site-josuah

/usr/josuah
Log | Files | Refs

commit b71d69b0b8190bf9a99751f421d105dd4e3d8cca
parent 7015c0c096a9e90198c64dc8d4aacf045b7b5a4e
Author: Josuah Demangeon <me@josuah.net>
Date:   Sat, 18 Apr 2020 05:46:30 +0200

clean nested hidden directory

Diffstat:
Dascii/blog/2019-06-28-root-servers/index.gph | 60------------------------------------------------------------
Dascii/blog/2019-06-28-root-servers/index.html | 31-------------------------------
Dascii/blog/2019-06-28-root-servers/index.md | 53-----------------------------------------------------
Dascii/blog/2019-06-29-dns-setup/index.gph | 175-------------------------------------------------------------------------------
Dascii/blog/2019-06-29-dns-setup/index.html | 126-------------------------------------------------------------------------------
Dascii/blog/2019-06-29-dns-setup/index.md | 168-------------------------------------------------------------------------------
Dascii/blog/2019-07-15-daemon-supervisors/index.gph | 96-------------------------------------------------------------------------------
Dascii/blog/2019-07-15-daemon-supervisors/index.html | 41-----------------------------------------
Dascii/blog/2019-07-15-daemon-supervisors/index.md | 89-------------------------------------------------------------------------------
Dascii/blog/2019-07-22-i-am-a-thief/index.gph | 131-------------------------------------------------------------------------------
Dascii/blog/2019-07-22-i-am-a-thief/index.html | 33---------------------------------
Dascii/blog/2019-07-22-i-am-a-thief/index.md | 124-------------------------------------------------------------------------------
Dascii/blog/2019-07-25-chgrp-not-chown/index.gph | 57---------------------------------------------------------
Dascii/blog/2019-07-25-chgrp-not-chown/index.html | 51---------------------------------------------------
Dascii/blog/2019-07-25-chgrp-not-chown/index.md | 50--------------------------------------------------
15 files changed, 0 insertions(+), 1285 deletions(-)

diff --git a/ascii/blog/2019-06-28-root-servers/index.gph b/ascii/blog/2019-06-28-root-servers/index.gph @@ -1,60 +0,0 @@ -[h| \[git\] repositories|/git|server|port] -[h| ⢬⠀⡠⢄⢀⡤⠄⡄⢠⢀⠤⡄⡧⢄⠀⠀⢠⠤⡀⣠⣤⢸⠤ \[web\] http server|URL:http://josuah.net||] -[1| ⡸⠀⠑⠊⠐⠚⠁⠑⠚⠈⠒⠃⠃⠘⠀⠂⠘⠀⠃⠑⠒⠈⠒ \[twt\] twtxt|/twtxt.txt|server|port] -[h| \[mail\] me@josuah.net|H|server|port] -──────────────────────────────────────────────────────────────────────────────── - - -And so the world was chosen to be kept safe ... -=============================================== - - ... through 13 gates, owned by 12 kings among the many kingdoms. - - All gates would open to an unique almighty key known by the name of Ksk. - - The Key Signing Key. The key that could sign all the other keys. The world - - bowed to it. Its brave Zsk subordinates never questionned its power, never - - tried to challenge it... - ___ __ _ ____ ___ ____ ___ __ _ ____ ___ ___ - The ||`\ // \ // \ || //_ ||__ ||`\ \\ / ||__ ||`\ //_ - ||`\ \\_/ \\_/ || __// ||__ ||`\ \\/ ||__ ||`\ __// - - - Season 1 Episode 1 - - Before the keys was the gates. Them had the power to give names - on the things of the outter world. Rare, but alive was those - daring to ask for a name of the inner world things. When it did - happen, the Root Servers simply was not looking at them. - - It all happened by a single touch from any of them. All it took - from these 12 kings, was to lift all at once their fingers and - point at a thing, standing though their 13 doors, pronouncing - a name. - - And so they did. First, they look at the sea, fishers braving the - seas, and they said "Net". Then they followed the path of ships - through the roads where merchants did stand there, and said "Come". - - After naming schools, militaries, states and other institutions, - they pointed each and every places of the lands, and said "Nl", - "Is", "Io", "Ma", "De", and other "Cz" of the kind. - - What a surprising phenomenon, each of the things that had a name - suddently got able to talk. Most agreed on the word for "myself" - which came up as "nic", "noc" or "dot" according to the dialects. - - Then came names for all the tings that did ever cross their ways. - The merchants got particularly popular, through crossing a lot of - things, that they each named after their name, "com". - - The languages reaching more and more fellows, each of the things - named by the things named by the 12 kings started to give names - around. By lack of education, all of them merely ever figured - out a word "www". Whereas the "edu" subordinates came up with a - rich mix of various colorful names. - - The world started to be a nameful place. - diff --git a/ascii/blog/2019-06-28-root-servers/index.html b/ascii/blog/2019-06-28-root-servers/index.html @@ -1,31 +0,0 @@ -<!DOCTYPE html> -<meta charset="UTF-8"/> -<style> body { max-width:80ch; margin:auto; padding:5em 5ch; } </style> -<title>josuah.net</title> -<a href="/">[ josuah.net ]</a> -<nav style="float:right;"> -<a href="git.z0.is">git</a> - -<a href="/pub/josuah.ssh">ssh</a> - -<a href="/pub/josuah.gpg">gpg</a> - -<a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#109;&#101;&#64;&#106;&#111;&#115;&#117;&#97;&#104;&#46;&#110;&#101;&#116;">mail</a> - -<a href="/pub/rss.xml">rss</a> -</nav> -<hr/> - - -<h1>And so the world was chosen to be kept safe ...</h1> - -<p>... through 13 gates, owned by 12 kings among the many kingdoms.</p> -<p>All gates would open to an unique almighty key known by the name of Ksk.</p> -<p>The Key Signing Key. The key that could sign all the other keys. The world</p> -<p>bowed to it. Its brave Zsk subordinates never questionned its power, never</p> -<p>tried to challenge it... ___ __ _ ____ ___ ____ ___ __ _ ____ ___ ___ The ||`\ // \ // \ || //_ ||__ ||`\ \\ / ||__ ||`\ //_ ||`\ \\_/ \\_/ || __// ||__ ||`\ \\/ ||__ ||`\ __//</p> -<p>Season 1 Episode 1</p> -<p>Before the keys was the gates. Them had the power to give names on the things of the outter world. Rare, but alive was those daring to ask for a name of the inner world things. When it did happen, the Root Servers simply was not looking at them.</p> -<p>It all happened by a single touch from any of them. All it took from these 12 kings, was to lift all at once their fingers and point at a thing, standing though their 13 doors, pronouncing a name.</p> -<p>And so they did. First, they look at the sea, fishers braving the seas, and they said &quot;Net&quot;. Then they followed the path of ships through the roads where merchants did stand there, and said &quot;Come&quot;.</p> -<p>After naming schools, militaries, states and other institutions, they pointed each and every places of the lands, and said &quot;Nl&quot;, &quot;Is&quot;, &quot;Io&quot;, &quot;Ma&quot;, &quot;De&quot;, and other &quot;Cz&quot; of the kind.</p> -<p>What a surprising phenomenon, each of the things that had a name suddently got able to talk. Most agreed on the word for &quot;myself&quot; which came up as &quot;nic&quot;, &quot;noc&quot; or &quot;dot&quot; according to the dialects.</p> -<p>Then came names for all the tings that did ever cross their ways. The merchants got particularly popular, through crossing a lot of things, that they each named after their name, &quot;com&quot;.</p> -<p>The languages reaching more and more fellows, each of the things named by the things named by the 12 kings started to give names around. By lack of education, all of them merely ever figured out a word &quot;www&quot;. Whereas the &quot;edu&quot; subordinates came up with a rich mix of various colorful names.</p> -<p>The world started to be a nameful place.