site-josuah

/usr/josuah
Log | Files | Refs

commit 47e5dcaf442b4eb0ecdb1bc9f4dde1abf0c17f9f
parent 94c7d4215918d5e13fb96e323e91e9a89f4d9723
Author: Josuah Demangeon <me@josuah.net>
Date:   Fri, 12 Jun 2020 23:05:43 +0200

remove ambiguity in markdown syntax

Diffstat:
Mblog/2019-06-28-root-servers/index.md | 76++++++++++++++++++++++++++++++++++++++--------------------------------------
Mblog/2019-07-22-i-am-a-thief/index.md | 7+++----
Mblog/2019-07-25-chgrp-not-chown/index.md | 22+++++++++++-----------
Mindex.md | 22+++++++++++-----------
Mlinks/index.md | 300++++++++++++++++++++++++++++++++++++++++----------------------------------------
Mquotes/index.md | 3+++
Mwiki/awk/index.md | 10+++++-----
Mwiki/git-hooks/index.md | 64+++++++++++++++++++++++++++++++++++++---------------------------
Mwiki/jj/index.md | 36++++++++++++++++++------------------
Mwiki/qmail/destination-mx/index.md | 190+++++++++++++++++++++++++++++++++++++++++++------------------------------------
Mwiki/supervisor/index.md | 34+++++++++++++++++-----------------
Mwiki/tinydns/index.md | 51++++++++++++++++++++++++++++-----------------------
12 files changed, 425 insertions(+), 390 deletions(-)

diff --git a/blog/2019-06-28-root-servers/index.md b/blog/2019-06-28-root-servers/index.md @@ -1,53 +1,53 @@ And so the world was chosen to be kept safe ... =============================================== +... through 13 gates, owned by 12 kings among the many kingdoms. - ... through 13 gates, owned by 12 kings among the many kingdoms. +All gates would open to an unique almighty key known by the name of Ksk. - All gates would open to an unique almighty key known by the name of Ksk. +The Key Signing Key. The key that could sign all the other keys. The world - The Key Signing Key. The key that could sign all the other keys. The world +bowed to it. Its brave Zsk subordinates never questionned its power, never - bowed to it. Its brave Zsk subordinates never questionned its power, never +tried to challenge it... - tried to challenge it... - ___ __ _ ____ ___ ____ ___ __ _ ____ ___ ___ - The ||`\ // \ // \ || //_ ||__ ||`\ \\ / ||__ ||`\ //_ - ||`\ \\_/ \\_/ || __// ||__ ||`\ \\/ ||__ ||`\ __// +``` + ___ __ _ ____ ___ ____ ___ __ _ ____ ___ ___ +The ||`\ // \ // \ || //_ ||__ ||`\ \\ / ||__ ||`\ //_ + ||`\ \\_/ \\_/ || __// ||__ ||`\ \\/ ||__ ||`\ __// +``` +Season 1 Episode 1 +------------------ +Before the keys was the gates. Them had the power to give names +on the things of the outter world. Rare, but alive was those +daring to ask for a name of the inner world things. When it did +happen, the Root Servers simply was not looking at them. - Season 1 Episode 1 +It all happened by a single touch from any of them. All it took +from these 12 kings, was to lift all at once their fingers and +point at a thing, standing though their 13 doors, pronouncing +a name. - Before the keys was the gates. Them had the power to give names - on the things of the outter world. Rare, but alive was those - daring to ask for a name of the inner world things. When it did - happen, the Root Servers simply was not looking at them. +And so they did. First, they look at the sea, fishers braving the +seas, and they said "Net". Then they followed the path of ships +through the roads where merchants did stand there, and said "Come". - It all happened by a single touch from any of them. All it took - from these 12 kings, was to lift all at once their fingers and - point at a thing, standing though their 13 doors, pronouncing - a name. +After naming schools, militaries, states and other institutions, +they pointed each and every places of the lands, and said "Nl", +"Is", "Io", "Ma", "De", and other "Cz" of the kind. - And so they did. First, they look at the sea, fishers braving the - seas, and they said "Net". Then they followed the path of ships - through the roads where merchants did stand there, and said "Come". +What a surprising phenomenon, each of the things that had a name +suddently got able to talk. Most agreed on the word for "myself" +which came up as "nic", "noc" or "dot" according to the dialects. - After naming schools, militaries, states and other institutions, - they pointed each and every places of the lands, and said "Nl", - "Is", "Io", "Ma", "De", and other "Cz" of the kind. +Then came names for all the tings that did ever cross their ways. +The merchants got particularly popular, through crossing a lot of +things, that they each named after their name, "com". - What a surprising phenomenon, each of the things that had a name - suddently got able to talk. Most agreed on the word for "myself" - which came up as "nic", "noc" or "dot" according to the dialects. - - Then came names for all the tings that did ever cross their ways. - The merchants got particularly popular, through crossing a lot of - things, that they each named after their name, "com". - - The languages reaching more and more fellows, each of the things - named by the things named by the 12 kings started to give names - around. By lack of education, all of them merely ever figured - out a word "www". Whereas the "edu" subordinates came up with a - rich mix of various colorful names. - - The world