Planet Exherbo

June 08, 2021

Wulf C. Krueger

The Viscount Who Loved Me (Bridgertons #2), by Julia Quinn

The Viscount Who Loved Me by Julia Quinn

My rating: 4 of 5 stars


This is the kind of book most of my fellow males will avoid like the plague. All the more so if they ever – by accident, of course! – happen to come across the “Author’s Note” in this book which explicitly states “Since my readers are almost exclusively women”…

Well, here I am, and I profess: I greatly enjoyed this book despite knowing that it most certainly is (mostly) literary fast food – good to sate ones primal desires but not really nourishing.

And I couldn’t care less.

I really enjoyed the lovely family dynamics between the Bridgertons and I loved the witty bantering between Anthony and Kate. I just can’t help but root for such wonderful characters and their relationships, their eccentricities and how they overcome them.

Is it realistic? Not at all. Historically accurate? Very unlikely. Romantic, cute and thoroughly enjoyable? To me at least, absolutely.

You’ll have to be able to generously ignore macho “gems” like this one…

»It was as if a certain side of her were visible only to him. He loved that her charms were hidden to the rest of the world. It made her seem more his.«

… which this book features in numbers. The men are “real men” (and hardly stop short at clubbing their female prey and dragging them to their cave), the women are kind and gentle and it doesn’t take much to dishonour a lady for life…

If you can stomach that, you might find yourself actually enjoying it. Four out of five stars for this guilty pleasure.




View all my reviews

I am and have been working on quite a few F/OSS projects: Exherbo (Nick: Philantrop), Bedrock Linux, Gentoo (Nick: Philantrop), Calibre plugin iOS reader applications, Calibre plugin Marvin XD, chroot-manager, stuff on github, lots of other projects. If you like my work, feel free to donate. 🙂

BlogGoodReadsLibraryThingFacebookTwitterInstagram

by Wulf at June 08, 2021 09:12 PM

June 05, 2021

Wulf C. Krueger

Jeder Mensch, von Ferdinand von Schirach

Jeder Mensch by Ferdinand von Schirach




Ferdinand von Schirach ist ein beachtlicher Streiter für Recht und Gerechtigkeit – sowohl als Jurist wie auch in seiner “zweiten Karriere” als Schriftsteller. (Jedes seiner bisher veröffentlichten Bücher ist übrigens uneingeschränkt lesenswert.)
Er hat ein feines Gespür für das, was Recht ist, was Recht sein könnte und was Recht sein sollte und die Klugheit, sich dafür auf vielerlei Ebenen einzusetzen.

In diesem wirklich kurzen Essay (ca. 3.000 Worte) leitet von Schirach nun aus den Werten der US-amerikanischen Unabhängigkeitserklärung die Notwendigkeit sechs einfach anmutender neuer, moderner Grundrechte für ein besseres Europa ab:

Artikel 1 – Umwelt
Jeder Mensch hat das Recht, in einer gesunden und geschützten Umwelt zu leben.

Artikel 2 – Digitale Selbstbestimmung
Jeder Mensch hat das Recht auf digitale Selbstbestimmung. Die Ausforschung oder Manipulation von Menschen ist verboten.

Artikel 3 – Künstliche Intelligenz
Jeder Mensch hat das Recht, dass ihn belastende Algorithmen transparent, überprüfbar und fair sind. Wesentliche Entscheidungen muss ein Mensch treffen.

Artikel 4 – Wahrheit
Jeder Mensch hat das Recht, dass Äußerungen von Amtsträgern der Wahrheit entsprechen.

Artikel 5 – Globalisierung
Jeder Mensch hat das Recht, dass ihm nur solche Waren und Dienstleistungen angeboten werden, die unter Wahrung der universellen Menschenrechte hergestellt und erbracht werden.

Artikel 6 – Grundrechtsklage
Jeder Mensch kann wegen systematischer Verletzungen dieser Charta Grundrechtsklage vor den Europäischen Gerichten erheben.

(Quelle: https://www.jeder-mensch.eu/informati…)

Diese angestrebten neuen Rechte mögen simpel wirken, vielleicht gar naiv (z. B. Artikel 4), aber wie, wenn nicht durch einklagbare Rechte, können wir die Risiken, die die unglaublichen technologischen Errungenschaften (Artikel 2, 3 und 5) unserer Zeit mit sich bringen, handhabbar machen?

Diese neuen Rechte beschäftigen sich gleichzeitig mit den großen Herausforderungen unserer Zeit – dem Erhalt unserer Lebensgrundlage (Artikel 1) und der Wahrhaftigkeit (Artikel 4) untereinander.
Insofern bin ich einmal mehr dankbar für das, was Ferdinand von Schirach leistet und unterstütze dieses Projekt aus Überzeugung. Auf eine Sterne-Bewertung verzichte ich angesichts der Natur und des Umfangs dieses Essays.



View all my reviews

(Reminder to anyone not reading German: There’s a link to translate this (and every) page at the very bottom.)
I am and have been working on quite a few F/OSS projects: Exherbo (Nick: Philantrop), Bedrock Linux, Gentoo (Nick: Philantrop), Calibre plugin iOS reader applications, Calibre plugin Marvin XD, chroot-manager, stuff on github, lots of other projects. If you like my work, feel free to donate. 🙂

BlogGoodReadsLibraryThingFacebookTwitterInstagram

by Wulf at June 05, 2021 09:10 AM

June 04, 2021

Ali Polatel

alip: “PinkTrace-1.0.0 released with …”

PinkTrace-1.0.0 released with AArch64 (arm64) architecture support with a few important bug fixes. See the new homepage at pinktrace.exherbo.org and browse the c api documentation at
dev.exherbo.org/~alip/pinktrac and python bindings documentation at dev.exherbo.org/~alip/pinktrac

June 04, 2021 07:58 PM

Wulf C. Krueger

Junge Frau, am Fenster stehend, Abendlicht, blaues Kleid, von Alena Schröder

Junge Frau, am Fenster stehend, Abendlicht, blaues Kleid by Alena Schröder

My rating: 5 of 5 stars


Die “Junge Frau” ist ein leises und berührendes Buch, ohne jemals ins Sentimentale abzugleiten. Es liest sich schnell, leicht und locker, ohne es an Empathie für seine Protagonistinnen mangeln zu lassen oder das teils tragische Schicksal zu banalisieren.

In zwei Erzählungssträngen erzählt Schröder die Geschichte von vier (eigentlich fünf) Frauen einer Familie: Zunächst ist da Senta Köhler, geboren im beginnenden 20. Jahrhundert, die ungewollt von einem “feschen” Fliegerheld des Ersten Weltkriegs, Ulrich, schwanger wird.
Senta bekommt das Kind, leidet aber vermutlich an postnatalen Depressionen; die Ehe zerbricht, das Kind, Evelyn, bleibt beim Vater. Senta geht nach Berlin zu ihrer Freundin Lotte.

Im Berlin der 20er und 30er Jahre sind Frauen wie Senta und Lotte – selbständig, selbstbewußt und frei vom Antisemitismus der Zeit – eine Seltenheit. Senta heiratet letztlich in Berlin einen jüdischen Reporter, Julius Goldmann.

Ruhig und um so bedrückender erzählt Schröder von den zunehmenden Schikanen nicht nur durch die Nazi-Machthaber, sondern auch von Profiteuren der Diskriminierung. Können Senta und Julius letztlich fliehen, so werden doch Julius’ Eltern letztlich in Treblinka ermordet.

Es ist selten, daß es einer Autorin so scheinbar einfach gelingt, vom Schicksal Einzelner im Holocaust gleichzeitig so eindringlich und doch unaufgeregt und unaufdringlich zu erzählen.
Evelyn, Sentas Tochter, wächst derweil bei ihrer Tante Trude, Ulrichs Schwester, auf. Trude wird zur überzeugten Nationalsozialistin, die in einem “Delirium aus Hass, Angst, Enttäuschung und Wut” lebt und letztlich stirbt.

Gerade die Geschichte um Senta, die nie aufgibt, die anständig bleibt und die aufsteht und tut, was sie tun muß, gerade diese Geschichte hat mich sehr bewegt.

Im zweiten großen Handlungsstrang erleben wir, wie Hannah, Sentas Urenkelin, ihrer Familiengeschichte durch Zufall gewahr wird. Hannah ist Evelyns (wir erinnern uns: Sentas “verlorene” Tochter) Enkelin und besucht diese hochbetagte alte Dame und Seniorenheim und findet dort den Brief einer israelischen Anwaltskanzlei, die die Suche der verlorenen Familie in Gang bringt.
Schröder schreibt Hannah zu einer wunderbar modernen und glaubwürdigen jungen Frau, die es ihrerseits nicht leicht hat: Eine Affäre mit ihrem Doktorvater, eine Promotion, an der sie kein wirkliches Interesse hat und keine Zukunftsperspektiven in Sicht.

Nur die greise Großmutter ist von der Familie noch gegenwärtig: Der Vater ist seit der Einschulung fort. Die esoterisch angehauchte Mutter Silvia, die vor zehn Jahren an Krebs starb, weil sich der nun einmal nicht mit Zuckerkügelchen (“Globuli”) heilen läßt. Silvia, die aber auch schon vor ihrem Tod oft durch Abwesenheit – physische wie emotionale – “glänzte”, weil sie es wiederum von Evelyn nicht anders kannte.

All das ist kein leichtes “Erbe”, aber mit zunehmendem Verständnis für die komplizierten Familienverhältnisse der Vergangenheit wächst Hannah und es tun sich durch Begegnungen, unter anderem mit Rubi, der Enkelin eines weiteren Zeitzeugen, ungeahnte Wege für die Zukunft auf.

Das Buch endet offen und doch voller Hoffnung. Mir wiederum bleibt nur zu hoffen, daß Alena Schröder noch mehr zu erzählen hat. Volle fünf Sterne für dieses unsentimentale, aber dafür um so bewegendere Buch.




View all my reviews

I am and have been working on quite a few F/OSS projects: Exherbo (Nick: Philantrop), Bedrock Linux, Gentoo (Nick: Philantrop), Calibre plugin iOS reader applications, Calibre plugin Marvin XD, chroot-manager, stuff on github, lots of other projects. If you like my work, feel free to donate. 🙂

BlogGoodReadsLibraryThingFacebookTwitterInstagram
(Reminder to anyone not reading German: There’s a link to translate this (and every) page at the very bottom.)

by Wulf at June 04, 2021 04:04 PM

June 01, 2021

Wulf C. Krueger

The Duke and I (Bridgertons #1), by Julia Quinn

The Duke and I by Julia Quinn

My rating: 4 of 5 stars


Recently, I came across “Bridgerton” on Netflix and – much to the dismay of my family – I really enjoyed it. Now, what would be more sensible than to look for the “source material”?

So I did and was somewhat mystified why, at the time of writing this, “The Duke and I” only features an average score of 3.87. Looking into this made it obvious that one scene from the Netflix series was based on something many reviewers considered a “rape scene”.

Fully expecting this to be exaggerated, I started reading – and found myself enjoying things very much: The chemistry between Daphne and Simon that permeates the entire book and that has been transformed so nicely to the TV screen, the bantering, the family – everything was pretty much great.

If you like romance (I certainly do! 🙂 ), tinged with fictitious history (I do enjoy a good historical novel at times as well), you can hardly go wrong. Then came that scene…

I don’t want to dive into it in any detail or argue in any direction but, yes, that scene left a bitter taste. Especially since Daphne fluctuates between regret and justification of what she did.
It did mar my enjoyment of this otherwise very amusing, quick and easy read to some extent.

Everything that came after was slightly tainted even though Quinn makes things work between Daphne and Simon and at least this reader. Your mileage may vary.

A slightly guilty-feeling four stars out of five.




View all my reviews

I am and have been working on quite a few F/OSS projects: Exherbo (Nick: Philantrop), Bedrock Linux, Gentoo (Nick: Philantrop), Calibre plugin iOS reader applications, Calibre plugin Marvin XD, chroot-manager, stuff on github, lots of other projects. If you like my work, feel free to donate. 🙂

BlogGoodReadsLibraryThingFacebookTwitterInstagram

by Wulf at June 01, 2021 03:42 PM

May 31, 2021

Ali Polatel

alip: “added note about SydBox, Pando…”

added note about SydBox, Pandora & PinkTrace to Seccomp Wikipedia page under software using seccomp-bpf: en.wikipedia.org/wiki/Seccomp

May 31, 2021 09:44 AM

alip: “sydbox-1.2.0 is released with …”

sydbox-1.2.0 is released with seccomp allowing readonly open{,at} w/o trace-stop, stricter defaults for all default sandbox modes but read, seccomp & ptrace seize usage defaulting to on & the shared memory writable restriction defaulting to on. Finally, this version implements an improved & simpler dump interface which the helper Pandora can read to generate profiles for practical, daily applications such as mail client, browser etc. A sample profile for Firefox is added too!