</p> diff --git a/ascii/blog/2019-06-28-root-servers/index.md b/ascii/blog/2019-06-28-root-servers/index.md @@ -1,53 +0,0 @@ -And so the world was chosen to be kept safe ... -=============================================== - - ... through 13 gates, owned by 12 kings among the many kingdoms. - - All gates would open to an unique almighty key known by the name of Ksk. - - The Key Signing Key. The key that could sign all the other keys. The world - - bowed to it. Its brave Zsk subordinates never questionned its power, never - - tried to challenge it... - ___ __ _ ____ ___ ____ ___ __ _ ____ ___ ___ - The ||`\ // \ // \ || //_ ||__ ||`\ \\ / ||__ ||`\ //_ - ||`\ \\_/ \\_/ || __// ||__ ||`\ \\/ ||__ ||`\ __// - - - Season 1 Episode 1 - - Before the keys was the gates. Them had the power to give names - on the things of the outter world. Rare, but alive was those - daring to ask for a name of the inner world things. When it did - happen, the Root Servers simply was not looking at them. - - It all happened by a single touch from any of them. All it took - from these 12 kings, was to lift all at once their fingers and - point at a thing, standing though their 13 doors, pronouncing - a name. - - And so they did. First, they look at the sea, fishers braving the - seas, and they said "Net". Then they followed the path of ships - through the roads where merchants did stand there, and said "Come". - - After naming schools, militaries, states and other institutions, - they pointed each and every places of the lands, and said "Nl", - "Is", "Io", "Ma", "De", and other "Cz" of the kind. - - What a surprising phenomenon, each of the things that had a name - suddently got able to talk. Most agreed on the word for "myself" - which came up as "nic", "noc" or "dot" according to the dialects. - - Then came names for all the tings that did ever cross their ways. - The merchants got particularly popular, through crossing a lot of - things, that they each named after their name, "com". - - The languages reaching more and more fellows, each of the things - named by the things named by the 12 kings started to give names - around. By lack of education, all of them merely ever figured - out a word "www". Whereas the "edu" subordinates came up with a - rich mix of various colorful names. - - The world started to be a nameful place. - diff --git a/ascii/blog/2019-06-29-dns-setup/index.gph b/ascii/blog/2019-06-29-dns-setup/index.gph @@ -1,175 +0,0 @@ -[h| \[git\] repositories|/git|server|port] -[h| ⢬⠀⡠⢄⢀⡤⠄⡄⢠⢀⠤⡄⡧⢄⠀⠀⢠⠤⡀⣠⣤⢸⠤ \[web\] http server|URL:http://josuah.net||] -[1| ⡸⠀⠑⠊⠐⠚⠁⠑⠚⠈⠒⠃⠃⠘⠀⠂⠘⠀⠃⠑⠒⠈⠒ \[twt\] twtxt|/twtxt.txt|server|port] -[h| \[mail\] me@josuah.net|H|server|port] -──────────────────────────────────────────────────────────────────────────────── - - -Simple, easy, trivial DNS setup that works -========================================== - -To run nameservers, you need to maintain a bunch of interdependent -DNS information: - -* You first need NS entries that tells who resolve the domain. - -* You then need A and AAAA entries for those NS entries so that one - can join the nameservers. - -* It is good practice to keep PTR entries for these A and AAAA entries - by politeness. - -* You will then have MX entries so you can receive e-mail. - -* But MX entries needs to have matching PTR records, that itself - needs to ping back to the same IP as the MX record have (mail hosting - providers makes a difference between lazy spammers and someone - who wants to maintain its mail stack). - -* Finally you have a basic setup, you can add your A entries. But wait, - do I setup matching PTR entries for these A entries? There are already - PTR entries on some of these IPs. - -There need for this much configuration! - -By maintaining just a few lists of information that make sense, all -of this mess becomes crystal clear. - -I have these files with one entry per line: - -/etc/dns/rr.domain - A list of top and second level domain names. The first one - listed is the "technical" domain name. - - i.e: z0.is - josuah.net - -/etc/dns/rr.host - A list of "hostname without domain part", "IPv4", "IPv6". - This is the only file where IP are written. This is the - book keeping of the servers you address. - - Each line of this file leads to a hostname.technical.dom - record of type A, AAAA, and PTR. This makes debugging - simple: you know the hostname associated with each IP. - - i.e: kuntur 199.247.28.162 2001:19f0:5001:7ac::12 - harpyja 80.67.190.196 2a00:5884:8214::16 - -/etc/dns/rr.mx - A list of hostnames that run a mail server. Each domain - in "rr.domain" gets one MX record per mail server listed - here, with the form: hostname.technical.dom as generated - by the "rr.host" list. - - We now have matching MX, A, AAAA and PTR entries! - - i.e: kuntur - -/etc/dns/rr.ns - A list of hostnames that run a DNS name server. Like for - "rr.mx", each domain in "rr.domain" gets one NS record per - name server listed here. - - i.e: kuntur - harpyja - -/etc/dns/rr.alias - A list of regular domain records for your various servers - and services. You may - - i.e: harpyja www.josuah.net - harpyja git.josuah.net - kuntur josuah.z0.is - -In the end you have a clear model that you build for yourself that -fully leverage the DNS zone challenges. - -New computer, mail servers, name servers, top level domain... are -added by a single line on one of these files (same goes for removal). - -You never have to copy-paste IPs, nor maintain consistency between -different records. Each information is held at only at one place. - -I use the tinydns authoritative nameserver to publish these records. - -This below is the awk script that convert the list "i.e:" above to a -zone readable by tinydns. I run it in a makefile like this: - -/etc/dns/Makefile: - - all: data.cdb - - data = rr.domain rr.host rr.alias rr.mx rr.ns - data: data.awk ${data} - awk -f data.awk ${data} >$@ - - data.cdb: data - tinydns-data - - clean: - rm -f data data.cdb - -/etc/dns/data.awk: - - BEGIN { - FS = "[\t ]+" - } - - function ip6_hex(ip6) { - x = "" - sub("::", substr("::::::::", split(ip6, a, ":") - 1), ip6) - split(ip6, a, ":") - for (i = 1; i <= 8; i++) x = x substr("0000" a[i], length(a[i]) + 1) - return x - } - - function ip6_fmt(ip6) { - gsub("....", "&:", ip6) - sub(":$", "", ip6) - return ip6 - } - - FNR == 1 && FILENAME != "rr.domain" { - print "\n# " FILENAME "\n" - } - - FILENAME != "rr.domain" && FNR != 1 { - print "" - } - - FILENAME == "rr.domain" { - domain[++i] = $1 - } - - FILENAME == "rr.host" { - host[$1"4"] = $2 - host[$1"6"] = ip6_hex($3) - print "=" $1 "." domain[1] ":" host[$1"4"] - print "6" $1 "." domain[1] ":" host[$1"6"] - } - - FILENAME == "rr.alias" { - for (f = 2; f <= NF; f++) { - print "+" $f ":" host[$1"4"] - print "3" $f ":" host[$1"6"] - } - } - - FILENAME == "rr.ns" { - print "+" $1 "." domain[1] ":" host[$1"4"] - print "3" $1 "." domain[1] ":" host[$1"6"] - for (i in domain) { - print "." domain[i] "::" $1 "." domain[1] - } - } - - FILENAME == "rr.mx" { - for (i in domain) { - print "@" domain[i] "::" $1 "." domain[1] - } - } - - END { - print "" - } diff --git a/ascii/blog/2019-06-29-dns-setup/index.html b/ascii/blog/2019-06-29-dns-setup/index.html @@ -1,126 +0,0 @@ -<!DOCTYPE html> -<meta charset="UTF-8"/> -<style> body { max-width:80ch; margin:auto; padding:5em 5ch; } </style> -<title>josuah.net</title> -<a href="/">[ josuah.net ]</a> -<nav style="float:right;"> -<a href="git.z0.is">git</a> - -<a href="/pub/josuah.ssh">ssh</a> - -<a href="/pub/josuah.gpg">gpg</a> - -<a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#109;&#101;&#64;&#106;&#111;&#115;&#117;&#97;&#104;&#46;&#110;&#101;&#116;">mail</a> - -<a href="/pub/rss.xml">rss</a> -</nav> -<hr/> - - -<h1>Simple, easy, trivial DNS setup that works</h1> - -<p>To run nameservers, you need to maintain a bunch of interdependent DNS information:</p> -<ul> -<li>You first need NS entries that tells who resolve the domain.</li> -<li>You then need A and AAAA entries for those NS entries so that one can join the nameservers.</li> -<li>It is good practice to keep PTR entries for these A and AAAA entries by politeness.</li> -<li>You will then have MX entries so you can receive e-mail.</li> -<li>But MX entries needs to have matching PTR records, that itself needs to ping back to the same IP as the MX record have (mail hosting providers makes a difference between lazy spammers and someone who wants to maintain its mail stack).</li> -<li>Finally you have a basic setup, you can add your A entries. But wait, do I setup matching PTR entries for these A entries? There are already PTR entries on some of these IPs.</li> -</ul> -<p>There need for this much configuration!</p> -<p>By maintaining just a few lists of information that make sense, all of this mess becomes crystal clear.</p> -<p>I have these files with one entry per line:</p> -<p>/etc/dns/rr.domain A list of top and second level domain names. The first one listed is the &quot;technical&quot; domain name.