started to be a nameful place. +The languages reaching more and more fellows, each of the things +named by the things named by the 12 kings started to give names +around. By lack of education, all of them merely ever figured +out a word "www". Whereas the "edu" subordinates came up with a +rich mix of various colorful names. +The world started to be a nameful place. diff --git a/blog/2019-07-22-i-am-a-thief/index.md b/blog/2019-07-22-i-am-a-thief/index.md @@ -1,11 +1,10 @@ I am a thief ============ - First chapter of "Je suis un Voleur" from Laurent Chemla: - /\ thief. How else to name one of the first individual in France - /__\ to procure itself an Internet access[1.1]? In 1994, spoofing -/ \ the clothes of a telecommunication expert, that I was not yet, +A thief. How else to name one of the first individual in France +to procure itself an Internet access[1.1]? In 1994, spoofing +the clothes of a telecommunication expert, that I was not yet, I obtained from an IT staff employee of a parisian University that he let me an access to Internet. In exchange, I brought him help - relatively - to the building of a network devoted to let student work diff --git a/blog/2019-07-25-chgrp-not-chown/index.md b/blog/2019-07-25-chgrp-not-chown/index.md @@ -1,13 +1,11 @@ Using "chgrp" instead of "chown" ================================ - I propose some new organization for UNIX permissions that do not require the admin to always change the permissions, and have any user create file around and still keep the apropriate permissions: - * Let the owner be whatever you need. - - * Define one group per ressource. +* Let the owner be whatever you need. +* Define one group per ressource. As simple as it. The users can be used to as a way to track events, creation, generation, who did run a script... Focus on maintaining @@ -15,11 +13,13 @@ the apropriate group. To define a resource directory: - # groupadd dns - # useradd -g dns dns - # mkdir /var/dns - # chgrp dns /var/dns - # chmod +s /var/dns +``` +# groupadd dns +# useradd -g dns dns +# mkdir /var/dns +# chgrp dns /var/dns +# chmod +s /var/dns +``` It all relies on "chmod +s" on the directory, the sgid flag. On a file, this would set the user id upon execution. On a directory, @@ -42,8 +42,8 @@ all the members of a group to edit the files. Bonus: you can now know who did created a file: look at the owner. Bonus: you can now have less-privilegied administrators that have - access to some but not all the contents. Simply add them to the - groups of things he can manage. +access to some but not all the contents. Simply add them to the +groups of things he can manage. I write "admin", but it might as well be daemons. Think of acme-client need to access to /var/dns to setup the DNS challenges, and /var/tls diff --git a/index.md b/index.md @@ -2,19 +2,19 @@ Welcome to my publication tool. You can find documentation about my software projects: - * The [NotWiki](//code.z0.is/notwiki/) project, a website/gophersite - generation tool. - * The [sni-shunt](//code.z0.is/sni-shunt/) tool, dispatch TLS session - according to server-name. - * The [passlock](//code.z0.is/passlock/) tool, an authentication backend. - * My [githooks](/wiki/git-hooks/) scripts, that regenerate my NotWiki sites. +* The [NotWiki](//code.z0.is/notwiki/) project, a website/gophersite + generation tool. +* The [sni-shunt](//code.z0.is/sni-shunt/) tool, dispatch TLS session + according to server-name. +* The [passlock](//code.z0.is/passlock/) tool, an authentication backend. +* My [githooks](/wiki/git-hooks/) scripts, that regenerate my NotWiki sites. As well as documentation on other people's software: - * Use of [awk](/wiki/awk/), the command/language. - * Use of [jj](/wiki/jj/) IRC client with UCSPI and s6. - * Use of [tinydns](/wiki/tinydns/) with an awk scripts for generating dns - ./data. - * Notes on [qmail](/wiki/qmail/) implementation. +* Use of [awk](/wiki/awk/), the command/language. +* Use of [jj](/wiki/jj/) IRC client with UCSPI and s6. +* Use of [tinydns](/wiki/tinydns/) with an awk scripts for generating dns + ./data. +* Notes on [qmail](/wiki/qmail/) implementation. And finally, [ASCII](/ascii/) Art and [quotes](/quotes/) and [links](/links/). diff --git a/links/index.md b/links/index.md @@ -8,13 +8,13 @@ OpenBSD ------- "Free, Functionnnal and Secure" - * <https://www.openbsd.org/> +* <https://www.openbsd.org/> FreeBSD ------- "The Power To Serve" - * <https://www.freebsd.org/> +* <https://www.freebsd.org/> Plan 9 ------ @@ -22,92 +22,92 @@ A research operating system. ### Documentation - * <https://9p.io/plan9/> - - More dead links every days. +* <https://9p.io/plan9/> - + More dead links every days. - * <https://cat-v.org/> - - The plan 9 doc. +* <https://cat-v.org/> - + The plan 9 doc. - * <https://fqa.9front.org/dash1.ghostintheminesweepershell.pdf> - - get started with Plan 9 through 9front +* <https://fqa.9front.org/dash1.ghostintheminesweepershell.pdf> - + get started with Plan 9 through 9front - * <https://doc.cat-v.org/plan_9/4th_edition/papers/venti/> - - A new approach to archival storage: append only deduplicated blocks. +* <https://doc.cat-v.org/plan_9/4th_edition/papers/venti/> - + A