May 31, 2021 05:39 AM

May 30, 2021

Wulf C. Krueger

Funkenmord (Kommissar Kluftinger #11), von Volker Klüpfel & Michael Kobr

Funkenmord: Kluftingers neuer Fall by Volker Klüpfel

My rating: 2 of 5 stars


Puh… Das also war Kluftinger 11 und einem von uns beiden geht langsam die Puste aus. Ich habe jetzt extra mal nachgeschaut: Klüpfel und Kobr sind jeweils Jahrgang 1971 und 1973.

Weite Teile des Humors der beiden Autoren stammt aber eher aus dem miefigen Altherren-Umfeld: Angefangen von Vodka-saufenden Russinnen, über einen indisch-stämmigen Priester, dessen Darstellung zum “Fremdschämen” gereicht (»Goßer Gottowielow-ben-disch. Heah, wie peisen deine Starke …«) bis hin zu ganz peinlichen Klamottenkiste (“But I do not want that he is the Führer.”) – Klüpfel und Kobr ist kein Fettnäpfchen zu schade, kein Witz zu banal, um ihn nicht weidlich und nach den eigenen bescheidenen Künsten auszuschlachten.

Auch über berechtigte Anliegen wird sich von diesem Duo der dümmlichen Peinlichkeit gern und ausschweifend mit solchen Schenkel-Klopfern lustig gemacht:

Handel treibenden Menschinnen und Menschen (m / w / d)

Ganz ehrlich: Ich habe die Faxen von Leuten dicke, die im Jahre 2021 immer noch meinen, sich über Emanzipation, Diversität, Geschlechter-neutrale Sprache, etc. lustig machen zu können. Es sind Witze auf Kosten von Menschen; eine Art von “Witz”, die einfach nicht mehr sein muß.

Ganz unabhängig von all dem: Die Story ist eher schwach, denn Kluftinger ermittelt in einem alten Fall, bei dem er einst einen gravierenden Fehler gemacht hat. Es liegt also auf der Hand, daß wenig “Action” geboten wird, viel in den Achtzigern herumgestochert und wenig substanziell Neues passiert.

Auch sonst ist eigentlich alles sehr voraussehbar – Kluftinger, der immer schon ein wenig “exzentrisch” war, wird dieses Mal allerdings noch mehr zur Karikatur seiner selbst. Ein Waschversuch scheitert aufs Lächerlichste, Mama und Papa werden genüßlich manipuliert und der einzige Lichtblick, die neue Kollegin Luzia Beer, wird schnell “gefügig” geschrieben.

Alle Probleme werden im Nu gelöst und alle halbwegs interessanten Ansätze (Lucy Beer, Flüchtlingsschicksale) werden kaputt geschrieben oder gleich ohne echtes Interesse links liegen gelassen. Konflikte (z. B. Maier/Beer) bleiben verschwommen bzw. lösen sich ganz fix von selbst.

Einzig die wenigen ernsthaften Momente – zum Beispiel im Gespräch mit der Mutter des Opfers – sind noch lesenswert und glaubwürdig. Sie retten diese 500-Seiten-Peinlichkeit zwar auch nicht mehr, aber zumindest heben sie es vom grottigen 1-Sterne-Niveau auf zumindest wohlwollende zwei Sterne.





View all my reviews

I am and have been working on quite a few F/OSS projects: Exherbo (Nick: Philantrop), Bedrock Linux, Gentoo (Nick: Philantrop), Calibre plugin iOS reader applications, Calibre plugin Marvin XD, chroot-manager, stuff on github, lots of other projects. If you like my work, feel free to donate. 🙂

BlogGoodReadsLibraryThingFacebookTwitterInstagram

by Wulf at May 30, 2021 09:07 PM

Ali Polatel

alip: “Pandora's Box: A helper for Sy…”

Pandora&aposs Box: A helper for SydBox, a ptrace & seccomp based sandbox to make sandboxing practical. This makes it easy for the end user to use secure computing for practical, daily purposes. crates.io/crates/pandora_box

May 30, 2021 07:59 PM

alip: “sydbox-scm improves seccomp fo…”

sydbox-scm improves seccomp for read only open calls which is a noticable optimization considering the overall count of trace stops, see details here: commits.exherbo.org/sydbox-1:8 which shows remarkable improvements of reduction in open{,at} calls and build times. Apart from the commit message there&aposs the benchmark git.exherbo.org/sydbox-1.git/t on my build host which has the timing to build the current paludis-3.0.0 (scm). Help test sydbox-scm, report back and enjoy!

May 30, 2021 06:49 PM

May 25, 2021

Wulf C. Krueger

Project Hail Mary, by Andy Weir

Project Hail Mary by Andy Weir

My rating: 5 of 5 stars


Just when I thought Andy Weir was a “one-hit wonder” for his great and exciting “The Martian”, he comes along and writes something that completely blew away my mind.

“Project Hail Mary” is spectacularly well done, features even more “scientific vibes” and despite being deeply rooted in science fiction, everything in this book feels (shockingly) plausible and believable.

Earth is dying from climate change… Dr. Ryland Grace, a grumpy (ex-)scientist gone school teacher, is Earth’s last line of defense and her last hope. As part of the crew of the interstellar spaceship “Hail Mary”, tasked with finding a solution for the afore-mentioned climate change issue, Grace ships out into space.

How this came to be and Grace’s exploits in space are narrated alternatingly (mostly) between chapters. First, we learn how Grace wakes up after an induced coma and then – by witnessing his memory coming back in flashbacks – the book tells the entire story in two parallel but ultimately converging storylines.

Weir masterfully entwines the two storylines with each other and reveals piece by piece. He starts slow (»A teacher! I’m a schoolteacher! I remember it now!«), spins his story and material up to a riveting, amazing, fantastic middle part that dumbstruck me and comes furiously to a wonderful, brilliant, humane and alien ending.

“Project Hail Mary” was compelling, funny, made me laugh out loud at some points and sob and/or cry at others. Its broad angle of humour from the amusingly simple…

»I clench my teeth. I clench my fists. I clench my butt. I clench every part of me that I know how to clench. It gives me a feeling of control. I’m doing something by aggressively doing nothing.«

… to the subtle irony and sarcasm (examples omitted to avoid spoilers).

Grace is discernibly human: He is childish, yet serious. Realistic, yet optimistic. A selfish nerd, and optimistic scientist. In other words, he’s basically a good guy; nerdy, weird but a nice guy. Not as selfless maybe as he’d like (to imagine) at times… But maybe there’s hope for Grace yet…

Because he never loses his basic optimistic outlook (it may be impaired and buried at times) despite seemingly unbeatable odds and, ultimately, that’s what I believe in, too. That despite our Earth starting to die from climate change, we will eventually prevail.

»I bet they did work together. Maybe it’s just the childish optimist in me, but humanity can be pretty impressive when we put our minds to it. After all, everyone worked together to build the Hail Mary. That was no easy feat.«

Nor was it an easy feat to surpass “The Martian” and compose a masterpiece that’s even better. And yet, Andy Weir did it.
If you have even a tiny bit of a nerd inside you, if you like your science fiction somewhat plausible, if you’re not turned off by science – if any of that applies, go and read this book. It’s really, truly brilliant.

Six out of five stars. ♩♫♪♪♫



View all my reviews

I am and have been working on quite a few F/OSS projects: Exherbo (Nick: Philantrop), Bedrock Linux, Gentoo (Nick: Philantrop), Calibre plugin iOS reader applications, Calibre plugin Marvin XD, chroot-manager, stuff on github, lots of other projects. If you like my work, feel free to donate. 🙂

BlogGoodReadsLibraryThingFacebookTwitterInstagram

by Wulf at May 25, 2021 05:13 PM

May 14, 2021

Wulf C. Krueger

The Sun Down Motel, by Simone St. James

The Sun Down Motel by Simone St. James

My rating: 4 of 5 stars


It’s 1982 and Vivian “Viv” Delaney leaves her confining home to find fame and fortune in New York City. By chance, Viv ends up in Fell, New York, where she finds a job as a night manager at the eponymous Sun Down Motel.
At the end of November 1982, Viv disappears.

35 years later, in 2017, her niece, Carly Kirk, follows in Viv’s footsteps after the death of Carly’s mother, Viv’s sister. Carly also flees her overbearing brother, her college courses and her life in general, in pursuit of Viv whose fate she’s determined to discover.

Consequently, Carly, too, goes to Fell and also gets a job at the Sun Down Motel – as the night manager. She even moves into Viv’s old flat and proceeds to not only discover but experience the past…

The book switches (mostly from chapter to chapter) between Viv’s story in 1982 and Carly’s in 2017. While this is currently an often-used storytelling device which would usually distract and, potentially, annoy me, in this instance, it actually adds to the atmosphere of this book.

Its dense, chilling atmosphere, the late night setting (and weary days) is, in fact, one of the major selling points: It has been a long time since I actually lost sleep over a book because I wanted to read just one more chapter…

The writing is (mostly) subtle and elaborate, be it about a “featherlight click sound” or “the perfect, silent hush of night”. Most of all, though, I enjoyed the two converging stories of Viv and Carly who both come to realise not all is as peaceful as it seems in Fell.

I worried for both young women pretty much all the time – a run-down motel, at night, strange noises, the only guests a man who can’t sleep anywhere else, cheating spouses and a strange travelling salesman…

For the most part I was guessing what had happened to Viv and what might yet happen to Carly, both of whom I found very likeable. “The Sun Down Motel” read like a mystery thriller with a supernatural touch (which was, actually, the only part I did not really enjoy, especially not the part at the end…).

For the thrills it gave me, the sleep it stole and its satisfying writing, “The Sun Down Motel” gets four very much deserved stars from me.





View all my reviews

I am and have been working on quite a few F/OSS projects: Exherbo (Nick: Philantrop), Bedrock Linux, Gentoo (Nick: Philantrop), Calibre plugin iOS reader applications, Calibre plugin Marvin XD, chroot-manager, stuff on github, lots of other projects. If you like my work, feel free to donate. 🙂

BlogGoodReadsLibraryThingFacebookTwitterInstagram

by Wulf at May 14, 2021 12:08 PM

May 08, 2021

Wulf C. Krueger

Fugitive Telemetry (The Murderbot Diaries #6), by Martha Wells

Fugitive Telemetry by Martha Wells

My rating: 3 of 5 stars


I seem to be the odd one out but this new Murderbot novella simply didn’t work for me. At times, it felt very slow while, at other times, the story raced along – a very uneven pacing, unfortunately.

Mensah and the others hardly played any role and our beloved Murderbot pretty much acts as some random security consultant, trying to make sense of a murder.

Apart from the (here rather superficial) xenophobia aspects, all the moral aspects of the previous books in this series were largely neglected.

To be totally frank, most of the time I was actually bored reading this. Here’s to hoping for more than a “filler episode” next time and more exciting new adventures in the future.



View all my reviews

I am and have been working on quite a few F/OSS projects: Exherbo (Nick: Philantrop), Bedrock Linux, Gentoo (Nick: Philantrop), Calibre plugin iOS reader applications, Calibre plugin Marvin XD, chroot-manager, stuff on github, lots of other projects. If you like my work, feel free to donate. 🙂

BlogGoodReadsLibraryThingFacebookTwitterInstagram

by Wulf at May 08, 2021 05:39 PM

May 01, 2021

Wulf C. Krueger

Marrying Mr. Wrong (Dirty Martini Running Club #3), by Claire Kingsley

Marrying Mr. Wrong by Claire Kingsley

My rating: 3 of 5 stars


Oh, well, from the lofty heights of Obama’s presidential memoirs which I enjoyed, I went on to read this. I needed a short moment of pure escapism and easy-going reading: “Please excuse me for a moment while I disengage my brain!”

For that purpose, this novel worked well enough – albeit not perfectly but we’ll come to that.

