so perhaps not much is lost?

                            To me, all of this seems very similar to why I’m iffy on biometrics. I cannot change my fingerprints either so what happens when that technology gets compromised in some way? What are your thoughts on that?

                            1. 1

                              As with many systems involving keys, the more secret the keys, the better. If I know one input to the alogrithm, thats one less barrier to figuring out the password for the site. It’d still be very difficult, mind you.

                              This is different, imho, than biometrics, simply because twitter.com:1 is a convention. So long as the hash functions are not broken, and remain impossible to reverse at a cost that is worth the trouble, you can just evolve the twitter.com:1 to twitter.com:[32bit random] whenever twitter gets hacked, or you want to rotate your password. And, ultimately you have a failsafe–reset your passwords by changing your master key, or move on to a system with a different algorithm.

                              edit forgot that angle brackets dont display.

                    1. 3

                      I’m programming yet another stateless password generator, it’ll be based on scrypt[0] and double password hashing generation [1]

                      [0] http://www.tarsnap.com/scrypt.html

                      [1] http://www.cs.utexas.edu/~bwaters/publications/papers/www2005.pdf

                      1. 15

                        What follows is my own experience. There may be many paths to my current state of mind. I write it in case others may have use for it, but at no point do I consider that others must/should/can follow my path. It’s just an anecdote in a sea of endless anecdotes.

                        It’s tough. I’ve been “doing open source” since high school (well over ten years ago now). I’ve kept a pretty steady pace as I transitioned to undergraduate study, graduate study and now working full time. At many points in time—including now—this involved producing and/or maintaining code that others use. When you do it long enough, people start to file bug reports. People start to email you. Some of them get a little aggressive. Some of them act entitled. Some of them offer to pay me for my time to help them. Some of them “threaten” to use a different project. Some give you their cell phone number and expect you to call them. Others want you to come work for them—but to talk any further, they insist that I sign an NDA and are repulsed when I refuse. (OK, there was only one who did that.) My experience is that most folks though, are genuinely appreciative, well meaning and have no intention to make you feel guilty. (One was even kind enough to send a few of my favorite cigars my way!) I agree though, that it is hard to not feel guilty, because, well, there are people using and relying on your code, and you don’t want to let them down! It sucks to let people down.

                        My own personal way to deal with this is to adopt a perspective that enables me to continue doing what I enjoy: working with others on open source software. If piles of bug reports affected my emotional health, then doing what I enjoy would simply be unsustainable. If one writes and contributes to interesting projects, others will naturally flock to it. If others flocking to it causes one stress, then it is hard to persist in contributing to interesting projects! This is a dilemma, and the only way for me to fix it was to either quit or figure out how to not be stressed. Quitting sucks, but it’s a legitimate option because being constantly stressed out or feeling guilty all the time is just not a good way to go through life.

                        The perspective that I adopted is that I do not owe an obligation of any kind to any users of my code. It is out in the open, permissively licensed, ready and waiting for someone to do something with it. A pile of bug reports is unfortunate, but the software continues to work well for me and I don’t have the time or interest to improve it further. If a user needs a bug fixed, then they can either fork the code (or I’ve been known to just add them as a committer to the repo) and persist without me or find alternative software. And I’m okay with that. Completely and totally okay with it.

                        Of course, none of this precludes also endeavoring to help others use my code. I do my best. Just because I believe that I don’t owe an obligation to anyone doesn’t mean I don’t want to help others. I simply take the perspective that if I don’t get the time to do it, it’s okay. I’m not perfect, sometimes I neglect to do even the simplest of maintenance tasks and sometimes completely ignore even mostly trivial issues and PRs for months at a time. I don’t do it intentionally; I see the email come in, let it slip and then forget about it. That’s okay. Issues that could use a response from me exist right now, but they don’t weigh on mind because I don’t owe an obligation to users of my code.

                        Life is balancing act. I really love open source, but the only way for me to continue doing it was making my peace with the fact that I will not be able to help everyone use my code in a timely manner. I did just that and my quality of life improved significantly.