new approach to archival storage: append only deduplicated blocks. - * <https://www.ueber.net/who/mjl/plan9/plan9-obsd.html> - - Run a plan 9 network on OpenBSD, helps to understand what is Plan 9. +* <https://www.ueber.net/who/mjl/plan9/plan9-obsd.html> - + Run a plan 9 network on OpenBSD, helps to understand what is Plan 9. - * <https://9fans.github.io/plan9port/> - - Run plan 9 user programs on other operating systems. +* <https://9fans.github.io/plan9port/> - + Run plan 9 user programs on other operating systems. - * <https://tools.suckless.org/9base/> - - Subset of the programs of plan9port that compiles with musl as well. +* <https://tools.suckless.org/9base/> - + Subset of the programs of plan9port that compiles with musl as well. ### Distributions patches and forks - * <https://9front.org/> - - Distro to get it to work on its machine. +* <https://9front.org/> - + Distro to get it to work on its machine. - * <https://9legacy.org/> - - Distro that is just a set of patches to the original. +* <https://9legacy.org/> - + Distro that is just a set of patches to the original. - * <https://harvey-os.org/> - - Porting Plan 9 to POSIX. +* <https://harvey-os.org/> - + Porting Plan 9 to POSIX. - * <http://jehanne.io/> - - Porting POSIX to Plan 9. +* <http://jehanne.io/> - + Porting POSIX to Plan 9. xv6 --- A operating system for teaching operating systems. - * <https://pdos.csail.mit.edu/6.828/2017/xv6.html> - - Entry point and about page. +* <https://pdos.csail.mit.edu/6.828/2017/xv6.html> - + Entry point and about page. - * <git://github.com/mit-pdos/xv6-public.git> - cloneit! +* <git://github.com/mit-pdos/xv6-public.git> + cloneit! - * <https://pdos.csail.mit.edu/6.828/2017/xv6/book-rev10.pdf> - - I want more time to ReadIt! +* <https://pdos.csail.mit.edu/6.828/2017/xv6/book-rev10.pdf> - + I want more time to ReadIt! TempleOS -------- A holy operating system. - * <https://templeos.org/> - - Support for 3D mesh in assembly without recompiling. Because we can. +* <https://templeos.org/> - + Support for 3D mesh in assembly without recompiling. Because we can. Linux ----- A famous operating system. - * <https://tldp.org/> - - The Linux Documentation Project, mainly Linux but not only. +* <https://tldp.org/> - + The Linux Documentation Project, mainly Linux but not only. Distributions: - * <https://www.gentoo.org/> - - If you do not compile a binary, it's someone else's binary. +* <https://www.gentoo.org/> - + If you do not compile a binary, it's someone else's binary. - * <https://www.voidlinux.org/> - - Runit-based ditribution. +* <https://www.voidlinux.org/> - + Runit-based ditribution. - * <https://crux.nu/> - - Lightweight (for *real*, not like Arch) distro. +* <https://crux.nu/> - + Lightweight (for *real*, not like Arch) distro. - * <https://www.slackware.com/> - - A straightforward distro. +* <https://www.slackware.com/> - + A straightforward distro. - * <http://tinycorelinux.net/> - - Hard to do any smaller. +* <http://tinycorelinux.net/> - + Hard to do any smaller. Distro that symlink files as a package management system: - * <https://gobolinux.org/> - - Interesting directory hierarchy, good introduction. +* <https://gobolinux.org/> - + Interesting directory hierarchy, good introduction. - * <http://sabo.xyz/> - - Very simple and efficient approach. +* <http://sabo.xyz/> - + Very simple and efficient approach. GenodeOS -------- @@ -116,7 +116,7 @@ GenodeOS Written in C++ (bleh) but a good way to study how to do a kernel. - * <https://genode.org/about/index> +* <https://genode.org/about/index> seL4 ---- @@ -125,195 +125,195 @@ Considered by some as the "state of the art" microkernel. Uses repo (bleh) and cmake (bleh) instead of more portable tools, but is definitely worth an approach. - * <https://sel4.systems/> +* <https://sel4.systems/> Software groups --------------- Various groups of people sometimes writing software, sometimes related to other groups, sometimes collaborating, sometimes sharing a system. - * <//tildeverse.org/> - - Tildeverse - Association of like-minded ~tilde communities. +* <//tildeverse.org/> - + Tildeverse - Association of like-minded ~tilde communities. - * <//suckless.org/> - - Suckless - software that sucks less. +* <//suckless.org/> - + Suckless - software that sucks less. - * <//2f30.org/> - - 2f30 - div by 0: made with strange alien technology +* <//2f30.org/> - + 2f30 - div by 0: made with strange alien technology - * <//bitreich.org/> - - HTTP serves companies, Gopher serves people. +* <//bitreich.org/> - + HTTP serves companies, Gopher serves people. - * <//dataswamp.org/> - - Remote shell for a few people. +* <//dataswamp.org/> - + Remote shell for a few people. - * <//grifon.fr/> - - Associative ISP around Rennes, Brittany, France. +* <//grifon.fr/> - + Associative ISP around Rennes, Brittany, France. People ------ People from above and others. - * <https://pc.textmod.es/> - - where ascii art packs get released +* <https://pc.textmod.es/> - + where ascii art packs get released - * <https://xero.nu/> - - also see 0w.nz +* <https://xero.nu/> - + also see 0w.nz - * <https://www.swordarmor.fr/> - - French celt (and viking (and celt again)) legends soaked geek lair +* <https://www.swordarmor.fr/> - + French celt (and viking (and celt again)) legends soaked geek lair - * <https://z3bra.org/> - - Heavy tinkering intensifies... +* <https://z3bra.org/> - + Heavy tinkering intensifies... Document browsers ----------------- Most HTTP/HTML browser presented here have a `--dump` flag of some sort, handful for converting html to mostly readable plain text. - * <http://retawq.sourceforge.net/> - - Simple text-mode web browser +* <http://retawq.sourceforge.net/> - + Simple text-mode web browser - * <http://links.twibright.com/> - - Classic text-mode web browser +* <http://links.twibright.com/> - + Classic text-mode web browser - * <http://www.elinks.cz/> - - Full-featured text web browser +* <http://www.elinks.cz/> - + Full-featured text web browser - * <http://lynx.browser.org/> - - Colorful text web browser +* <http://lynx.browser.org/> - + Colorful text web browser - * <http://w3m.sourceforge.net/> - - Text web browser with a cursor, bells and whistles +* <http://w3m.sourceforge.net/> - + Text web browser with a cursor, bells and whistles System programming ------------------ - * <http://smarden.org/runit/> - - An init system and supervision suite inspired from daemon tools. +* <http://smarden.org/runit/> - + An init system and supervision suite inspired from daemon tools. - * <https://skarnet.org/software/> - - Rewrite the layer between the kernel and the applications with minimalism. +* <https://skarnet.org/software/> - + Rewrite the layer between the kernel and the applications with minimalism. - * <https://en.wikipedia.org/wiki/Advanced_Programming_in_the_Unix_Environment> - - Programming book for feeling fine with all these syscalls. +* <https://en.wikipedia.org/wiki/Advanced_Programming_in_the_Unix_Environment> - + Programming book for feeling fine with all these syscalls. Crypto ------ - * <https://ianix.com/> - - A gold mine of state of the art crypto references. +* <https://ianix.com/> - + A gold mine of state of the art crypto references. - * <https://github.com/BLAKE3-team/BLAKE3> - - A hash function that is too good to be real. +* <https://github.com/BLAKE3-team/BLAKE3> - + A hash function that is too good to be real. DJB --- The elephant in the room of crypto. - * <https://cr.yp.to/> - - The entry point of its lair. +* <https://cr.yp.to/> - + The entry point of its lair. - * <https://curvecp.org/> - - A (now not so) new style of crypto. +* <https://curvecp.org/> - + A (now not so) new style of crypto. - * <https://dnscurve.org/> - - Standard exploiting curve crypto for dns. +* <https://dnscurve.org/> - + Standard exploiting curve crypto for dns. - * <https://pqcrypto.org/> - - The next style of crypto. +* <https://pqcrypto.org/> - + The next style of crypto. Softwares --------- - * <https://tinyssh.org/> - - OpenSSH is good, and this one is too and is not as famous. +* <https://tinyssh.org/> - + OpenSSH is good, and this one is too and is not as famous. - * <https://mojzis.com/software/dq/> - - DNSCurve implemented after djbdns from the same author of tinyssh. +* <https://mojzis.com/software/dq/> - + DNSCurve implemented after djbdns from the same author of tinyssh. Qmail ----- An SMTPd server that aims simplicity, security, and general good design. - * <https://cr.yp.to/qmail.html> - - This is qmail, the venerable alternative to Postfix. +* <https://cr.yp.to/qmail.html> - + This is qmail, the venerable alternative to Postfix. - * <https://notqmail.org/> - - Not qmail, also not netqmail: continuation of both projects. +* <https://notqmail.org/> - + Not qmail, also not netqmail: continuation of both projects. - * <http://openqmail.org/> - - One-man project similar to notqmail in many aspects. +* <http://openqmail.org/> - + One-man project similar to notqmail in many aspects. - * <http://www.memoryhole.net/qmail/#any-to-cname> - Overview of many qmail patches. +* <http://www.memoryhole.net/qmail/#any-to-cname> + Overview of many qmail patches. Libraries --------- - * <https://www.libressl.org/> - - OpenSSL fork with focus on simplicity and sane defaults. +* <https://www.libressl.org/> - + OpenSSL fork with focus on simplicity and sane defaults. - * <https://man.openbsd.org/tls_init.3> - - Sane alternative interface to the LibreSSL library. +* <https://man.openbsd.org/tls_init.3> - + Sane alternative interface to the LibreSSL library. - * <https://openssh.com/> - - You *might* already know this one. +* <https://openssh.com/> - + You *might* already know this one. - * <https://bearssl.org/> - - A single-person TLS library. +* <https://bearssl.org/> - + A single-person TLS library. Wire protocols -------------- - * <https://dnscurve.io/> - - A better DNSSEC without the bulk, currently used on that site. +* <https://dnscurve.io/> - + A better DNSSEC without the bulk, currently used on that site. - * <https://cr.yp.to/tcpip/minimalt-20130522.pdf> - - A better TLS without the bulk. +* <https://cr.yp.to/tcpip/minimalt-20130522.pdf> - + A better TLS without the bulk. Messages formats/protocols -------------------------- - * <http://www.aaronsw.com/2002/rss30> - - RSS 3.0, which might never see any wide adoption because of backward - compatibility matters to corporate