Anyway, this is the third instalment of a loosely connected series about the romantic endeavours of a group of twenty-somethings (I guess). It started out well with Everly’s romance with her boss (Calloway) and now we’re reading about Sophie, Everly’s successor as Calloway’s personal assistant, who meets Camden Cox, a notorious womanizer.

Sophie and Cox end up in Vegas where they “accidentally” marry each other in a drunken stupor. The remainder of the book is – expectedly – about how they find out they don’t want a divorce.

The ensuing chaos is amusing enough; ok, everything is clichéd and rather simplistic but that was to be expected. Worse, though: Every single character feels like an exaggerated parody of themselves and whereas Sophie is fairly likeable, Cox is – for the most part – annoying.

This kind of machismo…

»Ever so gently, I backed us out of the parking spot. A man did not simply drive a supercar. A man had to coax it. Caress it. Make love to it from the driver’s seat and be respectful of its power.«

… and what it says about Cox’ ideas about women made me cringe. He constantly and unchangingly calls Sophie “sugar”. Uh… And she’s pretty much fluttering her eyelids at him, enjoying his manly attention…

So, while this book was still a funny romance, it was just a little too sappy, too simplistic and too clichéd for me to completely enjoy it and, thus, it only garners three out of five stars from me.





View all my reviews

BlogGoodReadsLibraryThingFacebookTwitterInstagram
I am and have been working on quite a few F/OSS projects:
  • Exherbo (Nick: Philantrop)
  • Gentoo (Nick: Philantrop)
  • Calibre plugin iOS reader applications
  • Calibre plugin Marvin XD
  • chroot-manager
  • stuff on github
  • Lots of other projects
  • If you like my work, feel free to donate. 🙂

    by Wulf at May 01, 2021 10:34 AM

    April 25, 2021

    Wulf C. Krueger

    A Promised Land, by Barack Obama

    A Promised Land by Barack Obama

    My rating: 5 of 5 stars


    Politics doesn’t have to be what people think it is. It can be something more.

    When Barack Obama started his rise to power, I felt hopeful but sceptical as well: Would America, of all nations, really elect a Black man as its president? And who was that guy anyway?

    As a German, I had been vaguely aware of Obama but I knew next to nothing about him. That would change over time but do little to alleviate my scepticism: Even if this guy was for real, even if he truly believed what he said about change and equality – would this man stay true to his ideals? Would the power he was seeking corrupt him?

    The first surprise came when he was actually elected as the next President of the United States of America. I became a little more hopeful. That was a powerful sign for the better – the first Afro-American president.

    Obama didn’t deliver on all his promises – Guantanamo Bay detention camp still exists today for example. And yet… Obama helped the world through a recession that could have been much worse. He made “Obamacare” reality. Obama helped further LGBT rights in America and all over the world.

    To me, personally, Barack Obama is an example for an honest, realistic but idealist politician. Thus, it was with some worry that I started reading the first part of his presidential memoirs, “A Promised Land”.

    Would I be disenchanted? Would Obama be honest? Had I been deluded about him? The answers to those questions are a resounding “No!”, “Yes!” and “No!” respectively.

    »Whatever vision I had for a more noble kind of politics, it would have to wait.«

    Obama tells us about his rise through the ranks and, to my relief, he might not always have acted as “cleanly” as I had hoped for but he mostly did. Obama is quite honest about it and he strives to be better.

    Throughout the entire 1.000 pages, Obama is not only honest about himself but fairly often self-deprecating and employing a dry humour:

    »I mean dumb choices in the wake of considerable deliberation: those times when you identify a real problem in your life, analyze it, and then with utter confidence come up with precisely the wrong answer.«

    From humble beginnings (»She [Michelle] reminded me that we had student loans, a mortgage, and credit card debt to think about.«), armed with the best intentions (»the best we can do is to try to align ourselves with what we feel is right and construct some meaning out of our confusion, and with grace and nerve play at each moment the hand that we’re dealt.«) Obama rises to the daily challenges during his political career and always keeps that “moral compass” close at hand to try and do what feels right.

    Obama obviously knew what was at stake because »I know that the day I raise my right hand and take the oath to be president of the United States, the world will start looking at America differently.«. And many of us did.

    It was Obama who paved the way for “a skinny Black girl” (Amanda Goreman, at Biden’s inauguration) to dream of becoming president. Even before Goreman recited that, Obama wrote: »I know that kids all around this country—Black kids, Hispanic kids, kids who don’t fit in—they’ll see themselves differently, too, their horizons lifted, their possibilities expanded. And that alone…that would be worth it.”«

    This book is testament to Obama’s efforts, his successes as well as his failures. On the down side, it’s long, often very “dry” and especially the deliberations about dealing with the financial crises were very extensive and, to me, too long.

    Most of the time, Obama is conciliatory towards his political opponents. At times, though, he is very outspoken about his feelings:

    »I wondered when exactly such a sizable portion of the American Right had become so frightened and insecure that they’d completely lost their minds.«

    Truth to be told, I’m not sure I’m going to read the next part of Obama’s memoirs, though: These one-thousand pages were – at times – the hardest “literary nut” I had to crack and I barely made it through the book.

    If you – like me – appreciate what Obama stands for and what he accomplished and “just” want to know if he was acting truthfully and honestly then, yes, I fully believe so after reading this. That gives me hope.

    The fact that America went on to elect the orange menace into office was a setback that might yet be balanced by President Biden and, potentially, the first female Afro-American president.

    Let’s hope together that Obama will keep playing a role in international politics because I truly believe we need more people like him, or, in Obama’s own words:

    »So long as young men and women like that exist in every corner of this earth, I told myself, there is reason enough to hope.«



    View all my reviews

    I am and have been working on quite a few F/OSS projects: Exherbo (Nick: Philantrop), Bedrock Linux, Gentoo (Nick: Philantrop), Calibre plugin iOS reader applications, Calibre plugin Marvin XD, chroot-manager, stuff on github, lots of other projects. If you like my work, feel free to donate. 🙂

    BlogGoodReadsLibraryThingFacebookTwitterInstagram

    by Wulf at April 25, 2021 04:19 PM

    March 30, 2021

    Wulf C. Krueger

    The Hill We Climb: An Inaugural Poem for the Country, by Amanda Gorman

    The Hill We Climb: An Inaugural Poem for the Country by Amanda Gorman

    My rating: 5 of 5 stars


    I’m German. I’ve never watched an inauguration of an American president. The one of today’s President Joe Biden was no exception even though I was hoping for something better than what had come before… (“It seems to me that I have been dreaming a horrid dream for four years, and now the nightmare is gone.”)

    Amanda Gorman’s amazing poem hit the German news very quickly, though, and I got curious and looked it up, watched Gorman perform it at the inauguration. It hit me unexpectedly hard; so hard, in fact, I cried.

    Her presentation was so powerful, emotional, touching and uplifting; representative – to me – of all that is right and just about the United States.

    Gorman envisions a country “committed To all cultures, colors, characters, And conditions of man” and while, of course, she primarily addresses the USA, she also spoke to the world and of the world.

    If we, the peoples of the world, made into reality in our countries what Gorman wishes for her own one, if we truly and honestly, sought “harm to none, and harmony for all” – regardless of gender, skin colour, sexual orientation, etc. – then, yes, then “We will raise this wounded world into a wondrous one.”

    Today, I was finally able to read the poem in its own ebook while simultaneously watching Gorman’s recitation which lent the experience further depth. Try for yourself: https://www.youtube.com/watch?v=Wz4Yu…




    View all my reviews

    I am and have been working on quite a few F/OSS projects: Exherbo (Nick: Philantrop), Bedrock Linux, Gentoo (Nick: Philantrop), Calibre plugin iOS reader applications, Calibre plugin Marvin XD, chroot-manager, stuff on github, lots of other projects. If you like my work, feel free to donate. 🙂

    BlogGoodReadsLibraryThingFacebookTwitterInstagram

    by Wulf at March 30, 2021 11:07 AM

    March 14, 2021

    Ali Polatel

    alip: “sydbox-1.1.0 & pinktrace-0.9.6…”

    sydbox-1.1.0 & pinktrace-0.9.6 released! dev.exherbo.org/~alip/sydbox/s & dev.exherbo.org/~alip/pinktrac This release fixes build on armv7 & x86 and slightly optimizes data structures for improved memory usage. Thanks to tombriden for the help!

    March 14, 2021 09:02 PM

    March 08, 2021

    Ali Polatel

    alip: “sydbox-1.0.9 is released: http…”

    sydbox-1.0.9 is released: dev.exherbo.org/~alip/sydbox/s
    This release adds support for new system calls execveat, newfstatat, openat2, faccessat2 and renameat2; fixes IPv6 network sandboxing, a hang with Linux kernels >=5.10, a time-of-check-time-of-use in handling paths longer than PATH_MAX, many memory leaks including a major one about process inheritance and many minor issues identified by . Thanks to everyone who took part in testing, particularly eternaleye, heirecka and tgurr.

    March 08, 2021 06:03 PM

    March 01, 2021

    Ali Polatel

    alip: “bitlbee version bump to 3.6: h…”

    bitlbee version bump to 3.6: git.exherbo.org/net.git/commit highlights are twitter fix, server-time IRCv3 capability and large performance improvements for large contact lists, see changelog here: bitlbee.org/main.php/changelog (posting this via bitlbee :)

    March 01, 2021 08:49 PM

    February 28, 2021

    Ali Polatel

    alip: “Fix for another known hang wit…”

    Fix for another known hang with sydbox under certain conditions. Thanks eternaleye for all the help. A release is coming soon. Please test sydbox-scm: git.exherbo.org/sydbox-1.git/c

    February 28, 2021 10:06 PM

    alip: “Fix for problems with sandboxi…”

    Fix for problems with sandboxing and glibc-2.33 was to implement support for newfstatat for magic commands. Thanks to tgurr for all the help! A release is coming soon. Please test sydbox-scm: git.exherbo.org/sydbox-1.git/c

    February 28, 2021 10:05 PM

    May 23, 2020

    Mike Kelly

    Minecraft Server on AWS

    To help make the current COVID-19-related social distancing a little less bad for my son, I’ve set up a private minecraft server for him to use with his friends.

    I could have just paid Mojang the $7.99/month for Realms, but I decided to use this as a learning exercise.

    So, I baked up an AWS CloudFormation template to spin up a minimal viable server.

    You can find the full template on its GitHub Project.

    In the designer, it looks like this:

    Template Designer View

    There’s just a few moving parts here:

    • An EC2 instance to run the server itself
    • A Security group to act as a firewall to limit access to it
    • An Elastic IP to keep a static IP for the server
    • A Route 53 record set, to point to the server (so I have a simple name to give to my son’s friends’ parents)
    • A custom record from the AWS Instance Scheduler, so that we can have the server stop automatically at bed time, and start up again the next day (saving cost as well as being a parental control of sorts)

    So, this stack has to be deployed along with the Instance Scheduler, and it assumes that you called that stack “instance-scheduler” (should probably parameterize that). But, hopefully this is useful to someone else.

    Some tasks to do in the future:

    • Get the server to update to the latest minecraft server automatically
    • Push some of the configuration into the template: right now, the template starts the EC2 instance but doesn’t auto-start the server. It’s expected that you’ll want to customize the server.properties before starting it the first time. Then, you can enable it with sudo systemctl enable minecraft-bedrock-server.service and start it with sudo systemctl start minecraft-bedrock-server.service

    by pioto at May 23, 2020 10:25 PM

    May 01, 2020

    Alexander Færøy

    Solving Binary Puzzles using Python and Z3

    In this article, we will be looking into how we can build a computer program for solving arbitrary Binary Puzzles using the Python programming language, and the Z3 Theorem Prover.

    Z3 is a Satisfiability Modulo Theories (SMT) solver made by Microsoft Research. It is cross-platform and is released under the MIT license. Z3 comes with a Python API that we will be using. Our goal is to encode the rules of the Binary Puzzle game in terms of mathematical equations that Z3 can comprehend. Once we have defined the rules of the game for Z3, we want to use it to solve any solvable Binary Puzzle for us or tell us if the puzzle is unsolvable.

    I enjoy number puzzles such as Sudoku and Binary Puzzles. For some reason, I always end up solving more Binary Puzzles than I solve Sudokus. Binary Puzzles are more straightforward than Soduku and are thus playable in a shorter amount of time. A Binary Puzzle can be played online from various websites or via applications that are available for both Android and iOS. Look in the application store on your preferred platform, and you will most likely have numerous implementations of this uncomplicated puzzle available to you. The example puzzles I use in this article are taken from BinaryPuzzle.com, which is my preferred website for playing the game in a web browser.

