My name is Solène Rapenne. I like learning and sharing experiences about IT stuff. Hobbies: '(BSD OpenBSD h+ Lisp cmdline gaming internet-stuff Crossbow). I love % and lambda characters. OpenBSD developer solene@.

Contact : solene on Freenode or solene+www at dataswamp dot org

# Tor part 5: onioncat for IPv6 VPN over tor

Written by Solène, on 13 November 2018.
Tags: #tor #unix #network #openbsd64

This article is about a software named onioncat, it exists as package in most unix and linux systems. This software permit to create an IPv6 VPN over Tor. Allowing to being part of a whole network through Tor, with no restriction about the usage over the network on the VPN.

First, we need to install onioncat, on OpenBSD:

$pkg_add onioncat  Run a tor hidden service as explained in one of my previous article, and get the hostname value. If you run multiples hidden services, just pick one hostname. # cat /var/tor/ssh_hidden_service/hostname g6adq2w15j1eakzr.onion  Now that we have the hostname, we just need to run ocat. # ocat g6adq2w15j1eakzr.onion  If everything works as expected, a tun interface will be created. With a fe80:: IPv6 adddress assigned on it, and a fd87:: address. Your system is now reachable through its IPv6 address starting by fd87:: through Tor. It supports every protocol supported by IP. Instead of using torsocks wrapper and .onion hosntame, you can use the IPv6 address of the service with any software. # Moving away from Emacs, 130 days after Written by Solène, on 13 November 2018. Tags: #emacs It has been more than four months since I wrote my article about leaving Emacs. This article will quickly speak about my journey. First, I leaved Emacs successfully. Long story short, I like Emacs and think it’s a great piece of software, but I’m not comfortable being dependent of it for everthing I do. I choosed to replace all my Emacs usage by other software (agenda, notes taking , todo-list, irc client, jabber client, editor etc..). • agenda is not replaced by when (port productivity/when), but I plan to replace it by calendar(1) as it’s in base and that when doesn’t do much. • todo-list: I now use taskwarrior + a kanban board (using kanboard) for team work • notes: I wrote a small software named “notes” which is a wrapper for editing files and following edition using git. It’s available at git://bitreich.org/notes • irc: weechat (not better or worse than emacs circe) • jabber: profanity • editor: vim, ed or emacs, that depend what I do. Emacs is excellent for writing Lisp or Scheme code, while I prefer to use vim for most of edition task. I now use ed for small editions. I’m happy to have moved out from Emacs. # Fun tip #1: Apply a diff with ed Written by Solène, on 13 November 2018. Tags: #fun-tip #unix #openbsd64 I am starting a new kind of articles that I choosed to name it ”fun facts“. Thoses articles will be about one-liners which can have some kind of use, or that I find interesting from a technical point of view. While not useless, theses commands may be used in very specific cases. The first of its kind will explain how to programmaticaly use diff to modify file1 to file2, using a command line, and without a patch. First, create a file, with a small content for the example: $ printf "first line\nsecond line\nthird line\nfourth line with text\n" > file1
$cp file1{,.orig}$ printf "very first line\nsecond line\n third line\nfourth line\n" > file1


We will use diff(1) -e flag with the two files.

$diff -e file1 file1.orig 4c fourth line . 1c very first line .  The diff(1) output is batch of ed(1) commands, which will transform file1 into file2. This can be embedded into a script as in the following example. We also add w last commands to save the file after edition. #!/bin/sh ed file1 <<EOF 4c fourth line . 1c very first line . w EOF  This is a quite convenient way to transform a file into another file, without pushing the entire file. This can be used in a deployment script. This is more precise and less error prone than a sed command. In the same way, we can use ed to alter configuration file by writing instructions without using diff(1). The following script will change the whole first line containing “Port 22” into Port 2222 in /etc/ssh/sshd_config. #!/bin/sh ed sshd_config <<EOF /Port 22 c Port 2222 . w EOF  The sed(1) equivalent would be: sed 's/.*Port 22.*/Port 2222/' /etc/sshd/sshd_config  Both programs have their use, pros and cons. The most important is to use the right tool for the right job. # Play Stardew Valley on OpenBSD Written by Solène, on 09 November 2018. Tags: #games #openbsd64 It’s possible to play native Stardew Valley on OpenBSD, and it’s not using a weird trick! First, you need to buy Stardew Valley, it’s not very expensive and is often available at a lower price. I recommend to buy it on GOG. Now, follow the steps: 1. install packages unzip and fnaify 2. On GOG, download the linux installer 3. unzip the installer (use unzip command on the .sh file) 4. cd into data/noarch/game 5. fnaify StardewValley 6. ./StardewValley Enjoy! # Safely allow commands through SSH Written by Solène, on 08 November 2018. Tags: #ssh #security #openbsd64 #highlight sshd(8) has a very nice feature that is often overlooked. That feature is the ability to allow a ssh user to run a specified command and nothing else, not even a login shell. This is really easy to use and the magic happens in the file authorized_keys which can be used to restrict commands per public key. For example, if you want to allow someone to run the “uptime” command on your server, you can create a user account for that person, with no password so the password login will be disabled, and add his/her ssh public key in ~/.ssh/authorized_keys of that new user, with the following content. restrict,command="/usr/bin/uptime"ssh-rsa the_key_content_here  The user will not be able to log-in, and doing the command ssh remoteserver will return the output of uptime. There is no way to escape this. While running uptime is not really helpful, this can be used for a much more interesting use case, like allowing remote users to use vmctl without giving a shell account. The vmctl command requires parameters, the configuration will be slightly different. restrict,pty,command="/usr/sbin/vmctl$SSH_ORIGINAL_COMMAND" ssh-rsa the_key_content_here"


The variable SSH_ORIGINAL_COMMAND contains the value of what is passed as parameter to ssh. The pty keyword also make an appearance, that will be explained later.

If the user connects to ssh, vmctl with no parameter will be output.

$ssh remotehost usage: vmctl [-v] command [arg ...] vmctl console id vmctl create "path" [-b base] [-i disk] [-s size] vmctl load "path" vmctl log [verbose|brief] vmctl reload vmctl reset [all|vms|switches] vmctl show [id] vmctl start "name" [-Lc] [-b image] [-r image] [-m size] [-n switch] [-i count] [-d disk]* [-t name] vmctl status [id] vmctl stop [id|-a] [-fw] vmctl pause id vmctl unpause id vmctl send id vmctl receive id  If you pass parameters to ssh, it will be passed to vmctl. $ ssh remotehost show
ID   PID VCPUS  MAXMEM  CURMEM     TTY        OWNER NAME
1     -     1    1.0G       -       -       solene test
$ssh remotehost start test vmctl: started vm 1 successfully, tty /dev/ttyp9$ ssh -t remotehost console test


The ssh connections become a call to vmctl and ssh parameters become vmctl parameters.

Note that in the last example, I use “ssh -t”, this is so to force allocation of a pseudo tty device. This is required for vmctl console to get a fully working console. The keyword restrict does not allow pty allocation, that is why we have to add pty after restrict, to allow it.

# Tor part 4: run a relay

Written by Solène, on 08 November 2018.
Tags: #unix #tor

In this fourth Tor article, I will quickly cover how to run a Tor relay, the Tor project already have a very nice and up-to-date Guide for setting a relay. Those relays are what make Tor usable, with more relay, Tor gets more bandwidth and it makes you harder to trace, because that would mean more traffic to analyze.

A relay server can be an exit node, which will relay Tor traffic to the outside. This implies a lot of legal issues, the Tor project foundation offers to help you if your exit node gets you in trouble.

Remember that being an exit node is optional. Most relays are not exit nodes. They will either relay traffic between relays, or become a guard which is an entry point to the Tor network. The guard gets the request over non-tor network and send it to the next relay of the user circuit.

Running a relay requires a lot of CPU (capable of some crypto) and a huge amount of bandwidth. Running a relay requires at least a bandwidth of 10Mb/s, this is a minimal requirement. If you have less, you can still run a bridge with obfs4 but I won’t cover it here.

When running a relay, you will be able to set a daily/weekly/monthly traffic limit, so your relay will stop relaying when it reach the quota. It’s quiet useful if you don’t have unmetered bandwidth, you can also limit the bandwidth allowed to Tor.

To get real-time informations about your relay, the software Nyx (net/nyx) is a Tor top-like frontend which show Tor cpu usage, bandwidth, connections, log in real time.

The awesome Official Tor guide

# File versioning with rcs

Written by Solène, on 31 October 2018.
Tags: #openbsd64 #highlight #unix

In this article I will present you the rcs tools and we will use it for versioning files in /etc to track changes between editions. These tools are part of the OpenBSD base install.

## Prerequisites

You need to create a RCS folder where your files are, so the files versions will be saved in it. I will use /etc in the examples, you can adapt to your needs.

# cd /etc
# mkdir RCS


The following examples use the command ci -u. This will be explained later why so.

## Tracking a file

We need to add a file to the RCS directory so we can track its revisions. Each time we will proceed, we will create a new revision of the file which contain the whole file at that point of time. This will allow us to see changes between revisions, and the date of each revision (and some others informations).

I really recommend to track the files you edit in your system, or even configuration file in your user directory.

In next example, we will create the first revision of our file with ci, and we will have to write some message about it, like what is doing that file. Once we write the message, we need to validate with a single dot on the line.

# cd /etc
# ci -u fstab
fstab,v  <--  fstab
enter description, terminated with single '.' or end of file:
NOTE: This is NOT the log message!
>> this is the /etc/fstab file
>> .
initial revision: 1.1
done


## Editing a file

The process of edition has multiples steps, using ci and co:

1. checkout the file and lock it, this will make the file available for writing and will prevent using co on it again (due to lock)
2. edit the file
3. commit the new file + checkout

When using ci to store the new revision, we need to write a small message, try to use something clear and short. The log messages can be seen in the file history, that should help you to know which change has been made and why. The full process is done in the following example.

# co -l fstab
RCS/fstab,v  -->  fstab
revision 1.1 (locked)
done
# echo "something wrong" >> fstab
# ci -u fstab
RCS/fstab,v  <--  fstab
new revision: 1.4; previous revision: 1.3
enter log message, terminated with a single '.' or end of file:
>> I added a mistake on purpose!
>> .
revision 1.4 (unlocked)
done


## View changes since last version

Using previous example, we will use rcsdiff to check the changes since the last version.

# co -l fstab
RCS/fstab,v  -->  fstab
revision 1.1 (locked)
done
# echo "something wrong" >> fstab
# rcsdiff -u fstab
--- fstab   2018/10/28 14:28:29 1.1
+++ fstab   2018/10/28 14:30:41
@@ -9,3 +9,4 @@
52fdd1ce48744600.j /usr/src ffs rw,nodev,nosuid 1 2
52fdd1ce48744600.e /var ffs rw,nodev,nosuid 1 2
52fdd1ce48744600.m /data ffs rw,dev,wxallowed,nosuid 1 2
+something wrong


The -u flag is so to produce an unified diff, which I find easier to read. Lines with + shows additions, and lines with - show deletions (there are none in the example).

## Use of ci -i

The examples were using ci -u this is because, if you use ci some_file, the file will be saved in the RCS folder but will be missing in its place. You should use co some_file to get it back (in read-only).

# co -l fstab
RCS/fstab,v  -->  fstab
revision 1.1 (locked)
done
# echo "something wrong" >> fstab
# ci -u fstab
RCS/fstab,v  <--  fstab
new revision: 1.4; previous revision: 1.3
enter log message, terminated with a single '.' or end of file:
>> I added a mistake on purpose!
>> .
done
# ls fstab
ls: fstab: No such file or directory
# co fstab
RCS/fstab,v  -->  fstab
revision 1.5
done
# ls fstab
fstab


Using ci -u is very convenient because it prevent the user to forget to checkout the file after commiting the changes.

## Show existing revisions of a file

# rlog fstab
RCS file: RCS/fstab,v
Working file: fstab
branch:
locks: strict
access list:
symbolic names:
keyword substitution: kv
total revisions: 2;     selected revisions: 2
description:
new file
----------------------------
revision 1.2
date: 2018/10/28 14:45:34;  author: solene;  state: Exp;  lines: +1 -0;
----------------------------
revision 1.1
date: 2018/10/28 14:45:18;  author: solene;  state: Exp;
Initial revision
=============================================================================


We have revisions 1.1 and 1.2, if we want to display the file in its 1.1 revision, we can use the following command:

# co -p1.1 fstab
RCS/fstab,v  -->  standard output
revision 1.1
52fdd1ce48744600.b none swap sw
52fdd1ce48744600.a / ffs rw 1 1
52fdd1ce48744600.l /home ffs rw,nodev,nosuid 1 2
52fdd1ce48744600.d /tmp ffs rw,nodev,nosuid 1 2
52fdd1ce48744600.f /usr ffs rw,nodev 1 2
52fdd1ce48744600.g /usr/X11R6 ffs rw,nodev 1 2
52fdd1ce48744600.h /usr/local ffs rw,wxallowed,nodev 1 2
52fdd1ce48744600.k /usr/obj ffs rw,nodev,nosuid 1 2
52fdd1ce48744600.j /usr/src ffs rw,nodev,nosuid 1 2
52fdd1ce48744600.e /var ffs rw,nodev,nosuid 1 2
52fdd1ce48744600.m /data ffs rw,dev,wxallowed,nosuid 1 2
done


Note that there is no space between the flag and the revision! This is required.

We can see that the command did output some extra informations about the file and “done” at the end of the file. Thoses extra informations are sent to stderr while the actual file content is sent to stdout. That mean if we redirect stdout to a file, we will get the file content.

# co -p1.1 fstab > a_file
RCS/fstab,v  -->  standard output
revision 1.1
done
# cat a_file
52fdd1ce48744600.b none swap sw
52fdd1ce48744600.a / ffs rw 1 1
52fdd1ce48744600.l /home ffs rw,nodev,nosuid 1 2
52fdd1ce48744600.d /tmp ffs rw,nodev,nosuid 1 2
52fdd1ce48744600.f /usr ffs rw,nodev 1 2
52fdd1ce48744600.g /usr/X11R6 ffs rw,nodev 1 2
52fdd1ce48744600.h /usr/local ffs rw,wxallowed,nodev 1 2
52fdd1ce48744600.k /usr/obj ffs rw,nodev,nosuid 1 2
52fdd1ce48744600.j /usr/src ffs rw,nodev,nosuid 1 2
52fdd1ce48744600.e /var ffs rw,nodev,nosuid 1 2
52fdd1ce48744600.m /data ffs rw,dev,wxallowed,nosuid 1 2


## Show a diff of a file since a revision

We can use rcsdiff using -r flag to tell it to show the changes between last and one specific revision.

# rcsdiff -u -r1.1 fstab
--- fstab   2018/10/29 14:45:18 1.1
+++ fstab   2018/10/29 14:45:34
@@ -9,3 +9,4 @@
52fdd1ce48744600.j /usr/src ffs rw,nodev,nosuid 1 2
52fdd1ce48744600.e /var ffs rw,nodev,nosuid 1 2
52fdd1ce48744600.m /data ffs rw,dev,wxallowed,nosuid 1 2
+something wrong


# Configure OpenSMTPD to relay on a network

Written by Solène, on 29 October 2018.
Tags: #openbsd64 #highlight #opensmtpd

With the new OpenSMTPD syntax change which landed with OpenBSD 6.4 release, changes are needed for making opensmtpd to act as a lan relay to a smtp server. This case wasn’t covered in my previous article about opensmtpd, I was only writing about relaying from the local machine, not for a network. Mike (a reader of the blog) shared that it would be nice to have an article about it. Here it is! :)

A simple configuration would look like the following:

listen on em0
listen on lo0

table aliases db:/etc/mail/aliases.db
table secrets db:/etc/mail/secrets.db

action "local" mbox alias <aliases>
action "relay" relay host smtps://myrelay@remote-smtpd.tld auth <secrets>

match for local action "local"
match from any for any action "relay"


The daemon will listen on em0 interface, and mail delivered from the network will be relayed to remote-smtpd.tld.

