Back in the olden times, software was hard to build and hard to use, but remarkable improvements have been made, and entire ecosystems of ergonomic languages are now available. I happen to think the old ways still have some merit, but don’t want to spend all my time staring at the cave walls.

more...

I have a web application process, which talks to strangers on the network and stores data in the filesystem. To limit the damage caused by naughty tricksters, it uses pledge and unveil so that even if somebody takes over the process, they can only corrupt this program’s data. As opposed to changing my password, for example.

Users love features, so every day I add a new feature, and then I restart the server. This causes milliseconds of downtime. We can only afford 800 milliseconds of downtime per day in order to meet our five nines availability target, and two restarts in a single day puts us very close to the limit. So I added a smooth restart feature, where sending SIGHUP to the server will cause it to reëxec itself, but with the listening socket already open. No connections are lost.

Fork and exec require additional promises to pledge. But this opens the door to trouble. What happens if the trickster wants to exec a new process? Fortunately, unveil restricts exec to only the same program, but they can still restart it with new options, like setting the log file to /etc/passwd. The command line interface offers enough flexibility to accomplish a fair bit of mischief. I spent some time convincing myself this is an unlikely attack scenario, and mostly succeeded, but using pledge suggests I care about unlikely scenarios, so I should do things properly.

As with all problems, the solution is to add another layer of abstraction. Now the main process execs a worker process, and the worker process once again loses the ability to exec. I was already using one helper process anyway, managed by the server. After shuffling some code around, our growing family now includes three processes. The result is arguably better organized, as well, since competing concerns are better split among the processes.

Trying to go too fast may be slow.

more...

I got a something old something new laptop and installed OpenBSD. And then the murders began.

more...

I ripped out a dependency and then I found out what it did. I wrote an RSS parser for a very simple project, and then figured, how hard could it be to use in a real feed reader? Well, not very hard, but it was somewhat time consuming, and offers another perspective on using other people’s code.

more...

Not just a new server, a news server, although ironically I think only the olds use the news now. It was really just an experiment in why not. It took me about three hours from opening a blank main.go to mostly done, which was good to cover the Becket joins Dr. Cuddy at the FBI arc on Castle. Then an afternoon faffing about making scripts to load up some content.

The first and most important thing to discuss is the name, nuset. It’s got all the same pheromones as Usenet, subliminally exerting mind control over the reader. In the local dialect, it’s pronounced more like newsd, rhymes with used, as if it’s used news. About right. I was thinking of telling people it’s named after the Assyrian god of information, and could probably get someone to believe that. Or maybe it’s nu-Set, the reincarnation of Set.

The NNTP protocol is specified by RFC 3977. It’s a pretty easy read, and filled with lots of examples, which I found very helpful. Read a section, then copy the client line into the parser and copy the server line into the output. There’s words, too, but it’s much less ambiguous to always see exactly the format of commands and results.

In hindsight, this would have been a good project to experiment with a new language. But I was lazy and already know where go keeps the textproto.DotWriter.

I’m not super into Gemini, the tiny web alike, in part because I think it’s fun to interact with people. But a tiny usenet, without all the spams and trolls, I could get into. Although I’m not there yet. I’ve only got enough commands working to allow local posting, not federation. A little more effort, and we could get there, though.

For now, I’m just mirroring content. You can check it out at nntp://flak.tedunangst.com. Subscriber exclusive: see the behind the scenes markdown I use to write posts!

It’s been one year since our previous adventure, so it’s time for another round of guess why that dependency shows up in the tarball. This time we’re looking at honk, an ActivityPub server that’s supposed to be idiosyncratic with minimal dependencies, so you can keep all your attention focused where it’s needed.

more...

Poking through layers of indirection in go trying to recover some efficiency.

more...

ASUS laptops generally have a feature that lets the user toggle the fan speed. Fn-F5 on some models, Fn-F on others. The direct effect is to limit the fan speed, from whisper mode to megablast, and indirectly control performance. But it doesn’t work in OpenBSD, so I needed to write an ASUS ACPI WMI driver.

more...

As I move around, I roam between wifi networks, but sometimes lose the connection. Then I click a link and watch in vain as it fails to load. So I’d like an easy way to check which, if any, wifi network I’m connected to, such as by putting it in my dwm status bar. I could run ifconfig and parse the output, but that’s excessively wasteful. I need to get the info myself.

more...