                        1. 9

                          Some of them “threaten” to use a different project

                          Haha, we get this regularly with Octave. People tell me how they’re going to use Matlab instead. Well, I am trying to help you not do that, but if I fail, threats are not going to help. Sorry Octave didn’t work for you buddy, but it’s not my fault!

                          The best thing we did to ease maintainer burden was to have a bug tracker. Before we had a bug mailing list (this started in the late 90’s), and that made project lead jwe very unhappy with the same symptoms of burnout everyone is experiencing. I emphatically agree with you that not giving a damn for failure of a free project is very important.

                          We put free code out there. We owe nothing to anyone.

                          1. 2

                            (One was even kind enough to send a few of my favorite cigars my way!)

                            Made me curious and I checked out your site… Liga Privada #9 is indeed a tasty cigar! I also like the Undercrown from Drew Estate, for a cheaper smoke or something to hand out to friends/family.

                            We should start a Lobsters cigar pass :)

                            1. 2

                              I had people buy me drinks at conferences a fair bit, but one of them went out of their way to bring me a bottle of wine from Argentina: https://twitter.com/technomancy/status/319667227936825344

                              Definitely a highlight of my free software career.

                              1. 2

                                Yup, the Undercrown is quite awesome. The Liga is a special occasion smoke. :-)

                              2. 2

                                Great approach to keeping your motivation high. I’m a user of software you’ve freely developed and shared and never once have I felt anything but gratitude for the effort you’ve put in.

                                1. 1

                                  The thing I would like to see on these kind of projects is a note in the README that you’re in low profile mode or looking for a co-mainteiner. Otherwise you’ll end spending other people time and that’s not cool either.

                                  1. 3

                                    If I remember to put the note there, then sure. Otherwise, the issue tracker that hasn’t been touched in a few years is a pretty strong signal.

                                1. 3

                                  My i3-wm setup, based in an Ubuntu respin I’ve been working for some months, minos

                                  firefox, urxvt, bash.

                                  1. 2

                                    The quick start instructions doesn’t seem really quick, in my system (ubuntu 12.04) it fails with the following:

                                    ~/Eve ~/Eve
                                    run.sh: line 11: npm: command not found
                                    run.sh: line 12: tsc: command not found
                                    ~/Eve
                                    ~/Eve ~/Eve
                                    run.sh: line 28: multirust: command not found
                                    run.sh: line 32: cargo: command not found
                                    ~/Eve
                                    

                                    Too many deps, I may try it on a weekend when a have a couple of free hours.

                                    1. 4

                                      Eve relies on TypeScript, Rust Nightly, and multirust.

                                      1. 3

                                        This has been fixed on master, it will properly error out. You still need to install tsc through npm and have multirust installed, but you at least get a nice message.

                                        1. 1

                                          I’ve taken a couple of hours from sleep and created a vagrant recipe:

                                          git clone --depth=1  https://github.com/chilicuil/eve-vagrant && cd eve-vagrant
                                          vagrant up #this may take a while
                                          xdg-open http://localhost:8080/editor
                                          

                                          The above uses a plain precise 32 box and install eve and its dependencies in the provisioning phase, I’ve also created a modified box (583MB) with eve dependencies hard-coded, which could serve better those who don’t have precise32.box anyway.

                                          git clone --depth=1  https://github.com/chilicuil/eve-vagrant && cd eve-vagrant/partial
                                          vagrant up #this may take a while but not as much as the above
                                          xdg-open http://localhost:8080/editor
                                          
                                        1. 3

                                          I’ll soon start a shared journey with a 12 years old and I think the get excited part is quite important, so I’m choosing processing[0] (for creating visual art applications quickly) and html + css.

                                          [0] https://processing.org/

                                          1. 1

                                            I’m migrating tpm plugins from bash to posix sh scripting, I plan to make it the default in a minimalist linux distribution I’m working on

                                            1. 1

                                              Currently reading The design and Implementation of the Anykernel and Rump kernels by Antti Kantee because the rump kernels took my attention for deploying bare minimal systems.