</p> -<pre> -i.e: z0.is - josuah.net -</pre> -<p>/etc/dns/rr.host A list of &quot;hostname without domain part&quot;, &quot;IPv4&quot;, &quot;IPv6&quot;. This is the only file where IP are written. This is the book keeping of the servers you address.</p> -<pre> -Each line of this file leads to a hostname.technical.dom record of type A, AAAA, and PTR. This makes debugging simple: you know the hostname associated with each IP. -i.e: kuntur 199.247.28.162 2001:19f0:5001:7ac::12 - harpyja 80.67.190.196 2a00:5884:8214::16 -</pre> -<p>/etc/dns/rr.mx A list of hostnames that run a mail server. Each domain in &quot;rr.domain&quot; gets one MX record per mail server listed here, with the form: hostname.technical.dom as generated by the &quot;rr.host&quot; list.</p> -<pre> -We now have matching MX, A, AAAA and PTR entries! -i.e: kuntur -</pre> -<p>/etc/dns/rr.ns A list of hostnames that run a DNS name server. Like for &quot;rr.mx&quot;, each domain in &quot;rr.domain&quot; gets one NS record per name server listed here.</p> -<pre> -i.e: kuntur - harpyja -</pre> -<p>/etc/dns/rr.alias A list of regular domain records for your various servers and services. You may</p> -<pre> -i.e: harpyja www.josuah.net - harpyja git.josuah.net - kuntur josuah.z0.is -</pre> -<p>In the end you have a clear model that you build for yourself that fully leverage the DNS zone challenges.</p> -<p>New computer, mail servers, name servers, top level domain... are added by a single line on one of these files (same goes for removal).</p> -<p>You never have to copy-paste IPs, nor maintain consistency between different records. Each information is held at only at one place.</p> -<p>I use the tinydns authoritative nameserver to publish these records.</p> -<p>This below is the awk script that convert the list &quot;i.e:&quot; above to a zone readable by tinydns. I run it in a makefile like this:</p> -<p>/etc/dns/Makefile:</p> -<pre> -all: data.cdb -data = rr.domain rr.host rr.alias rr.mx rr.ns -data: data.awk ${data} - awk -f data.awk ${data} &gt;$@ -data.cdb: data - tinydns-data -clean: - rm -f data data.cdb -</pre> -<p>/etc/dns/data.awk:</p> -<pre> -BEGIN { - FS = &quot;[\t ]+&quot; -} -function ip6_hex(ip6) { - x = &quot;&quot; - sub(&quot;::&quot;, substr(&quot;::::::::&quot;, split(ip6, a, &quot;:&quot;) - 1), ip6) - split(ip6, a, &quot;:&quot;) - for (i = 1; i &lt;= 8; i++) x = x substr(&quot;0000&quot; a[i], length(a[i]) + 1) - return x -} -function ip6_fmt(ip6) { - gsub(&quot;....&quot;, &quot;&amp;:&quot;, ip6) - sub(&quot;:$&quot;, &quot;&quot;, ip6) - return ip6 -} -FNR == 1 &amp;&amp; FILENAME != &quot;rr.domain&quot; { - print &quot;\n# &quot; FILENAME &quot;\n&quot; -} -FILENAME != &quot;rr.domain&quot; &amp;&amp; FNR != 1 { - print &quot;&quot; -} -FILENAME == &quot;rr.domain&quot; { - domain[++i] = $1 -} -FILENAME == &quot;rr.host&quot; { - host[$1&quot;4&quot;] = $2 - host[$1&quot;6&quot;] = ip6_hex($3) - print &quot;=&quot; $1 &quot;.&quot; domain[1] &quot;:&quot; host[$1&quot;4&quot;] - print &quot;6&quot; $1 &quot;.&quot; domain[1] &quot;:&quot; host[$1&quot;6&quot;] -} -FILENAME == &quot;rr.alias&quot; { - for (f = 2; f &lt;= NF; f++) { - print &quot;+&quot; $f &quot;:&quot; host[$1&quot;4&quot;] - print &quot;3&quot; $f &quot;:&quot; host[$1&quot;6&quot;] - } -} -FILENAME == &quot;rr.ns&quot; { - print &quot;+&quot; $1 &quot;.&quot; domain[1] &quot;:&quot; host[$1&quot;4&quot;] - print &quot;3&quot; $1 &quot;.&quot; domain[1] &quot;:&quot; host[$1&quot;6&quot;] - for (i in domain) { - print &quot;.&quot; domain[i] &quot;::&quot; $1 &quot;.&quot; domain[1] - } -} -FILENAME == &quot;rr.mx&quot; { - for (i in domain) { - print &quot;@&quot; domain[i] &quot;::&quot; $1 &quot;.&quot; domain[1] - } -} -END { - print &quot;&quot; -} -</pre> diff --git a/ascii/blog/2019-06-29-dns-setup/index.md b/ascii/blog/2019-06-29-dns-setup/index.md @@ -1,168 +0,0 @@ -Simple, easy, trivial DNS setup that works -========================================== - -To run nameservers, you need to maintain a bunch of interdependent -DNS information: - -* You first need NS entries that tells who resolve the domain. - -* You then need A and AAAA entries for those NS entries so that one - can join the nameservers. - -* It is good practice to keep PTR entries for these A and AAAA entries - by politeness. - -* You will then have MX entries so you can receive e-mail. - -* But MX entries needs to have matching PTR records, that itself - needs to ping back to the same IP as the MX record have (mail hosting - providers makes a difference between lazy spammers and someone - who wants to maintain its mail stack). - -* Finally you have a basic setup, you can add your A entries. But wait, - do I setup matching PTR entries for these A entries? There are already - PTR entries on some of these IPs. - -There need for this much configuration! - -By maintaining just a few lists of information that make sense, all -of this mess becomes crystal clear. - -I have these files with one entry per line: - -/etc/dns/rr.domain - A list of top and second level domain names. The first one - listed is the "technical" domain name. - - i.e: z0.is - josuah.net - -/etc/dns/rr.host - A list of "hostname without domain part", "IPv4", "IPv6". - This is the only file where IP are written. This is the - book keeping of the servers you address. - - Each line of this file leads to a hostname.technical.dom - record of type A, AAAA, and PTR. This makes debugging - simple: you know the hostname associated with each IP. - - i.e: kuntur 199.247.28.162 2001:19f0:5001:7ac::12 - harpyja 80.67.190.196 2a00:5884:8214::16 - -/etc/dns/rr.mx - A list of hostnames that run a mail server. Each domain - in "rr.domain" gets one MX record per mail server listed - here, with the form: hostname.technical.dom as generated - by the "rr.host" list. - - We now have matching MX, A, AAAA and PTR entries! - - i.e: kuntur - -/etc/dns/rr.ns - A list of hostnames that run a DNS name server. Like for - "rr.mx", each domain in "rr.domain" gets one NS record per - name server listed here. - - i.e: kuntur - harpyja - -/etc/dns/rr.alias - A list of regular domain records for your various servers - and services. You may - - i.e: harpyja www.josuah.net - harpyja git.josuah.net - kuntur josuah.z0.is - -In the end you have a clear model that you build for yourself that -fully leverage the DNS zone challenges. - -New computer, mail servers, name servers, top level domain... are -added by a single line on one of these files (same goes for removal). - -You never have to copy-paste IPs, nor maintain consistency between -different records. Each information is held at only at one place. - -I use the tinydns authoritative nameserver to publish these records. - -This below is the awk script that convert the list "i.e:" above to a -zone readable by tinydns. I run it in a makefile like this: - -/etc/dns/Makefile: - - all: data.cdb - - data = rr.domain rr.host rr.alias rr.mx rr.ns - data: data.awk ${data} - awk -f data.awk ${data} >$@ - - data.cdb: data - tinydns-data - - clean: - rm -f data data.cdb - -/etc/dns/data.awk: - - BEGIN { - FS = "[\t ]+" - } - - function ip6_hex(ip6) { - x = "" - sub("::", substr("::::::::", split(ip6, a, ":") - 1), ip6) - split(ip6, a, ":") - for (i = 1; i <= 8; i++) x = x substr("0000" a[i], length(a[i]) + 1) - return x - } - - function ip6_fmt(ip6) { - gsub("....", "&:", ip6) - sub(":$", "", ip6) - return ip6 - } - - FNR == 1 && FILENAME != "rr.domain" { - print "\n# " FILENAME "\n" - } - - FILENAME != "rr.domain" && FNR != 1 { - print "" - } - - FILENAME == "rr.domain" { - domain[++i] = $1 - } - - FILENAME == "rr.host" { - host[$1"4"] = $2 - host[$1"6"] = ip6_hex($3) - print "=" $1 "." domain[1] ":" host[$1"4"] - print "6" $1 "." domain[1] ":" host[$1"6"] - } - - FILENAME == "rr.alias" { - for (f = 2; f <= NF; f++) { - print "+" $f ":" host[$1"4"] - print "3" $f ":" host[$1"6"] - } - } - - FILENAME == "rr.ns" { - print "+" $1 "." domain[1] ":" host[$1"4"] - print "3" $1 "." domain[1] ":" host[$1"6"] - for (i in domain) { - print "." domain[i] "::" $1 "." domain[1] - } - } - - FILENAME == "rr.mx" { - for (i in domain) { - print "@" domain[i] "::" $1 "." domain[1] - } - } - - END { - print "" - } diff --git