For a relay using authentication, the login and passwords must be defined in the file /etc/mail/secrets like this: myrelay login:Pa$$W0rd smtpd.conf(5) explains creation of /etc/mail/secrets like this: touch /etc/mail/secrets chmod 640 /etc/mail/secrets chown root:_smtpd /etc/mail/secrets  # Tor part 3: Tor Browser Written by Solène, on 24 October 2018. Tags: #openbsd64 #openbsd #unix #tor In this third Tor article, we will discover the web browser Tor Browser. The Tor Browser is an official Tor project. It is a modified Firefox, including some defaults settings changes and some extensions. The default changes are all related to privacy and anonymity. It has been made to be easy to browse the Internet through Tor without leaving behing any information which could help identify you, because there are much more informations than your public IP address which could be used against you. It requires tor daemon to be installed and running, as I covered in my first Tor article. Using it is really straightforward. #### How to install tor-browser  pkg_add tor-browser  #### How to start tor-browser  tor-browser  It will create a ~/TorBrowser-Data folder at launch. You can remove it as you want, it doesn’t contain anything sensitive but is required for it to work. # Show OpenSMTPD queue and force sending queued mails Written by Solène, on 24 October 2018. Tags: #opensmtpd #highlight #openbsd64 #openbsd If you are using opensmtpd on a device not always connected on the internet, you may want to see what mail did not go, and force it to be delivered NOW when you are finally connected to the Internet. We can use smtpctl to show the current queue.  doas smtpctl show queue 1de69809e7a84423|local|mta|auth|so@tld|dest@tld|dest@tld|1540362112|1540362112|0|2|pending|406|No MX found for domain  The previous command will report nothing if the queue is empty. In the previous output, we see that there is one mail from me to dest@tld which is pending due to “NO MX found for domain” (which is normal as I had no internet when I sent the mail). We need to extract the first field, which is 1de69809e7a84423 in the current example. In order to tell opensmtpd to deliver it now, we will use the following command:  doas smtpctl schedule 1de69809e7a84423 1 envelope scheduled  doas smtpctl show queue  My mail was delivered, it’s not in the queue anymore. If you wish to deliver all enveloppes in the queue, this is as simple as:  doas smtpctl schedule all  # New cl-yag version Written by Solène, on 12 October 2018. Tags: #cl-yag #unix My website/gopherhole static generator cl-yag has been updated today, and see its first release! New feature added today is that the gopher output now supports an index menu of tags, and a menu for each tags displaying articles tagged by that tag. The gopher output was a bit of a second class citizen before this, only listing articles. New release v1.00 can be downloaded here (sha512 sum 53839dfb52544c3ac0a3ca78d12161fee9bff628036d8e8d3f54c11e479b3a8c5effe17dd3f21cf6ae4249c61bfbc8585b1aa5b928581a6b257b268f66630819). Code can be cloned with git: git://bitreich.org/cl-yag # Tor part 2: hidden service Written by Solène, on 11 October 2018. Tags: #openbsd64 #openbsd #unix #tor #security In this second Tor article, I will present an interesting Tor feature named hidden service. The principle of this hidden service is to make available a network service from anywhere, with only prerequisites that the computer must be powered on, tor not blocked and it has network access. This service will be available through an address not disclosing anything about the server internet provider or its IP, instead, a hostname ending by .onion will be provided by tor for connecting. This hidden service will be only accessible through Tor. There are a few advantages of using hidden services: • privacy, hostname doesn’t contain any hint • security, secure access to a remote service not using SSL/TLS • no need for running some kind of dynamic dns updater The drawback is that it’s quite slow and it only work for TCP services. From here, we assume that Tor is installed and working. Running an hidden service require to modify the Tor daemon configuration file, located in /etc/tor/torrc on OpenBSD. Add the following lines in the configuration file to enable a hidden service for SSH: HiddenServiceDir /var/tor/ssh_service HiddenServicePort 22 127.0.0.1:22  The directory /var/tor/ssh_service will be be created. The directory /var/tor is owned by user _tor and not readable by other users. The hidden service directory can be named as you want, but it should be owned by user _tor with restricted permissions. Tor daemon will take care at creating the directory with correct permissions once you reload it. Now you can reload the tor daemon to make the hidden service available.  doas rcctl reload tor  In the /var/tor/ssh_service directory, two files are created. What we want is the content of the file hostname which contains the hostname to reach our hidden service.  doas cat /var/tor/ssh_service/hostname piosdnzecmbijclc.onion  Now, we can use the following command to connect to the hidden service from anywhere.  torsocks ssh piosdnzecmbijclc.onion  In Tor network, this feature doesn’t use an exit node. Hidden services can be used for various services like http, imap, ssh, gopher etc… Using hidden service isn’t illegal nor it makes the computer to relay tor network, as previously, just check if you can use Tor on your network. Note: it is possible to have a version 3 .onion address which will prevent hostname collapsing, but this produce very long hostnames. This can be done like in the following example: HiddenServiceDir /var/tor/ssh_service HiddenServicePort 22 127.0.0.1:22 HiddenServiceVersion 3  This will produce a really long hostname like tgoyfyp023zikceql5njds65ryzvwei5xvzyeubu2i6am5r5uzxfscad.onion If you want to have the short and long hostnames, you need to specify twice the hidden service, with differents folders. Take care, if you run a ssh service on your website and using this same ssh daemon on the hidden service, the host keys will be the same, implying that someone could theoricaly associate both and know that this public IP runs this hidden service, breaking anonymity. # Tor part 1: how-to use Tor Written by Solène, on 10 October 2018. Tags: #openbsd64 #openbsd #unix #tor #security Tor is a network service allowing to hide your traffic. People sniffing your network will not be able to know what server you reach and people on the remote side (like the administrator of a web service) will not know where you are from. Tor helps keeping your anonymity and privacy. To make it quick, tor make use of an entry point that you reach directly, then servers acting as relay not able to decrypt the data relayed, and up to an exit node which will do the real request for you, and the network response will do the opposite way. You can find more details on the Tor project homepage. Installing tor is really easy on OpenBSD. We need to install it, and start its daemon. The daemon will listen by default on localhost on port 9050. On others systems, it may be quite similar, install the tor package and enable the daemon if not enabled by default. # pkg_add tor # rcctl enable tor # rcctl start tor  Now, you can use your favorite program, look at the proxy settings and choose “SOCKS” proxy, v5 if possible (it manage the DNS queries) and use the default address: 127.0.0.1 with port 9050. If you need to use tor with a program that doesn’t support setting a SOCKS proxy, it’s still possible to use torsocks to wrap it, that will work with most programs. It is very easy to use. # pkg_add torsocks  torsocks ssh remoteserver  This will make ssh going through tor network. Using tor won’t make you relaying anything, and is legal in most countries. Tor is like a VPN, some countries has laws about VPN, check for your country laws if you plan to use tor. Also, note that using tor may be forbidden in some networks (companies, schools etc..) because this allows to escape filtering which may be against some kind of “Agreement usage” of the network. I will cover later the relaying part, which can lead to legal uncertainty. Note: as torsocks is a bit of a hack, because it uses LD_PRELOAD to wrap network system calls, there is a way to do it more cleanly with ssh (or any program supporting a custom command for initialize the connection) using netcat. ssh -o ProxyCommand='/usr/bin/nc -X 5 -x 127.0.0.1:9050 %h %p' address.onion  This can be simplified by adding the following lines to your ~/.ssh/config file, in order to automatically use the proxy command when you connect to a .onion hostname: Host *.onion ProxyCommand='/usr/bin/nc -X 5 -x 127.0.0.1:9050 %h %p'  This netcat command is tested under OpenBSD, there are differents netcat implementations, the flags may be differents or may not even exist. # Add an new OpenBSD partition from unused space Written by Solène, on 20 September 2018. Tags: #openbsd64 #openbsd #highlight The default OpenBSD partition layout uses a pre-defined template. If you have a disk more than 356 GB you will have unused space with the default layout (346 GB before 6.4). It’s possible to create a new partition to use that space if you did not modify the default layout at installation. You only need to start disklabel with flag -E* and type a to add a partition, default will use all remaining space for the partition. # disklabel -E sd0 Label editor (enter '?' for help at any prompt) > a partition: [m] offset: [741349952] size: [258863586] FS type: [4.2BSD] > w > q No label changes.  The new partition here is m. We can format it with: # newfs /dev/rsd0m  Then, you should add it to your /etc/fstab, for that, use the same uuid as for other partitions, it would look something like 52fdd1ce48744600 52fdd1ce48744600.e /data ffs rw,nodev,nosuid 1 2  It will be auto mounted at boot, you only need to create the folder /data. Now you can do # mkdir /data # mount /data  and /data is usable right now. You can read disklabel(8) and newfs for more informations. # Display the size of installed packages ordered by size Written by Solène, on 11 September 2018. Tags: #openbsd64 #openbsd #highlight Simple command line to display your installed packages listed by size from smallest to biggest. pkg_info -sa | paste - - - - | sort -n -k 5  Thanks to sthen@ for the command, I was previously using one involving awk which was less readable. paste is often forgotten, it has very specifics uses which can’t be mimic easily with other tools, its purpose is to joins multiples lines into one with some specific rules. You can easily modify the output to convert the size from bytes to megabytes with awk: pkg_info -sa | paste - - - - | sort -n -k 5 | awk '{ NF=NF/1024/1024 ; print }'  This divides the last element (using space separator) of each line twice by 1024 and displays the line. # News about the blog Written by Solène, on 11 September 2018. Tags: #highlight Today I will write about my blog itself. While I started it as my own documentation for some specific things I always forget about (like “How to add a route through a specific interface on FreeBSD”) or to publish my dot files, I enjoyed it and wanted to share about some specific topics. Then I started the “port of the week” things, but as time goes, I find less of those software and so I don’t have anything to write about. Then, as I run multiples servers, sometimes when I feel that the way I did something is clean and useful, I share it here, as it is a reminder for me I also write it to be helpful for others. Doing things right is time consuming, but I always want to deliver a polished write. In my opinion, doing things right includes the following: • explain why something is needed • explain code examples • give hints about potential traps • where to look for official documentation • provide environment informations like the operating system version used at the writing time • make the reader to think and get inspired instead of providing a material ready to be copy / pasted brainlessly I try to keep as much as possible close to those guidelines. I even update from time to time my previous articles to check it still works on the latest operating system version, so the content is still relevant. And until it’s not updated, having the system version let the reader think about “oh, it may have changed” (or not, but it becomes the reader problem). Now, I want to share about some OpenBSD specifics features, in a way to highlight features. In OpenBSD everything is documented correctly, but as a Human, one can’t read and understand every man page to know what is possible. Here come the highlighting articles, trying to show features, how to use it and where they are documented. I hope you, reader, like what I write. I am writing here since two years and I still like it. # Manage ”nice” priority of daemons on OpenBSD Written by Solène, on 11 September 2018. Tags: #openbsd64 #openbsd #highlight Following a discussion on the OpenBSD mailing list misc, today I will write about how to manage the priority (as in nice priority) of your daemons or services. In man page rc(8), one can read: Before init(8) starts rc, it sets the process priority, umask, and resource limits according to the “daemon” login class as described in login.conf(5). It then starts rc and attempts to execute the sequence of commands therein.  Using /etc/login.conf we can manage some limits for services and daemon, using their rc script name. For example, to make jenkins at lowest priority (so it doesn’t make troubles if it builds), using this line will set it to nice 20. jenkins:priority=20  If you have a file /etc/login.conf.db you have to update it from /etc/login.conf using the software cap_mkdb. This creates a hashed database for faster information retrieval when this file is big. By default, that file doesn’t exist and you don’t have to run cap_mkdb. See login.conf(5) for more informations. # Configuration of OpenSMTPD to relay mails to outbound smtp server Written by Solène, on 06 September 2018. Tags: #openbsd64 #openbsd #opensmtpd #highlight In this article I will show how to configure OpenSMTPD, the default mail server on OpenBSD, to relay mail sent locally to your smtp server. In pratice, this allows to send mail through “localhost” by the right relay, so it makes also possible to send mail even if your computer isn’t connected to the internet. Once connected, opensmtpd will send the mails. All you need to understand the configuration and write your own one is in the man page smtpd.conf(5). This is only a highlight on was it possible and how to achieve it. In OpenBSD 6.4 release, the configuration of opensmtpd changed drasticaly, now you have to defines rules and action to do when a mail match the rules, and you have to define those actions. In the following example, we will see two kinds of relay, the first is through smtp over the Internet, it’s the most likely you will want to setup. And the other one is how to relay to a remote server not allowing relaying from outside. /etc/mail/smtpd.conf table aliases file:/etc/mail/aliases table secrets file:/etc/mail/secrets listen on lo0 action "local" mbox alias <aliases> action "relay" relay action "myserver" relay host smtps://myrelay@perso.pw auth <secrets> action "openbsd" relay host localhost:2525 match mail-from "@perso.pw" for any action "myserver" match mail-from "@openbsd.org" for any action "openbsd" match for local action "local" match for any action "relay"  I defined 2 actions, one from “myserver”, it has a label “myrelay” and we use auth <secrets> to tell opensmtpd it needs authentication. The other action is “openbsd”, it will only relay to localhost on port 2525. To use them, I define 2 matching rules of the very same kind. If the mail that I want to send match the @domain-name, then choose relay “myserver” or “openbsd”. The “openbsd” relay is only available when I create a SSH tunnel, binding the local port 25 of the remote server to my port 2525, with flags -L 2525:127.0.0.1:25. For a relay using authentication, the login and passwords must be defined in the file /etc/mail/secrets like this: myrelay login:Pa$$W0rd

smtpd.conf(5) explains creation of /etc/mail/secrets like this:

touch /etc/mail/secrets
chmod 640 /etc/mail/secrets
chown root:_smtpd /etc/mail/secrets


Now, restarts your server. Then if you need to send mails, just use “mail” command or localhost as a smtp server. Depending on your From address, a different relay will be used.

Deliveries can be checked in /var/log/maillog log file.

### See mails in queue

doas smtpctl show queue


### Try to deliver now

doas smtpctl schedule all


# Automatic switch wifi/ethernet on OpenBSD

Written by Solène, on 30 August 2018.
Tags: #openbsd64 #openbsd #network #highlight

Today I will cover a specific topic on OpenBSD networking. If you are using a laptop, you may switch from ethernet to wireless network from time to time. There is a simple way to keep the network instead of having to disconnect / reconnect everytime.

It’s possible to aggregate your wireless and ethernet devices into one trunk pseudo device in failover mode, which give ethernet the priority if connected.

To achieve this, it’s quite simple. If you have devices em0 and iwm0 create the following files.

/etc/hostname.em0

up


/etc/hostname.iwm0

join "office_network"  wpakey "mypassword"
join "my_home_network" wpakey "9charshere"
join "roaming phone"   wpakey "something"
join "Public Wifi"
up


/etc/hostname.trunk0

trunkproto failover trunkport em0 trunkport iwm0
dhcp


As you can see in the wireless device configuration we can specify multiples network to join, it is a new feature that will be available from 6.4 release.

You can enable the new configuration by running sh /etc/netstart as root.

This setup is explained in trunk(4) man page and in the OpenBSD FAQ as well.

# Presenting drist at BitreichCON 2018

Written by Solène, on 21 August 2018.
Tags: #unix

Still about bitreich conference 2018, I’ve been presenting drist, an utility for server deployment (like salt/puppet/ansible…) that I wrote.

drist makes deployments easy to understand and easy to extend. Basically, it has 3 steps:

1. copying a local file tree on the remote server (for deploying files)
2. delete files on the remote server if they are present in a local tree
3. execute a script on the remote server

Each step is run if the according file/folder exists, and for each step, it’s possible to have a general / per-host setup.

How to fetch drist

git clone git://bitreich.org/drist


It was my very first talk in english, please be indulgent.

Plain text slides (tgz)

MP3 of the talk

Bitreich community is reachable on gopher at gopher://bitreich.org

# Presenting Reed-alert at BitreichCON 2018

Written by Solène, on 20 August 2018.
Tags: #unix

As the author of reed-alert monitoring tool I have been speaking about my software at the bitreich conference 2018.

For the quick intro, reed-alert is a software to get notified when something is wrong on your server, it’s fully customizable and really easy-to-use.

git clone git://bitreich.org/reed-alert


It was my very first talk in english, please be indulgent.

Plain text slides (tgz)

MP3 of the talk

Bitreich community is reachable on gopher at gopher://bitreich.org

# Generate qrcode using command line

Written by Solène, on 14 July 2018.
Tags: #unix

If you need to generate a QR picture using command line tool. I would recommend libqrencode.

qrencode -o file.png 'some text'


It’s also possible to display the QR code inside the terminal with the following command.

qrencode -t ANSI256 'some text'


Official qrencode website

# Tmux mastery

Written by Solène, on 05 July 2018.
Tags: #unix #shell

Tips for using Tmux more efficiently

### Enter in copy mode

By default Tmux uses the emacs key-bindings, to make a selection you need to enter in copy-mode by pressing Ctrl+b and then [ with Ctrl+b being the tmux prefix key, if you changed it then do the replacement while reading.

If you need to quit the copy-mode, type Ctrl+C.

### Make a selection

While in copy-mode, selects your start or ending position for your selection and then press Ctrl+Space to start the selection. Now, move your cursor to select the text and press Ctrl+w to validate.

### Paste a selection

When you want to paste your selection, press Ctrl+b ] (you should not be in copy-mode for this!).

### Make a rectangle selection

If you want to make a rectangular selection, press Ctrl+space to start and immediately, press R (capitalized R), then move your cursor and validate with Ctrl+w.

### Output the buffer to X buffer

Make a selection to put the content in tmux buffer, then type

tmux save-buffer - | xclip


You may want to look at xclip (it’s a package) man page.

### Output the buffer to a file

tmux save-buffer file


### Load a file into buffer

It’s possible to load the content of a file inside the buffer for pasting it somewhere.

tmux load-buffer file


You can also load into the buffer the output of a command, using a pipe and - as a file like in this example:

echo 'something very interesting' | tmux load-buffer -


### Display the battery percentage in the status bar

If you want to display your battery percentage and update it every 40 seconds, you can add two following lines in ~/.tmux.conf:

set status-interval 40
set -g status-right "#[fg=colour155]#(apm -l)%% | #[fg=colour45]%d %b %R"


This example works on OpenBSD using apm command. You can reuse this example to display others informations.

# Writing an article using mdoc format

Written by Solène, on 03 July 2018.
Tags: #unix

I never wrote a man page. I already had to read at the source of a man page, but I was barely understand what happened there. As I like having fun and discovering new things (people call me a Hipster since last days days ;-) ).

I modified cl-yag (the website generator used for this website) to be only produced by mdoc files. The output was not very cool as it has too many html items (classes, attributes, tags etc…). The result wasn’t that bad but it looked like concatenated man pages.

I actually enjoyed playing with mdoc format (the man page format on OpenBSD, I don’t know if it’s used somewhere else). While it’s pretty verbose, it allows to separate the formatting from the paragraphs. As I’m playing with ed editor last days, it is easier to have an article written with small pieces of lines rather than a big paragraph including the formatting.

Finally I succeded at writing a command line which produced an usable html output to use it as a converter in cl-yag. Now, I’ll be able to write my articles in the mdoc format if I want :D (which is fun). The convert command is really ugly but it actually works, as you can see if you read this.

cat data/%IN  | mandoc -T markdown | sed -e '1,2d' -e '$d' | multimarkdown -t html -o %OUT  The trick here was to use markdown as an convert format between mdoc to html. As markdown is very weak compared to html (in possibilities), it will only use simple tags for formatting the html output. The sed command is needed to delete the mandoc output with the man page title at the top, and the operating system at the bottom. By having played with this, writing a man page is less obscure to me and I have a new unusual format to use for writing my articles. Maybe unusual for this use case, but still very powerful! # Trying to move away from emacs Written by Solène, on 03 July 2018. Tags: #unix #emacs Hello Today I will write about my current process of trying to get rid of emacs. I use it extensively with org-mode for taking notes and making them into a agenda/todo-list, this helped me a lot to remember tasks to do and what people told to me. I also use it for editing of course, any kind of text or source code. This is usually the editor I use for writing the blog articles that you can read here. This one is written using ed. I also read my emails in emacs with mu4e (which last version doesn’t work anymore on powerpc due to a c++14 feature used and no compiler available on powerpc to compile it…). While I like Emacs, I never liked to use one big tool for everything. My current quest is to look for a portable and efficient way to replace differents emacs parts. I will not stop using Emacs if the replacements are not good enough to do the job. So, I identified my Emacs uses: • todo-list / agenda / taking notes • writing code (perl, C, php, Common LISP) • IRC • mails • writing texts • playing chess by mail • jabber client I will try for each topic to identify alternatives and challenge them to Emacs. ## Todo-list / Agenda / Notes taking This is the most important part of my emacs use and it is the one I would really like to get out of Emacs. What I need is: writing quickly a task, add a deadline to it, add explanations or a description to it, be able to add sub-tasks for a task and be able to display it correctly (like in order of deadline with days / hours before deadline). I am trying to convert my current todo-list to taskwarrior, the learning curve is not easy but after spending one hour playing with it while reading the man page, I have understood enough to replace org-mode with it. I do not know if it will be as good as org-mode but only time will let us know. By the way, I found vit, a ncurses front-end for taskwarrior. ## Writing code Actually Emacs is a good editor. It supports syntax coloring, can evaluates regions of code (depend of the language), the editor is nice etc… I discovered jed which is a emacs-like editor written in C+libslang, it’s stable and light while providing more features than mg editor (available in OpenBSD base installation). While I am currently playing with ed for some reasons (I will certainly write about it), I am not sure I could use it for writing a software from scratch. ## IRC There are lots of differents IRC clients around, I just need to pick up one. ## Mails I really enjoy using mu4e, I can find my mails easily with it, the query system is very powerful and interesting. I don’t know what I could use to replace it. I have been using alpine some times ago, and I tried mutt before mu4e and I did not like it. I have heard about some tools to manage a maildir folder using unix commands, maybe I should try this one. I did not any searches on this topic at the moment. ## Writing text For writing plain text like my articles or for using$EDITOR for differents tasks, I think that ed will do the job perfectly :-) There is ONE feature I really like in Emacs but I think it’s really easy to recreate with a script, the function bind on M-q to wrap a text to the correct column numbers!

Update: meanwhile I wrote a little perl script using Text::Wrap module available in base Perl. It wraps to 70 columns. It could be extended to fill blanks or add a character for the first line of a paragraph.