    Let us begin by having a closer look at the Binary Puzzle game before we begin implementing the solver in the Python programming language.

    Rules for Binary Puzzles

    The Binary Puzzle game consists of an NxN two-dimensional game grid with some cells pre-filled with either zero or one. The rest of the cells remains empty for us to fill in with either a zero or a one. The difficulty of the game can be tuned by adding or removing pre-filled values in the initial game state.

    The rules for the Binary Puzzle game are pretty simple: we must solve the puzzle using the following set of rules:

    1. Each cell must contain either a zero or a one.

    2. No more than two identical numbers are allowed immediately next to each other, both horizontally and vertically.

    3. Each row and each column must contain an equal amount of zeros and ones.

    4. Each row and each column must be unique.

    An observation we can make from the third rule is that the smallest possible game grid is 2x2, and each NxN two-dimensional game grid must make use of an even N value. The 2x2 game grid is also the only size of a game grid where the second rule does not have any influence on the game, and the second rule is thus ignorable for this particularly sized game grid.

    Example Game

    We begin with an easy 6x6 game grid with 14 pre-filled cells out a total of 36 cells. That is 38.9% of the game grid being pre-filled for us before we have even begun. This example game will hopefully allow us to build up some intuition about the game mechanics, and make it easier for us to understand the rules we need to implement using Python and Z3 later in the article.

    The initially pre-filled cells are the only cells that remain immutable throughout the game while we try to discover the value of each of the empty cells in the game grid. The pre-filled cell values are set in bold typeface in all of the visualizations in this article to make sure we do not unintentionally change any of them.

    The initial game grid looks as following:

    We look for the pattern where two identical numbers exist immediately next to each other either horizontally or vertically in the game grid. Once we have identified one or more identical pairs in the game grid, we know that the cells before and after the pair cannot share the same value as the pair itself because of the second rule of the game. We update the game grid with the new values:

    We continue the search for patterns in the updated game grid. We have created some new locations where two identical values are in a pair, which allows us to repeat the previous step.

    We can also look for a new pattern, which is when we have a horizontal or vertical triplet, where the content of the first and last cells are identical, and the middle cell is empty. Since we know from the second rule of the game that no more than two identical values are allowed immediately next to each other, we can deduct that the content of the middle cell in the triplet must be the opposite of the first and last value of the triplet. The game grid now looks as follows:

    We can now fill in the remaining three cells using a mixture of the second and the third rule of the game.

    Now that the game grid is complete, and no empty cells remain, we can verify that the game state satisfies each of the four rules. Each cell contains either a zero or a one. No more than two identical values are next to each other neither horizontally nor vertically. Each row and each column have an identical amount of zeros and ones. Finally, each row and column are unique.

    We have solved our first Binary Puzzle manually. We can now begin building a model of the game using Python and Z3.

    Building the Model

    The purpose of this article is to build a Python program that can solve arbitrary Binary Puzzles for us. We use the Z3 interface for Python to do “the hard labor” of this task, but we still need to describe the game rules to the Z3 solver before it can do anything useful for us.

    Before we start defining the Z3 model of the game, we need to define the representation of the game grid in Python. We use the same initial game grid as used in the example game above. In Python, we encode the game grid as follows:

    puzzle = [
        [1, N, N, 0, N, N],
        [N, N, 0, 0, N, 1],
        [N, 0, 0, N, N, 1],
        [N, N, N, N, N, N],
        [0, 0, N, 1, N, N],
        [N, 1, N, N, 0, 0],
    ]
    

    We represent the game grid as a list of lists of integers and N values in Python. The N value is defined as the Python value None and is used throughout this article to represent an empty cell. The task of the Z3 solver will be to eliminate any N values in the game grid and replace it with either a zero or a one.

    If we were to solve the puzzles without an engine like Z3, but using “pure” Python code, the naive approach would be to define several imperative steps that try to solve the game by eliminating the empty cells one by one.

    The way Z3 works is by us adding “constraints” or “assertions” that will make it possible for its built-in solver to solve the domain-specific problem that we are describing using our constraints. In this case, the Binary Puzzle game. Once we have added all of the game rules encoded as constraints to the Z3 solver, we ask it to come with a possible solution for us. Z3 will try to find a solution where all constraints are satisfied or otherwise notify us of its inability to solve the given puzzle.

    To implement the Binary Puzzle solver as “bug-free” as possible, we perform some initial input validation of the input puzzle to ensure that it is meaningful before we ask Z3 to try to do anything to it. We start by defining a Python value representing the size of our game grid. We call this variable size, and we define it as follows:

    size = len(puzzle)
    

    We want to ensure that the input puzzle is non-empty:

    if size == 0:
        raise InvalidPuzzleError
    

    We want to ensure that the game grid’s size value is an even number in accordance with the observation we made while going over the rules of the game:

    if size % 2 != 0:
        raise InvalidPuzzleError
    

    We want to ensure that the NxN input puzzle has the correct dimensions, and does not contain rows or columns of a different length than N. We verify this by ensuring that each row is size cells wide:

    for row in puzzle:
        if size != len(row):
            raise InvalidPuzzleError
    

    We want to ensure that each cell in the input puzzle contains either a zero, one, or the None value since no other values are allowed:

    for row in puzzle:
        for value in row:
            if value not in {0, 1, N}:
                raise InvalidPuzzleError
    

    Now that we have validated the input puzzle to avoid the worst mistakes, we can start constructing the Z3 solver for the puzzles.

    When we work with a constraint solver such as Z3, we do work with traditional programming concepts such as “variables,” but we do not assign values to them like we would in Python. Instead, we build up a set of equations that makes use of these variables, and then we ask Z3 to give us a result where all of the constraints are satisfied. If our input is impossible to solve because of violations of the game rules, Z3 will be unable to give us a solution, and the problem is considered unsatisfiable. However, if the problem is satisfiable, Z3 will have the correct value for each of our cells in the game grid.

    The symbolic variables we define for Z3 has no structure, such as rows and columns. Instead, we later define the structure using the equations we add to the solver.

    The first task we have to perform is to build a list of all possible x and y pairs we have in the game grid. We call these our “positions”:

    positions = [(x, y) for x in range(size) for y in range(size)]
    

    We can now create the symbolic variables used by Z3. Each symbolic variable must have a name, which we in Python can represent as a string value. The string value allows us to later identify the specific variable during debugging if that becomes necessary. We create a Python dictionary of (x, y) pairs as key, and the symbolic Z3 integer as value for each cell in our game grid:

    symbols = {(x, y): z3.Int("v{};{}".format(x, y)) for x, y in positions}
    

    We have now defined a symbolic variable for each cell in the 6x6 game grid. Each symbolic variable can now be looked up in our dictionary of symbols using its x and y value as the key. We also named the symbolic variables “v0;0”, “v0;1”, …, “v5;4”, “v5;5”, respectively. While we still have no structure for the symbolic variables, we can visualize the symbolic variables in the game grid in the way they will be used once we have build structure such as “rows” and “columns”:

    We do not have to inform the Z3 solver about the existence of each of the symbolic variables. Instead, the solver will learn about their existence as we use them in our constraints later in the article.

    The dictionary of symbols allows us to build two Python lists representing each row and each column in the game grid as lists of symbolic variables. The added structure will make it easier to implement the rules of the game in the next steps. We create the rows and columns lists in Python:

    rows = []
    columns = []
    
    for x in range(size):
        row = [symbols[x, y] for y in range(size)]
        rows.append(row)
    
    for y in range(size):
        column = [symbols[x, y] for x in range(size)]
        columns.append(column)
    

    To avoid unnecessary duplications in our source code, we also create a variable representing both the rows and the columns in the game grid as the rules of the game often apply to both:

    rows_and_columns = rows + columns
    

    We can now instantiate the Z3 solver which we will add the constraints of the game to:

    solver = z3.Solver()
    

    Since some cells are already pre-filled for us, we need to inform Z3 about the value of these cells. We do this by adding a constraint specifying the exact value of the given symbolic variable using the equality comparison operator in Python:

    for x, y in positions:
        value = puzzle[x][y]
    
        if value is N:
            continue
    
        solver.add(symbols[x, y] == value)
    

    An important detail to understand here is that even if we apply the equality comparison operator here, the Z3 variable overloads this operator. The operator overloading ensures that it is the expression we add to the solver and not the boolean result of Python comparing the symbolic variable with the content of the value variable for equality.

    Notice how we explicitly ignore the empty cells in our puzzle since the goal is to have Z3 fill those out for us.

    The first set of constraints directly related to the rules of the game will be coming from the first rule: all cells in the game grid must contain either a zero or a one. We add these constraints to all of the symbolic variables in the dictionary of symbols as follows:

    for symbol in symbols.values():
        solver.add(z3.Or([symbol == 0,
                          symbol == 1]))
    

    An example of a violation we could make now would be if our input game grid contained a value such as two, which would be a violation of the set of constraints we have added to the solver.

    The next constraints we add to the Z3 solver handles the third rule of the game and ensures that each row and each column have the same amount of zeros and ones. Instead of counting each zero and one in each row and column, we encode these constraints as the sum of each row, and each column must be equal to the size divided by two:

    for values in rows_and_columns:
        solver.add(z3.Sum(values) == size // 2)
    

    The constraints needed to check the uniqueness of each row and each column are slightly more complicated but required to implement the fourth rule of the game. For each row and column, we ensure that each other row or column does not contain the same values as the current row or column does. Remember that we pass the Z3 solver symbolic variables such that the Z3 solver will check the actual content of the variables when we execute the model. We implement these constraints in Python as follows:

    for lines in [rows, columns]:
        solver.add(z3.Not(z3.Or([z3.And([a == b for a, b in zip(line_a, line_b)])
                                                for line_a in lines
                                                for line_b in lines
                                                if line_a != line_b])))
    

    The final set of constraints we need to add to the Z3 solver are only necessary for all NxN game grids where N is greater than 2. These constraints implement the second rule of the game that says no more than two identical numbers are allowed immediately next to each other horizontally and vertically.

    We model these constraints using a set of “sliding windows” of three cells in each window of the game grid: each triplet must not contain three identical values in it. We can visualize the sliding window algorithm of three cells as follows:

    Implementing the sliding window constraints in Python looks as follows:

    if size > 2:
        for window in rows_and_columns:
            for i in range(size - 2):
                a, b, c = window[i:i + 3]
                solver.add(z3.Not(z3.And([a == b,
                                          b == c])))
    

    Another approach we could have taken here is to check each window if the sum of the three symbolic variables is equal to 0 or 3. However, using equality checks for these constraints seemed more intuitive to the author at the time of writing this.

    Using the Model

    We have now implemented all the game rules as mathematical equations for Z3 to be able to solve the puzzle, but first, we have to check the solver if the current constraints are “satisfiable”. We use the solver’s check() method to achieve this:

    if solver.check() != z3.sat:
        raise UnsolvablePuzzleError
    

    If the input puzzle contained a violation of some of the constraints, such as containing two identical rows, then the call to check() would fail, and we would raise an exception.

    Once we have run check() successfully, we can fetch the model that Z3 has created for the puzzle:

    model = solver.model()
    

    We can now query the model for the actual value of each of the symbolic variables stored in the dictionary of symbols. We build up a mapping between the cell positions, and the result of the evaluation of the symbolic variable:

    result = {position: model.evaluate(symbol) for position, symbol in symbols.items()}
    

    We can now compute the solution of the puzzle, and put it in a data structure equivalent to the input puzzle:

    solved_puzzle = [[result[x, y].as_long() for y in range(size)] for x in range(size)]
    

    If we visualize the solution from Z3, it will look as follows:

    We have successfully programmed the Z3 solver such that it can solve the 6x6 game grid for us, but we implemented all of the game rules such that they will work for any NxN game grid with an even N value. We have specified the rules of the game as a set of mathematical equations instead of specifying each step Python needs to take to solve the puzzle.

    It is much easier to write a validator for whether the game is correctly solved or not than it is to solve the game itself. However, we will skip the details of the validator implementation in this article.