a/ascii/blog/2019-07-15-daemon-supervisors/index.gph b/ascii/blog/2019-07-15-daemon-supervisors/index.gph @@ -1,96 +0,0 @@ -[h| \[git\] repositories|/git|server|port] -[h| ⢬⠀⡠⢄⢀⡤⠄⡄⢠⢀⠤⡄⡧⢄⠀⠀⢠⠤⡀⣠⣤⢸⠤ \[web\] http server|URL:http://josuah.net||] -[1| ⡸⠀⠑⠊⠐⠚⠁⠑⠚⠈⠒⠃⠃⠘⠀⠂⠘⠀⠃⠑⠒⠈⠒ \[twt\] twtxt|/twtxt.txt|server|port] -[h| \[mail\] me@josuah.net|H|server|port] -──────────────────────────────────────────────────────────────────────────────── - - -Daemons, supervisors, and simplicity -==================================== - -When it comes to servers, daemon is a central concept: - - daemon - program that runs even after the user quit the shell - -That is basically a "daemon" right? - -A simple problem, a simple solution: make the process double-fork -so the user sitting at the terminal is free to keep going. -pgrep and ps are your friends now. - -This is one simple approach, but one single problem arises: - - -- How to run the same daemon twice? -- - -Knee-jerk reaction: "Why would one want to do that?!" - -- Different DHCP pool of addresses on different interfaces, -- Different mail filtering rules for different inside/outside networks, -- Different vHosts for a mail / http / ... daemon, -- Different identical daemon running as different users, -- Different agetty with one per TTY, -- ... - -The solution often encountered is handling the variety of roles -from the inside of the daemon instead of starting one dedicated -daemon per role: with configuration blocks that lets you handle -each different roles in a different way (per vhost, per network -interface, per tty, per tcp port...). - -That makes each and every daemon much more complex. They all need -a complex configuration file parser and have a much more complex -internal design. - -Why not one daemon per configuration block? Because when a daemon -puts itself to the background (through forking), we loose its PID -(Process ID) and then we cannot distinguish two identical daemons. -How do we know which one to restart then? - -Solutions? - -- Writing the PID into a file is not good, as if a daemon gets killed - while getting out of memory, the PID file remains, and another daemon - could get the PID of its parent (former Debian style). - -- Having a ${daemon}ctl command that talks to the daemon through a socket - works, but then each daemon needs to support it while a simple signal - handling would solve all use cases (*BSD style). - -- Matching the command line the daemon was started with with pgrep works - but it requires to adapt it to each daemon (OpenBSD style). - -- Keep the daemon in the foreground (s6 / runit / daemontools style). - -Wait what? - -Yes! In the end, not causing the problem might be a decent solution. -Though we still need to get the control back to the terminal after -launching the daemon... - -Then use one process to launch all the others: A "supervisor" that -starts the daemons, and keeps each daemon as a child proces. The -supervisor knows their PID without PID file or socket. That is how -fork() works: it returns the PID. - -How to organize daemons then? A trivial approach is to have one -run script per daemon to launch, that exec() into the daemon at the -end which stays at the foreground. - -Once the supervisor is is triggered, it can start each of these -./${daemon}/run scripts, keep them as child, and watch for more -to come, with some ./${daemon}/socket for listenning for commands -such as "restart", "stop", "alarm" to send signals to the daemon. - -The supervision system was complex to implement right and half baked -inside of each daemon with ${daemon}ctl, it is now done reliably once -for all daemons in a dedicated program: the supervisor. - -Running this/these extra processes does not consume much more memory -(one megabyte? two?) and makes each daemon smaller (which compensates -for the few megabytes lost). - -Yes, systemd also comes with its own set of solutions. But systemd -have an army of engineers (backed by one of the biggest tech company) -to go through the army of problems it may face. It is a complex -solution to a complex problem, while supervision trees make the -problem simple first, and then solve it simply. diff --git a/ascii/blog/2019-07-15-daemon-supervisors/index.html b/ascii/blog/2019-07-15-daemon-supervisors/index.html @@ -1,41 +0,0 @@ -<!DOCTYPE html> -<meta charset="UTF-8"/> -<style> body { max-width:80ch; margin:auto; padding:5em 5ch; } </style> -<title>josuah.net</title> -<a href="/">[ josuah.net ]</a> -<nav style="float:right;"> -<a href="git.z0.is">git</a> - -<a href="/pub/josuah.ssh">ssh</a> - -<a href="/pub/josuah.gpg">gpg</a> - -<a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#109;&#101;&#64;&#106;&#111;&#115;&#117;&#97;&#104;&#46;&#110;&#101;&#116;">mail</a> - -<a href="/pub/rss.xml">rss</a> -</nav> -<hr/> - - -<h1>Daemons, supervisors, and simplicity</h1> - -<p>When it comes to servers, daemon is a central concept:</p> -<p>daemon - program that runs even after the user quit the shell</p> -<p>That is basically a &quot;daemon&quot; right?</p> -<p>A simple problem, a simple solution: make the process double-fork so the user sitting at the terminal is free to keep going. pgrep and ps are your friends now.</p> -<p>This is one simple approach, but one single problem arises:</p> -<p>-- How to run the same daemon twice? --</p> -<p>Knee-jerk reaction: &quot;Why would one want to do that?!&quot;</p> -<p>- Different DHCP pool of addresses on different interfaces, - Different mail filtering rules for different inside/outside networks, - Different vHosts for a mail / http / ... daemon, - Different identical daemon running as different users, - Different agetty with one per TTY, - ...</p> -<p>The solution often encountered is handling the variety of roles from the inside of the daemon instead of starting one dedicated daemon per role: with configuration blocks that lets you handle each different roles in a different way (per vhost, per network interface, per tty, per tcp port...).</p> -<p>That makes each and every daemon much more complex. They all need a complex configuration file parser and have a much more complex internal design.</p> -<p>Why not one daemon per configuration block? Because when a daemon puts itself to the background (through forking), we loose its PID (Process ID) and then we cannot distinguish two identical daemons. How do we know which one to restart then?</p> -<p>Solutions?</p> -<p>- Writing the PID into a file is not good, as if a daemon gets killed while getting out of memory, the PID file remains, and another daemon could get the PID of its parent (former Debian style).</p> -<p>- Having a ${daemon}ctl command that talks to the daemon through a socket works, but then each daemon needs to support it while a simple signal handling would solve all use cases (*BSD style).</p> -<p>- Matching the command line the daemon was started with with pgrep works but it requires to adapt it to each daemon (OpenBSD style).</p> -<p>- Keep the daemon in the foreground (s6 / runit / daemontools style).</p> -<p>Wait what?</p> -<p>Yes! In the end, not causing the problem might be a decent solution. Though we still need to get the control back to the terminal after launching the daemon...</p> -<p>Then use one process to launch all the others: A &quot;supervisor&quot; that starts the daemons, and keeps each daemon as a child proces. The supervisor knows their PID without PID file or socket. That is how fork() works: it returns the PID.</p> -<p>How to organize daemons then? A trivial approach is to have one run script per daemon to launch, that exec() into the daemon at the end which stays at the foreground.</p> -<p>Once the supervisor is is triggered, it can start each of these ./${daemon}/run scripts, keep them as child, and watch for more to come, with some ./${daemon}/socket for listenning for commands such as &quot;restart&quot;, &quot;stop&quot;, &quot;alarm&quot; to send signals to the daemon.</p> -<p>The supervision system was complex to implement right and half baked inside of each daemon with ${daemon}ctl, it is now done reliably once for all daemons in a dedicated program: the supervisor.</p> -<p>Running this/these extra processes does not consume much more memory (one megabyte? two?) and makes each daemon smaller (which compensates for the few megabytes lost).