#!/usr/bin/env perl
use strict;use warnings;
use Text::Wrap qw(wrap $columns); open IN, '<'.$ARGV[0];
$columns = 70; my @file = <IN>; print wrap("","",@file);  This script does not modify the file itself though. Some people pointed me that Perl was too much for this task. I have been told about Groff or Par to format my files. Finally, I found a very BARE way to handle this. As I write my text with ed, I added an new alias named “ruled” with spawn ed with a prompt of 70 characters #, so I have a rule each time ed displays its prompt!!! :D It looks like this for the last paragraph: ###################################################################### c been told about Groff or Par to format my files. Finally, I found a very **BARE** way to handle this. As I write my text with ed, I added an new alias named "ruled" with spawn ed with a prompt of 70 characters #, so I have a rule each time ed displays its prompt!!! :D . ###################################################################### w  Obviously, this way to proceed only works when writing the content at first. If I need to edit a paragraph, I will need a tool to format correctly my document again. ## Jabber client Using jabber inside Emacs is not a very good experience. I switched to profanity (featured some times ago on this blog). ## Playing Chess Well, I stopped playing chess by mails, I am still waiting for my recipient to play his turn since two years now. We were exchanging the notation of the whole play in each mail, by adding our turn each time, I was doing the rendering in Emacs, but I do not remember exactly why but I had problems with this (replaying the string). # Easy encrypted backups on OpenBSD with base tools Written by Solène, on 26 June 2018. Tags: #unix #openbsd64 #openbsd # Old article Hello, it turned out that this article is obsolete. The security used in is not safe at all so the goal of this backup system isn’t achievable, thus it should not be used and I need another backup system. One of the most important feature of dump for me was to keep track of the inodes numbers. A solution is to save the list of the inodes numbers and their path in a file before doing a backup. This can be achieved with the following command. doas ncheck -f "\I \P\n" /var  If you need a backup tool, I would recommend the following: # Duplicity It supports remote backend like ftp/sftp which is quite convenient as you don’t need any configuration on this other side. It supports compression and incremental backup. I think it has some GUI tools available. # Restic It supports remote backend like cloud storage provider or sftp, it doesn’t require any special tool on the remote side. It supports deduplication of the files and is able to manage multiples hosts in the same repository, this mean that if you backup multiple computers, the deduplication will work across them. This is the only backup software I know allowing this (I do not count backuppc which I find really unusable). # Borg It supports remote backend like ssh only if borg is installed on the other side. It supports compression and deduplication but it is not possible to save multiples hosts inside the same repository without doing a lot of hacks (which I won’t recommend). # Change default application for xdg-open Written by Solène, on 25 June 2018. Tags: #unix I write it as a note for me and if it can helps some other people, it’s fine. To change the program used by xdg-open for opening some kind of file, it’s not that hard. First, check the type of the file: $ xdg-mime query filetype file.pdf
application/pdf


Then, choose the right tool for handling this type:

$xdg-mime default mupdf.desktop application/pdf  Honestly, having firefox opening PDF files with GIMP IS NOT FUN. # OpenBSD as an IPv6 router Written by Solène, on 06 June 2018. Tags: #openbsd63 #openbsd #network Yesterday I subscribed to a VPN service from the french association Grifon (Grifon website[FR] | gopher://grifon.fr) to get an IPv6 access to the world and play with IPv6. I will not talk about the VPN service in this article, it would be pointless. So, I have an IPv6 prefix of 48 bytes which mean I can have a lot of addresses (I did some maths and found 655362 addresses but I am not sure about this). Now, I would like my computer connected through the VPN to let others computers in my network to have IPv6 connectivity. On OpenBSD, this only requires a few services, if you want to provide IPv6 to Windows devices on your network, you will need one more. First, configure IPv6 on your lan # ifconfig em0 inet6 autoconf  that’s all, you can add a new line “inet6 autoconf” to your file /etc/hostname.if to get it at boot. Now, we have to allow IPv6 to be routed through the differents interfaces of the router. # sysctl net.inet6.ip6.forwarding=1  This change can be made persistent across reboot by adding net.inet6.ip6.forwarding=1 to the file /etc/sysctl.conf. Now we have to configure the daemon rtadvd to advertise the we are routing, devices on the network should be able to get an IPv6 address from its advertisement. The minimal configuration of /etc/rtadvd.conf is the following: em0:\ :addr="2a00:5414:7311::":prefixlen#48:  In this configuration file, you have to type your IPv6 prefix in the addr field, and the prefix length in prefixlen. Others attributes could provide DNS servers to use for example. Then enable the service at boot and start it: # rcctl enable rtadvd # rcctl set rtadvd flags em0 # rcctl start rtadvd  ### Tweaking resolv.conf By default OpenBSD will ask for IPv4 when resolving a hostname (see syslog.conf(5) for more explanations). So, you will never have IPv6 traffic until you use a software which will request explicit IPv6 connection or that the hostname is only defined with a AAAA field. # echo "family inet6 inet" >> /etc/resolv.conf.tail  The file resolv.conf.tail is appended at the end of resolv.conf when dhclient modifies the file resolv.conf. ### Microsoft Windows If you have Windows systems on your network, they won’t get addresses from rtadvd. You will need to deploy dhcpv6 daemon. The configuration file for what we want to achieve here is pretty simple, it consists of telling what range we want to allow on DHCPv6 and a DNS server. Create the file /etc/dhcp6s.conf: interface em0 { address-pool pool1 3600; }; pool pool1 { range 2a00:5414:7311:1111::1000 to 2a00:5414:7311:1111::4000; }; option domain-name-servers 2001:db8::35;  Note that I added “1111” into the range because it should not be on the same network than the router. Now, you have to install and configure the service: # pkg_add wide-dhcpv6 # echo SOME_RANDOM_CHARACTERS | openssl enc -base64 > /etc/dhcp6sctlkey # chmod 400 /etc/dhcp6sctlkey # echo "dhcp6s -c /etc/dhcp6s.conf em0" >> /etc/rc.local  The openbsd package wide-dhcpv6 doesn’t provide a rc file to start/stop the service so it must be started from a command line, a way to do it is to type the command in /etc/rc.local which is run at boot. The openssl part is mandatory for dhcpv6 to start, it requires a base64 string as a secret key in the file /etc/dhcp6sctlkey. # Share a tmux session with someone with tmate Written by Solène, on 01 June 2018. Tags: #unix New port of the week, and it’s about tmate. If you ever wanted to share a terminal with someone without opening a remote access to your computer, tmate is the right tool for this. Once started, tmate will create a new tmux instance connected through the tmate public server, by typing tmate show-messages you will get url for read-only or read-write links to share with someone, by ssh or web browser. Don’t forget to type clear to hide url after typing show-messages, otherwise viewing people will have access to the write url (and it’s not something you want). If you don’t like the need of a third party, you can setup your own server, but we won’t cover this in this article. When you want to end the share, you just need to exit the tmux opened by tmate. If you want to install it on OpenBSD, just type pkg_add tmate and you are done. I think it’s available on most unix systems. There is no much more to say about it, it’s great, simple, work out-of-the-box with no configuration needed. # Deploying cron programmaticaly the unix way Written by Solène, on 31 May 2018. Tags: #unix Here is a little script to automatize in some way your crontab deployment when you don’t want to use a configuration tool like ansible/salt/puppet etc… The script works this way: ./install_cron crontab_solene  with crontab_solene file being an actual crontab correct, which could looks like this: ## TAG ## MAILTO="" */5 * * * * ( cd ~/dev/reed-alert && ecl --load check.lisp ) */10 * * * * /usr/local/bin/r2e run 1 * * * * vacuumdb -azf -U postgres ## END_TAG ##  Then it will include the file into my current user crontab, the TAG in the file is here to be able to remove it and replace it later with the new version. The script could be easily modified to support the tag name as parameter, if you have multiple deploymenets using the same user on the same machine. #!/bin/sh if [ -z "$1" ]; then
echo "Usage: $0 user_crontab_file" exit 1 fi VALIDATION=0 grep "^## TAG ##$" "$1" >/dev/null VALIDATION=$?
grep "^## END_TAG ##$" "$1" >/dev/null
VALIDATION=$(( VALIDATION +$? ))

if [ "$VALIDATION" -ne 0 ] then echo "file ./${1} needs \"## TAG ##\" and \"## END_TAG ##\" to be used"
exit 2
fi

crontab -l | \
awk '{ if($0=="## TAG ##") { hide=1 }; if(hide==0) { print } ; if($0=="## END_TAG ##") { hide=0 }; }' | \
cat - "${1}" | \ crontab -  # Mount a folder on another folder Written by Solène, on 22 May 2018. Tags: #openbsd64 #openbsd This article will explain quickly how to bind a folder to access it from another path. It can be useful to give access to a specific folder from a chroot without moving or duplicating the data into the chroot. Real world example: “I want to be able to access my 100GB folder /home/my_data/ from my httpd web server chrooted in /var/www/”. The trick on OpenBSD is to use NFS on localhost. It’s pretty simple. # rcctl enable portmap nfsd mountd # echo "/home/my_data -network=127.0.0.0 -mask=255.255.255.0" > /etc/exports # rcctl start portmap nfsd mountd  The order is really important. You can check that the folder is available through NFS with the following command: $ showmount -e
Exports list on localhost:
/home/my_data               loopback


If you don’t have any line after “Exports list on localhost:”, you should kill mountd with pkill -9 mountd and start mountd again. I experienced it twice when starting all the daemons from the same commands but I’m not able to reproduce it. By the way, mountd only supports reload.

If you modify /etc/exports, you only need to reload mountd using rcctl reload mountd.

Once you have check that everything was alright, you can mount the exported folder on another folder with the command:

# mount localhost:/home/my_data /var/www/htdocs/my_data


You can add -ro parameter in the /etc/exports file on the export line if you want it to be read-only where you mount it.

Note: On FreeBSD/DragonflyBSD, you can use mount_nullfs /from /to, there is no need to setup a local NFS server. And on Linux you can use mount --bind /from /to and some others ways that I won’t cover here.

# Faster SSH with multiplexing

Written by Solène, on 22 May 2018.
Tags: #unix #ssh

I discovered today an OpenSSH feature which doesn’t seem to be widely known. The feature is called multiplexing and consists of reusing an opened ssh connection to a server when you want to open another one. This leads to faster connection establishment and less processes running.

To reuse an opened connection, we need to use the ControlMaster option, which requires ControlPath to be set. We will also set ControlPersist for convenience.

• ControlMaster defines if we create, or use or nothing about multiplexing
• ControlPath defines where to store the socket to reuse an opened connection, this should be a path only available to your user.
• ControlPersist defines how much time to wait before closing a ssh connection multiplexer after all connection using it are closed. By default it’s “no” and once you drop all connections the multiplexer stops.

I choosed to use the following parameters into my ~/.ssh/config file:

Host *
ControlMaster auto
ControlPath ~/.ssh/sessions/%h%p%r.sock
ControlPersist 60


This requires to have ~/.ssh/sessions/ folder restricted to my user only. You can create it with the following command:

install -d -m 700 ~/.ssh/sessions


(you can also do mkdir ~/.ssh/sessions && chmod 700 ~/.ssh/sessions but this requires two commands)

The ControlPath variable will creates sessions with the name “${hostname}${port}${user}.sock”, so it will be unique per remote server. Finally, I choose to use ControlPersist to 60 seconds, so if I logout from a remote server, I still have 60 seconds to reconnect to it instantly. Don’t forget that if for some reason the ssh channel handling the multiplexing dies, all the ssh connections using it will die with it. ## Benefits with ProxyJump Another ssh feature that is very useful is ProxyJump, it’s really useful to access ssh hosts which are not directly available from your current place. Like servers with no public ssh server available. For my job, I have a lot of servers not facing the internet, and I can still connect to them using one of my public facing server which will relay my ssh connection to the destination. Using the ControlMaster feature, the ssh relay server doesn’t have to handle lot of connections anymore, but only one. In my ~/.ssh/config file: Host *.private.lan ProxyJump public-server.com  Those two lines allow me to connect to every servers with .private.lan domains (which is known by my local DNS server) by typing ssh some-machine.private.lan. This will establish a connection to public-server.com and then connects to the next server. # Sending mail with mu4e Written by Solène, on 22 May 2018. Tags: #unix #emacs In my article about mu4e I said that I would write about sending mails with it. This will be the topic covered in this article. There are a lot of ways to send mails with a lot of differents use cases. I will only cover a few of them, the documentation of mu4e and emacs are both very good, I will only give hints about some interestings setups. I would thank Raphael who made me curious about differents ways of sending mails from mu4e and who pointed out some mu4e features I wasn’t aware of. ## Send mails through your local server The easiest way is to send mails through your local mail server (which should be OpenSMTPD by default if you are running OpenBSD). This only requires the following line to works in your ~/.emacs file: (setq message-send-mail-function 'sendmail-send-it)  Basically, it would be only relayed to the recipient if your local mail is well configured, which is not the case for most servers. This requires a reverse DNS address correctly configured (assuming a static IP address), a SPF record in your DNS and a DKIM signing for outgoing mail. This is the minimum to be accepted to others SMTP servers. Usually people send mails from their personal computer and not from the mail server. ### Configure OpenSMTPD to relay to another smtp server We can bypass this problem by configuring our local SMTP server to relay our mails sent locally to another SMTP server using credentials for authentication. This is pretty easy to set-up, by using the following /etc/mail/smtpd.conf configuration, just replace remoteserver by your server. table aliases file:/etc/mail/aliases table secrets file:/etc/mail/secrets listen on lo0 accept for local alias <aliases> deliver to mbox accept for any relay via secure+auth://label@remoteserver:465 auth <secrets>  You will have to create the file /etc/mail/secrets and add your credentials for authentication on the SMTP server. From smtpd.conf(5) man page, as root: # touch /etc/mail/secrets # chmod 640 /etc/mail/secrets # chown root:_smtpd /etc/mail/secrets # echo "label username:password" > /etc/mail/secrets  Then, all mail sent from your computer will be relayed through your mail server. With ’sendmail-send-it, emacs will delivered the mail to your local server which will relay it to the outgoing SMTP server. ## SMTP through SSH One setup I like and I use is to relay the mails directly to the outgoing SMTP server, this requires no authentication except a SSH access to the remote server. It requires the following emacs configuration in ~/.emacs: (setq message-send-mail-function 'smtpmail-send-it smtpmail-smtp-server "localhost" smtpmail-smtp-service 2525)  The configuration tells emacs to connect to the SMTP server on localhost port 2525 to send the mails. Of course, no mail daemon runs on this port on the local machine, it requires the following ssh command to be able to send mails. $ ssh -N -L 127.0.0.1:2525:127.0.0.1:25 remoteserver


This will bind the port 127.0.0.1:25 from the remote server point of view on your address 127.0.0.1:2525 from your computer point of view.

Your mail server should accept deliveries from local users of course.

## SMTP authentication from emacs

It’s also possible to send mails from emacs using a regular smtp authentication directly from emacs. It is boring to setup, it requires putting credentials into a file named ~/.authinfo that it’s possible to encrypt using GPG but then it requires a wrapper to load it. It also requires to setup correctly the SMTP authentication. There are plenty of examples for this on the Internet, I don’t want to cover it.

## Queuing mails for sending it later

Mu4e supports a very nice feature which is mail queueing from smtpmail emacs client. To enable it, it requires two easy steps:

In ~/.emacs:

(setq
smtpmail-queue-mail t
smtpmail-queue-dir "~/Mail/queue/cur")


$mu mkdir ~/Mail/queue$ touch ~/Mail/queue/.noindex


Then, mu4e will be aware of the queueing, in the home screen of mu4e, you will be able to switch from queuing to direct sending by pressing m and flushing the queue by pressing f.

Note: there is a bug (not sure it’s really a bug). When sending a mail into the queue, if your mail contains special characters, you will be asked to send it raw or to add a header containing the encoding.

# Autoscrolling text for lazy reading

Written by Solène, on 17 May 2018.
Tags: #unix

Today I found a software named Lazyread which can read and display file an autoscroll at a chosen speed. I had to read its source code to make it work, the documentation isn’t very helpful, it doesn’t read ebooks (as in epub or mobi format) and doesn’t support stdin… This software requires some C code + a shell wrapper to works, it’s complicated for only scrolling.

So, after thinking a few minutes, the autoscroll can be reproduced easily with a very simple awk command. Of course, it will not have the interactive keys like lazyread to increase/decrease speed or some others options, but the most important part is there: autoscrolling.

If you want to read a file with a rate of 1 line per 700 millisecond, just type the following command:

awk '{system("sleep 0.7");print}' file


Do you want to read an html file (documentation file on the disk or from the web), you can use lynx or w3m to convert the html file on the fly to a readable text and pass it to awk stdin.

w3m -dump doc/slsh/slshfun-2.html | awk '{system("sleep 0.7");print}'
lynx -dump doc/slsh/slshfun-2.html | awk '{system("sleep 0.7");print}'
w3m -dump https://dataswamp.org/~solene/ | awk '{system("sleep 0.7");print}'


Maybe you want to read a man page?

man awk | awk '{system("sleep 0.7");print}'


If you want to pause the reading, you can use the true unix way, Ctrl+Z to send a signal which will stop the command and let it paused in background. You can resume the reading by typing fg.

One could easily write a little script parsing parameters for setting the speed or handling files or url with the correct command.

Notes: If for some reasons you try to use lazyread, fix the shebang in the file lesspipe.sh and you will need to call lazyread binary with the environment variable LESSOPEN="|./lesspipe.sh %s" (the path of the script if needed). Without this variable, you will have a very helpful error “file not found”.

# Port of the week: Sent

Written by Solène, on 15 May 2018.
Tags: #unix

As the new port of the week, We will discover Sent. While we could think it is mail related, it is not. Sent is a nice software to make presentations from a simple text file. It has been developped by Suckless, a hacker community enjoying writing good software while keeping a small and sane source code, they also made software like st, dwm, slock, surf…

Sent is about simplicity. I will reuse a part of the example file which is also the documentation of the tool.