    Puzzles with Higher Difficulty

    Let us have a look at how the solver handles a more difficult input puzzle. We change the input puzzle to be a 14x14 game grid instead of the example 6x6 game grid. In the new puzzle, only 45 out of 196 cells (23.0%) are pre-filled for us, making this game much harder than the example game where 38.9% of the cells were pre-filled. The new game grid looks as follows:

    The Z3 solver can solve this puzzle in around 2.5 seconds on the author’s 2.6 GHz Intel i7 desktop computer from 2016. The result seems to be correct. The solution looks as follows:

    Unsatisfiable Puzzles

    An interesting detail that is worth including here is what happens if we ask Z3 to solve an impossible puzzle. With the rules encoded as a set of mathematical equations, we could try to build an input puzzle that passes the initial input validation but would be unsatisfiable.

    One of the most trivial puzzles we can construct that is unsatisfiable and passes the input validation is this 2x2 game grid for which no possible solution exists under the rules of the game:

    This game grid will be a violation of the third rule of the game whereby each row, and each column, must contain the same number of zeros and ones if we try to solve it by filling in the two empty cells. Additionally, both rows of this game would be identical, which is a violation of the fourth rule of the game. Because of these violations, this puzzle will be unsatisfiable. Passing this puzzle to the solver will make our program throw an “Unsolvable Puzzle Error” exception.

    Conclusion

    Exploring Z3, together with the Python programming language, has been a fun learning exercise. I could see myself use Z3 to solve various real-world problems that I have historically relied on implementing manual solutions crafted by hand to solve. Changing my mindset from trying to solve the specific problem by hand over to modeling the problem in a declarative way is entertaining and something I wish I could make use of more often in my daily life as a programmer.

    If you are interested in learning more about using Z3 together with the Python programming language, I suggest you take a look at the excellent Programming Z3 guide by Nikolaj Bjørner, Leonardo de Moura, Lev Nachmanson, and Christoph Wintersteiger from Microsoft Research.

    The source code for the Binary Puzzle solver, we implemented in this article, is available from Github. The source code is published under the BSD 2-Clause license.

    May 01, 2020 12:00 AM

    November 25, 2019

    Danilo Spinella

    Devember 2019: Rewriting 66

    Prerequisites: Basic knowledge of a Unix system architecture; init diversity initiative.

    Devember1 it’s coming and for this year (which is also my first year participating) I’ve chosen something really close to me: the init and service manager (called init/rc for the rest of the post). Specifically I’ve chosen to rewrite 66 from scratch.

    Notes: In the following paragraphs there is an explanation of what led me to rewrite 66. I was planning to explain this from some time and I’ve taken to opportunity to do so now. If you are only interested in the program itself and what I’ll do in this Devember, skip to development.

    Why?

    Regardless of whatever “sytemd sucks”23 or not, I want to have an alternative to it. I want to be able to have at least some choiches for what runs on my system, especially when we talk about critic programs such as PID 1 and the service manager.

    The alternatives currently availables (OpenRC, runit) do not offer the advantages of systemd or have some big disadvantage that do not make their use straightforward. This does not involve the design (which have been already covered in deep by skarnet here4) but only usability. Yup, I am really picky regarding the programs to use.

    s6/s6-rc

    At the start of the 2018 I’ve learnt about s6 suite5 and s6-rc6. I wanted to try them on my newly installed Exherbo Linux system, so I have adapted the example services to run on my machine. Thanks to the help of the #s6 official IRC channel the system finally run s6/s6-rc and it was great; at boot it started all the services asynchronously and showed a working tty in the blink of an eye.

    I’ve liked it so much that I stared contributing to the integration of s6 into exherbo. It consisted in s6-rc services for the various packages and a sane set of starting scripts to have a working system (called s6-exherbo7). My small VPS I configured at the time even got s6 on it.

    With the time passing I’ve found the service writing and administration to be really time consuming. And that’s because it has not a user friendly interface, thus it was not made for what me (and some other users) were using it. And here it comes s6-frontend, the user interface not written yet. Skarnet has recently confirmed that he will write it in the 2021 so it won’t be ready any time soon.

    66

    Exherbo was not the only distribution adopting s6 and and among the other ones there was obarun8, developed by the omonimus creator as a fork of Arch Linux. He, too, wrote a lot of wrapper scripts to ease the use of the s6 suite, but in the end he resorted to writing his own frontend, called 669. Obarun (the distribution) was converted for 66 as soon as a working release got out.

    On the other hand there was me who became an early adopter the moment I looked at the documentation9: it simply resolves almost all my issues of s6/s6-rc without any major disadvantage. It is easy to use, powerful and extensible.

    So far, s6-exherbo got immediately forked into 66-exherbo10 and the old services converted to the new frontend format. Devuan too got his own 66-devuan11, which took me more than it should have had. If you are curious about the reason, 66’s developer did not want to support FHS12 in his general set of starting scripts, because he did not like this standard. In the end he accepted my patches and Devuan booted using 66.

    Service enabling on Exherbo with system version of 66 suffered from a bug (Hello SIGSEGV, long time no see) and it was unusable; to make the matter worse, the bug could not be reproduced with a local copy. The developer had something else on his schedule (writing a new command-line arguments parser, apparently) and did not want to fix the bug. “I can fix it myself”, I thought: I was wrong.

    66 codebase consists of 16000 lines with little to no comments, and it makes heavy use of skalibs13 and oblibs14 libraries, greatly lowering the readability (I’d like to say it is written in skarnet’s C). Downgrade wasn’t an option neither due to a breaking change in services and the various services in Exherbo already got updated. I could not find the bug, I could not enable new services and the developer did not care to fix this fatal bug. Devuan too was failing to build 66. There was enough reasons for me to fork the project and improve it, adding unit testing and have better code quality.

    Now that I had the possibility, I could also rewrite it from scratch, picking different choiches from the start and avoiding the legacy code.

    Note: I really like 66 project but it simply isn’t what I am searching for. I wish the best to obarun with both 66 and his distribution, for which he have worked years trying to offer a valid systemd and Arch Linux alternative.

    tt

    tt (which should have been 77 or t7 but I don’t like numbers in binaries names, if not strictly necessaries) is a wrapper, or better, a frontend to s6/s6-rc.

    A bit about its development:

    Written in D

    The suited languages for such a project are C, C++, Rust and D. C is the fastest if used correctly; but it’s really hard to get right and requires developers to rewrite a lot of stuff (or use libs like glib or skalibs). C++ is hard and share some problem with C, I prefer to not use if I have a choiche. Rust has a microdependency ecosystem and it is hard to use C libraries as well as exposing C bindings. On the other hand, D seems suited for such a project: it is safer than C, has a GC, and it is relatively fast to write, while keeping a good performance and high flexibility.

    Use C or C++ libs

    D community is not very active, so many libraries have been abandoned and the maintained ones could still have the same ending in the future. To avoid such a possibility, I have chosen to only use C/C++ libraries (way more tested and actively maintained), since Dlang makes them easy to use.

    Provide external C bindings

    tt will have a library and a command-line interface. In the long-term there could be additional command lines interfaces, plugins or GUI programs to administrate the system from; it is important for me to expose a C interface so that any language could be used (after all almost every language permits to call C functions).

    Try to not reinvent the wheel

    To get a working service manager as soon as possible, complex tasks will be achieved using external libraries (like parsing the services files). Reinventing the wheel is good for learning purposes, but increase the development and testing time too much for my tastes. Therefore I will try to keep it to a minimum.

    Features

    These are 669’s features, which tt will keep closely to.

    • Frontend service files declaration.
    • Backup a complete set of services.
    • Easy creation of a scandir.
    • Nested supervision tree.
    • Instance service file creation.
    • Multiple directories service file declaration(packager,sysadmin,user).
    • Easy change of service configuration.
    • Automatic logger creation.
    Sane defaults

    The most important thing is to make the pc boot, whatever the conditions. The users and the distribution maintainers should do the least work possible. Providing sane defaults and sane fallback helps in this matter. For example stage1 should work regardless if the initramfs has been used or not (and this didn’t happen in 66 until recently).

    About the libaries used, I have to try them so I’ll problably post more details in the next weeks.


    1. https://devember.org/ ↩︎

    2. https://skarnet.org/software/systemd.html ↩︎

    3. https://suckless.org/sucks/systemd/ ↩︎

    4. https://skarnet.org/software/s6/why.html ↩︎

    5. https://skarnet.org/software/s6/ ↩︎

    6. https://skarnet.org/software/s6-rc/ ↩︎

    7. https://gitlab.exherbo.org/exherbo-misc/s6-exherbo ↩︎

    8. https://web.obarun.org/ ↩︎

    9. https://web.obarun.org/software/66/ ↩︎

    10. https://gitlab.exherbo.org/exherbo-misc/66-exherbo ↩︎

    11. https://git.devuan.org/66-devuan ↩︎

    12. https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard ↩︎

    13. https://skarnet.org/software/skalibs/ ↩︎

    14. https://framagit.org/obarun/oblibs ↩︎

    November 25, 2019 02:15 PM

    December 31, 2018

    Danilo Spinella

    Announcing Exherbo subreddit

    I am delighted to announce the opening of the unofficial Exherbo subreddit1! You can discuss topic relavant to the distro, take up any problem that you have encountered or share your thoughts and setups.

    Note that Exherbo development takes place on our Gitlab instance2 and the critical discussions still happen on #exherbo IRC channel on Freenode3.

    Furthermore, distro documentation4 is currently under reorganisation, and we encourage you to open an issue (or even better a Merge Request!) telling us which parts you don’t find and which parts are hard to grasp.

    Stay tuned for more Exherbo development in 2019, like the introduction of 66 init and rc manager5.


    1. https://www.reddit.com/r/exherbo/ ↩︎

    2. https://gitlab.exherbo.org ↩︎

    3. https://freenode.net ↩︎

    4. https://exherbo.org/docs ↩︎

    5. http://repo.obarun.org/66/ ↩︎

    December 31, 2018 03:00 PM

    June 13, 2018

    Mike Kelly

    Wunderground Datacollection in OpenNMS

    I’ve become a fan of OpenNMS as a general purpose monitoring and datacollection platform.

    It has a lot of “enterprise” features that I don’t need for most of my personal stuff, but (IMHO) it does a better job of doing basic service monitoring, performance metric collection, etc than things like Nagios (or other hacks I’ve made in the past).

    One thing I’ve done with it is start to collect my local weather data, so that I can graph it side-by-side with data pulled from my thermostat, etc.

    Unfortunately, the Weather Underground API is no longer free (“as in beer”) no longer available, but hopefully this serves as an example of the sort of stuff you can do with OpenNMS.


    OpenNMS is able to collect data from a number of sources, including SNMP, and basically anything you get fetch over HTTP.

    To get data from Wunderground, we’ll use the XmlCollector. Despite its name, it can also work with JSON, though in this case, Wunderground gives us XML anyways.

    We need to update collectd-configuration.xml with two new parts:

       <package name="wunderground-conditions" remote="false">
          <filter>IPADDR != '0.0.0.0'</filter>
          <include-range begin="1.1.1.1" end="254.254.254.254"/>
          <include-range begin="::1" end="ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"/>
          <service name="Wunderground-Conditions" interval="300000" user-defined="true" status="on">
             <parameter key="collection" value="wunderground_conditions_home"/>
             <parameter key="handler-class" value="org.opennms.protocols.xml.collector.DefaultXmlCollectionHandler"/>
          </service>
       </package>
       <!-- ... -->
       <collector service="Wunderground-Conditions" class-name="org.opennms.protocols.xml.collector.XmlCollector"/>
    

    This tells OpenNMS that, if we have a node configured with the “Wunderground-Conditions” service, it should trigger this datacollection.

    Next, we need to add some specific configuration for the XmlCollector, in xml-datacollection-config.xml:

        <xml-collection name="wunderground_conditions_home">
            <rrd step="300">
                <rra>RRA:AVERAGE:0.5:1:2016</rra>
                <rra>RRA:AVERAGE:0.5:12:1488</rra>
                <rra>RRA:AVERAGE:0.5:288:366</rra>
                <rra>RRA:MAX:0.5:288:366</rra>
                <rra>RRA:MIN:0.5:288:366</rra>
            </rrd>
            <xml-source url="http://api.wunderground.com/api/YOURAPIKEY/conditions/q/SOMEWHERE/Outthere.xml">
                <import-groups>xml-datacollection/wunderground.xml</import-groups>
            </xml-source>
        </xml-collection>
    

    Here, the “name” of the collection matches up with the paramter we defined in the Collectd config.