</p> -<p>Yes, systemd also comes with its own set of solutions. But systemd have an army of engineers (backed by one of the biggest tech company) to go through the army of problems it may face. It is a complex solution to a complex problem, while supervision trees make the problem simple first, and then solve it simply.</p> diff --git a/ascii/blog/2019-07-15-daemon-supervisors/index.md b/ascii/blog/2019-07-15-daemon-supervisors/index.md @@ -1,89 +0,0 @@ -Daemons, supervisors, and simplicity -==================================== - -When it comes to servers, daemon is a central concept: - - daemon - program that runs even after the user quit the shell - -That is basically a "daemon" right? - -A simple problem, a simple solution: make the process double-fork -so the user sitting at the terminal is free to keep going. -pgrep and ps are your friends now. - -This is one simple approach, but one single problem arises: - - -- How to run the same daemon twice? -- - -Knee-jerk reaction: "Why would one want to do that?!" - -- Different DHCP pool of addresses on different interfaces, -- Different mail filtering rules for different inside/outside networks, -- Different vHosts for a mail / http / ... daemon, -- Different identical daemon running as different users, -- Different agetty with one per TTY, -- ... - -The solution often encountered is handling the variety of roles -from the inside of the daemon instead of starting one dedicated -daemon per role: with configuration blocks that lets you handle -each different roles in a different way (per vhost, per network -interface, per tty, per tcp port...). - -That makes each and every daemon much more complex. They all need -a complex configuration file parser and have a much more complex -internal design. - -Why not one daemon per configuration block? Because when a daemon -puts itself to the background (through forking), we loose its PID -(Process ID) and then we cannot distinguish two identical daemons. -How do we know which one to restart then? - -Solutions? - -- Writing the PID into a file is not good, as if a daemon gets killed - while getting out of memory, the PID file remains, and another daemon - could get the PID of its parent (former Debian style). - -- Having a ${daemon}ctl command that talks to the daemon through a socket - works, but then each daemon needs to support it while a simple signal - handling would solve all use cases (*BSD style). - -- Matching the command line the daemon was started with with pgrep works - but it requires to adapt it to each daemon (OpenBSD style). - -- Keep the daemon in the foreground (s6 / runit / daemontools style). - -Wait what? - -Yes! In the end, not causing the problem might be a decent solution. -Though we still need to get the control back to the terminal after -launching the daemon... - -Then use one process to launch all the others: A "supervisor" that -starts the daemons, and keeps each daemon as a child proces. The -supervisor knows their PID without PID file or socket. That is how -fork() works: it returns the PID. - -How to organize daemons then? A trivial approach is to have one -run script per daemon to launch, that exec() into the daemon at the -end which stays at the foreground. - -Once the supervisor is is triggered, it can start each of these -./${daemon}/run scripts, keep them as child, and watch for more -to come, with some ./${daemon}/socket for listenning for commands -such as "restart", "stop", "alarm" to send signals to the daemon. - -The supervision system was complex to implement right and half baked -inside of each daemon with ${daemon}ctl, it is now done reliably once -for all daemons in a dedicated program: the supervisor. - -Running this/these extra processes does not consume much more memory -(one megabyte? two?) and makes each daemon smaller (which compensates -for the few megabytes lost). - -Yes, systemd also comes with its own set of solutions. But systemd -have an army of engineers (backed by one of the biggest tech company) -to go through the army of problems it may face. It is a complex -solution to a complex problem, while supervision trees make the -problem simple first, and then solve it simply. diff --git a/ascii/blog/2019-07-22-i-am-a-thief/index.gph b/ascii/blog/2019-07-22-i-am-a-thief/index.gph @@ -1,131 +0,0 @@ -[h| \[git\] repositories|/git|server|port] -[h| ⢬⠀⡠⢄⢀⡤⠄⡄⢠⢀⠤⡄⡧⢄⠀⠀⢠⠤⡀⣠⣤⢸⠤ \[web\] http server|URL:http://josuah.net||] -[1| ⡸⠀⠑⠊⠐⠚⠁⠑⠚⠈⠒⠃⠃⠘⠀⠂⠘⠀⠃⠑⠒⠈⠒ \[twt\] twtxt|/twtxt.txt|server|port] -[h| \[mail\] me@josuah.net|H|server|port] -──────────────────────────────────────────────────────────────────────────────── - - -I am a thief -============ - -First chapter of "Je suis un Voleur" from Laurent Chemla: - - /\ thief. How else to name one of the first individual in France - /__\ to procure itself an Internet access[1.1]? In 1994, spoofing -/ \ the clothes of a telecommunication expert, that I was not yet, -I obtained from an IT staff employee of a parisian University that he -let me an access to Internet. In exchange, I brought him help - -relatively - to the building of a network devoted to let student work -from home. - -I then stole, I confess, this first access to a network that remained -to me a mostly unexplored land since my last visits in 1992, mediated -by obscure manoeuvres of a friend or through pirating. - -This theft benefited to me, I could learn to use a tool long before -the majority of the IT crowd, gaining an advance that still persist -today. - -I stole, but I plead good faith. At this epoch nobody around me did -understand what it was about. Would it bit a thief to steal something -nobody had interest in? This access was to the reach of only a few -testing university students, this access that a small IT company could -not afford, I stole it, and I am not ashamed. - -For my relatives, I am nontheless an "IT janitor". Programmer to a -tiny IT company, I always have been passionated by telematic networks. -A passion that costed me, in 1986, to be the first to be guilty of -piracy in France, pirated from a Minitel, yes, but to each his glory. -As there was not yet any law against IT piracy, I have been -incriminated for stealing electrical power. All that ended up in an -acquittal, but still, here is a decent start for a thief career! - -Indeed, how to name differently someone who constituted its -professional network by taking part to associations? We have the -impression to contribute unpaid for the many, but we mostly get known -and, time after time, the clients get attracted by this visibility. -Of course anyone whose professional occupation deals with associtation -universe end-up face to its own consciousness. Not unlike, I suppose, -a lawyer who gain clients from the excluded folk that he help -graciously and daily. I ignore what its consciousness tell him, but I -know mine is not clear. - -Nowaday again, my activities continue to earn money with Internet, at -the time of Nasdaq's fall. How can one earn while the everyone loose, -if not by cheating? - -A thief is on that use to its profit else's good. To me, Internet is -a public good and, if serve as commercial galerie for some, it must -not limit itself to such a deviation. Internet must first and -foremost be the tool that, for the first time in mankind, permitted -the freedom of speech, defined as a fundamental human right. - -This right, in all its guarantee from our constitutional state, has -stayed hypothetical since its proclamation. In France law protect -freedom of Speech of syndicates and journalists but no text that -permit to the simple citizen to undertake justice, to reach its -freedom. What else since, before Internet, this freedom was to the -reach of some privilegied? The lawyer protected them because only -them needed that protection. Ten years ago, noone would have been -able to benefit an as simple, fast and affordable way to expose works, -arts or ideas but by vociferating in the street or by climbing the -social scale rung by rung to the point of having media's attention. -One had to be represented by others with the expression right for -themself. Only ersatz. The only freedom that matters is the one -available to all and I dont give a damn about those reserved to the -mighty or their representatives. - -Internet thereby permit to a growing