usage:
$sent FILE1 [FILE2 …] ▸ one slide per paragraph ▸ lines starting with # are ignored ▸ image slide: paragraph containing @FILENAME ▸ empty slide: just use a \ as a paragraph @nyan.png this text will not be displayed, since the @ at the start of the first line makes this paragraph an image slide.  The previous text, saved into a file and used with sent will open a fullscreen window containg three “slides”. Each slide will resize the text to maximize the display usage, this mean the font size will change on each slide. It is really easy to use. To display next slide, you have the choice between pressing space, right arrow, return or clicking any button. Pressing left arrow will go back. If you want to install it on OpenBSD: pkg_add sent, the package comes from the port misc/sent. Be careful, Sent does not produce any file, you will need it for the presentation! Suckless sent website # Use ramdisk on /tmp on OpenBSD Written by Solène, on 08 May 2018. Tags: #openbsd64 #openbsd If you have enough memory on your system and that you can afford to use a few hundred megabytes to store temporary files, you may want to mount a mfs filesystem on /tmp. That will help saving your SSD drive, and if you use an old hard drive or a memory stick, that will reduce your disk load and improve performances. You may also want to mount a ramdisk on others mount points like ~/.cache/ or a database for some reason, but I will just explain how to achieve this for /tmp with is a very common use case. First, you may have heard about tmpfs, but it has been disabled in OpenBSD years ago because it wasn’t stable enough and nobody fixed it. So, OpenBSD has a special filesystem named mfs, which is a FFS filesystem on a reserved memory space. When you mount a mfs filesystem, the size of the partition is reserved and can’t be used for anything else (tmpfs, as the same on Linux, doesn’t reserve the memory). Add the following line in /etc/fstab (following fstab(5)): swap /tmp mfs rw,nodev,nosuid,-s=300m 0 0  The permissions of the mountpoint /tmp should be fixed before mounting it, meaning that the ==/tmp== folder on ==/== partition should be changed to 1777: # umount /tmp # chmod 1777 /tmp # mount /tmp  This is required because mount_mfs inherits permissions from the mountpoint. # Mounting remote samba share through SSH tunnel Written by Solène, on 04 May 2018. Tags: #unix If for some reason you need to access a Samba share outside of the network, it is possible to access it through ssh and mount the share on your local computer. Using the ssh command as root is required because you will bind local port 139 which is reserved for root: # ssh -L 139:127.0.0.1:139 user@remote-server -N  Then you can mount the share as usual but using localhost instead of remote-server. Example of a mount element for usmb <mount id="public" credentials="me"> <server>127.0.0.1</server> <!--server>192.168.12.4</server--> <share>public</share> <mountpoint>/mnt/share</mountpoint> <options>allow_other,uid=1000</options> </mount>  As a reminder, <!--tag>foobar</tag--> is a XML comment. # Extract files from winmail.dat Written by Solène, on 02 May 2018. Tags: #unix #email If you ever receive a mail with an attachment named “winmail.dat” then may be disappointed. It is a special format used by Microsoft Exchange, it contains the files attached to the mail and need some software to extract them. Hopefully, there is a little and effecient utility named “tnef” to extract the files. Install it: pkg_add tnef List files: tnef -t winmail.dat Extract files: tnef winmail.dat That’s all ! # Port of the week: ledger Written by Solène, on 02 May 2018. Tags: #unix In this post I will do a short presentation of the port productivity/ledger, an very powerful command line accounting software, using plain text as back-end. Writing on it is not an easy task, I will use a real life workflow of my usage as material, even if my use is special. As I said before, Ledger is very powerful. It can helps you manage your bank accounts, bills, rents, shares and others things. It uses a double entry system which means each time you add an operation (withdraw, paycheck, …) , this entry will also have to contain the current state of the account after the operation. This will be checked by ledger by recalculating every operations made since it has been initialized with a custom amount as a start. Ledger can also tracks categories where you spend money or statistics about your payment method (check, credit card, bank transfer, money…). As I am not an english native speaker and that I don’t work in banks or related, I am not very familiar with accounting words in english, it makes me very hard to understand all ledger keywords, but I found a special use case for accounting things and not money which is really practical. My special use case is that I work from home for a company working in a remote location. From time to time, I take the train to the to the office, the full travel is [home] → [underground A] → [train] → [underground B] → [office] [office] → [underground B] → [train] → [underground A] → [home]  It means I need to buy tickets for both underground A and underground B system, and I want to track tickets I use for going to work. I buy the tickets 10 by 10 but sometimes I use it for my personal use or sometimes I give a ticket to someone. So I need to keep track of my tickets to know when I can give a bill to my work for being refunded. Practical example: I buy 10 tickets of A, I use 2 tickets at day 1. On day 2, I give 1 ticket to someone and I use 2 tickets in the day for personal use. It means I still have 5 tickets in my bag but, from my work office point of view, I should still have 8 tickets. This is what I am tracking with ledger. 2018/02/01 * tickets stock Initialization + go to work Tickets:inv 10 City_A Tickets:inv 10 City_B Tickets:inv -2 City_A Tickets:inv -2 City_B Tickets 2018/02/08 * Work Tickets:inv -2 City_A Tickets:inv -2 City_B Tickets 2018/02/15 * Work + Datacenter access through underground Tickets:inv -4 City_B Tickets:inv -2 City_A Tickets  At the point, running ledger -f tickets.dat balance Tickets shows my tickets remaining: 4 City_A 2 City_B Tickets:inv  Will add another entry which requires me to buy tickets: 2018/02/22 * Work + Datacenter access through underground Tickets:inv -4 City_B Tickets:inv -2 City_A Tickets:inv 10 City_B Tickets  Now, running ledger -f tickets.dat balance Tickets shows my tickets remaining: 2 City_A 8 City_B Tickets:inv  I hope that the example was clear enought and interesting. There is a big tutorial document available on the ledger homepage, I recommend to read it before using ledger, it contains real world examples with accounting. Homepage link # Port of the week: dnstop Written by Solène, on 18 April 2018. Tags: #unix Dnstop is an interactive console application to watch in realtime the DNS queries going through a network interface. It currently only supports UDP DNS requests, the man page says that TCP isn’t supported. It has a lot of parameters and keybinding for the interactive use To install it on OpenBSD: doas pkg_add dnstop We will start dnstop on the wifi interface using a depth of 4 for the domain names: as root type dnstop -l 4 iwm0 and then press ‘3’ to display up to 3 sublevel, the -l 4 parameter means we want to know domains with a depth of 4, it means that if a request for the domain my.very.little.fqdn.com. happens, it will be truncated as very.little.fqdn.com. If you press ‘2’ in the interactive display, the earlier name will be counted in the line fqdn.com’. Example of output: Queries: 0 new, 6 total Tue Apr 17 07:17:25 2018 Query Name Count % cum% --------------- --------- ------ ------ perso.pw 3 50.0 50.0 foo.bar 1 16.7 66.7 hello.mydns.com 1 16.7 83.3 mydns.com.lan 1 16.7 100.0  If you want to use it, read the man page first, it has a lot of parameters and can filters using specific expressions. # How to read a epub book in a terminal Written by Solène, on 17 April 2018. Tags: #unix If you ever had to read an ebook in a epub format, you may have find yourself stumbling on Calibre software. Personally, I don’t enjoy reading a book in Calibre at all. Choice is important and it seems that Calibre is the only choice for this task. But, as the epub format is very simple, it’s possible to easily read it with any web browser even w3m or lynx. With a few commands, you can easily find xhtml files that can be opened with a web browser, an epub file is a zip containing mostly xhtml, css and images files. The xhtml files have links to CSS and images contained in others folders unzipped. In the following commands, I prefer to copy the file in a new directory because when you will unzip it, it will create folder in your current working directory. $ mkdir /tmp/myebook/
$cd /tmp/myebook$ cp ~/book.epub .
$unzip book.epub$ cd OPS/xhtml
$ls *xhtml  I tried with differents epub files, in most case you should find a lot of files named chapters-XX.xhtml with XX being 01, 02, 03 and so forth. Just open the files in the correct order with a web browser aka “html viewer”. # Port of the week: tig Written by Solène, on 10 April 2018. Tags: #unix #git Today we will discover the software named tig whose name stands for Text-mode Interface for Git. To install it on OpenBSD: pkg_add tig Tig is a light and easy to use terminal application to browse a git repository in an interactive manner. To use it, just ‘cd’ into a git repository on your filesystem and type tig. You will get the list of all the commits, with the author and the date. By pressing “Enter” key on a commit, you will get the diff. Tig also displays branching and merging in a graphical way. Tig has some parameters, one I like a lot if blame which is used like this: tig blame afile. Tig will show the file content and will display for each line to date of last commit, it’s author and the small identifier of the commit. With this function, it gets really easy to find who modified a line or when it was modified. Tig has a lot of others possibilities, you can discover them in its man pages. # Unofficial OpenBSD FAQ Written by Solène, on 16 March 2018. Tags: #openbsd64 #openbsd Frequently asked questions (with answers) on #openbsd IRC channel Please read the official OpenBSD FAQ I am writing this to answer questions asked too many times. If some answers get good enough, maybe we could try to merge it in the OpenBSD FAQ if the topic isn’t covered. If the topic is covered, then a link to the official FAQ should be used. If you want to participate, you can fetch the page using gopher protocol and send me a diff: $ printf '/~solene/article-openbsd-faq.txt\r\n' | nc dataswamp.org 70 > faq.md


## OpenBSD features / not features

Here is a list for newcomers to tell what is and what is not OpenBSD

• Packet Filter : super awesome firewall

• Sane defaults : you install, it works, no tweak

• Stability : upgrades go smooth and are easy

• pledge and unveil : security features to reduce privileges of software, lots of ports are patched

• W^X security

• Has only FFS file system which is slow and has no “feature”

• No wine for windows compatibility

• No linux compatibility

• No bluetooth support

• No usb3 full speed performance

• Only in-house VMM for being a VM host, only supports OpenBSD and some Linux

• Poor fuse support (it crashes quite often)

• No nvidia support (nvidia’s fault)

• No container / docker / jails

## Does OpenBSD has a Code Of Conduct?

No and there is no known plan of having one.

This is a topic upsetting OpenBSD people, just don’t ask about it and send patches.

## What is the OpenBSD release process?

OpenBSD FAQ official information

The last two releases are called “-release” and are officially supported (patches for security issues are provided).

-stable version is the latest release with the base system patches applied, the -stable ports tree has some patches backported from -current, mainly to fix security issues. Official packages are not built for -stable. You have to build them yourself or install them using a third party service like M:Tier

## What is -current?

It’s the development version with latest packages and latest code. You shouldn’t use it only to get latest package versions.

## How do I install -current ?

• download the latest snapshot install .iso or .fs file from your favorite mirror under /snapshots/ directory
• boot from it

## How do I upgrade to -current

• verify its checksum and signature using signify and SHA256.sig file
• rename the old ramdisk kernel as /bsd.rd.old just in case
• copy the ramdisk kernel in its place - /bsd.rd
• reboot
• type “boot bsd.rd” at bootloader prompt
• reboot after the upgrade process

## How do I update packages on my release version ?

Packages are frozen at the release and not updated.

Written by Solène, on 17 January 2018.
Tags: #unix #lisp

## Description

reed-alert is not a monitoring tool producing graph or storing values. It does a job sysadmins are looking for because there are no alternative product (the alternatives comes from a very huge infrastructure like Zabbix so it’s not comparable).

From its configuration file, reed-alert will check various states and then, if it fails, will trigger a command to send a notification (totally user-defined).

## Fetch it

This is a open-source and free software released under MIT license, you can install it with the following command:

# git clone git://bitreich.org/reed-alert
# make
# doas make install


This will install a script reed-alert in /usr/local/bin/ with the default Makefile variables. It will try to use ecl and then sbcl if ecl is not installed.

A README file is available as documentation to describe how to use it, but we will see here how to get started quickly.

You will find a few files there, reed-alert is a Common LISP software and it has been choosed for (I hope) good reasons that the configuration file is plain Common LISP.

There is a config file looking like a real world example named config.lisp.sample and another configuration file I use for testing named example.lisp containing lot of cases.

## Let’s start

In order to use reed-alert we only need to create a new configuration file and then add a cron job.

### Configuration

We are going to see how to configure reed-alert. You can find more explanations or details in the README file.

We have to configure two kind of parameters, first we need to set-up a way to receive alerts, easiest way to do so is by sending a mail with “mail” command. Alerts are declared with the function alert and as parameters the alert name and the command to be executed. Some variables are replaced with values from the probe, in the README file you can find the list of probes, it looks like %date% or %params%.

In Common LISP functions are called by using a parenthesis before its name and until the parenthesis is closed, we are giving its parameters.

Example:

(alert mail "echo 'problem on %hostname%' | mail me@example.com")


One should take care about nesting quotes here.

reed-alert will fork a shell to start the command, so pipes and redirections works. You can be creative when writing alerts that:

• use a SMS service
• write a script to post on a forum
• publishing a file on a server
• send text to irc with ii client

#### Checks

Now we have some alerts, we will configure some checks in order to make reed-alert useful. It uses probes which are pre-defined checks with parameters, a probe could be “has this file not been updated since N minutes ?” or “Is the disk space usage of partition X more than Y ?”

I choosed to name the function “=>” to make a check, it isn’t a name and reminds an item or something going forward. Both previous example using our previous mail notifier would look like:

(=> mail file-updated :path "/program/file.generated" :limit "10")
(=> mail disk-usage   :limit 90)


It’s also possible to use shell commands and check the return code using the command probe, allowing the user to define useful checks.

(=> mail command :command "echo '/is-this-gopher-server-up?' | nc -w 3 dataswamp.org 70"
:desc "dataswamp.org gopher server")


We use echo + netcat to check if a connection to a socket works. The :desc keyword will give a nicer name in the output instead of just “COMMAND”.

#### Garniture

We wrote the minimum required to configure reed-alert, now the configuration file requires only two more lines, so your my-config.lisp file should looks like the following:

(load "functions.lisp")
(alert mail "echo 'problem on %hostname%' | mail me@example.com")
(=> mail file-updated :path "/program/file.generated" :limit "10")
(=> mail disk-usage   :limit 90)
(quit)


The first line is mandatory to make things working, the last line will prevent the lisp interpreter to stay in REPL (user interactive input).

Now, you can start it every 5 minutes from a crontab with this:

*/5 * * * * ( reed-alert /path/to/my-config.lisp )


If you prefer to use ecl:

*/5 * * * * ( reed-alert /path/to/my-config.lisp )


The time between each run is up to you, depending on what you monitor.

#### Important

By default, when a check returns a failure, reed-alert will only trigger the notifier associated once it reach the 3rd failure. And then, will notify again when the service is back (the variable %state% is replaced by start or end to know if it starts or stops.)

This is to prevent reed-alert to send a notification each time it checks, there is absolutely no need for this for most users.

The number of failures before triggering can be modified by using the keyword “:try” as in the following example:

(=> mail disk-usage :limit 90 :try 1)


In this case, you will get notified at the first failure of it.

The number of failures of failed checks is stored in files (1 per check) in the “states/” directory of reed-alert working directory.

# New cl-yag version

Written by Solène, on 16 December 2017.
Tags: #unix #cl-yag

## Introduction

cl-yag is a static website generator. It's a software used to publish a website and/or a gopher hole from a list of articles. As the developer of cl-yag I'm happy to announce that a new version has been released.

## New features

The new version, with its number 0.6, bring lot of new features :

• supporting different markup language per article
• date format configurable
• gopher output format configurable
• ship with the default theme "clyma", minimalist but responsive (the one used on this website)
• easier to use
• full user documentation

The code is available at git://bitreich.org/cl-yag, the program requires sbcl or ecl to work.

### Per article markup language

The best feature I'm proud of is allowing to use a different language per article. While on my blog I choosed to use markdown, it's sometimes not adapted for more elaborated articles like the one about LISP containing code which was written in org-mode then converted to markdown manually to fit to cl-yag. Now, the user can declare a named "converter" which is a command line with pattern replacement, to produce the html file. We can imagine a lot of things with this, even producing a gallery with find + awk command. Now, I can use markdown by default and specify if I want to use org-mode or something else.

This is the way to declare a converter, taking org-mode as example, which is not very simple, because of emacs not being script friendly :

(converter :name :org-mode  :extension ".org"
:command (concatenate 'string
"emacs data/%IN --batch --eval '(with-temp-buffer (org-mode) "
"(insert-file \"%IN\") (org-html-export-as-html nil nil nil t)"
"(princ (buffer-string)))' --kill | tee %OUT"))


And an easy way to produce a gallery with awk from a .txt file containing a list of images path.

(converter :name :gallery :extension ".txt"
:command (concatenate 'string
"awk 'BEGIN { print \"<div class=\\\"gallery\\\">\"} "
"{ print \"<img src=\\\"static/images/\"$1\"\\\" />\" } " " END { print \"</div>\"} data/%IN | tee %OUT"))  The concatenate function is only used to improve the presentation, to split the command in multiples lines and make it easier to read. It's possible to write all the command in one line. The patterns %IN and %OUT are replaced by the input file name and the output file name when the command is executed. For an easier example, the default markdown converter looks like this, calling multimarkdown command : (converter :name :markdown :extension ".md" :command "multimarkdown -t html -o %OUT data/%IN")  It's really easy (I hope !) to add new converters you need with this feature. ### Date format configurable One problem I had with cl-yag is that it's plain vanilla Common LISP without libraries, so it's easier to fetch and use but it lacks some elaborated libraries like one to parse date and format a date. Before this release, I was writing in plain text "14 December 2017" in the date field of a blog post. It was easy to use, but not really usable in the RSS feed in the pubDate attribute, and if I wanted to change the display of the date for some reason, I would have to rewrite everything. Now, the date is simply in the format "YYYYMMDD" like "20171231" for the 31rd December 2017. And in the configuration variable, there is a :date-format keyword to define the date display. This variable is a string allowing pattern replacement of the following variables : %DayNumber day of the month in number, from 1 to 31 %DayName day of the week, from Monday to Sunday, names are written in english in the source code and can be translated %MonthNumber month in number, from 1 to 12 %MonthName month name, from January to December, names are written in english in the source code and can be translated %Year year Currently, as the time of writing, I use the value "%DayNumber %MonthName %Year" A :gopher-format keyword exist in the configuration file to configure the date format in the gopher export. It can be different from the html one. ### More Gopher configuration There are cases where the gopher server use an unusual syntax compared to most of the servers. I wanted to make it configurable, so the user could easily use cl-yag without having to mess with the code. I provide the default for geomyidae and in comments another syntax is available. There is also a configurable value to indicates where to store the gopher page menu, it's not always gophermap, it could be index.gph or whatever you need. ### Easier to use A comparison of code will make it easier to understand. There was a little change the way blog posts are declared : From (defparameter *articles* (list (list :id "third-article" :title "My third article" :tag "me" :date "20171205") (list :id "second-article" :title "Another article" :tag "me" :date "20171204") (list :id "first-article" :title "My first article" :tag "me" :date "20171201") ))  to (post :id "third-article" :title "My third article" :tag "me" :date "20171205") (post :id "second-article" :title "Another article" :tag "me" :date "20171204") (post :id "first-article" :title "My first article" :tag "me" :date "20171201")  Each post are independtly declared and I plan to add a "page" function to create static pages, but this is going to be for the next version ! ## Future work I am very happy to hack on cl-yag, I want to continue improving it but I should really think about each feature I want to add. I want to keep it really simple even if it limits the features. I want to allow the creation of static pages like "About me", "Legal" or "websites I liked" that integrates well in the template. The user may not want all the static pages links to go at the same place in the template, or use the same template. I'm thinking about this. Also, I think the gopher generation could be improved, but I still have no idea how. Others themes may come in the default configuration, allowing the user to have a choice between themes. But as for now, I don't plan to bring a theme using javascript. # How to merge changes with git when you are a noob Written by Solène, on 13 December 2017. Tags: #git I’m very noob with git and I always screw everything when someone clone one of my repo, contributes and asks me to merge the changes. Now I found an easy way to merge commits from another repository. Here is a simple way to handle this. We will get changes from project1_modified to merge it into our project1 repository. This is not the fastest way or maybe not the optimal way, but I found it to work reliabily. $ cd /path/to/projects
$git clone git://remote/project1_modified$ cd my_project1
$git checkout master$ git remote add modified ../project1_modified/
$git remote update$ git checkout -b new_code
$git merge modified/master$ git checkout master
$git merge new_code$ git branch -d new_code


This process will makes you download the repository of the people who contributed to the code, then you add it as a remote sources into your project, you create a new branch where you will do the merge, if something is wrong you will be able to manage conflicts easily. Once you tried the code and you are fine, you need to merge this branch to master and then, when you are done, you can delete the branch.

If later you need to get new commits from the other repo, it become easier.

$cd /path/to/projects$ cd project1_modified
$git pull$ cd ../my_project1
$git pull modified$ git merge modified/master


And you are done !

# How to type using only one hand: keyboard mirroring

Written by Solène, on 12 December 2017.
Tags: #unix

Hello

Today is a bit special because I’m writing with a mirror keyboard layout. I use only half my keyboard to type all characters. To make things harder, the layout is qwerty while I use azerty usually (I’m used to qwerty but it doesn’t help).

Here, “caps lock” is a modifier key that must be pressed to obtain characters of the other side. As a mirror, one will find ‘p’ instead of ‘q’ or ‘h’ instead of ‘g’ while pressing caps lock.

It’s even possible to type backspace to delete characters or to achieve a newline. All the punctuation isn’t available throught this, only ‘.<|¦>’",’.

While I type this I get a bit faster and it become more and more easier. It’s definitely worth if you can’t use hands two.

This a been made possible by Randall Munroe. To enable it just download the file Here and type

xkbcomp mirrorlayout.kbd $DISPLAY  backspace is use with tilde and return with space, using the modifier of course. I’ve spent approximately 15 minutes writing this, but the time spent hasn’t been linear, it’s much more fluent now ! Mirrorboard: A one-handed keyboard layout for the lazy by Randall Munroe # Showing some Common Lisp features Written by Solène, on 05 December 2017. Tags: #lisp # Introduction: comparing LISP to Perl and Python We will refer to Common LISP as CL in the following article. I wrote it to share what I like about CL. I’m using Perl to compare CL features. I am using real world cases for the average programmer. If you are a CL or perl expert, you may say that some example could be rewritten with very specific syntax to make it smaller or faster, but the point here is to show usual and readable examples for usual programmers. This article is aimed at people with programming interest, some basis of programming knowledge are needed to understand the following. If you know how to read C, Php, Python or Perl it should be enough. Examples have been choosed to be easy. I thank my friend killruana for his contribution as he wrote the python code. ## Variables ### Scope: global Common Lisp code (defparameter *variable* "value")  Defining a variable with defparameter on top-level (= outside of a function) will make it global. It is common to surround the name of global variables with \* character in CL code. This is only for readability for the programmer, the use of \* has no incidence. Perl code my$variable = "value";


Python code

variable = "value";


### Scope: local

This is where it begins interesting in CL. Declaring a local variable with let create a new scope with parenthesis where the variable isn’t known outside of it. This prevent doing bad things with variables not set or already freed. let can define multiple variables at once, or even variables depending on previously declared variables using let\*

Common Lisp code

(let ((value (http-request)))
(when value
(let* ((page-title (get-title value))
(title-size (length page-title)))
(when page-title
(let ((first-char (subseq page-title 0 1)))
(format t "First char of page title is ~a~%" first-char))))))


Perl code

{
local $value = http_request; if($value) {
local $page_title = get_title$value;
local $title_size = get_size$page_title;
if($page_title) { local$first_char = substr $page_title, 0, 1; printf "First char of page title is %s\n",$first_char;
}
}
}


The scope of a local value is limited to the parent curly brakets, of a if/while/for/foreach or plain brakets.