    If you’re lucky enough to still have a Wunderground API key, you just need to put it in place of YOURAPIKEY above, and change the rest of the query to be something like /conditions/q/NY/New_York.xml.

    That tells OpenNMS where to get the data from, but we still need one more file to tell it how to parse the data, and decide what to store. We put that in xml-datacollection/wunderground.xml (the import-groups entry above):

    <xml-groups>
       <xml-group name="wunderground_conditions" resource-type="node" resource-xpath="/response/current_observation">
          <xml-object name="temp_c" type="GAUGE" xpath="temp_c"/>
          <xml-object name="temp_f" type="GAUGE" xpath="temp_f"/>
          <xml-object name="UV" type="GAUGE" xpath="UV"/>
          <xml-object name="dewpoint_c" type="GAUGE" xpath="dewpoint_c"/>
          <xml-object name="dewpoint_f" type="GAUGE" xpath="dewpoint_f"/>
          <xml-object name="feelslike_c" type="GAUGE" xpath="feelslike_c"/>
          <xml-object name="feelslike_f" type="GAUGE" xpath="feelslike_f"/>
          <xml-object name="heat_index_c" type="GAUGE" xpath="heat_index_c"/>
          <xml-object name="heat_index_f" type="GAUGE" xpath="heat_index_f"/>
          <xml-object name="precip_1hr_in" type="GAUGE" xpath="precip_1hr_in"/>
          <xml-object name="precip_1hr_metric" type="GAUGE" xpath="precip_1hr_metric"/>
          <xml-object name="precip_today_in" type="GAUGE" xpath="precip_today_in"/>
          <xml-object name="precip_today_metric" type="GAUGE" xpath="precip_today_metric"/>
          <xml-object name="pressure_in" type="GAUGE" xpath="pressure_in"/>
          <xml-object name="pressure_mb" type="GAUGE" xpath="pressure_mb"/>
          <xml-object name="visibility_km" type="GAUGE" xpath="visibility_km"/>
          <xml-object name="visibility_mi" type="GAUGE" xpath="visibility_mi"/>
          <xml-object name="wind_degrees" type="GAUGE" xpath="wind_degrees"/>
          <xml-object name="wind_gust_kph" type="GAUGE" xpath="wind_gust_kph"/>
          <xml-object name="wind_gust_mph" type="GAUGE" xpath="wind_gust_mph"/>
          <xml-object name="wind_kph" type="GAUGE" xpath="wind_kph"/>
          <xml-object name="wind_mph" type="GAUGE" xpath="wind_mph"/>
          <xml-object name="windchill_c" type="GAUGE" xpath="windchill_c"/>
          <xml-object name="windchill_f" type="GAUGE" xpath="windchill_f"/>
    
          <xml-object name="display_location" type="String" xpath="display_location/full"/>
       </xml-group>
    </xml-groups>
    

    That should “just work” for any Wundergroud location, and should tell OpenNMS to hold on to basically all of the numeric values I saw in the results. All of that get stored in your time series database of choice (JRobin, RRDtool, or Newts).

    It also holds onto the “display_location” string (just the latest value), which you can use to help give a more meaningful label to your graphs.

    Finally, we’ll want to build a pretty graph to show that our datacollection is working:

    reports=wunderground.conditions.temp
    
    report.wunderground.conditions.temp.name=Temperature
    report.wunderground.conditions.temp.columns=temp_f,feelslike_f,dewpoint_f
    report.wunderground.conditions.temp.type=nodeSnmp
    report.wunderground.conditions.temp.command=--title="Temperature" \
      --vertical-label="Degrees F" \
      DEF:temp_f={rrd1}:temp_f:AVERAGE \
      DEF:feelslike_f={rrd2}:feelslike_f:AVERAGE \
      DEF:dewpoint_f={rrd3}:dewpoint_f:AVERAGE \
      LINE2:temp_f#00ff00:"Temperature " \
      GPRINT:temp_f:AVERAGE:"Avg \\: %10.2lf" \
      GPRINT:temp_f:MIN:"Min \\: %10.2lf" \
      GPRINT:temp_f:MAX:"Max \\: %10.2lf\\n" \
      LINE2:feelslike_f#ee42f4:"Feels Like  " \
      GPRINT:feelslike_f:AVERAGE:"Avg \\: %10.2lf" \
      GPRINT:feelslike_f:MIN:"Min \\: %10.2lf" \
      GPRINT:feelslike_f:MAX:"Max \\: %10.2lf\\n" \
      LINE2:dewpoint_f#42e8f4:"Dewpoint    " \
      GPRINT:dewpoint_f:AVERAGE:"Avg \\: %10.2lf" \
      GPRINT:dewpoint_f:MIN:"Min \\: %10.2lf" \
      GPRINT:dewpoint_f:MAX:"Max \\: %10.2lf\\n"
    

    That gets you a pretty little graph, like this:

    Sample Weather Graph

    Updated 2019-03-06: note that the Wunderground API appears to be really and truly dead.

    by pioto at June 13, 2018 12:54 AM

    January 30, 2018

    Danilo Spinella

    Termish = malloc(255 * size)

    This is the preface for a series of post on terminal apps, called Termish.

    But why?

    I love staying in the terminal. A lot of things are faster to do and I don’t have to move my hands away from keyboard every now and then.

    The problem is: we don’t always have the right tool to use. Plus, a lot of goodies don’t have visibility. We will explore these programs covering a great range of categories, including a usage example for each one.

    As an Exherbo user, all the programs discussed will be available, so you can test them out. Also, fellow users will add these packages in Gentoo and Sabotage. I bet that the AUR already have them all.

    Please, feel free to comment and propose apps on Mastodon and Reddit, where all the articles will be posted.

    In the meanwhile…take this nyancat.

    January 30, 2018 11:07 PM

    Termish = malloc(255 * size)

    This is the preface for a series of post on terminal apps, called Termish. But why? I love staying in the terminal. A lot of things are faster to do and I don’t have to move my hands away from keyboard every now and then. The problem is: we don’t always have the right tool to use. Plus, a lot of goodies don’t have visibility. We will explore these programs covering a great range of categories, including a usage example for each one.

    January 30, 2018 11:07 PM

    September 16, 2016

    Mike Kelly

    First Post in Foreverz

    It’s been a while since I’ve made any blog posts…

    Here’s a quick update since the last time:

    • I've changed jobs twice.
    • I've had a bunch of kids.

    I also switched everything (both blog and website) over to a Jekyll site about… 2 years ago.

    I don’t have the time to contribute as much to open source as I used to, but here’s a little tidbit.

    Deploying a Jekyll Blog to a Traditional Web Host, using GitLab CI

    I’ve been using GitLab at work for a while now, and it’s grown on me. I’ve recently managed to get my entire website fully deployed by GitLab, both to a staging area with their Pages tool, and to my ‘ole reliable pair Networks hosting account.

    I still have to audit my repo before I can make it fully public, but here’s the .gitlab-ci.yml I’m using:

    # This file is a template, and might need editing before it works on your project.
    # Full project: https://gitlab.com/pages/jekyll
    image: ruby:2.3.1
    
    before_script:
      - bundle install
    
    test:
      stage: test
      script:
      - bundle exec jekyll build -d test
      artifacts:
        paths:
        - test
      except:
      - master
    
    pages:
      stage: deploy
      environment: staging
      script:
      - bundle exec jekyll build -b /pioto-org -d public
      artifacts:
        paths:
        - public
      only:
      - master
    
    production:
      stage: deploy
      environment: production
      when: manual
      variables:
        JEKYLL_ENV: production
      before_script:
      - bundle install
      - apt-get update && apt-get install -y rsync
      - umask 0077 && mkdir -p /root/.ssh
      - umask 0047 && echo "${PROD_KNOWN_HOSTS}" >> /root/.ssh/known_hosts
      - umask 0077 && echo "${PROD_DEPLOY_KEY}" > /root/.ssh/id_rsa
      script:
      - bundle exec jekyll build -d public
      - rsync -crvz --delete-after --delete-excluded public/ "${PROD_USERNAME}@${PROD_HOSTNAME}:"
      artifacts:
        paths:
        - public
      only:
      - master
    

    Here’s basically how this works:

    • There’s a basic “test” job, which just confims that everything can actually be built.
    • There’s a “pages” job, which is how things get deployed to GitLab Pages. Every commit on the master branch goes there automatically.
    • There’s a “production” job, which is where the magic happens to deploy my site live:
      • Before the build, we make sure we have rsync, and set up the ssh keys needed for the deploy. The contents of the key files are stored as secure variables.
      • We build with the correct baseurl setting.
      • We build with JEKYLL_ENV=production, so that things like Google Analytics get wired in.
      • We use rsync (with rrsync set up on the other end) to deploy the site.

    by pioto at September 16, 2016 05:59 AM

    April 04, 2015

    Ciaran McCreesh

    Paludis 2.4.0 Released

    Paludis 2.4.0 has been released:

    • Bug fixes.
    • We now use Ruby 2.2, unless –with-ruby-version is specified.

    by Ciaran McCreesh at April 04, 2015 11:55 AM

    October 01, 2014

    Ciaran McCreesh

    Paludis 2.2.0 Released

    Paludis 2.2.0 has been released:

    • Bug fixes.
    • Compilation fixes for Clang.
    • Added ‘cave resolve –chroot-path’.
    • Removed the “breaks Portage” feature.

    by Ciaran McCreesh at October 01, 2014 06:05 PM

    February 23, 2014

    Bryan Østergaard

    So I was dox'ed yesterday

    and nobody gives a fuck.

    Here's the associated spam:
    14:53 < ~dd0sb0ss> rip
    14:53 < ~dd0sb0ss> PARTY AT Vølundsgade 31, 3. th. 2200 København N
    14:53 < ~zsasz> ur unicode is broken dd0sb0ss
    14:53 < ~dd0sb0ss> fuq
    14:54 < ~dd0sb0ss> THE OFFICIAL FREENODE PARTYLINE IS REACHABLE AT +4533137886
    14:54 -!- dd0sb0ss was kicked from #freenode by kloeri_ [dd0sb0ss]

    Ignoring the broken unicode that's actually the correct information. Well done on finding this information that has been publically available (by my own choice) for several years.

    It's never been hard to find me and that's not changing in the future just because of some silly kids either. Unlike these kids I'm actually proud of what I do and I'm more than happy to stand by my actions with my real name and even address widely available.

    And for all those sensible people out there just shaking your heads at this sillyness - you're welcome to visit, especially if you are interested in open source software or need a consultant on some project :) I'd suggest contacting me by email first though.

    PS. Thanks to GNAA for this obvious advertising opportunity.

    by kloeri at February 23, 2014 08:49 PM

    October 13, 2013

    Ciaran McCreesh

    September 14, 2013

    Alexander Færøy

    Enhancing SSL Security for IRC: DANE Support

    A couple of weeks ago, I had a discussion with some of the Quakenet coders on how to add SSL support to their IRC daemon, but the discussion ended up being about the false sense of security that SSL potentially can give to the user. The Quakenet hackers have an interesting article online about their thoughts on the matter and while I do understand their points, I do not agree with it being a good enough reason to completely avoid SSL on your IRC network.

    We quickly changed the discussion to be about how the IRC clients should be able to verify that the SSL certificate, received from the server, is not a malicious certificate from someone doing MITM attacks. This was not the discussion I had hoped for, but nevertheless, it was an interesting discussion to participate in and made me spend a few days thinking about their concerns.

    Sadly, as it is today, some IRC clients, including Irssi, only do full SSL certificate validation as an opt-in option (via the -ssl_verify option for /connect in Irssi’s case) rather than having it as an opt-out option, which would be ideal. This is simply because people in the IRC community have historically not wanted to spend money on certificates from the so called “trusted” Certificate Authorities like we have seen on the web. Changing this from opt-in to opt-out is something that I would like to see happen, but it is not something that is going to be easy. We saw how many web sites got a “proper” certificate after the Mozilla guys made it slightly harder to actually mark a self-signed certificate as trusted. This was at first a very annoying move, but these days we rarely see self signed certificates when we browse around the web.

    A few days after the discussion on IRC, I was having dinner at Thomas‘s place and I mentioned the discussion with the Quakenet hackers. Thomas knows a lot about security, privacy and DNS, and he is an avid Quakenet user, so it appeared more than obvious to take the discussion with him and hear what his take to the problem was. His suggestion was to take a look at DNSSEC and DANE and see if that could be used as a possible solution.