people, but still a good example on how - to simplify a format. +* <http://www.aaronsw.com/2002/rss30> - + RSS 3.0, which might never see any wide adoption because of backward + compatibility matters to corporate people, but still a good example on how + to simplify a format. Networking ---------- - * <https://www.torproject.org/> - - The famous Onion Router +* <https://www.torproject.org/> - + The famous Onion Router - * <https://geti2p.net/en/comparison/tor> - - Invisible Internet Project, like Tor, but not Tor. +* <https://geti2p.net/en/comparison/tor> - + Invisible Internet Project, like Tor, but not Tor. - * <https://freenetproject.org/> - - Alternative internet featuring freedom and anonymity. +* <https://freenetproject.org/> - + Alternative internet featuring freedom and anonymity. - * <http://brokestream.com/netboot.html> - - 1 file, 2 functions, 300 lines DHCP and TFTP server! +* <http://brokestream.com/netboot.html> - + 1 file, 2 functions, 300 lines DHCP and TFTP server! - * <https://code.kryo.se/iodine/> - - Make all traffic go through DNS to bypass filtering. +* <https://code.kryo.se/iodine/> - + Make all traffic go through DNS to bypass filtering. - * <https://www.roesen.org/files/ipv6_cheat_sheet.pdf> - - IPv6 cheat sheet. +* <https://www.roesen.org/files/ipv6_cheat_sheet.pdf> - + IPv6 cheat sheet. User interfaces --------------- - * <https://arcan-fe.com/about/> - - The arcan display server project. +* <https://arcan-fe.com/about/> - + The arcan display server project. Documentation ------------- - * <https://manpages.bsd.lv/> - - I learned how to write (mdoc) man pages thanks to the layout of this page. +* <https://manpages.bsd.lv/> - + I learned how to write (mdoc) man pages thanks to the layout of this page. Low-Level --------- - * <https://github.com/cirosantilli/x86-bare-metal-examples> - - Dozens of minimal operating systems to learn x86 system programming +* <https://github.com/cirosantilli/x86-bare-metal-examples> - + Dozens of minimal operating systems to learn x86 system programming - * <https://bob.cs.sonoma.edu/IntroCompOrg-x64/book.html> - - Learn X86-64 assembly as well as how computer works in general. +* <https://bob.cs.sonoma.edu/IntroCompOrg-x64/book.html> - + Learn X86-64 assembly as well as how computer works in general. - * <https://www.coreboot.org/images/6/6c/LBCar.pdf> - - Use CPU cache as random access memory to write bootloader components in C. +* <https://www.coreboot.org/images/6/6c/LBCar.pdf> - + Use CPU cache as random access memory to write bootloader components in C. - * <https://yin.neocities.org/pc1512/> - - Giving a new birth to hardware born before me. +* <https://yin.neocities.org/pc1512/> - + Giving a new birth to hardware born before me. diff --git a/quotes/index.md b/quotes/index.md @@ -4,6 +4,7 @@ Other people sayings that I could want reading again, because they express an awesome natural language ingenuity. **Profpatsch**: + > You have the lawful good approach, which is something like quickcheck, > and the chaotic good approach, which is something like AFL. The lawful evil > approach is a chaos monkey, and the chaotic evil approach is “just throw your @@ -11,11 +12,13 @@ awesome natural language ingenuity. > come up with“ **skarnet**: + > When I was born, the fairy who blesses (?) people with an undying > attraction for discussion of documentation formats had severe diarrhea > so she didn't attend my birth, for which I am grateful to her because > fae diarrhea is something else. **dmbaturin**: + > When brain implants become feasible, I’ll make a module that prevents > me from writing until I’m fully awake. diff --git a/wiki/awk/index.md b/wiki/awk/index.md @@ -7,13 +7,13 @@ input in fields by default. Not everything is parsed efficiently with AWK, Type-Length-Value for instance, but many things are. I use it for multiple projects: - * [[NotWiki]], featuring a (not)markdown parser that does two passes on - to easen-up the parsing, +* [[NotWiki]], featuring a (not)markdown parser that does two passes on + to easen-up the parsing, - * [[ics2txt]], a basic iCal to TSV or plain text converter (two directions), +* [[ics2txt]], a basic iCal to TSV or plain text converter (two directions), - * [[jj]] by aaronNGi, a daemon with an awk engine to project that turns raw - IRC protocol into easily readable split log files +* [[jj]] by aaronNGi, a daemon with an awk engine to project that turns raw + IRC protocol into easily readable split log files [perf]: https://adamdrake.com/command-line-tools-can-be-235x-faster-than-your-hadoop-cluster.html [notwiki]: //code.z0.is/notwiki/ diff --git a/wiki/git-hooks/index.md b/wiki/git-hooks/index.md @@ -13,14 +13,16 @@ git-hooks-run This is what runs on every event, to put on `/bare-repo.git/hook/<hookname>`. There is no point in running it by hand. - #!/bin/sh -e - hookname=$1 ref=${2:-master} - - echo "${0##*/}: running '$1' on '$ref'" - git cat-file blob "$ref:.git$hookname" | { - IFS='! ' read -r _ cmd args - exec "$cmd" "$args" "/dev/stdin" "$ref" - } +``` +#!