Python code

if True:
hello = 'World'
print(hello) # displays World


There is no way to define a local variable in python, the scope of the variable is limited to the parent function.

## Printing and format text

CL has a VERY powerful function to print and format text, it’s even named format. It can even manage plurals of words (in english only) !

Common Lisp code

(let ((words (list "hello" "Dave" "How are you" "today ?")))
(format t "~{~a ~}~%" words))


format can loop over lists using ~{ as start and ~} as end.

Perl code

my @words = @{["hello", "Dave", "How are you", "today ?"]};
foreach my $element (@words) { printf "%s ",$element;
}
print "\n";


Python code

# Printing and format text
# Loop version
words = ["hello", "Dave", "How are you", "today ?"]
for word in words:
print(word, end=' ')
print()

# list expansion version
words = ["hello", "Dave", "How are you", "today ?"]
print(*words)


## Functions

### function parameters: rest

Sometimes we need to pass to a function a not known number of arguments. CL supports it with &rest keyword in the function declaration, while perl supports it using the @_ sigil.

Common Lisp code

(defun my-function(parameter1 parameter2 &rest rest)
(format t "My first and second parameters are ~a and ~a.~%Others parameters are~%~{    - ~a~%~}~%"
parameter1 parameter2 rest))

(my-function "hello" "world" 1 2 3)


Perl code

sub my_function {
my $parameter1 = shift; my$parameter2 = shift;
my @rest = @_;

printf "My first and second parameters are %s and %s.\nOthers parameters are\n",
$parameter1,$parameter2;

foreach my $element (@rest) { printf " - %s\n",$element;
}
}

my_function "hello", "world", 0, 1, 2, 3;


Python code

def my_function(parameter1, parameter2, *rest):
print("My first and second parameters are {} and {}".format(parameter1, parameter2))
print("Others parameters are")
for parameter in rest:
print(" - {}".format(parameter))

my_function("hello", "world", 0, 1, 2, 3)


The trick in python to handle rests arguments is the wildcard character in the function definition.

### function parameters: named parameters

CL supports named parameters using a keyword to specify its name. While it’s not at all possible on perl. Using a hash has parameter can do the job in perl.

CL allow to choose a default value if a parameter isn’t set, it’s harder to do it in perl, we must check if the key is already set in the hash and give it a value in the function.

Common Lisp code

(defun my-function(&key (key1 "default") (key2 0))
(format t "Key1 is ~a and key2 (~a) has a default of 0.~%"
key1 key2))

(my-function :key1 "nice" :key2 ".Y.")


There is no way to pass named parameter to a perl function. The best way it to pass a hash variable, check the keys needed and assign a default value if they are undefined.

Perl code

sub my_function {
my $hash = shift; if(! exists$hash->{key1}) {
$hash->{key1} = "default"; } if(! exists$hash->{key2}) {
$hash->{key2} = 0; } printf "My key1 is %s and key2 (%s) default to 0.\n",$hash->{key1}, $hash->{key2}; } my_function { key1 => "nice", key2 => ".Y." };  Python code def my_function(key1="default", key2=0): print("My key1 is {} and key2 ({}) default to 0.".format(key1, key2)) my_function(key1="nice", key2=".Y.")  ## Loop CL has only one loop operator, named loop, which could be seen as an entire language itself. Perl has do while, while, for and foreach. ### loop: for Common Lisp code (loop for i from 1 to 100 do (format t "Hello ~a~%" i))  Perl code for(my$i=1; $i <= 100;$i++) {
printf "Hello %i\n";
}


Python code

for i in range(1, 101):
print("Hello {}".format(i))


### loop: foreach

Common Lisp code

(let ((elements '(a b c d e f)))
(loop for element in elements
counting element into count
do
(format t "Element number ~s : ~s~%"
count element)))


Perl code

# verbose and readable version
my @elements = @{['a', 'b', 'c', 'd', 'e', 'f']};
my $count = 0; foreach my$element (@elements) {
$count++; printf "Element number %i : %s\n",$count, $element; } # compact version for(my$i=0; $i<$#elements+1;$i++) { printf "Element number %i : %s\n",$i+1, $elements[$i];
}


Python code

# Loop foreach
elements = ['a', 'b', 'c', 'd', 'e', 'f']
count = 0
for element in elements:
count += 1
print("Element number {} : {}".format(count, element))

# Pythonic version
elements = ['a', 'b', 'c', 'd', 'e', 'f']
for index, element in enumerate(elements):
print("Element number {} : {}".format(index, element))


## LISP only tricks

### Store/restore data on disk

The simplest way to store data in LISP is to write a data structure into a file, using print function. The code output with print can be evaluated later with read.

Common Lisp code

(defun restore-data(file)
(when (probe-file file)
(with-open-file (x file :direction :input)

(defun save-data(file data)
(with-open-file (x file
:direction :output
:if-does-not-exist :create
:if-exists :supersede)
(print data x)))

;; using the functions
(save-data "books.lisp" *books*)
(defparameter *books* (restore-data "books.lisp"))


This permit to skip the use of a data storage format like XML or JSON. Common LISP can read Common LISP, this is all it needs. It can store objets like arrays, lists or structures using plain text format. It can’t dump hash tables directly.

### Creating a new syntax with a simple macro

Sometimes we have cases where we need to repeat code and there is no way to reduce it because it’s too much specific or because it’s due to the language itself. Here is an example where we can use a simple macro to reduce the written code in a succession of conditions doing the same check.

We will start from this

Common Lisp code

(when value
(when (string= line-type "3")
(progn
(print-with-color "error" 'red line-number)
(log-to-file "error")))
(when (string= line-type "4")
(print-with-color text))
(when (string= line-type "5")
(print-with-color "nothing")))


to this, using a macro

Common Lisp code

(defmacro check(identifier &body code)
(progn
(when (string= line-type ,identifier)
,@code)))

(when value
(check "3"
(print-with-color "error" 'red line-number)
(log-to-file "error"))
(check "4"
(print-with-color text))
(check "5"
(print-with-color "nothing")))


The code is much more readable and the macro is easy to understand. One could argue that in another language a switch/case could work here, I choosed a simple example to illustrate the use of a macro, but they can achieve more.

### Create powerful wrappers with macros

I’m using macros when I need to repeat code that affect variables. A lot of CL modules offers a structure like with-something, it’s a wrapper macro that will do some logic like opening a database, checking it’s opened, closing it at the end and executing your code inside.

Here I will write a tiny http request wrapper, allowing me to write http request very easily, my code being able to use variables from the macro.

Common Lisp code

(defmacro with-http(url)
(progn
(drakma:http-request ,url :connection-timeout 3)
(when content
,@code))))

(with-http "https://dataswamp.org/"
(format t "We fetched headers ~a with status ~a. Content size is ~d bytes.~%"


In Perl, the following would be written like this

Perl code

sub get_http {
my $url =$1;
my %http = magic_http_get $url; if($http{content}) {
return %http;
} else {
return undef;
}
}

{
local %data = get_http "https://dataswamp.org/";
if(%data) {
printf "We fetched headers %s with status %d. Content size is %d bytes.\n",
$http{headers},$http{status}, length($http{content}); } }  The curly brackets are important there, I want to emphase that the local %data variable is only available inside the curly brackets. Lisp is written in a successive of local scope and this is something I really like. Python code import requests with requests.get("https://dataswamp.org/") as fd: print("We fetched headers %s with status %d. Content size is %s bytes." \ % (list(fd.headers.keys()), fd.status_code, len(fd.content)))  # Allow wide resolution on intel graphics laptop Written by Solène, on 22 November 2017. Tags: #hardware I just received a wide screen with a 2560x1080 resolution but xrandr wasn’t allowing me to use it. The intel graphics specifications say that I should be able to go up to 4096xsomething so it’s a software problem. Generate the informations you need with gtf $ gtf 2560 1080 59.9


Takes only the numbers after the resolution name between quotes, so in Modeline "2560x1080_59.90" 230.37 2560 2728 3000 3440 1080 1081 1084 1118 -HSync +Vsync keep only 230.37 2560 2728 3000 3440 1080 1081 1084 1118 -HSync +Vsync

Now add the new resolution and make it available to your output (mine is HDMI2):

$xrandr --newmode "2560x1080" 230.37 2560 2728 3000 3440 1080 1081 1084 1118 -HSync +Vsync$ xrandr --addmode HDMI2 2560x1080


You can now use this mode with arandr using the GUI or with xrandr by typing xrandr --output HDMI1 --mode 2560x1080

You will need to set the new mode each time the system start. I added the 2 lines in my ~/.xsession file which starts stumpwm.

# Low bandwidth: Fetch OpenBSD sources

Written by Solène, on 09 November 2017.
Tags: #openbsd64 #openbsd

When you fetch OpenBSD src or ports from CVS and that you want to save bandwidth during the process there is a little trick that change everything: compression

Just add -z9 to the parameter of your cvs command line and the remote server will send you compressed files, saving 10 times the bandwidth, or speeding up 10 times the transfer, or both (I’m in the case where I have differents users on my network and I’m limiting my incoming bandwidth so other people can have bandwidth too so it is important to reduce the packets transffered if possible).

The command line should looks like:

$sudo chown user /var/spool/slrnpull  slrnpull configuration file must be placed in the folder it will use. So edit /var/spool/slrnpull/slrnpull.conf as you want, my configuration file is following. default 200 45 0 # indicates a default value of 20 articles to be retrieved from the server and # that such an article will expire after 14 days. gmane.network.gopher.general gmane.os.freebsd.questions gmane.os.freebsd.devel.ports gmane.os.openbsd.misc gmane.os.openbsd.ports gmane.os.openbsd.bugs  The client slrn needs to be configured to find the informations from slrnpull. File ~/.slrnrc: set hostname "your.hostname.domain" set spool_inn_root "/var/spool/slrnpull" set spool_root "/var/spool/slrnpull/news" set spool_nov_root "/var/spool/slrnpull/news" set read_active 1 set use_slrnpull 1 set post_object "slrnpull" set server_object "spool"  Add this to your crontab to fetch news once per hour (at HH:00 minutes): 0 * * * * NNTPSERVER=news.gmane.org slrnpull -d /var/spool/slrnpull/  Now, just type slrn and enjoy. ## Cheat Sheet Quick cheat sheet for using slrn, there is a help using “?” but it is not very easy to understand at first. • h : hide/display the article view • space : scroll to next page in the article, go to next at the end • enter : scroll one line • tab : scroll to the end of quotes • c : mark all as read ## Tips • when a forum is empty, it is not shown by default I found that a slrnconf software provide a GUI to configure slrn exists, I didn’t try it. ## Going further It seems nntp clients supports a score file that can mark interesting articles using user defined rules. nntp protocol allow to submit articles (reply or new thread) but I have no idea how it works. Someone told me to forget about this and use mails to mailing-lists when it is possible. leafnode daemon can be used instead of slrnpull in a more generic way. It is a nntp server that one would use locally as a proxy to nntp servers. It will mirror forums you want and serve it back through nntp, allowing you to use any nntp client (slrnpull enforces the use of slrn). leafnode seems old, a v2 is still in development but seems rather inactive. Leafnode is old and complicated, I wanted something KISS (Keep It Simple Stupid) and it is not. ## Others clients you may want to try nntp console client • gnus (in emacs) • wanderlust (in emacs too) • alpine GUI client • pan (may be able to download, but I failed using it) • seamonkey (the whole mozilla suite supports nntp) # Gopher related software Written by Solène, on 25 October 2017. Tags: #gopher This article contains links to tools related to gopher. ## Gopher server ## Pages generator ## RSS feed • http://git.r–36.net/zs/ • https://git.codemadness.org/sfeed/ # Zooming with emacs, tmux or stumpwm Written by Solène, on 25 October 2017. Tags: #emacs #window-manager #tmux Hey ! You use stumpwm, emacs or tmux and your screen (not the GNU screen) split in lot of parts ? There is a solution to improve that. ZOOMING ! Each of them work with a screen divided into panes/windows (the meaning of theses words change between the program), sometime you want want to have the one where your work in fullscreen. An option exists in each of them to get fullscreen temporarly on a window. ## Emacs: (not native) This is not native in emacs, you will need to install zoom-window from your favorite repository. Add the thoses lines in your ~/.emacs: (require 'zoom-window) (global-set-key (kbd "C-x C-z") 'zoom-window-zoom)  Type C-x C-z to zoom/unzoom your current frame ## Tmux Toogle zoom (in or out) C-b z  ## Stumpwm Add this to your ~/.stumpwmrc (define-key *root-map* (kbd "z") "fullscreen")  Using “prefix z” the current window will toggle fullscreen. # Gentoo port of the week: Nethogs Written by Solène, on 17 October 2017. Tags: #portoftheweek Today I will present you a nice port (from Gentoo this time, not from a FreeBSD) and this port is even linux only. nethogs is a console program which shows the bandwidth usage of each running application consuming network. This can be particulary helpful to find which application is sending traffic and at which rate. It can be installed with emerge as simple as emerge -av net-analyzer/nethogs. It is very simple of use, just type nethogs in a terminal (as root). There are some parameters and it’s a bit interactive but I recommend reading the manual if you need some details about them. I am currently running Gentoo on my main workstation, that makes me discover new things so maybe I will write more regularly about gentoo ports. # How to limit bandwidth usage of emerge in Gentoo Written by Solène, on 16 October 2017. Tags: #linux If for some reason you need to reduce the download speed of emerge when downloading sources you can use a tweak in portage’s make.conf as explained in the handbook. To keep wget and just add the bandwidth limit, add this to /etc/portage/make.conf: FETCHCOMMAND="${FETCHCOMMAND} --limit-rate=200k"


# Display manually installed packages on FreeBSD 11

Written by Solène, on 16 August 2017.
Tags: #freebsd11

If you want to show the packages installed manually (and not installed as dependency of another package), you have to use “pkg query” and compare if %a (automatically installed == 1) isn’t 1. The second string will format the output to display the package name:

$pkg query -e "%a != 1" "%n"  # Using firefox on Guix distribution Written by Solène, on 16 August 2017. Tags: #linux I’m new to Guix, it’s a wonderful system but it’s such different than any other usual linux distribution that it’s hard to achieve some basics tasks. As Guix is 100% free/libre software, Firefox has been removed and replaced by icecat. This is nearly the same software but some “features” has been removed (like webRTC) for some reasons (security, freedom). I don’t blame Guix team for that, I understand the choice. But my problem is that I need Firefox. I finally achieve to get it working from the official binary downloaded from mozilla website. You need to install some packages to get the libraries, which will become available under your profile directory. Then, tells firefox to load libraries from there and it will start. guix package -i glibc glib gcc gtk+ libxcomposite dbus-glib libxt LD_LIBRARY_PATH=~/.guix-profile/lib/ ~/.guix-profile/lib/ld-linux-x86-64.so.2 ~/firefox_directory/firefox  Also, it seems that running icecat and firefox simultanously works, they store data in ~/.mozilla/icecat and ~/.mzoilla/firefox so they are separated. # Using emacs to manage mails with mu4e Written by Solène, on 15 June 2017. Tags: #emacs #email In this article we will see how to fetch, read and manage your emails from Emacs using mu4e. The process is the following: mbsync command (while mbsync is the command name, the software name is isync) create a mirror of an imap account into a Maildir format on your filesystem. mu from mu4e will create a database from the Maildir directory using xapian library (full text search database), then mu4e (mu for emacs) is the GUI which queries xapian database to manipulates your mails. Mu4e handles with dynamic bookmarks, so you can have some predefined filters instead of having classic folders. You can also do a query and reduce the results with successives queries. You may have heard about using notmuch with emacs to manage mails, mu4e and notmuch doesn’t do the same job. While notmuch is a nice tool to find messages from queries and create filters, it operates as a read-only tool and can’t do anything with your mail. mu4e let you write mail, move, delete, flag etc… AND still allow to make complex queries. I wrote this article to allow people to try mu4e quickly, you may want to read both isync and mu4e manual to have a better configuration suiting your needs. ## Installation On OpenBSD you need to install 2 packages: # pkg_add mu4e isync  ## isync configuration We need to configure isync to connect to the IMAP server: Edit the file ~/.mbsyncrc, there is a trick to not have the password in clear text in the configuration file, see isync configuration manual for this: iMAPAccount my_imap Host my_host_domain.info User imap_user Pass my_pass_in_clear_text SSLType IMAPS IMAPStore my_imap-remote Account my_imap MailDirStore my_imap-local Path ~/Maildir/my_imap/ Inbox ~/Maildir/my_imap/Inbox SubFolders Legacy channel my_imap Master :my_imap-remote: Slave :my_imap-local: Patterns * Create Slave Expunge Both  ## mu4e / emacs configuration We need to configure mu4e in order to tell where to find the mail folder. Add this to your ~/.emacs file. (require 'mu4e) (setq mu4e-maildir "~/Maildir/my_imap/" mu4e-sent-folder "/Sent Messages/" mu4e-trash-folder "/Trash" mu4e-drafts-folder "/Drafts")  ## First start A few commands are needed in order to make everything works. We need to create the base folder as mbsync command won’t do the job for some reason, and we need mu to index the mails the first time. mbsync can takes a moment because it will download ALL your mails. $ mkdir -p ~/Maildir/my_imap
$mbsync -aC$ mu index --maildir=~/Maildir/my_imap


## How to use mu4e

start emacs, run M-x mu4e RET and enjoy, the documentation of mu4e is well done. Press “U” at mu4e screen to synchronize with imap server.

A query for mu4e looks like this:

list:misc.openbsd.org flag:unread avahi


This query will search mails having list header “misc.openbsd.org” and which are unread and which contains “avahi” pattern.

date:20140101..20150215 urgent


This one will looks for mails within date range of 1st january 2014 to 15th february 2015 containing word “urgent”.

The current setup doesn’t handle sending mails, I’ll write another article about this. This requires configuring a smtp authentification and an identify for mu4e.

Also, you may need to tweak mbsync configuration or mu4e configuration, some settings must be changed depending on the imap server, this is particuliarly important for deleted mails.

# Fold functions in emacs

Written by Solène, on 16 May 2017.
Tags: #emacs

You want to fold (hide) code between brackets like an if statement, a function, a loop etc.. ? Use the HideShow minor-mode which is part of emacs. All you need is to enable hs-minor-mode. Now you can fold/unfold by cycling with C-c @ C-c.

HideShow on EmacsWiki

# How to change Firefox locale to ... esperanto?

Written by Solène, on 14 May 2017.
Tags: #firefox

Hello !

Today I felt the need to change the language of my Firefox browser to esperanto but I haven’t been able to do this, it is not straightforward…

First, you need to install your language pack, depending if you use the official Mozilla Firefox or Icecat, the rebranded firefox with non-free stuff removed

Then, open about:config in firefox, we will need to change 2 keys. Firefox needs to know that we don’t want to use our user’s locale as Firefox language and which language we want to set.