    Luckily for me, it was exactly what I was looking for.

    A few days after the dinner conversation, I pushed a patch to Irssi’s source code repository that enabled support for DANE validation of SSL certificates.

    Let’s have a look at how DANE works. This will hopefully give you enough knowledge to understand the basics of what is going on. I will document how to compile Irssi with DANE support enabled and test whether it works or not.

    What is DANE?

    DANE is an acronym for “DNS-Based Authentication of Named Entities” and comes with a protocol named TLSA. DANE is an internet standard and you can read the full technical specification of DANE in RFC6698, but hopefully, this article will give you an introduction to get started using DANE for your IRC servers right away. The concepts are totally protocol agnostic so this will work for other protocols than IRC as well, but it does require modification to the client software to work.

    DANE is a simple way of storing information about a certificate in the DNS system. Adding DNSSEC on top of the cake, gives you a very powerful way of validating certificates where the client relies on a trusted source (their ISP’s DNS server and DNSSEC) validating the information from the possibly eavesdropped IRC server.

    DANE is implemented as a new DNS resource record named TLSA. You can see an example of such record here from our test IRC server linked to the IRCsource IRC network:

    $ dig TLSA _6697._tcp.ircsource.baconsvin.org
    
    ; <<>> DiG 9.8.3-P1 <<>> TLSA _6697._tcp.ircsource.baconsvin.org
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38406
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 9
    
    ;; QUESTION SECTION:
    ;_6697._tcp.ircsource.baconsvin.org. IN TLSA
    
    ;; ANSWER SECTION:
    _6697._tcp.ircsource.baconsvin.org. 3358 IN TLSA 3 0 1 9B954A014881108A9058DB80020909FFD8B4C44C6F41C8796B3A1EA4 3A444B94
    
    ;; AUTHORITY SECTION:
    baconsvin.org.      50607   IN  NS  ns1.gratisdns.dk.
    baconsvin.org.      50607   IN  NS  ns5.gratisdns.dk.
    baconsvin.org.      50607   IN  NS  ns3.gratisdns.dk.
    baconsvin.org.      50607   IN  NS  ns2.gratisdns.dk.
    baconsvin.org.      50607   IN  NS  ns4.gratisdns.dk.
    
    ;; ADDITIONAL SECTION:
    ns1.gratisdns.dk.   7417    IN  A       109.238.48.13
    ns1.gratisdns.dk.   36319   IN  AAAA    2a02:9d0:3002:1::2
    ns2.gratisdns.dk.   25447   IN  A       185.10.10.53
    ns3.gratisdns.dk.   31182   IN  A       194.0.2.6
    ns3.gratisdns.dk.   28269   IN  AAAA    2001:678:5::6
    ns4.gratisdns.dk.   31182   IN  A       87.73.3.3
    ns4.gratisdns.dk.   28269   IN  AAAA    2a01:558:4000::3
    ns5.gratisdns.dk.   25447   IN  A       85.17.221.46
    ns5.gratisdns.dk.   28269   IN  AAAA    2001:6f8:3ad::1
    
    ;; Query time: 55 msec
    ;; SERVER: 89.233.43.71#53(89.233.43.71)
    ;; WHEN: Sat Aug 10 13:16:23 2013
    ;; MSG SIZE  rcvd: 393
    

    Note: If your version of dig doesn’t recognize the TLSA type, you can easily replace it with TYPE52 like this: dig _6697._tcp.ircsource.baconsvin.org TYPE52.

    Notice how the port, 6697, and protocol, TCP, is part of the DNS query. This will be familiar for people who have worked with SRV DNS records.

    The interesting part of the output is the answer section where you see the following:

    3 0 1 9B954A014881108A9058DB80020909FFD8B4C44C6F41C8796B3A1EA4 3A444B94
    

    What does all of this mean?

    Let’s start out by looking at the format. The format for a TLSA reply is as following:

    <certificate usage> <selector> <matching type> <certificate association data>
    

    This means that our certificate usage field is 3, our selector is 0 and our matching type is 1. The associated data is the string "9B954A014881108A9058DB80020909FFD8B4C44C6F41C8796B3A1EA4 3A444B94".

    It is important to understand the semantics of these fields, because they will dictate how and if the client is going to do further validation of the certificate once the client has received it from the IRC daemon.

    Using 3 0 1 means that we are using a self-signed certificate and we will rely on DANE for validating the certificate only (3); that we are using the full certificate and not just the SubjectPublicKeyInfo part (0) and we will be using a hexadecimal encoded SHA256 hash of the DER-encoded certificate (1).

    To fully understand the various options available, I suggest you take a look at RFC 6698 section 2.1.

    Enable DANE Support for your IRC Server

    The first step you will have to take is to ensure that whoever runs your DNS servers supports both DNSSEC and TLSA records. In Denmark, a lot of users are using the free DNS hosting provider GratisDNS. GratisDNS supports both DNSSEC and TLSA records which makes setting this up a lot easier.

    Sadly, GratisDNS’ interface is currently only available in Danish, so you might have to look for other solutions available online.

    Once you have a DNS provider that supports DNSSEC and TLSA records, it is fairly easy to create the records. In our example, the following assumptions are made:

    1. You already have an IRC daemon running with SSL enabled on port 6697 and you have verified that it actually works as expected.

    2. Your certificate is self-signed, so you would like to rely on DANE support only for the validation. This means that the user will not see any self-signed certificate errors when connecting with certificate validation enabled.

    3. We will create a record using a SHA-256 hash of the certificate data. Feel free to use something stronger, if you are more crypto paranoid than I am.

    This means that our TLSA record will end up looking something similar to this:

    _6697._tcp.irc.example.org TLSA 3 0 1 <SHA-256 hash of the certificate data>
    

    This is basically going to be a description of the exact same setup that I am using for ircsource.baconsvin.org.

    To find the SHA-256 value of your certificate, start by logging onto the server running the IRC daemon and find the directory that contains your certificate files. We are then going to find the SHA-256 value of the DER representation of our certificate:

    $ openssl x509 -in ircsource.baconsvin.org.pem -outform DER | sha256sum
    9b954a014881108a9058db80020909ffd8b4c44c6f41c8796b3a1ea43a444b94  -
    

    This is the value we will be using in our final TLSA record, which now looks like the following:

    _6697._tcp.irc.example.net TLSA 3 0 1 9b954a014881108a9058db80020909ffd8b4c44c6f41c8796b3a1ea43a444b94
    

    Once you have added this record to your DNS zones, it is now time to actually test whether it works as expected.

    Building Irssi with DANE Support

    This part is tested on FreeBSD 9.2-PRERELEASE. Hopefully, it works for other people as well. Feel free to report any issues you may experience.

    1. Download the dnsval tarball from its download page. This is quite new software so I haven’t run into many distributions that have packages available, so we will assume that we have to compile it ourselves.

       $ mkdir dane
       $ cd dane
       $ fetch http://www.dnssec-tools.org/download/dnsval-2.0.tar.gz
       $ tar zxfv dnsval-2.0.tar.gz
       $ cd dnsval-2.0
       $ ./configure --prefix=/usr/local
       $ make
       $ sudo make install
      
    2. Next we will download the Irssi source code from the Git repository. We start by cloning the repository into our newly created dane directory:

       $ cd dane
       $ git clone git://git.irssi.org/irssi
       $ cd irssi
      
    3. We bootstrap the build system:

       $ sh autogen.sh
      
    4. We configure our test Irssi client:

       $ CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" ./configure --enable-dane --with-perl=no
      

      Make sure that somewhere near the end of the output of the configure script contains:

       Building with DANE support ....... : yes
      

      Otherwise you should take a look at the config.log file and look for places where libval is mentioned and figure out why it doesn’t find the library correctly.

    5. Compile Irssi:

       $ make
      
    6. Fire up your new Irssi client and give it a spin:

       $ ./src/fe-text/irssi -!
      
    7. Try to connect to our test server, ircsource.baconsvin.org, using DANE:

       /connect -ssl -ssl_verify ircsource.baconsvin.org 6697
      

      If everything was done correctly, Irssi will now connect to the server, verify the signature of the certificate using TLSA and allow you to connect without seeing any self-signed certificate errors.

    DANE Enabled IRC Servers

    Here’s a list of IRC servers that supports DANE. If you are running a public IRC server and would like to see the server added here, feel free to drop me an email at ahf@irc6.net with information about the server.

    IRCsource

    IRCsource is a small network where people with a general interest in IRC hang out together to discuss and test various new concepts and ideas for IRC.

    • ircsource.baconsvin.org (SSL ports: 6697 and 9999)

    I will do my best to maintain this list of servers supporting DANE in the future.

    Next Stop?

    The next step for me is to start securing server-to-server links within the IRC networks with DANE. This will require some modifications to the IRC daemons themselves. I plan on looking into adding support for DANE in a personal feature branch of ircd-ratbox and some of its derivatives.

    Conclusion

    I am unable to say if DANE support is what the IRC community will be adopting. The IRC community is very conservative in general so time will have to tell.

    If you believe you have found a bug in my code or have any troubles setting DANE up for your own IRC server, I will be more than happy to help. Drop me an email and I will take a look at it whenever I have time. Otherwise, feel free to poke me on IRC. My nickname is ahf and I am available on most of the “larger” IRC networks (EFnet, Freenode, IRCnet and Quakenet).

    All of this code will be available in the upcoming Irssi 0.8.16 release, but if you want to test it right away, my suggestion is to follow my guide from above and use Irssi directly from Git.

    Hopefully, we will see other IRC client and server hackers implementing DANE support in the nearby future. If you like what you have read here, please help me making this happen by spreading the word about the possibilities available for enhancing the SSL support in IRC clients as well as other SSL based online services.

    This is too easily implementable to be ignored.

    Credits

    I would like to thank Thomas Steen Ramussen for being the originator of the idea and setting up the initial DNS server for testing purpose; Peter Larsen for expeditiously implementing TLSA support for GratisDNS; the IRC6.net guys for late night discussions about DANE; Mickey Fischer for testing the Irssi patches on Gentoo Linux with various options enabled and disabled; the DNSSEC-Tools Project for creating the libraries used and finally the rest of the Irssi team for reviewing the patches and coming with recommendations for my code.

    September 14, 2013 12:00 AM

    September 02, 2013

    Ciaran McCreesh

    Paludis 1.4.1 Released

    Paludis 1.4.1 has been released:

    • Compatibility with newer Boost.
    • Minor bug fixes and UI tweaks.

    by Ciaran McCreesh at September 02, 2013 01:00 PM

    May 16, 2013

    Ciaran McCreesh

    Paludis 1.4.0 Released

    Paludis 1.4.0 has been released:

    • Tweaked ‘cave resolve’ output to add blank lines.
    • Support for libarchive 3.1.2.
    • Compatibility fixes for GCC 4.8.

    by Ciaran McCreesh at May 16, 2013 01:29 PM

    March 25, 2013

    Ciaran McCreesh

    Paludis 1.2.0 Released

    Paludis 1.2.0 has been released:

    • Bug fixes.
    • Dep specs can now use ‘[.key!=value]’. The behaviour of ‘<‘ and ‘>’ has changed: for key types where order comparisons don’t make sense, the match now always fails.
    • Various compiler-compatibility fixes.

    by Ciaran McCreesh at March 25, 2013 06:51 PM

    March 04, 2013

    Bryan Østergaard

    Looking for a few more volunteers

    It's that time of the year.. Only four days left before the big danish Open Source Days conference starts and we're tying up all the loose ends as quickly as possible.

    Things are looking great from my point of view but one of the things we need to sort out before the conference opens is all the different helper roles. And we're still looking for good wanting to be an active part of Open Source Days and get to know all the other great people involved.

    If you would like to take part in this you can sign up at Join Us and in return for helping out you get free entrance to the conference including the social event saturday night.

    by kloeri at March 04, 2013 11:09 PM

    February 21, 2013

    Bryan Østergaard

    20.000 minutes

    20.000 minutes sounds like a lot but for sufficiently large projects with sharp deadlines it really isn't.

    Converted to a more manageable time scale it's roughly two weeks or roughly how much time until the Open Source Days conference opens. As some of you might know this is the second year I'm involved in organising this big open source conference.