/bin/sh -e +hookname=$1 ref=${2:-master} + +echo "${0##*/}: running '$1' on '$ref'" +git cat-file blob "$ref:.git$hookname" | { + IFS='! ' read -r _ cmd args + exec "$cmd" "$args" "/dev/stdin" "$ref" +} +``` It checks if there is a file called `.githooks/<hookname>` (git ls-tree "$ref" ...), and if so, extract this file from git (git cat-file blob ...), read the @@ -30,15 +32,19 @@ git-hooks-install ----------------- This setups the command above for a bare git repository: - #!/bin/sh -e - for x; do - echo "#!/usr/bin/env git-hooks-run" >"$x/hooks/post-upate" - chmod +x "$x/hooks/post-update" - done +``` +#!/bin/sh -e +for x; do + echo "#!/usr/bin/env git-hooks-run" >"$x/hooks/post-upate" + chmod +x "$x/hooks/post-update" +done +``` It replace selected hooks at repo.git/hooks/post-update with only this shebang: - #!/usr/bin/env git-hooks-run +``` +#!/usr/bin/env git-hooks-run +``` This has the effect of calling the git-hooks-run from above with hook/post-update as argument, along with the extra arguments providedd by git, @@ -53,24 +59,28 @@ In case this is needed, this command extract the workdir of the commit pushed into a new directory in /var/cache/git (that it delete in case of failure), and print it out so that the hook script can use it: - #!/bin/sh -e - ref=$1 - commit=$(git rev-parse "$ref") - workdir="/var/cache/git/$commit" - - mkdir -p "$workdir" - trap 'rm -rf "$workdir"' INT EXIT TERM HUP - git archive --prefix="$workdir/" --format="tar" "$ref" | (cd / && tar -xf -) - exec echo "$workdir" +``` +#!/bin/sh -e +ref=$1 +commit=$(git rev-parse "$ref") +workdir="/var/cache/git/$commit" + +mkdir -p "$workdir" +trap 'rm -rf "$workdir"' INT EXIT TERM HUP +git archive --prefix="$workdir/" --format="tar" "$ref" | (cd / && tar -xf -) +exec echo "$workdir" +``` To use it from within the hook, to catch the workdir and make sure there is no remaining file even in case of failure, thanks to the trap internal shell command: - #!/bin/sh -ex - tmp=$(git-hooks-workdir "$@") - trap 'rm -rf "$tmp"' INT TERM EXIT HUP - cd "$tmp" +``` +#!/bin/sh -ex +tmp=$(git-hooks-workdir "$@") +trap 'rm -rf "$tmp"' INT TERM EXIT HUP +cd "$tmp" +``` This might be the top of your hook script. diff --git a/wiki/jj/index.md b/wiki/jj/index.md @@ -11,10 +11,10 @@ Instead of being an ncurse program that runs into tmux(1), jj works as an applicative router. A router for ISO layer 7. You may already know "applicative routers" for different protocols already: - * SMTP: [OpenSMTPD][m1], [qmail][m2], [Postfix][m3]... - * HTTP: [nginx][h1], [lighttpd][h2], [relayd][h3], [haproxy][h4]... - * SIP: [OpenSIPS][s1], [Kamailio][s2]... - * IRC: [ngircd][i1], [hybridircd][i2]... +* SMTP: [OpenSMTPD][m1], [qmail][m2], [Postfix][m3]... +* HTTP: [nginx][h1], [lighttpd][h2], [relayd][h3], [haproxy][h4]... +* SIP: [OpenSIPS][s1], [Kamailio][s2]... +* IRC: [ngircd][i1], [hybridircd][i2]... [m1]: https://www.opensmtpd.org/ [m2]: https://cr.yp.to/qmail.html @@ -48,8 +48,8 @@ with the channel as a name. I set IRC_DIR to /var/irc, which gives us (full list on the README.md): - * /var/irc/irc.freenode.net/channels/*.log - messages from users and channels. - * /var/irc/irc.freenode.net/in - the FIFO pipe to which write messages. +* /var/irc/irc.freenode.net/channels/*.log - messages from users and channels. +* /var/irc/irc.freenode.net/in - the FIFO pipe to which write messages. There is one instance of jj per server conexion, which greatly simplifies the software, makes debugging much easier, and permit to adapt and configure @@ -75,18 +75,18 @@ State of IRC client \<=\> server connexions Because it is run by different people and projects, the connexion to IRC servers varies greatly through the different cases: - * Some servers only accept TCP connexions. - * Some servers only accept TLS connexions. - * Some servers permit to use a client TLS certificate to authenticate. - * Some servers support connexion coming form [[Tor]], providing the extra - privacy that the IRC protocol lacks - * Some servers refuse connexions coming from Tor. - * Some are published as Tor hidden services directly: so no need for TLS. - * Some servers still propose TLS over Tor, with certificate authentication. - * Some servers use a self-signed certificate, and publish a fingerprint - of their certificate. - * Some servers used a private certificate *authority* and publish their - root certificate. +* Some servers only accept TCP connexions. +* Some servers only accept TLS connexions. +* Some servers permit to use a client TLS certificate to authenticate. +* Some servers support connexion coming form [[Tor]], providing the extra + privacy that the IRC protocol lacks +* Some servers refuse connexions coming from Tor. +* Some are published as Tor hidden services directly: so no need for TLS. +* Some servers still propose TLS over Tor, with certificate authentication. +* Some servers use a self-signed certificate, and publish a fingerprint + of their certificate. +* Some servers used a private certificate *authority* and publish their + root certificate. From this plethora of security fine tuning, it is necessary to have an irc client with a good TLS implementation (lots of lines of code), and a socks diff --git a/wiki/qmail/destination-mx/index.md b/wiki/qmail/destination-mx/index.md @@ -5,71 +5,81 @@ Choosing the destination MX In qmail-remote.c, a