• set intl.locale.matchOS to false
• set general.useragent.locale to the language code you want (eo for esperanto)
• restart firefox/icecat

you’re done ! Bonan tagon

# Bandwidth limit / queue on OpenBSD 6.4

Written by Solène, on 25 April 2017.
Tags: #openbsd64 #openbsd #unix #network

Today I will explain how to do traffic limit with OpenBSD and PF. This is not hard at all if you want something easy, the man page pf.conf(5) in QUEUEING section is pretty good but it may disturbing when you don’t understand how it works. This is not something I master, I’m not sure of the behaviour in some cases but the following example works as I tested it ! :)

### Use case

Internet is down at home, I want to use my phone as 4G router trough my OpenBSD laptop which will act as router. I don’t want the quota (some Gb) to be eaten in a few seconds, this connection allow to download up to 10 Mb/s so it can go quickly !

We will limit the total bandwidth to 1M (~ 110 kb/s) for people behind the NAT. It will be slow, but we will be sure that nothing behind the NAT like a program updating, cloud stuff synchronizing or videos in auto play won’t consume our quota.

Edit /etc/pf.conf accordigly to your network

internet="urndis0"
lan="em0"

# we define our available bandwidth
queue main on $lan bandwidth 100M # we will let 1M but we will allow # 3M during 200 ms when initiating connection to keep the web a bit interactive queue limited parent main bandwidth 1M min 0K max 1M burst 3M for 200ms default set skip on lo # we do NAT here match out on egress inet from !(egress:network) to any nat-to (egress:0) block all pass out quick inet # we apply the queue here on EVERYTHING coming from the internet pass in on$lan set queue limited


This ONLY defines queue for DOWNLOADING, you can only set the queue on the lan interface, this won’t work on egress (network interface having internet) because you can’t limit what go in your interface, it’s already there when you want to limit.

### Per protocol ?

You can define queues per remote port by creating new queues and doing something like this:

pass in on $lan proto tcp port ssh set queue ssh pass in on$lan proto tcp port www set queue web


### Per host ?

As before, you can apply queues on IP host/range rather than protocols, or you can even mix both if you want.

### Warning

The limit function changed in OpenBSD 5.5, everything you can read on the internet about ALTQ isn’t working anymore.

# Markup languages comparison

Written by Solène, on 13 April 2017.
Tags: #unix

For the fun, here is a few examples of the same output in differents markup languages. The list isn’t exhaustive of course.

This is org-mode:

* This is a title level 1

+ first item
+ second item
+ third item with a [[http://dataswamp.org][link]]

** title level 2

Blah blah blah blah blah
blah blah blah *bold* here

#+BEGIN_SRC lisp
(let ((hello (init-string)))
(format t "~A~%" (+ 1 hello))
(print hello))
#+END_SRC


This is markdown :

# this is title level 1

+ first item
+ second item
+ third item with a [Link](http://dataswamp.org)

## Title level 2

Blah blah blah blah blah
blah blah blah **bold** here

(let ((hello (init-string)))
(format t "~A~%" (+ 1 hello))
(print hello))

or


(let ((hello (init-string)))
(format t "~A~%" (+ 1 hello))
(print hello))



This is HTML :

<h1>This is title level 1</h1>
<ul>
<li>first item></li>
<li>second item</li>
<li>third item with a <a href="http://dataswamp.org">link</a></li>
</ul>

<h2>Title level 2</h2>

<p>Blah blah blah blah blah
blah blah blah <strong>bold</strong> here

<code><pre>(let ((hello (init-string)))
(format t "~A~%" (+ 1 hello))
(print hello))</pre></code>


This is LaTeX :

\begin{document}

\section{This is title level 1}

\begin{itemize}
\item First item
\item Second item
\item Third item
\end{itemize}

\subsection{Title level 2}

Blah blah blah blah blah
blah blah blah \textbf{bold} here

\begin{verbatim}
(let ((hello (init-string)))
(format t "~A~%" (+ 1 hello))
(print hello))
\end{verbatim}

\end{document}


# OpenBSD 6.1 released

Written by Solène, on 11 April 2017.
Tags: #openbsd #unix

Today OpenBSD 6.1 has been released, I won’t copy & paste the change list but, in a few words, it gets better.

I already upgraded a few servers, with both methods. One with bsd.rd upgrade but that requires physical access to the server and the other method well explained in the upgrade guide which requires to untar the files and do move some files. I recommend using bsd.rd if possible.

# Connect to pfsense box console by usb

Written by Solène, on 10 April 2017.
Tags: #unix #network #openbsd64 #openbsd

Hello,

I have a pfsense appliance (Netgate 2440) with a usb console port, while it used to be a serial port, now devices seems to have a usb one. If you plug an usb wire from an openbsd box to it, you woull see this in your dmesg

uslcom0 at uhub0 port 5 configuration 1 interface 0 "Silicon Labs CP2104 USB to UART Bridge Controller" rev 2.00/1.00 addr 7
ucom0 at uslcom0 portno 0


To connect to it from OpenBSD, use the following command:

# cu -l /dev/cuaU0 -s 115200


And you’re done

# List of useful tools

Written by Solène, on 22 March 2017.
Tags: #unix

Here is a list of software that I find useful, I will update this list everytime I find a new tool. This is not an exhaustive list, theses are only software I enjoy using:

• duplicity
• borg
• restore/dump

• unison
• rsync
• lsyncd

## File sharing tool / “Cloud”

• boar
• nextcloud / owncloud
• seafile
• pydio
• syncthing (works as peer-to-peer without a master)
• sparkleshare (uses a git repository so I would recommend storing only text files)

• emacs
• vim
• jed

## Web browsers using keyboard

• qutebrowser
• firefox with vimperator extension

## Todo list / Personal Agenda…

• org-mode (within emacs)
• ledger (accounting)

## Mail client

• mu4e (inside emacs, requires the use of offlineimap or mbsync to fetch mails)

## Network

• curl
• bwm-ng (to see bandwith usage in real time)
• mtr (traceroute with a gui that updates every n seconds)

• bitrot
• par2cmdline
• aide

• sxiv
• feh

## Stuff

• entr (run command when a file change)
• rdesktop (RDP client to connect to Windows VM)
• autossh (to create tunnels that stays up)
• mosh (connects to your ssh server with local input and better resilience)
• ncdu (watch file system usage interactively in cmdline)
• mupdf (PDF viewer)
• pdftk (PDF manipulation tool)
• x2x (share your mouse/keyboard between multiple computers through ssh)
• profanity (XMPP cmdline client)
• prosody (XMPP server)
• pgmodeler (PostgreSQL database visualization tool)

# How to check your data integrity?

Written by Solène, on 17 March 2017.
Tags: #unix #security

Today, the topic is data degradation, bit rot, birotting, damaged files or whatever you call it. It’s when your data get corrupted over the time, due to disk fault or some unknown reason.

# What is data degradation ?

I shamelessy paste one line from wikipedia: “Data degradation is the gradual corruption of computer data due to an accumulation of non-critical failures in a data storage device. The phenomenon is also known as data decay or data rot.”.

So, how do we know we encounter a bit rot ?

bit rot = (checksum changed) && NOT (modification time changed)


While updating a file could be mistaken as bit rot, there is a difference

update = (checksum changed) && (modification time changed)


# How to check if we encounter bitrot ?

There is no way you can prevent bitrot. But there are some ways to detect it, so you can restore a corrupted file from a backup, or repair it with the right tool (you can’t repair a file with a hammer, except if it’s some kind of HammerFS ! :D )

In the following I will describe software I found to check (or even repair) bitrot. If you know others tools which are not in this list, I would be happy to hear about it, please mail me.

In the following examples, I will use this method to generate bitrot on a file:

% touch -d "2017-03-16T21:04:00" my_data/some_file_that_will_be_corrupted
% generate_checksum_database_with_tool
% echo "a" >> my_data/some_file_that_will_be_corrupted
% touch -d "2017-03-16T21:04:00" my_data/some_file_that_will_be_corrupted
% start_tool_for_checking


We generate the checksum database, then we alter a file by adding a “a” at the end of the file and we restore the modification and acess time of the file. Then, we start the tool to check for data corruption.

The first touch is only for convenience, we could get the modification time with stat command and pass the same value to touch after modification of the file.

## bitrot

This is a python script, it’s very easy to use. I will scan a directory and create a database with the checksum of the files and their modification date.

Initialization usage:

% cd /home/my_data/
% bitrot
Finished. 199.41 MiB of data read. 0 errors found.
189 entries in the database, 189 new, 0 updated, 0 renamed, 0 missing.
Updating bitrot.sha512... done.
% echo $? 0  Verify usage (case OK): % cd /home/my_data/ % bitrot Checking bitrot.db integrity... ok. Finished. 199.41 MiB of data read. 0 errors found. 189 entries in the database, 0 new, 0 updated, 0 renamed, 0 missing. % echo$?
0


Exit status is 0, so our data are not damaged.

Verify usage (case Error):

% cd /home/my_data/
% bitrot
Checking bitrot.db integrity... ok.
error: SHA1 mismatch for ./sometextfile.txt: expected 17b4d7bf382057dc3344ea230a595064b579396f, got db4a8d7e27bb9ad02982c0686cab327b146ba80d. Last good hash checked on 2017-03-16 21:04:39.
Finished. 199.41 MiB of data read. 1 errors found.
189 entries in the database, 0 new, 0 updated, 0 renamed, 0 missing.
error: There were 1 errors found.
% echo $? 1  When something is wrong. As the exit status of bitrot isn’t 0 when it fails, it’s easy to write a script running every day/week/month. Github page bitrot is available in OpenBSD ports in sysutils/bitrot since 6.1 release. ## par2cmdline This tool works with PAR2 archives (see below for more informations about what PAR ) and from them, it will be able to check your data integrity AND repair it. While it has some pros like being able to repair data, the cons is that it’s not very easy to use. I would use this one for checking integrity of long term archives that won’t changes. The main drawback comes from PAR specifications, the archives are created from a filelist, if you have a directory with your files and you add new files, you will need to recompute ALL the PAR archives because the filelist changed, or create new PAR archives only for the new files, but that will make the verify process more complicated. That doesn’t seems suitable to create new archives for every bunchs of files added in the directory. PAR2 let you choose the percent of a file you will be able to repair, by default it will create the archives to be able to repair up to 5% of each file. That means you don’t need a whole backup for the files (while it’s would be a bad idea) and only an approximately extra of 5% of your data to store. Create usage: % cd /home/ % par2 create -a integrity_archive -R my_data Skipping 0 byte file: /home/my_data/empty_file Block size: 3812 Source file count: 17 Source block count: 2000 Redundancy: 5% Recovery block count: 100 Recovery file count: 7 Opening: my_data/[....] [text cut here] Opening: my_data/[....] Computing Reed Solomon matrix. Constructing: done. Wrote 381200 bytes to disk Writing recovery packets Writing verification packets Done % echo$?
0

% ls -1
integrity_archive.par2
integrity_archive.vol000+01.par2
integrity_archive.vol001+02.par2
integrity_archive.vol003+04.par2
integrity_archive.vol007+08.par2
integrity_archive.vol015+16.par2
integrity_archive.vol031+32.par2
integrity_archive.vol063+37.par2
my_data


Verify usage (OK):

% par2 verify integrity_archive.par2
Loaded 1 new packets including 1 recovery blocks
Loaded 2 new packets including 2 recovery blocks
Loaded 4 new packets including 4 recovery blocks
Loaded 8 new packets including 8 recovery blocks
Loaded 16 new packets including 16 recovery blocks
Loaded 32 new packets including 32 recovery blocks
Loaded 37 new packets including 37 recovery blocks
No new packets found

There are 17 recoverable files and 0 other files.
The block size used was 3812 bytes.
There are a total of 2000 data blocks.
The total size of the data files is 7595275 bytes.

Verifying source files:

Target: "my_data/....." - found.
[...cut here...]
Target: "my_data/....." - found.

All files are correct, repair is not required.
% echo $? 0  Verify usage (with error): par2 verify integrity_archive.par.par2 Loading "integrity_archive.par.par2". Loaded 36 new packets Loading "integrity_archive.par.vol000+01.par2". Loaded 1 new packets including 1 recovery blocks Loading "integrity_archive.par.vol001+02.par2". Loaded 2 new packets including 2 recovery blocks Loading "integrity_archive.par.vol003+04.par2". Loaded 4 new packets including 4 recovery blocks Loading "integrity_archive.par.vol007+08.par2". Loaded 8 new packets including 8 recovery blocks Loading "integrity_archive.par.vol015+16.par2". Loaded 16 new packets including 16 recovery blocks Loading "integrity_archive.par.vol031+32.par2". Loaded 32 new packets including 32 recovery blocks Loading "integrity_archive.par.vol063+37.par2". Loaded 37 new packets including 37 recovery blocks Loading "integrity_archive.par.par2". No new packets found There are 17 recoverable files and 0 other files. The block size used was 3812 bytes. There are a total of 2000 data blocks. The total size of the data files is 7595275 bytes. Verifying source files: Target: "my_data/....." - found. [...cut here...] Target: "my_data/....." - found. Target: "my_data/Ebooks/Lovecraft/Quete Onirique de Kadath l'Inconnue.epub" - damaged. Found 95 of 95 data blocks. Scanning extra files: Repair is required. 1 file(s) exist but are damaged. 16 file(s) are ok. You have 2000 out of 2000 data blocks available. You have 100 recovery blocks available. Repair is possible. You have an excess of 100 recovery blocks. None of the recovery blocks will be used for the repair. % echo$?
1


Repair usage:

% par2 repair integrity_archive.par.par2
Loaded 1 new packets including 1 recovery blocks
Loaded 2 new packets including 2 recovery blocks
Loaded 4 new packets including 4 recovery blocks
Loaded 8 new packets including 8 recovery blocks
Loaded 16 new packets including 16 recovery blocks
Loaded 32 new packets including 32 recovery blocks
Loaded 37 new packets including 37 recovery blocks
No new packets found

There are 17 recoverable files and 0 other files.
The block size used was 3812 bytes.
There are a total of 2000 data blocks.
The total size of the data files is 7595275 bytes.

Verifying source files:

Target: "my_data/....." - found.
[...cut here...]
Target: "my_data/....." - found.
Target: "my_data/Ebooks/Lovecraft/Quete Onirique de Kadath l'Inconnue.epub" - damaged. Found 95 of 95 data blocks.

Scanning extra files:

Repair is required.
1 file(s) exist but are damaged.
16 file(s) are ok.
You have 2000 out of 2000 data blocks available.
You have 100 recovery blocks available.
Repair is possible.
You have an excess of 100 recovery blocks.
None of the recovery blocks will be used for the repair.

Wrote 361069 bytes to disk

Verifying repaired files:

Target: "my_data/Ebooks/Lovecraft/Quete Onirique de Kadath l'Inconnue.epub" - found.

Repair complete.

% echo $? 0  par2cmdline is only one implementation doing the job, others tools working with PAR archives exists. They should be able to all works with the same PAR files. Parchive on Wikipedia Github page par2cmdline is available in OpenBSD ports in archivers/par2cmdline. If you find a way to add new files to existing archives, please mail me. ## mtree One can write a little script using mtree (in base system on OpenBSD and FreeBSD) which will create a file with the checksum of every files in the specified directories. If mtree output is different since last time, we can send a mail with the difference. This is a process done in base install of OpenBSD for /etc and some others files to warn you if it changed. While it’s suited for directories like /etc, in my opinion, this is not the best tool for doing integrity check. ## ZFS I would like to talk about ZFS and data integrity because this is where ZFS is very good. If you are using ZFS, you may not need any other software to take care about your data. When you write a file, ZFS will also store its checksum as metadata. By default, the option “checksum” is activated on dataset, but you may want to disable it for better performance. There is a command to ask ZFS to check the integrity of the files. Warning: scrub is very I/O intensive and can takes from hours to days or even weeks to complete depending on your CPU, disks and the amount of data to scrub: # zpool scrub zpool  The scrub command will recompute the checksum of every file on the ZFS pool, if something is wrong, it will try to repair it if possible. A repair is possible in the following cases: If you have multiple disks like raid-Z or raid–1 (mirror), ZFS will be look on the differents disks if the non corrupted version of the file exists, if it finds it, it will restore it on the disk(s) where it’s corrupted. If you have set the ZFS option “copies” to 2 or 3 (1 = default), that means that the file is written 2 or 3 time on the disk. Each file of the dataset will be allocated 2 or 3 time on the disk, so take care if you want to use it on a dataset containing heavy files ! If ZFS find thats a version of a file is corrupted, it will check the others copies of it and tries to restore the corrupted file is possible. You can see the percentage of filesystem already scrubbed with zfs status zpool  and the scrub can be stopped with zfs scrub -s zpool  ### AIDE Its name is an acronym for “Advanced Intrusion Detection Environment”, it’s an complicated software which can be used to check for bitrot. I would not recommend using it if you only need bitrot detection. Here is a few hints if you want to use it for checking your file integrity: /etc/aide.conf /home/my_data/ R # Rule definition All=m+s+i+sha256 summarize_changes=yes  The config file will create a database of all files in /home/my_data/ (R for recursive). “All” line list the checks we do on each file. For bitrot checking, we want to check modification time, size, checksum and inode of the files. The summarize_change line permit to have a list of changes if something is wrong. This is the most basic config file you can have. Then you will have to run aide to create the database and then run aide to create a new database and compare the two databases. It doesn’t update its database itself, you will have to move the old database and tell it where to found the older database. # My use case I have different kind of data. On a side, I have static data like pictures, clips, music or things that won’t change over time and the other side I have my mails, documents and folders where the content changes regularly (creation, deletetion, modification). I am able to afford a backup for 100% of my data with some history of the backup on a few days, so I won’t be interested about file repairing. I want to be warned quickly if a file get corrupted, so I can still get the backup in my history but I don’t keep every versions of my files for too long. I choose to go with the python tool bitrot, it’s very easy to use and it doesn’t become a mess with my folders getting updated often. I would go with par2cmdline if I could not be able to backup all my data. Having 5% or 10% of redundancy of my files should be enough to restore it in case of corruption without taking too much space. # Port of the week: rss2email Written by Solène, on 24 January 2017. Tags: #portoftheweek #unix #email This is the kind of Port of the week I like. This is a software I just discovered and fall in love to. The tool r2e which is the port mail/rss2email on OpenBSD is a small python utility that solves a problem: how to deal with RSS feeds? Until last week, I was using a “web app” named selfoss which was aggregating my RSS feeds and displaying it on a web page, I was able to filter by read/unread/marked and also filter by source. It is a good tool that does the job well but I wanted something that doesn’t rely on a web browser. Here comes r2e ! This simple software will send you a mail for each new entry in your RSS feeds. It’s really easy to configure and set-up. Just look at how I configured mine: $ r2e new my-address+rss@my-domain.com
$r2e add "http://undeadly.org/cgi?action=rss"$ r2e add "https://dataswamp.org/~solene/rss.xml"
$r2e add "https://www.dragonflydigest.com/feed"$ r2e add "http://phoronix.com/rss.php"


*/10 * * * * /usr/local/bin/r2e run


NOTE: you can use r2e run –no-send for the first time, it will create the database and won’t send you mails for current items in feeds.

# Dovecot: folder appears empty

Written by Solène, on 23 January 2017.
Tags: #email

Today I encountered an unknown issue to me with my Imap server dovecot. In roundcube mail web client, my Inbox folder appeared empty after being reading a mail. My Android mail client K9-Mail was displaying “IOException:readStringUnti….” when trying to synchronize this folder.

I solved it easily by connecting to my server with SSH, cd-ing into the maildir directory and in the Inbox folder, renamed dovecot.index.log to dovecot.index.log.bak (you can remove it if it fix the problem).

And now, mails are back. This is the very first time I have a problem of this kind with dovecot…

# New cl-yag version

Written by Solène, on 21 January 2017.
Tags: #lisp #cl-yag

Today I just updated my tool cl-yag that implies a slightly change on my website. Now, on the top of this blog, you can see a link “Index of articles”. This page only display articles titles, without any text from the article.