    And just like last year it's an awesome experience but also very stressful with all the small things needing to fall into place for the conference to run smoothly. And unlike last year I haven't been sick so I'm getting to enjoy the full experience :)

    Having only two weeks left means really long hours every day while we scramble to close all the outstanding issues. But it also means we get to see a huge amount of things fall into place each day.

    Some of the things I'm excited about today:

    • Most of the talks are now announced on the website

    • The keynote talks are all confirmed. More on that later.

    • We've added several more sponsors

    The next two weeks should be very exciting and I'm sure the conference is going to be even better this year.

    See you all at the conference!

    by kloeri at February 21, 2013 11:13 PM

    February 02, 2013

    Ciaran McCreesh

    Paludis 1.0.0 Released

    Paludis 1.0.0 has been released:

    • EAPI 5 style subslot specs are allowed in user dependency specs.
    • We now support DWARF compression.

    by Ciaran McCreesh at February 02, 2013 03:14 PM

    November 16, 2012

    Ciaran McCreesh

    Paludis 0.82.0 Released

    Paludis 0.82.0 has been released:

    • Various EAPI 5 related fixes.

    by Ciaran McCreesh at November 16, 2012 11:46 PM

    October 19, 2012

    Ciaran McCreesh

    Paludis 0.80.2 Released

    Paludis 0.80.2 has been released:

    • Bug fixes.
    • Added ‘cave print-unmanaged-files’.

    by Ciaran McCreesh at October 19, 2012 02:17 PM

    October 13, 2012

    Ciaran McCreesh

    September 22, 2012

    Ciaran McCreesh

    Paludis 0.80.0 Released

    Paludis 0.80.0 has been released:

    • EAPI 5 is supported.

    Filed under: paludis releases Tagged: paludis

    by Ciaran McCreesh at September 22, 2012 06:50 PM

    September 07, 2012

    Ciaran McCreesh

    Paludis 0.78.2 Released

    Paludis 0.78.2 has been released:

    • Bug fix: || ( ) dependencies under a non-enabled label are now handled sensibly.
    • Bug fix: the resolver no longer attempts to create binaries for accounts.
    • Bug fix: 0-scm is now ordered correctly.

    Filed under: paludis releases Tagged: paludis

    by Ciaran McCreesh at September 07, 2012 09:02 PM

    August 13, 2012

    Ciaran McCreesh

    Paludis 0.78.1 Released

    Paludis 0.78.1 has been released:

    • sydbox-1 is now supported.
    • Bug fix.

    Filed under: paludis releases Tagged: paludis

    by Ciaran McCreesh at August 13, 2012 10:44 AM

    March 13, 2012

    Bryan Østergaard

    Pictures from Open Source Days?

    This weekend saw yet another edition of the Open Source Days conference in Copenhagen. And despite a few small issues (most notably a large power outage taking out a big area of the city) most people really seemed to enjoy the conference.

    I also saw quite a few people taking pictures of the event and we'd love to see those pictures. Please send an email to team2012@opensourcedays.org or directly to me at bryan@opensourcedays.org if you would like to share your pictures.

    by kloeri at March 13, 2012 11:47 AM

    March 03, 2012

    Bryan Østergaard

    Looking for helpers for Open Source Days

    With the conference just a week away we're still looking for volunteers.

    Volunteering for Open Source Days means you'll get to know a lot of other open source interested people, broadening your network and you get to be an active part of the biggest open source event in Denmark.

    You'll typically have to work 2 x 3 hours at the conference but for the most part you can decide what areas you want to help with and we do our best to coordinate your shifts so they don't conflict with talks you find particularly interesting.

    As a thank you for your work we throw in conference tickets including the saturday night social event.

    Right now I'm particularly looking for people with some video experience. You don't need professional video experience but a little experience goes a long way towards making the setup go more smoothly. We will of course make sure that people on the video team gets the needed instructions so don't be afraid of signing up even if you have no prior experience. The most important thing is your interest and dedication as that's what's ultimately going to it a success.

    Besides volunteers for the video team we're also looking for a number of other people. There's too many different roles to mention them all here but we still need chairmen for example.

    Please contact me directly at bryan@opensourcedays.org if you want to volunteer for the video team. If you want to sign up for the many other roles you can do so using our sign up form.

    by kloeri at March 03, 2012 12:43 PM

    February 18, 2012

    Bryan Østergaard

    Open Source Days ticket sale now open

    The Open Source Days conference opened the ticket sale a couple days ago. You can buy tickets for the conference itself as well the many training courses we're arranging in the days before the conference.

    See opensourcedays.org for more information and pay attention to the early bird discount that ends about 5 days from now.

    Also note that while there's not that many abstracts on the website yet we're going to keep adding batches of new abstracts. There's going to be a lot of interesting talks so keep checking the website for new abstracts and other news.

    by kloeri at February 18, 2012 10:28 PM

    January 15, 2012

    Bryan Østergaard

    Open Source Days - Second call for speakers

    The second and final call for speakers just went out for the Open Source Days conference in Copenhagen, Denmark.

    Noteworthy news compared to the first call is:
    - We moved the conference a week to make sure we have plenty of room for speakers, visitors and sponsors. The conference is going to take place at march 10 and 11 with training happening on march 9.
    - We added information about conference size and being somewhat ambitious we're hoping to reach previous heights of 800-900 people.
    - Extended the deadline for talk proposals. Deadline is now january 27th.
    - User groups interested in a community booth also needs to start planning. Deadline is february 13th but you need to start thinking of activities, manning the booth and so on.

    More information and details to be found on opensourcedays.org

    Don't miss Denmarks biggest open source event!

    by kloeri at January 15, 2012 11:25 PM

    December 07, 2011

    Bryan Østergaard

    Open Source Days 2012: Call for speakers

    Open Source Days is Denmarks biggest open source conference and it's only 3 months away now. We are therefore looking for interesting speakers.

    The conference has two focus areas, namely:
    • startups (everything related to startups / small business and open source software)
    • green technology (recycling, monitoring etc.)
    Besides these two focus areas we also have several tracks with general technical talks. These tracks can cover everything from office packages to interesting new programming languages, network administration or other more technical areas.

    See www.opensourcedays.org for the full announcement.

    by kloeri at December 07, 2011 07:59 PM

    January 31, 2011

    Ingmar Vanhassel

    We are going to FOSDEM!

    Like previous years, a few of the Exherbo developers will be coming to FOSDEM!

    If you’ve been dying to meet Alexander Færøy, Bo Ørsted Andresen, Bryan Østergaard (or if you really want to know what an emu using a linux computer looks like), Jochen Maes or myself, find us at the beer event, or anywhere at the conference! Feel free to hop by in #exherbo to find our whereabouts.

    See you there!

    by ingmarv at January 31, 2011 04:17 PM

    October 18, 2010

    Bryan Østergaard

    Being different

    In Exherbo we like to do things a bit differently from everybody else. And today I got inspired by some recent experiences with users not quite reading all the documentation that Exherbo developers expected them to and wanting to change our documentation in a slightly different direction than we wanted to.

    The usual solutions to such problems are either to reject patches, possibly marking them as invalid, or yell at people until they go away or start doing what you want them to. I went for a very different option though and tried to document what we expect from users (or developers as we prefer to see them) and the result of that is now added to our website.

    All the feedback I've had so far has been very positive both from very experienced Exherbo developers as well as contributors very new to the project. I hope I can refine it a bit more over the next few days so feel free to add your comments. It's supposed to help everybody no matter their level of experience as developers or with the Exherbo project so I'd like to hear from lots of people.

    by kloeri at October 18, 2010 11:07 PM

    June 18, 2010

    Bryan Østergaard

    Has anyone seen my pants?

    They were last seen at JFK International Airport in New York last night and I miss them already. Please contact baggage claim if you've seen them and tell them to send the pants to Rochester International Airport where JetBlue is looking for them.

    Or just bring them to FOSSCON tomorrow :)

    by kloeri at June 18, 2010 03:02 PM

    June 15, 2010

    Bryan Østergaard

    Closing in on FOSSCON

    FOSSCON is only 4 days away now and I'm trying to figure out all the things I need to do before the conference..

    Plane ticket and hotel is booked (I'd be in big problems otherwise) but I haven't prepared my slides yet. I also need to find lots of small things like travel adapter, camera and all the other small things I wouldn't want to do without.

    All in all I'm very excited about FOSSCON though, especially since it's going to be my first talk outside of Europe and I'm really looking forward to peoples reactions to my talk.

    My talk centers around effective ways of building a developer community, mostly based on my experience from the Exherbo project. When I did a similar talk here in Denmark about 8 months ago most people were quite surprised at first but also found my ideas very interesting and I've had some very positive feedback from the people I've met again afterwards. I'm hoping the FOSSCON audience will be just as interested and that they'll give my ideas on managing open source projects some serious thoughts.

    And if any one of you should happen to visit FOSSCON I won't be opposed to having a beer or two.. :)

    by kloeri at June 15, 2010 12:57 PM

    May 06, 2010

    Bryan Østergaard

    Exherbo rejected my patch, now what?

    Exherbo has a fairly strict patch policy that's usually summarised as "no patches without a damn good reason". Good reasons includes "Compile fixes" and "Security patches" at the very least but we do end up rejecting quite a few proposed patches.

    I decided on this policy from the very beginning of Exherbos life as it's much easier working with upstream if we don't add patches against their wishes and it also makes it a lot easier for users to move to another distribution if/when needed (assuming that other distribution haven't patched the application(s) too heavily).

    All in all this policy have worked very well for Exherbo so far but what can you do when you really, really want that patch for your favorite application? The first (and in many cases best) option is simply talking to upstream and convincing them that the patch is a good idea. That way all users benefits from the patch regardless of their choice of distribution and upstream takes care of maintainance and QA.

    But what can you if that fails or you simply want a patch specifically tailored to your local needs? An easy way to solve that is through the magic of auto patching - paludis makes it quite easy to add local patches to specific packages any time you upgrade/reinstall them using phase hooks.

    Below is a generic auto patch hook courtesy of Ciaran McCreesh.

    $ cat /etc/paludis/hooks/ebuild_prepare_post/patches.bash
    # vim: set sw=4 sts=4 et :

    (
        cd "${S}"
        patchdir="/home/users/ciaranm/work/autopatch/${CATEGORY}/${PN}"
        if [[ -d $patchdir ]] ; then
            einfo "Applying user patches"
            for p in $patchdir/*.patch ; do
                [[ -f "${p}" ]] || continue
                einfo "Applying $(basename ${p} )"
                patch -p1 < ${p} || exit 1
            done
            einfo "Done"
        fi
    )

    Before using this hook you want to change "patchdir" so it points to your own local patch directory. And then you simply add patches (files should be named *.patch) in $category/$packagename directories in your patch directory. As an example you could add a net-www/chromium/omnibar-http.patch file containing the following patch if you want to revert the recent sillyness of not showing http in the omnibar in chromium.

    Source: Timothy Redaelli - updated by Elias Pipping
    Upstream: Rejected, see http://crbug.com/41885
    Reason: Do not strip http:// from omnibar!

    --- b/net/base/net_util.cc
    +++ a/net/base/net_util.cc
    @@ -1452,7 +1452,7 @@
    url_string == kHTTP && (!parsed.host.is_valid() ||
    (parsed.host.is_nonempty() &&
    spec.compare(parsed.host.begin,
    - std::string(kFTP).size(), kFTP))));
    + std::string(kFTP).size(), kFTP))) && false);

    new_parsed->scheme = parsed.scheme;

    Adding local patches is now just a question of dropping the patch file in the correct path but keep in mind that you have the responsibility of maintaining not only your local patch but also anything it might affect (not limited to the patched package).

    by kloeri at May 06, 2010 10:00 PM

    March 04, 2010

    Bryan Østergaard

    Exherbo at Open Source Days

    The danish open source conference, Open Source Days, will run this friday and saturday. Exherbo will be present both days with quite a few developers in attendance.

    I'm sure there will be a (little) hacking on Exherbo and related projects like Genesis but it's also a very good, if somewhat rare, opportunity to meet some of the leading Exherbo developers and talk to them about the current status of Exherbo and what's in the future.

    Personally I'm hoping to have some good discussions about the kind of problems people currently face when they use Linux in various business settings and ways that those problems might be solved. I'm also hoping that you can learn something from the way the Exherbo project is managed and get an idea how the project manages to move at such a fast pace.

    And finally I'm looking forward to meeting lots of people and having a good time :)

    by kloeri at March 04, 2010 12:29 AM