variable prefme is compared with the .pref field from each item of an ipalloc struct (an array of struct { ip; pref; }). - qmail-remote.c - ... - 333 static ipalloc ip = {0}; - ... - 396 for (i = 0;i < ip.len;++i) - 397 if (ipme_is(&ip.ix[i].ip)) - 398 if (ip.ix[i].pref < prefme) - 399 prefme = ip.ix[i].pref; - ... - -### What is .pref and where is it taking its data from? - +``` +qmail-remote.c +... +333 static ipalloc ip = {0}; +... +396 for (i = 0;i < ip.len;++i) +397 if (ipme_is(&ip.ix[i].ip)) +398 if (ip.ix[i].pref < prefme) +399 prefme = ip.ix[i].pref; +... +``` + +What is .pref and where is it taking its data from? +--------------------------------------------------- In dns.c, there is a function dns_mxip() (still with K&R declaration): - dns.c - ... - 312 int dns_mxip(ia,sa,random) - 313 ipalloc *ia; - 314 stralloc *sa; - 315 unsigned long random; - 316 { - ... +``` +dns.c +... +312 int dns_mxip(ia,sa,random) +313 ipalloc *ia; +314 stralloc *sa; +315 unsigned long random; +316 { +... +``` Inside, we have a call to findmx(), iterating on all the MX records found from DNS. - dns.c - ... - 350 while ((r = findmx(T_MX)) != 2) - 351 { - 352 if (r == DNS_SOFT) { alloc_free(mx); return DNS_SOFT; } - 353 if (r == 1) - ... +``` +dns.c +... +350 while ((r = findmx(T_MX)) != 2) +351 { +352 if (r == DNS_SOFT) { alloc_free(mx); return DNS_SOFT; } +353 if (r == 1) +... +``` The position, preference and IP of the MX record are passed through static global variables to dns_mxip() (why not... no threads here). - dns.c - ... - 25 static union { HEADER hdr; unsigned char buf[PACKETSZ]; } response; - 26 static int responselen; - 27 static unsigned char *responseend; - 28 static unsigned char *responsepos; - 29 - 30 static int numanswers; - 31 static char name[MAXDNAME]; - 32 static struct ip_address ip; - 33 unsigned short pref; - ... +``` +dns.c +... + 25 static union { HEADER hdr; unsigned char buf[PACKETSZ]; } response; + 26 static int responselen; + 27 static unsigned char *responseend; + 28 static unsigned char *responsepos; + 29 + 30 static int numanswers; + 31 static char name[MAXDNAME]; + 32 static struct ip_address ip; + 33 unsigned short pref; +... +``` For each result, ia is filled with the IPs one by one through static int dns_ipplus(ipalloc *ia, stralloc *sa, int pref): - dns.c - ... - 369 while (nummx > 0) - 370 { - ... - 389 switch(dns_ipplus(ia,&mx[i].sa,mx[i].p)) - 390 { - 391 case DNS_MEM: case DNS_SOFT: - 392 flagsoft = 1; break; - 393 } - ... - 397 } +``` +dns.c +... +369 while (nummx > 0) +370 { +... +389 switch(dns_ipplus(ia,&mx[i].sa,mx[i].p)) +390 { +391 case DNS_MEM: case DNS_SOFT: +392 flagsoft = 1; break; +393 } +... +397 } +``` And that is where qmail-remote gets its list of preferences: from DNS only, no configuration impacting ip[].ix.pref at all. @@ -79,34 +89,40 @@ configuration impacting ip[].ix.pref at all. Just below if (flagallaliases) prefme = 500000;, it chooses the first ip.[].ix.pref ip that is lower than the prefme threshold. - qmail-remote.c - ... - 404 for (i = 0;i < ip.len;++i) - 405 if (ip.ix[i].pref < prefme) - 406 break; - ... +``` +qmail-remote.c +... +404 for (i = 0;i < ip.len;++i) +405 if (ip.ix[i].pref < prefme) +406 break; +... +``` Just above if (flagallaliases) prefme = 500000;, the loop finds the lowest pref value for IPs matching those of the server (SIOCGIFCONF) and store it into pref. - qmail-remote.c - ... - 395 prefme = 100000; - 396 for (i = 0;i < ip.len;++i) - 397 if (ipme_is(&ip.ix[i].ip)) - 398 if (ip.ix[i].pref < prefme) - 399 prefme = ip.ix[i].pref; - ... - - ipme.c - ... - 42 struct ip_mx ix; - ... - 97 byte_copy(&ix.ip,4,&sin->sin_addr); - 98 if (ioctl(s,SIOCGIFFLAGS,x) == 0) - 99 if (ifr->ifr_flags & IFF_UP) - 100 if (!ipalloc_append(&ipme,&ix)) { close(s); return 0; } - ... +``` +qmail-remote.c +... +395 prefme = 100000; +396 for (i = 0;i < ip.len;++i) +397 if (ipme_is(&ip.ix[i].ip)) +398 if (ip.ix[i].pref < prefme) +399 prefme = ip.ix[i].pref; +... +``` + +``` +ipme.c +... + 42 struct ip_mx ix; +... + 97 byte_copy(&ix.ip,4,&sin->sin_addr); + 98 if (ioctl(s,SIOCGIFFLAGS,x) == 0) + 99 if (ifr->ifr_flags & IFF_UP) +100 if (!ipalloc_append(&ipme,&ix)) { close(s); return 0; } +... +``` That filters out all the MX entries that have a lower preference than qmail's own IPs. That looks like having the effect of capturing the mail in case @@ -121,30 +137,32 @@ This looks like a safeguard against misconfiguration: a mail for a same IP as one of which qmail listen on needs to be send through qmail-local, not through qmail-remote! - -### Why a high value for prefme in some cases? - +Why a high value for prefme in some cases? +------------------------------------------ +``` qmail-remote.c ... 