number of citizen to apply their -fundamental right to take the parole on the public place. From this -point of view, it must be protected such as any other necessary yet -fragile resource, such as water we drink everyday. It cannot be -reserved to anyone, neither be limited in its usages if not by the -common right. No exception legislation must forbide the exercise of -freedom of speech and, as soon as possible, states must preserve the -common tool that became a public benefit. And as I use a public good -to lead my own fights, yet again, I behave as a thief. - -I thereby known the Internet a few time before everybody else, still -at the epoch of the Far West, Eldorado, Utopia. At this epoch, the -network was backed by public money (mostly from United States), the -life was happier and the electronic sky bluer. We worked all along, -among passionated, inventing new computer objects that even Microsoft -did ignore, like Linux or the World Wide Web (you know, the three -fastidious w we have to type in the address of your favorite porn -website...) that did not yet exist and that today everybody mistake -for the network itself. - -We were far from thinking that some day, we would need a plethora of -lawyers to organize the network. That some day, we would need -interdepartmental comittees to address of the question. That some -day, we would have to put black on white the manners not yet named -"netiquette" that seemd all so natural to us. Our only desire, share -that formidable invention with the most people, make its apology, -attract the most numerous of passionated who shared with us their -competency, their knowledge and intelligence. - -I remember that at this epoch, when I was saying "Internet", my -friends looked at me as if coming from another planet. When I -transfered a file from a computer from one end of of the world to my -own machine - by cabalistic commands typed by hand under an interface -working without a mouse pointer -,the seasoned IT engineers was -assisting to the demonstration as to a bad movie: find the file was -taking hours, reading speeds was worth a sick snail and the file often -revealed to be unusable... But while a pal entered in my office, I -would show him how by typing a single command line I could share, for -a ridiculous price, my work, my knowledge, my files or my data with -pure strangers and that could live at the other side of the street as -the other side of the world. - -Besides from other passionated people, everybody was mockering me. I -could tell them that this thingy would be a revolution for human -knowledge, they looked at me in pity and went back to their work. - -In the best case, I was told with lucidity "It is a pirate thing.". -Some was asking who would that fit, beyond telematic specialists. -Other claimed that volontary and free sharing of resources would not -have, by definition, any economical future. I was also asked -sometimes who would dare to provide such a terrible service. And when -I explained them that everything was entirely decentralised, with for -only coordination volunteership and good will of all, the same ones -was telling me that it could never work at a large scale. diff --git a/ascii/blog/2019-07-22-i-am-a-thief/index.html b/ascii/blog/2019-07-22-i-am-a-thief/index.html @@ -1,33 +0,0 @@ -<!DOCTYPE html> -<meta charset="UTF-8"/> -<style> body { max-width:80ch; margin:auto; padding:5em 5ch; } </style> -<title>josuah.net</title> -<a href="/">[ josuah.net ]</a> -<nav style="float:right;"> -<a href="git.z0.is">git</a> - -<a href="/pub/josuah.ssh">ssh</a> - -<a href="/pub/josuah.gpg">gpg</a> - -<a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#109;&#101;&#64;&#106;&#111;&#115;&#117;&#97;&#104;&#46;&#110;&#101;&#116;">mail</a> - -<a href="/pub/rss.xml">rss</a> -</nav> -<hr/> - - -<h1>I am a thief</h1> - -<p>First chapter of &quot;Je suis un Voleur&quot; from Laurent Chemla:</p> -<p>/\ thief. How else to name one of the first individual in France /__\ to procure itself an Internet access[1.1]? In 1994, spoofing / \ the clothes of a telecommunication expert, that I was not yet, I obtained from an IT staff employee of a parisian University that he let me an access to Internet. In exchange, I brought him help - relatively - to the building of a network devoted to let student work from home.</p> -<p>I then stole, I confess, this first access to a network that remained to me a mostly unexplored land since my last visits in 1992, mediated by obscure manoeuvres of a friend or through pirating.</p> -<p>This theft benefited to me, I could learn to use a tool long before the majority of the IT crowd, gaining an advance that still persist today.</p> -<p>I stole, but I plead good faith. At this epoch nobody around me did understand what it was about. Would it bit a thief to steal something nobody had interest in? This access was to the reach of only a few testing university students, this access that a small IT company could not afford, I stole it, and I am not ashamed.</p> -<p>For my relatives, I am nontheless an &quot;IT janitor&quot;. Programmer to a tiny IT company, I always have been passionated by telematic networks. A passion that costed me, in 1986, to be the first to be guilty of piracy in France, pirated from a Minitel, yes, but to each his glory. As there was not yet any law against IT piracy, I have been incriminated for stealing electrical power. All that ended up in an acquittal, but still, here is a decent start for a thief career!</p> -<p>Indeed, how to name differently someone who constituted its professional network by taking part to associations? We have the impression to contribute unpaid for the many, but we mostly get known and, time after time, the clients get attracted by this visibility. Of course anyone whose professional occupation deals with associtation universe end-up face to its own consciousness. Not unlike, I suppose, a lawyer who gain clients from the excluded folk that he help graciously and daily. I ignore what its consciousness tell him, but I know mine is not clear.</p> -<p>Nowaday again, my activities continue to earn money with Internet, at the time of Nasdaq's fall. How can one earn while the everyone loose, if not by cheating?</p> -<p>A thief is on that use to its profit else's good. To me, Internet is a public good and, if serve as commercial galerie for some, it must not limit itself to such a deviation. Internet must first and foremost be the tool that, for the first time in mankind, permitted the freedom of speech, defined as a fundamental human right.</p> -<p>This right, in all its guarantee from our constitutional state, has stayed hypothetical since its proclamation. In France law protect freedom of Speech of syndicates and journalists but no text that permit to the simple citizen to undertake justice, to reach its freedom. What else since, before Internet, this freedom was to the reach of some privilegied? The lawyer protected them because only them needed that protection. Ten years ago, noone would have been able to benefit an as simple, fast and affordable way to expose works, arts or ideas but by vociferating in the street or by climbing the social scale rung by rung to the point of having media's attention. One had to be represented by others with the expression right for themself. Only ersatz. The only freedom that matters is the one available to all and I dont give a damn about those reserved to the mighty or their representatives.</p> -<p>Internet thereby permit to a growing number of citizen to apply their fundamental right to take the parole on the public place. From this point of view, it must be protected such as any other necessary yet fragile resource, such as water we drink everyday. It cannot be reserved to anyone, neither be limited in its usages if not by the common right. No exception legislation must forbide the exercise of freedom of speech and, as soon as possible, states must preserve the common tool that became a public benefit. And as I use a public good to lead my own fights, yet again, I behave as a thief.