Cl-yag is a tool to generate static website like this one. It’s written in Common LISP. For reminder, it’s also capable of producing both html and gopher output now.

If you don’t know what Gopher is, you will learn a lot reading the following links Wikipedia : Gopher (Protocol) and Why is gopher still relevant

# Let's encrypt on OpenBSD in 5 minutes

Written by Solène, on 20 January 2017.
Tags: #security #openbsd61 #openbsd

Let’s encrypt is a free service which provides free SSL certificates. It is fully automated and there are a few tools to generate your certificates with it. In the following lines, I will just explain how to get a certificate in a few minutes. You can find more informations on Let’s Encrypt website.

To make it simple, the tool we will use will generate some keys on the computer, send a request to Let’s Encrypt service which will use http challenging (there are also dns and another one kind of challenging) to see if you really own the domain for which you want the certificate. If the challenge process is ok, you have the certificate.

Please, if you don’t understand the following commands, don’t type it.

While the following is right for OpenBSD, it may change slightly for others systems. Acme-client is part of the base system, you can read the man page acme-client(1).

For each certificate you will ask a certificate, you will be challenged for each domain on the port 80. A file must be available in a path under “/.well-known/acme-challenge/”.

You must have this in your httpd config file. If you use another web server, you need to adapt.

server "mydomain.com" {
root "/empty"
listen on * port 80
location "/.well-known/acme-challenge/*" {
root { "/acme/" , strip 2 }
}
}


The “strip 2” part is IMPORTANT. (I’ve lost 45 minutes figuring out why root “/acme/” wasn’t working.)

## Prepare the folders

As stated in acme-client man page and if you don’t need to change the path. You can do the following commands with root privileges :

# mkdir /var/www/acme
# mkdir -p /etc/ssl/acme/private /etc/acme
# chmod 0700 /etc/ssl/acme/private /etc/acme


## Request the certificates

As root, in the acme-client sources folder, type the following the generate the certificates. The verbose flag is interesting and you will see if the challenging step work. If it doesn’t work, you should try manually to get a file like with the same path tried from Let’s encrypt, and try again the command when you succeed.

$acme-client -vNn mydomain.com www.mydomain.com mail.mydomain.com  ## Use the certificates Now, you can use your SSL certificates for your mail server, imap server, ftp server, http server…. There is a little drawback, if you generate certificates for a lot of domains, they are all written in the certificate. This implies that if someone visit one page, look at the certificate, this person will know every domain you have under SSL. I think that it’s possible to ask every certificate independently but you will have to play with acme-client flags and make some kind of scripts to automatize this. Certificate file is located at /etc/ssl/acme/fullchain.pem and contains the full certification chain (as its name is explicit). And the private key is located at /etc/ssl/acme/private/privkey.pem. Restart the service with the certificate. ## Renew certificates Certificates are valid for 3 months. Just type ./acme-client mydomain.com www.mydomain.com mail.mydomain.com  Restart your ssl services EASY ! # How to use ssh tramp on Emacs Windows? Written by Solène, on 18 January 2017. Tags: #emacs #windows If you are using emacs under Microsoft Windows and you want to edit remote files through SSH, it’s possible to do it without using Cygwin. Tramp can use the tool “plink” from putty tools to do ssh. What you need is to get “plink.exe” from the following page and get it into your$PATH, or choose the installer which will install all putty tools.

Putty official website

Then, edit your emacs file to add the following lines to tell it that you want to use plink when using tramp

(require 'tramp)


Now, you can edit your remote files, but you will need to type your password. I think that in order to get password-less with ssh keys, you would need to use putty key agent.

# Convert mailbox to maildir with dovecot

Written by Solène, on 17 January 2017.
Tags: #unix #email

I have been using mbox format for a few years on my personal mail server. For those who don’t know what mbox is, it consists of only one file per folder you have on your mail client, each file containing all the mails of the corresponding folder. It’s extremely ineficient when you backup the mail directory because it must copy everything each time. Also, it reduces the system cache possibility of the server because if you have folders with lots of mails with attachments, it may not be cached.

Instead, I switched to maildir, which is a format where every mail is a regular file on the file system. This takes a lot of inodes but at least, it’s easier to backup or to deal with it for analysis.

Here how to switch from mbox to maildir with a dovecot tool.

# dsync -u solene mirror mbox:~/mail/:INBOX=~/mail/inbox


That’s all ! In this case, my mbox folder was ~/mail/ and my INBOX file was ~/mail/inbox. It tooks me some time to find where my INBOX really was, at first I tried a few thing that didn’t work and tried a perl convert tool named mb2md.pl which has been able to extract some stuff but a lot of mails were broken. So I have been going back getting dsync working.

If you want to migrate, the whole process looks like:

# service smtpd stop

modify dovecot/conf.d/10-mail.conf, replace the first line
mail_location = mbox:~/mail:INBOX=/var/mail/%u   # BEFORE
mail_location = maildir:~/maildir                # AFTER

# service dovecot restart
# dsync -u solene mirror mbox:~/mail/:INBOX=~/mail/inbox
# service smtpd start


# Port of the week: entr

Written by Solène, on 07 January 2017.
Tags: #unix

entr is a command line tool that let you run arbitrary command on file change. This is useful when you are doing something that requires some processing when you modify it.

Recently, I have used it to edit a man page. At first, I had to run mandoc each time I modified to file to check the render. This was the first time I edited a man page so I had to modify it a lot to get what I wanted. I remembered about entr and this is how you use it:

ls stagit.1 | entr mandoc /_


This simple command will run “mandoc stagit.1” each time stagit.1 is modified. The file names must be given by stdin to entr, and then use the characters sequence /_ to replace the names (like {} in find).

The man page of entr is very well documented if you need more examples.

# Emacs 25: save cursor position

Written by Solène, on 08 December 2016.
Tags: #emacs

Since I upgraded to Emacs 25 it was no longer saving my last cursor position in edited file. This is a feature I really like because I often fire and close emacs rather than keeping it opened.

Before (< emacs 25)

(setq save-place-file "~/.emacs.d/saveplace")
(setq-default save-place t)
(require 'saveplace)


Emacs 25

(save-place-mode t)
(setq save-place-file "~/.emacs.d/saveplace")
(setq-default save-place t)


That’s all :)

# Port of the week: dnscrypt-proxy

Written by Solène, on 19 October 2016.
Tags: #unix #security #portoftheweek

Today I will talk about net/dnscrypt-proxy. This let you encrypt your DNS traffic between your resolver and the remote DNS recursive server. More and more countries and internet provider use DNS to block some websites, and now they tend to do “man in the middle” with DNS answers, so you can’t just use a remote DNS you find on the internet. While a remote dnscrypt DNS server can still be affected by such “man in the middle” hijack, there is a very little chance DNS traffic is altered in datacenters / dedicated server hosting.

The article also deal with unbound as a dns cache because dnscrypt is a bit slow and asking multiple time the same domain in a few minutes is a waste of cpu/network/time for everyone. So I recommend setting up a DNS cache on your side (which can also permit to use it on a LAN).

At the time I write this article, their is a very good explanation about “how to install it” is named dnscrypt-proxy–1.9.5p3 in the folder /usr/local/share/doc/pkg-readmes/. The following article is made from this file. (Article updated at the time of OpenBSD 6.3)

While I write for OpenBSD this can be easily adapted to anthing else Unix-like.

### Install dnscrypt

# pkg_add dnscrypt-proxy


### Resolv.conf

Modify your resolv.conf file to this

/etc/resolv.conf :

nameserver 127.0.0.1
lookup file bind
options edns0


### When using dhcp client

If you use dhcp to get an address, you can use the following line to force having 127.0.0.1 as nameserver by modifying dhclient config file. Beware, if you use it, when upgrading the system from bsd.rd, you will get 127.0.0.1 as your DNS server but no service running.

/etc/dhclient.conf :

supersede domain-name-servers 127.0.0.1;


### Unbound

Now, we need to modify unbound config to tell him to ask DNS at 127.0.0.1 port 40. Please adapt your config, I will just add what is mandatory. Unbound configuration file isn’t in /etc because it’s chrooted

/var/unbound/etc/unbound.conf:

server:
# this line is MANDATORY
do-not-query-localhost: no

forward-zone:
name: "."


If you want to allow other to resolv through your unbound daemon, please see parameters interface and access-control. You will need to tell unbound to bind on external interfaces and allow requests on it.

### Dnscrypt-proxy

Now we need to configure dnscrypt, pick a server in the following LIST /usr/local/share/dnscrypt-proxy/dnscrypt-resolvers.csv, the name is the first column.

As root type the following (or use doas/sudo), in the example we choose dnscrypt.eu-nl as a DNS provider

# rcctl enable dnscrypt_proxy
# rcctl set dnscrypt_proxy flags -E -m1 -R dnscrypt.eu-nl -a 127.0.0.1:40
# rcctl start dnscrypt_proxy


### Conclusion

You should be able to resolv address through dnscrypt now. You can use tcpdump on your external interface to see if you see something on udp port 53, you should not see traffic there.

If you want to use dig hostname -p 40 @127.0.0.1 to make DNS request to dnscrypt without unbound, you will need net/isc-bind which will provide /usr/local/bin/dig. OpenBSD base dig can’t use a port different than 53.

# How to publish a git repository on http

Written by Solène, on 07 October 2016.
Tags: #unix #git

Here is an how-to in order to make a git repository available for cloning through a simple http server. This method only allow people to fetch the repository, not to push. I wanted to set-up this to get my code, I don’t plan to have any commit on it from other people at this time so it’s enough.

In a folder publicly available from your http server clone your repository in bare mode. As explained in the [https://git-scm.com/book/tr/v2/Git-on-the-Server-The-Protocols](man page):

$cd /var/www/htdocs/some-path/$ git clone --bare /path/to/git_project gitproject.git
$cd gitproject.git$ git update-server-info
$mv hooks/post-update.sample hooks/post-update$ chmod o+x hooks/post-update


Then you will be able to clone the repository with

$git clone https://your-hostname/some-path/gitproject.git  I’ve lost time because I did not execute git update-server-info so the clone wasn’t possible. # Port of the week: rlwrap Written by Solène, on 04 October 2016. Tags: #unix #shell #portoftheweek Today I will present misc/rlwrap which is an utility tool when you use some command-line software which doesn’t provide you a nice readline input. By using rlwrap, you will be able to use telnet, a language REPL or any command-line tool where you input text with an history of what you type, ability to use emacs bindings like C-a C-e M-Ret etc… I use it often with telnet or sbcl. Usage : $ rlwrap telnet host port


# OpenBSD performance tuning for desktop

Written by Solène, on 28 September 2016.
Tags: #openbsd60 #openbsd

I am using the following lines in my /etc/sysctl.conf file, this boosted the performance on my multiples OpenBSD desktop:

kern.maxvnodes=768000
kern.maxfiles=32768
kern.maxclusters=256000
kern.seminfo.semmni=1024
kern.seminfo.semmns=4096
kern.shminfo.shmmax=805306368
kern.bufcachepercent=90


# Common LISP: How to open an SSL / TLS stream

Written by Solène, on 26 September 2016.
Tags: #lisp #network

Here is a tiny code to get a connection to an SSL/TLS server. I am writing an IRC client and an IRC bot too and it’s better to connect through a secure channel.

This requires usocket and cl+ssl:

(usocket:with-client-socket (socket stream *server* *port*)
(let ((ssl-stream (cl+ssl:make-ssl-client-stream stream
:external-format '(:iso-8859-1 :eol-style :lf)
:unwrap-stream-p t
:hostname *server*)))
(format ssl-stream "hello there !~%")
(force-output ssl-stream)))


# Port of the week: stumpwm

Written by Solène, on 21 September 2016.
Tags: #window-manager #portoftheweek #lisp

When I started port of the week articles I was planning to write an article every week but now I don’t have much ports too speak about.

# Redirect stdin into a variable in shell

Written by Solène, on 12 September 2016.
Tags: #shell #unix

If you want to write a script reading stdin and put it into a variable, there is an very easy way to procede :

#!/bin/sh
var=cat
echo $var  That’s all # Android phone and Unix Written by Solène, on 06 September 2016. Tags: #android #emacs If you have an android Phone, here are two things you may like: ### Org-mode <=> Android First is the MobileOrg app to synchronize your calendar/tasks between your computer org-mode files and your phone. I am using org-mode since a few months, I think I do pretty basics things with it like having a todo list with a deadline for each item. Having it in my phone calendar is a good enhancement. I can also add todo items from my phone to show it on my computer. The phone and your computer get synced by publishing a special format of org files for the mobile on a remote server. Mobile Org supports ssh, webdav, dropbox or sdcard. I’m using ssh because I own a server and I can reliabily have my things connected together there on a dedicated account. Emacs will then use tramp to publish/retrieve the files. Official MobileOrg website MobileOrg on Google Play ### Read/Write sms from a remote place Second useful thing I like with my android phone is being able to write and send sms (+ some others things but I was most interested by SMS) from my computer. A few services already exists but they work with “cloud” logic and I don’t want my phone to be connected to one more service. The MAXS app provides me what I need : ability to read/write the sms of my phone from the computer without web browser and relying on my own services. MAXS connects the phone to a XMPP account and you set a whitelist of XMPP mails able to send commands, that’s all. Here are a few examples of use: To write a SMS I just need to speak to the jabber account of my phone and write sms send firstname lastname hello how are you ?  Be careful, there are 2 spaces after the lastname ! I think it’s like this so MAXS can make easily the difference between the name and the message. I can also reply quickly to the last contacted person reply to Yes I'm answering from my computer  To read the last n sms sms read n  It’s still not perfect because sometimes it lose connectivity and you can’t speak with it anymore but from the project author it’s not a problem seen on every phone. I did not have the time yet to report exactly the problem (I need to play with Android Debug Bridge for that). If you want to install MAXS, you will need a few app from the store to get it working. First, you will need MAXS main and MAXS transport (a plugin to use XMPP) and then plugins for the differents commands you want, so, maybe, smsread and smswrite. Check their website for more informations. As presenter earlier on my website, I use profanity as XMPP client. It’s a light and easy to configure/use console client. Official MAXS Website MAXS on Google Play # How to kill processes by their name Written by Solène, on 25 August 2016. Tags: #unix If you want to kill a process by its name instead of its PID number, which is easier if you have to kill processes from the same binary, here are the commands depending of your operating system: FreeBSD / Linux $ killall pid_name


OpenBSD

$pkill pid_name  Solaris Be careful with Solaris killall. With no argument, the command will send a signal to every active process, which is not something you want. $ killall pid_name


# Automatically mute your Firefox tab

Written by Solène, on 17 August 2016.
Tags: #firefox

At work I have the sound of my laptop not muted because I need sound from time to time. But browsing the internet with Firefox can sometime trigger some undesired sound, very boring in the office. There is the extension Mute Tab to auto-mute a new tab on Firefox so it won’t play sound. The auto-mute must be activated in the plugin options, it’s un-checked by default.

You can find it here, no restart required: Firefox Mute Tab addon

I also use FlashStopper which block by default flash and HTML5 videos, so you can click on it to activate them, it doesn’t autoplay.

# Port of the week: pwgen

Written by Solène, on 12 August 2016.
Tags: #security #portoftheweek

I will talk about security/pwgen for the current port of the week. It’s a very light executable to generate passwords. But it’s not just a dumb password generator, it has options to choose what kind of password you want.

Here is a list of options with their flag, you will find a lot more in the nice man page of pwgen:

• -A : don’t use capital letters
• -B : don’t use characters which could be missread (O/0, I/l/1 …)
• -v : don’t use vowels
• etc…

You can also use a seed to generate your “random” password (which aren’t very random in this case), you may need it for some reason to be able to reproduce password you lost for a ftp/http access for example.

Example of pwgen output generating 5 password of 10 characters. Using –1 parameter so it will only display one password per line, otherwise it display a grid (on column and multiple lines) of passwords.

$pwgen -1 10 5 fohchah9oP haNgeik0ee meiceeW8ae OReejoi5oo ohdae2Eisu  # Website now compatible gopher ! Written by Solène, on 11 August 2016. Tags: #gopher #network #lisp My website is now available with Gopher protocol ! I really like this protocol. If you don’t know it, I encourage you reading this page : Why is Gopher still relevant?. This has been made possible by modifying the tool generating the website pages to make it generating gopher compatible pages. This was a bit of work but I am now proud to have it working. I have also made a “big” change into the generator, it now rely on a “markdown-to-html” tool which sadden me a bit. Before that, I was using ham-mode in emacs which was converting html on the fly to markdown so I can edit in markdown, and was exporting into html on save. This had pros and cons. Nothing more than a lisp interpreter was needed on the system generating the files, but I was sometimes struggling with ham-mode because the conversion was destructive. Multiple editing in a row of the same file was breaking code blocks, because it wasn’t exported the same way each time until it wasn’t a code block anymore. There are some articles that I update sometimes to keep it up-to-date or fix an error in it, and it was boring to fix the code everytime. Having the original markdown text was mandatory for gopher export, and is now easier to edit with any tool. There is a link to my gopher site on the right of this page. You will need a gopher client to connect to it. There is an android client working, also Firefox can have an extension to become compatible (gopher support was native before it have been dropped). You can find a list of clients on Wikipedia. Gopher is nice, don’t let it die. # Port of the week: feh Written by Solène, on 08 August 2016. Tags: #portoftheweek Today I will talk about graphics/feh, it’s a tool to view pictures and it can also be used to set an image as background. I use this command line, invoked by stumpwm when my session starts so I can a nice background with cubes :) feh --bg-scale /home/solene/Downloads/cubes.jpg  feh as a lot of options and is really easy to use, I still prefer sxiv for viewing but I use feh for my background. # Port of the week: Puddletag Written by Solène, on 20 July 2016. Tags: #portoftheweek If you ever need to modify the tags of your music library (made of MP3s) I would recommend you audio/puddletag. This tool will let you see all your music metadata like a spreadsheet and just modify the cells to change the artist name, title etc… You can also select multiple cells and type one text and it will be applied on all the selected cells. There is also a tool to extract data from the filename with a regex. This tool is very easy and pleasant to use. There is an option in the configuration panel that is good to be aware of, by default, when you change the tag of a file, the modification time isn’t changed, so if you use some kind of backup relying on the modification time it won’t be synchronized. In the configuration panel, you will find an option to check which will bump the modification timestamp when you change a tag on a song. # Port of the week: Profanity Written by Solène, on 12 July 2016. Tags: #portoftheweek #network Profanity is a command-line ncurses based XMPP (Jabber) client. It’s easy to use and seem inspired from irssi for the interface. It’s available in net/profanity. It’s really easy to use and the documentation on its website is really clear. To log-in, just type /connect myusername@mydomain and after the password prompt, you will be connected. Easy. Profanity official website # Stop being tracked by Google search with Firefox Written by Solène, on 04 July 2016. Tags: #security #web When you use google search and you click on a link, you a redirected on a google server that will take care of saving your navigation choice from their search engine into their database. 1. This is bad for your privacy 2. This slow the process of using the search engine because you have a redirection (that you don’t see) when you want to visit a link There is a firefox extension that will fix the links in the results of the search engine so when you click, you just go on the website without saying “hello Google I clicked there”: Google Search Link Fix You can also use another web engine if you don’t like Google. I keep it because I have best results when searching technical. I tried to use Yahoo, Bing, Exalead, Qwant, Duck duck go, each one for a few days and Google has the bests results so far. # Port of the week: OpenSCAD Written by Solène, on 04 July 2016. Tags: #portoftheweek OpenSCAD is a software for creating 3D objects like a programming language, with the possibility to preview your creation. I am personaly interested in 3D things, I have been playing with 3ds Max and Blender for creating 3d objects but I never felt really comfortable with them. I discovered pov-ray a few years ago which is used to create rendered pictures instead of creating objects. Pov-ray use its own “programming language” to describe the scene and make the render. Now, I have a 3D printer and I would like to create things to print, but I don’t like the GUI stuff of Blender and Pov-ray don’t create objects, so… OpenSCAD ! This is the pov-ray of objects ! Here is a simple example that create an empty box (difference of 2 cubes) and a screw propeller: width = 3; height = 3; depth = 6; thickness = 0.2; difference() { cube( [width,depth,height], true); translate( [0,0,thickness] ) cube( [width-thickness, depth-thickness, height], true); } translate( [ width , 0 , 0 ]) linear_extrude(twist = 400, height = height*2) square(2,true);  The following picture is made from the code above: There are scad-mode and scad-preview for emacs for editing OpenSCAD files. scad-mode will check the coloration/syntax and scad-preview will create the OpenScad render inside a Emacs pane. Personaly, I use OpenSCAD opened in some corner of the screen with option set to render on file change, and I edit with emacs. Of course you can use any editor, or the embedded editor which is a Scintilla one which is pretty usable. OpenSCAD website OpenSCAD gallery # Port of the week: arandr Written by Solène, on 27 June 2016. Tags: #portoftheweek Today the Port of the week is x11/arandr, it’s a very simple tool to set-up your screen display when using multiple monitors. It’s very handy when you want to make something complicated or don’t want to use xrandr in command line. There is not much to say because it’s very easy to use! # Port of the week: x2x Written by Solène, on 23 June 2016. Tags: #portoftheweek Port of the week is now presenting you x2x which stands for X to X connection. This is a really tiny tool in one executable file that let you move your mouse and use your keyboard on another X server than yours. It’s like the other tool synergy but easier to use and open-source (I think synergy isn’t open source anymore). If you want to use the computer on your left, just use the following command (x2x must be installed on it and ssh available) $ ssh -CX the_host_address "x2x -west -to :0.0"


and then you can move your cursor to the left of your screen and you will see that you can use your cursor or type with the keyboard on your other computer ! I am using it to manage a wall of screen made of raspberry Pi first generation. I used to connect to it with VNC but it was very very slow.