401 if (relayhost) prefme = 300000; 402 if (flagallaliases) prefme = 500000; ... +``` When the mail server needs to relay everything to somewhere, or for these addrmangle cases, (special case) qmail-remote bypasses this mechanism: allow all ips regardless of the context, and gonna do what it gotta do what it gotta do: forward to the first of the IPs found. - ### Why 500000, why not 5725 or 42? - qmail-remote.c - ... - 395 prefme = 100000; - ... - 401 if (relayhost) prefme = 300000; - 402 if (flagallaliases) prefme = 500000; - ... +``` +qmail-remote.c +... +395 prefme = 100000; +... +401 if (relayhost) prefme = 300000; +402 if (flagallaliases) prefme = 500000; +... +``` Debugging purposes? [[rfc1035]] says DNS rr for MX preferences are unsigned 16 bits, so it maxes out to 65536, and we cannot have a value so hight coming from diff --git a/wiki/supervisor/index.md b/wiki/supervisor/index.md @@ -15,12 +15,12 @@ daemon twice? Knee-jerk reaction: "Why would one want to do that?" - * Different DHCP pool of addresses on different interfaces, - * Different mail filtering rules for different inside/outside networks, - * Different vHosts for a mail / http / ... daemon, - * Different users running the same daemon - * Different agetty with one per TTY, - * ... +* Different DHCP pool of addresses on different interfaces, +* Different mail filtering rules for different inside/outside networks, +* Different vHosts for a mail / http / ... daemon, +* Different users running the same daemon +* Different agetty with one per TTY, +* ... The solution often encountered is handling the variety of roles from the inside of the daemon instead of starting one dedicated daemon per role: with @@ -32,21 +32,21 @@ configuration file parser and have a much more complex internal design. Solutions? - * Writing the PID into a file is not good, as if a daemon gets killed while - getting out of memory, the PID file remains, and another daemon could get - the PID of its parent (SysV-style). +* Writing the PID into a file is not good, as if a daemon gets killed while + getting out of memory, the PID file remains, and another daemon could get + the PID of its parent (SysV-style). - * Having a ${daemon}ctl command that talks to the daemon through a socket - works, but then each daemon needs to support it while a simple signal handling - would solve all use cases (*BSD-style). +* Having a ${daemon}ctl command that talks to the daemon through a socket + works, but then each daemon needs to support it while a simple signal handling + would solve all use cases (*BSD-style). - * Matching the command line the daemon was started with with pgrep works but - it requires to adapt it to each daemon (also *BSD-style). +* Matching the command line the daemon was started with with pgrep works but + it requires to adapt it to each daemon (also *BSD-style). - * Use Linux-specific APIs to work around the issues lead by the diversity of - cases above (systemd). +* Use Linux-specific APIs to work around the issues lead by the diversity of + cases above (systemd). - * Keep the daemon in the foreground (s6/runit/daemontools style). +* Keep the daemon in the foreground (s6/runit/daemontools style). In the end, not causing the problem might be a decent solution: getting the control back to the terminal was convenient for running programs from a shell, diff --git a/wiki/tinydns/index.md b/wiki/tinydns/index.md @@ -1,6 +1,5 @@ Configuration of [[tinydns]] ============================ - [tinydns]: https://cr.yp.to/djbdns.html To run nameservers, you need to maintain a bunch of interdependent DNS @@ -9,12 +8,14 @@ information. To achieve this, I write small input files that end up in data.cdb, read by the tinydns program: - (text) - rr.domain ┐ (text) (binary) - rr.host │ ┌────────┐ ┌────────────┐ - rr.mx ├─┤data.awk├─> data >─┤tinydns-edit├─> data.cdb - rr.ns │ └────────┘ └────────────┘ - rr.alias ┘ +``` +(text) +rr.domain ┐ (text) (binary) +rr.host │ ┌────────┐ ┌────────────┐ +rr.mx ├─┤data.awk├─> data >─┤tinydns-edit├─> data.cdb +rr.ns │ └────────┘ └────────────┘ +rr.alias ┘ +``` The workhorse here is [[data.awk]], and the whole chain is controlled by a small [[Makefile]]. @@ -22,15 +23,15 @@ small [[Makefile]]. [data.awk]: /wiki/tinydns/data.awk [makefile]: /wiki/tinydns/Makefile - /etc/tinydns/rr.domain ---------------------- A list of top and second level domain names. The first one listed is the "technical" domain name. - z0.is - josuah.net - +``` +z0.is +josuah.net +``` /etc/tinydns/rr.host -------------------- @@ -40,9 +41,10 @@ where IP are written. This is the book keeping of the servers you address. Each line of this file leads to a hostname.technical.dom record of type A, AAAA, and PTR: - kuntur 199.247.28.162 2001:19f0:5001:7ac::12 - harpyja 80.67.190.196 2a00:5884:8214::16 - +``` +kuntur 199.247.28.162 2001:19f0:5001:7ac::12 +harpyja 80.67.190.196 2a00:5884:8214::16 +``` /etc/tinydns/rr.mx ------------------ @@ -52,26 +54,29 @@ generated by the "rr.host" list. We now have matching MX, A, AAAA and PTR entries. - kuntur - +``` +kuntur +``` /etc/tinydns/rr.ns ------------------ A list of hostnames that run a DNS name server. Like for "rr.mx", each domain in "rr.domain" gets one NS record per name server listed here. - kuntur ns1 - harpyja ns2 - +``` +kuntur ns1 +harpyja ns2 +``` /etc/tinydns/rr.alias --------------------- A list of regular domain records for your various servers and services. You may - harpyja www.josuah.net - harpyja git.josuah.net - kuntur josuah.z0.is - +``` +harpyja www.josuah.net +harpyja git.josuah.net +kuntur josuah.z0.is +``` Uploading data.cdb to nameservers ---------------------------------