</p> -<p>I thereby known the Internet a few time before everybody else, still at the epoch of the Far West, Eldorado, Utopia. At this epoch, the network was backed by public money (mostly from United States), the life was happier and the electronic sky bluer. We worked all along, among passionated, inventing new computer objects that even Microsoft did ignore, like Linux or the World Wide Web (you know, the three fastidious w we have to type in the address of your favorite porn website...) that did not yet exist and that today everybody mistake for the network itself.</p> -<p>We were far from thinking that some day, we would need a plethora of lawyers to organize the network. That some day, we would need interdepartmental comittees to address of the question. That some day, we would have to put black on white the manners not yet named &quot;netiquette&quot; that seemd all so natural to us. Our only desire, share that formidable invention with the most people, make its apology, attract the most numerous of passionated who shared with us their competency, their knowledge and intelligence.</p> -<p>I remember that at this epoch, when I was saying &quot;Internet&quot;, my friends looked at me as if coming from another planet. When I transfered a file from a computer from one end of of the world to my own machine - by cabalistic commands typed by hand under an interface working without a mouse pointer -,the seasoned IT engineers was assisting to the demonstration as to a bad movie: find the file was taking hours, reading speeds was worth a sick snail and the file often revealed to be unusable... But while a pal entered in my office, I would show him how by typing a single command line I could share, for a ridiculous price, my work, my knowledge, my files or my data with pure strangers and that could live at the other side of the street as the other side of the world.</p> -<p>Besides from other passionated people, everybody was mockering me. I could tell them that this thingy would be a revolution for human knowledge, they looked at me in pity and went back to their work.</p> -<p>In the best case, I was told with lucidity &quot;It is a pirate thing.&quot;. Some was asking who would that fit, beyond telematic specialists. Other claimed that volontary and free sharing of resources would not have, by definition, any economical future. I was also asked sometimes who would dare to provide such a terrible service. And when I explained them that everything was entirely decentralised, with for only coordination volunteership and good will of all, the same ones was telling me that it could never work at a large scale.</p> diff --git a/ascii/blog/2019-07-22-i-am-a-thief/index.md b/ascii/blog/2019-07-22-i-am-a-thief/index.md @@ -1,124 +0,0 @@ -I am a thief -============ - -First chapter of "Je suis un Voleur" from Laurent Chemla: - - /\ thief. How else to name one of the first individual in France - /__\ to procure itself an Internet access[1.1]? In 1994, spoofing -/ \ the clothes of a telecommunication expert, that I was not yet, -I obtained from an IT staff employee of a parisian University that he -let me an access to Internet. In exchange, I brought him help - -relatively - to the building of a network devoted to let student work -from home. - -I then stole, I confess, this first access to a network that remained -to me a mostly unexplored land since my last visits in 1992, mediated -by obscure manoeuvres of a friend or through pirating. - -This theft benefited to me, I could learn to use a tool long before -the majority of the IT crowd, gaining an advance that still persist -today. - -I stole, but I plead good faith. At this epoch nobody around me did -understand what it was about. Would it bit a thief to steal something -nobody had interest in? This access was to the reach of only a few -testing university students, this access that a small IT company could -not afford, I stole it, and I am not ashamed. - -For my relatives, I am nontheless an "IT janitor". Programmer to a -tiny IT company, I always have been passionated by telematic networks. -A passion that costed me, in 1986, to be the first to be guilty of -piracy in France, pirated from a Minitel, yes, but to each his glory. -As there was not yet any law against IT piracy, I have been -incriminated for stealing electrical power. All that ended up in an -acquittal, but still, here is a decent start for a thief career! - -Indeed, how to name differently someone who constituted its -professional network by taking part to associations? We have the -impression to contribute unpaid for the many, but we mostly get known -and, time after time, the clients get attracted by this visibility. -Of course anyone whose professional occupation deals with associtation -universe end-up face to its own consciousness. Not unlike, I suppose, -a lawyer who gain clients from the excluded folk that he help -graciously and daily. I ignore what its consciousness tell him, but I -know mine is not clear. - -Nowaday again, my activities continue to earn money with Internet, at -the time of Nasdaq's fall. How can one earn while the everyone loose, -if not by cheating? - -A thief is on that use to its profit else's good. To me, Internet is -a public good and, if serve as commercial galerie for some, it must -not limit itself to such a deviation. Internet must first and -foremost be the tool that, for the first time in mankind, permitted -the freedom of speech, defined as a fundamental human right. - -This right, in all its guarantee from our constitutional state, has -stayed hypothetical since its proclamation. In France law protect -freedom of Speech of syndicates and journalists but no text that -permit to the simple citizen to undertake justice, to reach its -freedom. What else since, before Internet, this freedom was to the -reach of some privilegied? The lawyer protected them because only -them needed that protection. Ten years ago, noone would have been -able to benefit an as simple, fast and affordable way to expose works, -arts or ideas but by vociferating in the street or by climbing the -social scale rung by rung to the point of having media's attention. -One had to be represented by others with the expression right for -themself. Only ersatz. The only freedom that matters is the one -available to all and I dont give a damn about those reserved to the -mighty or their representatives. - -Internet thereby permit to a growing number of citizen to apply their -fundamental right to take the parole on the public place. From this -point of view, it must be protected such as any other necessary yet -fragile resource, such as water we drink everyday. It cannot be -reserved to anyone, neither be limited in its usages if not by the -common right. No exception legislation must forbide the exercise of -freedom of speech and, as soon as possible, states must preserve the -common tool that became a public benefit. And as I use a public good -to lead my own fights, yet again, I behave as a thief. - -I thereby known the Internet a few time before everybody else, still -at the epoch of the Far West, Eldorado, Utopia. At this epoch, the -network was backed by public money (mostly from United States), the -life was happier and the electronic sky bluer. We worked all along, -among passionated, inventing new computer objects that even Microsoft -did ignore, like Linux or the World Wide Web (you know, the three -fastidious w we have to type in the address of your favorite porn -website...) that did not yet exist and that today everybody mistake -for the network itself. - -We were far from thinking that some day, we would need a plethora of -lawyers to organize the network. That some day, we would need -interdepartmental comittees to address of the question. That some -day, we would have to put black on white the manners not yet named -"netiquette" that seemd all so natural to us. Our only desire, share -that formidable invention with the most people, make its apology, -attract the most numerous of passionated who shared with us their -competency, their knowledge and intelligence. - -I remember that at this epoch, when I was saying "Internet", my -friends looked at me as if coming from another planet. When I -transfered a file from a computer from one end of of the world to my -own machine - by cabalistic commands typed by hand under an interface -working without a mouse pointer -,the seasoned IT engineers was -assisting to the demonstration as to a bad movie: find the