# Git cheat sheet

Written by Solène, on 08 June 2016.
Tags: #cheatsheet #git

Here is my git cheat sheet ! Because I don’t like git I never remember how to do X or Y with it so I need to write down simple commands ! (I am used to darcs and mercurial but with the “git trend” I need to learn it and use it).

$git reset --hard  ### Get the latest version before working $ git pull


$git commit -m "Commit message" -a  ### Send the commit to the repository $ git push


# How to send html signature in mu4e

Written by Solène, on 07 June 2016.
Tags: #email #emacs

I switched to mu4e to manage my mails at work, and also to send mails. But in our corporation we all have a signature that include our logo and some hypertext links, so I couldn’t just insert my signature and be done with that. There is a simple way to deal with this problem, I fetched the html part of my signature (which include an image in base64) and pasted it into my emacs config file this way.

(setq mu4e-compose-signature
"<#part type=text/html><html><body><p>Hello ! I am the html signature which can contains anything in html !</p></body></html><#/part>" )


I pasted my signature instead of the hello world text of course, but you only have to use the part tag and you are done ! The rest of your mails will be plain text, except this part.

# My Stumpwm config on OpenBSD

Written by Solène, on 06 June 2016.
Tags: #window-manager #lisp

I want to talk about stumpwm, a window manager written in Common LISP. I think one must at least like emacs to like stumpwm. Stumpwm is a tiling window manager one which you create “panes” on the screen like windows on Emacs. A single pane takes 100% of the screen, then you can split it into 2 panes vertically or horizontally and resize it, and you can split again and again. There is no “automatic” tiling. By default, if you have ONE pane, you will only have ONE window displayed, this is a bit different that others tiling wm I had tried. Also, virtual desktops are named groups, nothing special here, you can create/delete groups and rename it. Finally, stumpwm is not minimalistic.

To install it, you need to get the sources of stumpwm, install a common lisp interpreter (sbcl, clisp, ecl etc…), install quicklisp (which is not in packages), install the quicklisp packages cl-ppcre and clx and then you can compile stumpwm, that will produce a huge binary which embedded a common lisp interpreter (that’s a way to share common lisp executables, the interpreter can create an executable from itself and include the files you want to execute). I would like to make a package for OpenBSD but packaging quicklisp and its packages seems too difficult for me at the moment.

Here is my config file in ~/.stumpwmrc.

Updated: 23th january 2018

(defun chomp(text) (subseq text 0 (- (length text) 1)))
(defmacro cmd(command) (progn (:eval (chomp (stumpwm:run-shell-command ,,command t)))))

(defun get-latence()
(let ((now (get-universal-time)))
(when (> (- now *latence-last-update* ) 30)
(setf *latence-last-update* now)
(when (probe-file "/tmp/latenceresult")
(with-open-file (x "/tmp/latenceresult"
:direction :input)
*latence*)

(defvar *latence-last-update* (get-universal-time))
(defvar *latence* "nil")

(set-module-dir "~/dev/stumpwm-contrib/")
(stumpwm:run-shell-command "setxkbmap fr")

(defvar color1 "#886666")
(defvar color2 "#222222")

(setf
stumpwm:*mode-line-background-color* color2
stumpwm:*mode-line-foreground-color* color1
stumpwm:*mode-line-border-color* "#555555"
stumpwm:*screen-mode-line-format* (list "%g | %v ^>^7 %B | " '(:eval (get-latence)) "ms %d    ")
stumpwm:*mode-line-border-width* 1
stumpwm:*mode-line-timeout* 5
stumpwm:*mouse-focus-policy* :click
;;stumpwm:*group-format* "%n·%t
stumpwm:*group-format* "%n"
stumpwm:*time-modeline-string* "%H:%M"
stumpwm:*window-format* "^b^(:fg \"#7799AA\")<%25t>"
stumpwm:*window-border-style* :tight
stumpwm:*normal-border-width* 1
)

(stumpwm:set-focus-color "#7799CC")
(stumpwm:grename "Alpha")
(stumpwm:gnewbg "Beta")
(stumpwm:gnewbg "Tau")
(stumpwm:gnewbg "Pi")
(stumpwm:gnewbg "Zeta")
(stumpwm:gnewbg "Teta")
(stumpwm:gnewbg "Phi")
(stumpwm:gnewbg "Rho")

(set-prefix-key (kbd "M-a"))

(define-key *root-map* (kbd "c")            "exec urxvtc")
(define-key *root-map* (kbd "RET")          "move-window down")
(define-key *root-map* (kbd "z")            "fullscreen")

(define-key *top-map* (kbd "M-&")           "gselect 1")
(define-key *top-map* (kbd "M-eacute")      "gselect 2")
(define-key *top-map* (kbd "M-\"")          "gselect 3")
(define-key *top-map* (kbd "M-quoteright")  "gselect 4")
(define-key *top-map* (kbd "M-(")           "gselect 5")
(define-key *top-map* (kbd "M--")           "gselect 6")
(define-key *top-map* (kbd "M-egrave")      "gselect 7")
(define-key *top-map* (kbd "M-underscore")  "gselect 8")

(define-key *top-map* (kbd "s-l")           "exec slock")
(define-key *top-map* (kbd "s-t")           "exec urxvtc")
(define-key *top-map* (kbd "M-S-RET")       "exec urxvtc")
(define-key *top-map* (kbd "M-C")           "exec urxvtc")

(define-key *top-map* (kbd "s-s")           "exec /home/solene/dev/screen_up.sh")

(define-key *top-map* (kbd "s-Left")        "gprev")
(define-key *top-map* (kbd "s-Right")       "gnext")

(define-key *top-map* (kbd "M-ISO_Left_Tab")"other")
(define-key *top-map* (kbd "M-TAB")         "fnext")
(define-key *top-map* (kbd "M-twosuperior") "next-in-frame")



I use a function to get latency from a script that is started every 20 seconds to display the network latency or nil if I don’t have internet access.

I use rxvt-unicode daemon (urxvtd) as a terminal emulator, so the terminal command is urxvtc (for client), it’s lighter and faster to load.

I also use a weird “alt+tab” combination:

• Alt+tab switch between panes
• Alt+² (the key above tab) circles windows in the current pane
• Alt+Shift+Tab switch to the previous windows selected

StumpWM website

# Port of the week: mbuffer

Written by Solène, on 31 May 2016.
Tags: #portoftheweek #network

This Port of the week is a bit special because sadly, the port isn’t available on OpenBSD. The port is mbuffer (which you can find in misc/mbuffer).

I discovered it while looking for a way to enhance one of my network stream scripts. I have some scripts that get a dump of a postgresql base through SSH, copy it from stdin to a file with tee and send it out to the local postgres, the command line looks like

$ssh remote-base-server "pg_dump my_base | gzip -c -f -" | gunzip -f | tee dumps/my_base.dump | psql my_base  I also use the same kind of command to receive a ZFS snapshot from another server. But there is an issue, the end server is relatively slow, postgresql and ZFS will eat lot of data from stdin and then it will stop for sometimes writing on the disk, when they are ready to take new data, it’s slow to fill them. This is where mbuffer takes places. This tool permit to add a buffer that will take data from stdin and fill its memory (that you set on the command line), so when the slowest part of the command is ready to take data, mbuffer will empty its memory into the pipe, so the slowlest command isn’t waiting to get filled before working again. The new command looks like that for a buffer of 300 Mb ssh remote-base-server "pg_dump my_base | gzip -c -f -" | gunzip -f | tee dumps/my_base.dump | mbuffer -s 8192 -m 300M | psql my_base  mbuffer also comes with a nice console output, showing • bandwith in • bandwith out • percentage/consumption of memory filled • total transfered in @ 1219 KiB/s, out @ 1219 KiB/s, 906 MiB total, buffer 0% full In this example the server is too fast so there is no wait, the buffer isn’t used (0% full). mbuffer can also listen on TCP, unix socket and have a lot of parameters that I didn’t try, if you think that can be useful for you, just go for it ! # FreeBSD 11 and Perc H720P Mini raid controller Written by Solène, on 25 May 2016. Tags: #freebsd11 #hardware I had a problem with my 3 latests R430 Dell server which all have a PERC H730P Mini raid controller. The installer could barely works and slowly, and 2 servers were booting and crashing with FS corruption while the latest just didn’t boot and the raid was cleared. It is a problem with a driver of the raid controller. I don’t understand exatly the problem but I found a fix. From man page mfi(4) A tunable is provided to adjust the mfi driver's behaviour when attaching to a card. By default the driver will attach to all known cards with high probe priority. If the tunable hw.mfi.mrsas_enable is set to 1, then the driver will reduce its probe priority to allow mrsas to attach to the card instead of mfi.  In order to install the system, you have to set hw.mfi.mrsas_enable=1 on the install media, and set this on the installed system before booting it. There are two ways for that: • if you use a usb media, you can mount it and edit /boot/loader.conf and add hw.mfi.mrsas_enable=1 • at the boot screen with the logo freebsd, choose 3) Espace to boot prompt, type set hw.mfi.mrsas_enable=1 and boot You will have to edit /boot/loader.conf to add the line on the installed system from the live system of the installer. I have been struggling a long before understanding the problem. I hope this message could save time to somebody else. # Port of the week: rdesktop Written by Solène, on 20 May 2016. Tags: #portoftheweek This week we will have a quick look at the tool rdesktop. Rdesktop is a RDP client (RDP stands for Remote Desktop Protocol) which is used to share your desktop with another machine. RDP is a Microsoft thing and it’s most used on Windows. I am personally using it because sometimes I need to use Microsoft Word/Excel or Windows only software and I have a dedidated virtual machine for this. So I use rdesktop to connect in fullscreen to the virtual machine and I can work on Windows. The RDP protocol is very efficient, on LAN network there is no lag. I appreciate much more using the VM with RDP than VNC. You can also have RDP servers within virtual machines. VirtualBox let you have (with an additional package to add on the host) RDP server for a VM. Maybe VmWare provides RDP servers too. I know that Xen and KVM can give access through VNC or Spice but no RDP. For its usage, if you want to connect to a RDP server whose IP address is 192.168.1.100 in fullscreen with max quality, type: $ rdesktop -f -x 0x80 192.168.1.100


The -x 0x80 bit is needed to set the quality at maximum. If the machine needs username and password you can add -u my_user -p my_plaintext_pass to login automatically. I have an alias in my zsh shell, I just type “windows” and I get logged in in fullscreen to the windows machine.

To exit fullscreen type ctrl+alt+return to switch to windowed mode and again to go in fullscreen mode. I wasn’t able to remember the keyboard shortcut the first times and was stuck in Windows ! ;-)

In the OpenBSD ports tree, check x11/rdesktop.

# Mbsync and imap login problem

Written by Solène, on 17 May 2016.
Tags: #solved #email

IMAP command 'AUTHENTICATE DIGEST-MD5' returned an error: NO Authentication failed


A fix is to add the following to your ~/.mbsyncrc IMAPAccount declaration.

AuthMechs LOGIN


Using LOGIN instead of DIGEST-MD5 is still secure if you have an encrypted connection (IMAPS or STARTTLS). The login will be given plaintext inside the connection.

# Resize live UFS filesystem on FreeBSD 11

Written by Solène, on 17 May 2016.
Tags: #freebsd11

I am using FreeBSD in virtual machines and sometimes I need to increase the disk capacity of the storage. From your VM Host, increase the capacity of the storage backend, then on the FreeBSD system (10.3 when writing), you should see this in the last line of dmesg.

GEOM_PART: vtbd0 was automatically resized.
Use gpart commit vtbd0 to save changes or gpart undo vtbd0 to revert them.


Here is the gpart show output on the system:

>       34  335544253  vtbd0  GPT  (160G)
34       1024      1  freebsd-boot  (512K)
1058  159382528      2  freebsd-ufs  (76G)
159383586    8388540      3  freebsd-swap  (4.0G)
167772126  167772161         - free -  (80G)


The process is a bit harder here because I have my partition swap at the end of the storage, so if I want to increase the size of the ufs partition, I will need to remove the swap partition, increase the data partition and recreate the swap. This is not that hard but having the freebsd-ufs partition at the end would have been easier.

1. swapoff the device : swapoff /dev/vtbd0p3
2. delete the swap partition : gpart delete -i 3 vtbd0
3. resize the freebsd-ufs partition : gpart resize -i 2 -a 4k -s 156G vtbd0
4. create the swap : gpart add -t freebsd-swap -a 4k vtbd0
5. swapon : swapon /dev/vtbd0p3
6. tell UFS to resize : growfs /

If freebsd-ufs was the latest in the gpart order, only steps 3 and 6 would have been necessary.

Sources: FreeBSD Handbook and gpart(8)

# Git push to non-bare repository

Written by Solène, on 17 May 2016.
Tags: #git #solved

Hello

You have a git repository where you work in, and you would like to work on a clone of it and push the data back to it ? You may encounter issues if your git repository isn’t a bare one. I have been facing this problem by using gitit, which works with a non-bare git repository.

### What is a bare git repository ?

Here is how to create a bare repository and what it looks like.

$git init --bare repo$ ls -a repo/
..           branches     description  info         refs


You can’t work in this, but this is the kind of repository that should be used to store/push/clone etc..

### What is a non-bare git repository ?

Here is how to create a non-bare repository and what it looks like.

$git init repo2$ ls -a repo2
.    ..   .git


You may use this one for local use, but you may want to clone it later, and work with this repository and doing push/pull. That’s how gitit works, it has a folder “wikidata” that should be initiated as git, and it will works locally. But if you want to clone it on your computer, work on the documentation and then push your changes to gitit, you may get this error when pushing :

### Problem when pushing

I cloned the repository, made changes, committed and now I want to push, but no…

Décompte des objets: 3, fait.
Écriture des objets: 100% (3/3), 232 bytes | 0 bytes/s, fait.
Total 3 (delta 0), reused 0 (delta 0)
remote: error: refusing to update checked out branch: refs/heads/master
remote: error: By default, updating the current branch in a non-bare repository
remote: error: is denied, because it will make the index and work tree inconsistent
remote: error: with what you pushed, and will require 'git reset --hard' to match
remote: error: the work tree to HEAD.
remote: error:
remote: error: You can set 'receive.denyCurrentBranch' configuration variable to
remote: error: 'ignore' or 'warn' in the remote repository to allow pushing into
remote: error: its current branch; however, this is not recommended unless you
remote: error: arranged to update its work tree to match what you pushed in some
remote: error: other way.
remote: error:
remote: error: To squelch this message and still keep the default behaviour, set
remote: error: 'receive.denyCurrentBranch' configuration variable to 'refuse'.
! [remote rejected] master -> master (branch is currently checked out)


git is unhappy, I can’t push

### Solution

You can fix this “problem” by changing a config in the server repository with this command :

# My zsh cheat sheet

Written by Solène, on 03 May 2016.
Tags: #cheatsheet #zsh

I may add new things in the future, as they come for me, if I find new features useful.

### How to repeat a command n time

repeat 5 curl http://localhost/counter_add.php


### How to expand recursively

If you want to find every file ending by .lisp in the folder and subfolder you can use the following syntax. Using ****** inside a pattern while do a recursive globbing.

ls **/*.lisp


### Work with temp files

If you want to work on some command outputs without having to manage temporary files, zsh can do it for you with the following syntax: =(command that produces stdout).

In the example we will use emacs to open the list of the files in our personal folder.

emacs =(find ~ -type f)


This syntax will produce a temp file that will be removed when emacs exits.

### My ~/.zshrc

here is my ~/.zshrc, very simple (I didn’t pasted the aliases I have), I have a 1000 lines history that skips duplicates.

HISTFILE=~/.histfile
HISTSIZE=1000
SAVEHIST=1000
setopt hist_ignore_all_dups
setopt appendhistory
bindkey -e
zstyle :compinstall filename '/home/solene/.zshrc'
compinit
export LANGUAGE=fr_FR.UTF-8
export LANG=fr_FR.UTF-8
export LC_ALL=fr_FR.UTF-8
export LC_CTYPE=fr_FR.UTF-8
export LC_MESSAGES=fr_FR.UTF-8


# Simple emacs config

Written by Solène, on 02 May 2016.
Tags: #emacs #cheatsheet

Here is a dump of my emacs config file. That may be useful for some emacs users who begin.

If you doesn’t want to have your_filename.txt~ files with a tilde at the end (this is a default backup file), add this

; I don't want to have backup files everywhere with filename~ name
(setq backup-inhibited t)
(setq auto-save-default nil)


To have parenthesis highlighting on match, which is very useful, you will need this

; show match parenthesis
(show-paren-mode 1)


I really like this one. It will save the cursor position in every file you edit. When you edit it again, you start exactly where you leaved the last time.

; keep the position of the cursor after editing
(setq save-place-file "~/.emacs.d/saveplace")
(setq-default save-place t)
(require 'saveplace)


If you write in utf–8 (which is very common now) you should add this.

; utf8
(prefer-coding-system 'utf-8)


Emacs modes are used depending on the extension of a file. Sometime you need to edit files with a custom extension but you want to use a mode for it. So, you just need to add some line like this to get your mode automatically when you load the file.

; associate extension - mode


My Org-mode part in the config file

(require 'org)
(define-key global-map "\C-ca" 'org-agenda)
(setq org-log-done t)
(setq org-agenda-files (list "~/Org/work.org" "~/Org/home.org"))


Stop mixing tabs and space when indenting

(setq indent-tabs-mode nil)


# How to add a route through a specific interface on FreeBSD 10

Written by Solène, on 02 May 2016.
Tags: #freebsd10 #network

If someday under FreeBSD you have a system with multiple IP address on the same network and you need to use a specific IP for a route, you have to use the -ifa parameter in the route command.

In our example, we have to use the address 192.168.1.140 to access the network 192.168.30.0 through the router 192.168.1.1, this is as easy as the following.

route add -net 192.168.30.0 192.168.1.1 -ifa 192.168.1.140
`

You can add this specific route like any other route in your rc.conf as usual, just add the -ifa X.X.X.X parameter.