file was -taking hours, reading speeds was worth a sick snail and the file often -revealed to be unusable... But while a pal entered in my office, I -would show him how by typing a single command line I could share, for -a ridiculous price, my work, my knowledge, my files or my data with -pure strangers and that could live at the other side of the street as -the other side of the world. - -Besides from other passionated people, everybody was mockering me. I -could tell them that this thingy would be a revolution for human -knowledge, they looked at me in pity and went back to their work. - -In the best case, I was told with lucidity "It is a pirate thing.". -Some was asking who would that fit, beyond telematic specialists. -Other claimed that volontary and free sharing of resources would not -have, by definition, any economical future. I was also asked -sometimes who would dare to provide such a terrible service. And when -I explained them that everything was entirely decentralised, with for -only coordination volunteership and good will of all, the same ones -was telling me that it could never work at a large scale. diff --git a/ascii/blog/2019-07-25-chgrp-not-chown/index.gph b/ascii/blog/2019-07-25-chgrp-not-chown/index.gph @@ -1,57 +0,0 @@ -[h| \[git\] repositories|/git|server|port] -[h| ⢬⠀⡠⢄⢀⡤⠄⡄⢠⢀⠤⡄⡧⢄⠀⠀⢠⠤⡀⣠⣤⢸⠤ \[web\] http server|URL:http://josuah.net||] -[1| ⡸⠀⠑⠊⠐⠚⠁⠑⠚⠈⠒⠃⠃⠘⠀⠂⠘⠀⠃⠑⠒⠈⠒ \[twt\] twtxt|/twtxt.txt|server|port] -[h| \[mail\] me@josuah.net|H|server|port] -──────────────────────────────────────────────────────────────────────────────── - - -Using "chgrp" instead of "chown" -================================ - -I propose some new organization for UNIX permissions that do not -require the admin to always change the permissions, and have any -user create file around and still keep the apropriate permissions: - - * Let the owner be whatever you need. - - * Define one group per ressource. - -As simple as it. The users can be used to as a way to track events, -creation, generation, who did run a script... Focus on maintaining -the apropriate group. - -To define a resource directory: - - # groupadd dns - # useradd -g dns dns - # mkdir /var/dns - # chgrp dns /var/dns - # chmod +s /var/dns - -It all relies on "chmod +s" on the directory, the sgid flag. On a -file, this would set the user id upon execution. On a directory, -every file created in the dns directory will have the 'dns' group, -even if the user creating it is root, or adm-nikolay. - -Files created in it will inherit the group, but not the sgid flag. -Directories in it will inherit the group and the sgid flag, so you -do not need to maintain the sgid flag on subdirectory. - -In fact, from now on, you do not need to do anything: run your -daemon as the dns user, add the accounts allowed to access to "dns" -to the "dns" group, and all permissions suddenly set themself up on -their own without the need of chown! - -Under this new mode, you might want to use an umask of 002 instead -of 022, to have -rw-rw-r-- instead of -rw-r--r-- by default, to let -all the members of a group to edit the files. - -Bonus: you can now know who did created a file: look at the owner. - -Bonus: you can now have less-privilegied administrators that have - access to some but not all the contents. Simply add them to the - groups of things he can manage. - -I write "admin", but it might as well be daemons. Think of acme-client -need to access to /var/dns to setup the DNS challenges, and /var/tls -to write the certificates. diff --git a/ascii/blog/2019-07-25-chgrp-not-chown/index.html b/ascii/blog/2019-07-25-chgrp-not-chown/index.html @@ -1,51 +0,0 @@ -<!DOCTYPE html> -<meta charset="UTF-8"/> -<style> body { max-width:80ch; margin:auto; padding:5em 5ch; } </style> -<title>josuah.net</title> -<a href="/">[ josuah.net ]</a> -<nav style="float:right;"> -<a href="git.z0.is">git</a> - -<a href="/pub/josuah.ssh">ssh</a> - -<a href="/pub/josuah.gpg">gpg</a> - -<a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#109;&#101;&#64;&#106;&#111;&#115;&#117;&#97;&#104;&#46;&#110;&#101;&#116;">mail</a> - -<a href="/pub/rss.xml">rss</a> -</nav> -<hr/> - - -<h1>Using &quot;chgrp&quot; instead of &quot;chown&quot;</h1> - -<p>I propose some new organization for UNIX permissions that do not require the admin to always change the permissions, and have any user create file around and still keep the apropriate permissions:</p> -<ul> -<li>Let the owner be whatever you need.</li> -<li>Define one group per ressource.</li> -</ul> -<p>As simple as it. The users can be used to as a way to track events, creation, generation, who did run a script... Focus on maintaining the apropriate group.</p> -<p>To define a resource directory:</p> - - -<h1>groupadd dns</h1> - - - -<h1>useradd -g dns dns</h1> - - - -<h1>mkdir /var/dns</h1> - - - -<h1>chgrp dns /var/dns</h1> - - - -<h1>chmod +s /var/dns</h1> - -<p>It all relies on &quot;chmod +s&quot; on the directory, the sgid flag. On a file, this would set the user id upon execution. On a directory, every file created in the dns directory will have the 'dns' group, even if the user creating it is root, or adm-nikolay.</p> -<p>Files created in it will inherit the group, but not the sgid flag. Directories in it will inherit the group and the sgid flag, so you do not need to maintain the sgid flag on subdirectory.</p> -<p>In fact, from now on, you do not need to do anything: run your daemon as the dns user, add the accounts allowed to access to &quot;dns&quot; to the &quot;dns&quot; group, and all permissions suddenly set themself up on their own without the need of chown!</p> -<p>Under this new mode, you might want to use an umask of 002 instead of 022, to have -rw-rw-r-- instead of -rw-r--r-- by default, to let all the members of a group to edit the files.</p> -<p>Bonus: you can now know who did created a file: look at the owner.</p> -<p>Bonus: you can now have less-privilegied administrators that have access to some but not all the contents. Simply add them to the groups of things he can manage.</p> -<p>I write &quot;admin&quot;, but it might as well be daemons. Think of acme-client need to access to /var/dns to setup the DNS challenges, and /var/tls to write the certificates.</p> diff --git a/ascii/blog/2019-07-25-chgrp-not-chown/index.md b/ascii/blog/2019-07-25-chgrp-not-chown/index.md @@ -1,50 +0,0 @@ -Using "chgrp" instead of "chown" -================================ - -I propose some new organization for UNIX permissions that do not -require the admin to always change the permissions, and have any -user create file around and still keep the apropriate permissions: - - * Let the owner be whatever you need. - - * Define one group per ressource. - -As simple as it. The users can be used to as a way to track events, -creation, generation, who did run a script... Focus on maintaining -the apropriate group. - -To define a resource directory: - - # groupadd dns - # useradd -g dns dns - # mkdir /var/dns - # chgrp dns /var/dns - # chmod +s /var/dns - -It all relies on "chmod +s" on the directory, the sgid flag. On a -file, this would set the user id upon execution. On a directory, -every file created in the dns directory will have the 'dns' group, -even if the user creating it is root, or adm-nikolay. - -Files created in it will inherit the group, but not the sgid flag. -Directories in it will inherit the group and the sgid flag, so you -do not need to maintain the sgid flag on subdirectory. - -In fact, from now on, you do not need to do anything: run your -daemon as the dns user, add the accounts allowed to access to "dns" -to the "dns" group, and all permissions suddenly set themself up on -their own without the need of chown! - -Under this new mode, you might want to use an umask of 002 instead -of 022, to have -rw-rw-r-- instead of -rw-r--r-- by default, to let -all the members of a group to edit the files. - -Bonus: you can now know who did created a file: look at the owner. - -Bonus: you can now have less-privilegied administrators that have - access to some but not all the contents. Simply add them to the - groups of things he can manage. - -I write "admin", but it might as well be daemons. Think of acme-client -need to access to /var/dns to setup the DNS challenges, and /var/tls -to write the certificates.