🐰 chee cherries quiet party

entries tagged “articles”

Greenwich Mean Time GMT

secret hot dogs pt i

chiatown dog

  • chopped heirloom tomato
  • french’s mustard
  • brioche bun
  • frankfurter

british woofing dog

  • poppy seed bun
  • hp sauce
  • sweetcorn relish
  • bratwurst

dulwich open dog

  • sourdough bun
  • smashed avocado
  • flock & herd italian sausage
  • sprinkle of himalayan rock salt

basic friend dog

  • lemon and herb piri piri sauce
  • xx hot piri piri sauce
  • chicken sausage
  • mashed potato
  • papo secos

— chee (hi@chee.party) 2019-12-03

British Summer Time GMT+1

snoot.club

I set up snoot.club so i could have a place to throw up quick ideas, and also to provide my friends with places to host their ideas. The goal was that I’d be able to run a script and very quickly have a new domain with a folder i could put things in that would show on that domain.

The DNS records are set up with a wildcard A and a wildcard AAAA record pointing *.snoot.club to the snoot.club linode. This way the moment a process starts listening on a given name (like chee.party), it is available on the net.

I’ve got a wildcard letsencrypt certificate set up on the site, so any subdomain of snoot.club is covered by the same certificate. Those are a bit of a nightmare to maintain because you have to do deploy two more DNS records every three months, but it’s worth it for the convenience during the other parts of the months.

I’ve thought about automating the 30 minutes it takes me every 3 months, using dig(1) and the linode api but that only ever seems like a great idea during those 30 minutes.

The idea was that a person (let’s call them jimmy) would ask me for an account, i’d run a script (create_snoot jimmy) and that would set up a base configuration for them that would give them a place to put files they wanted to be on their site jimmy.snoot.club.

do the easiest thing that could possibly work

Once I had the SSL certs and DNS sorted out, I wrote a collection of scrappy bash scripts to try out the idea.

The script generates them a user account on the snoot.club linux server, and puts them into a group called undercommon. It makes a directory for them that contains only their ssh[1] public key (which will let them log in), and a folder called “website”.

There’s a section in snoot.club’s sshdconfig[2] file that checks if people are in that group and then disallows them from using any program other than FTP software, and doesn’t let them view any files outside of their directory.

Match Group undercommon
	ChrootDirectory /snoots
	PermitTTY no
	ForceCommand internal-sftp

trust issues

I wanted people with more advanced needs to be able to do more advanced things, but I didn’t want them to have access the whole system.

After creating the unix account, and the ftp entry point for the snoot, the script also creates a docker container for them. That’s a kind of tiny machine of their own, that lives inside the snoot.club machine. The docker container forwards two ports: ssh and web (80). The http server configuration that is built when jimmy is created points jimmy.snoot.club at the whatever the docker container has running on port 80 (the web port).

I provide jimmy with a port for them to use when they are sshing in, (so they’d do like ssh root@snoot.club -p 33532) and then they ssh not into snoot.club but into the docker container that is jimmy.snoot.club. this way they get to do anything they want without having to have full access to the snoot.club machine!

the default app in the docker contain is a static server pointing at the “website” directory, the same one the user can see when they ftp in.

fun doesn’t scale

this system works fine until there are more than like 30-40 people. that’s fine. if it ever got popular it could be rewritten. it’s so easy to lose momentum of your ideas if you’re trying to plan for what if it ever gets bigger. most of them won’t, and it doesn’t actually matter! build things you want to for you and your friends, and if you ever need to make it better then you can do it then!

while i’m on that subject: we don’t need to all pretend to be brands, we should be doing silly things like having a completely different style sheet on every page and the web is mostly people, not companies. and the companies are also made of people. be people.

the rewrite

over the christmas and new year period i was in a barn at the bottom of a some rich folks garden in putney, and i rewrote the shell scripts in javascript. the bed there was very cosy and i also made a christmas dinner (but i didn’t cook the chicken right and it got scary).

this one works pretty good! the things it does are the same. it offers to download a new snoot’s authorized keys from github (thanks jake for this idea), and it prints out coloured messages and has emoji and feels pretty good.

i created a special image for the docker container that contained perl6 rakudo, and started the script with pm2 on boot and would restart the server if there were any changes.

time

so this worked really well for 6 months! kj built the facepainting and rowan did a throwback and abe built a shop and chee built some stuff. but then I started wanting it to be simpler. some problems had started to occur. here’s some things that we’d run into:

  1. it was difficult to work together
  2. docker containers take up so much space and memory??
  3. it’s so complex
  4. there were lots of ports, two per user, it didn’t feel right
  5. i actually ran out of available docker network nodes or something? i dno

I started to look into other options. I created another chroot-based system that worked similar to how the ftp thing works but allowed more control. That still felt too heavy.

socks

Reading the node.js documentation i noticed this in the http module docs: server.listen() Starts the HTTP server listening for connections. This method is identical to server.listen() from net.Server.

and in the net.server docs one of the signatures listed is a Unix Domain Socket. now, i love unix domain sockets. i built a window manager in javascript that used a unix domain socket as its main form of management. it was cool. everything was a command. i used it irl as my main window manager for 6 months. the use of sockets was inspired by my favourite window manager wmii which was in turn inspired by the plan9 operating system created at bell labs. the same place that invented unix, lasers and wifi (also transistors and nearly everything else). (though both wmii and plan9 use the 9P protocol, not Unix Domain Sockets).

trust

Anyway, so, this is the solution. I’ve rebuilt snoot.club again and i’ve decided just to trust everyone. All the snoots have access to the main machine, they have read permissions on eachother’s website files (by default). And instead of ports the contract is that every snoot’s server listens on a file called sock.

subs(1)

in order to get this to work i needed to run a command simultaneously in every subdirectory of the /snoots folder and restart only jimmy’s server if only jimmy changed. For this i built a new tool called subs. it’s built in rust and it’s on crates.io. you can install it with cargo install subs.

Usage: subs [options] PROGRAM [root_dir]

Options:
	 -t, --type TYPE     set the management type [choices: watch, socket, none]
	 -s, --socket NAME set the socket path. sending the socket a message like
	 "restart xxx" will restart the process running in the directory
	 "xxx". [default: ./subsocket]
	 -i, --watch-ignore PATTERN pattern to ignore when watching (matches whole path)
	 -h, --help get help PROGRAM will be run in parallel in every subdirectory
   (SUB), as SUB's owner. A placeholder "{}" is available to PROGRAM, it will be
   replaced with SUB.

[default: none]

git

In a kind-of unrelated move I’ve been trying to pull back from using Google, Facebook, and Microsoft products.

Facebook I’m free from, the last thing was WhatsApp which i just straight up deleted and that’s been fine. email me

Google is off my phone and out of my search bar, but I still use their office suite at work.

Microsoft I had been fairly free of, but then they bought GitHub and I got unfree. So I’ve gone back to emacs from Atom (i’m enjoying it) and I’ve deleted or archived all the code that was on github.com and set up a cgit server and put them all there.

If you’re a snoot you can add your own things to git.snoot.club by making a bare git repo in ~/git/whatever.git and pushing to it.

more

the next thing i need to work on is some kind of documentation site for talking new snoots through how to log in, set up git repos, run their page locally, deploy etc. after all recent changes, the helpful getting started guide that was provided to all snoots is wrong and bad.

also a doc page for explaining that installing dependencies and building assets is their responsibility, but the start script will be run by the server.

also so many other things.

Footnotes:

— chee (hi@chee.party) 2019-08-17


  1. ssh is software that lets people securely log into one machine from another over the internet ↩︎

  2. sshd is the software that runs on the computer you are using ssh to log into ↩︎

British Summer Time GMT+1

Telecam

so now my stance is:

  • fuck React
  • fuck GraphQL
  • fuck yarn(1)
  • fuck Facebook, Instagram, WhatsApp and anything else that makes that company seem like a cool place to work so they can continue hiring good developers to do terrible things

After deleting Instagram a few mornings ago, I thought I’d use my GDPR data request to build a page that contained all the photos that used to be there. I wanted to be able to post to it later, and I wanted an RSS feed. I recently learned you can include a CSS stylesheet from an XML file, and was excited that this was the time to use that.

I built an RSS feed that’s also the website for the feed 😊.

Before I send you the link, Disclaimer: * big page (30mb) * does not work on iOS * does not work on macOS Safari

Here’s a link that you can add to your newsreader or visit in your browser: 💔 telecam. Isn’t that cool? i think it’s cool

In case you’re on one of the unsupported platforms, here’s what it looks like:

a screenshot of telecam

There’s also a form for uploading new photos living at 💔 telecam/form which has filters (and the filters are written in Rust! it has Toast!)

a screenshot of the form

So why does it not work in Safari?

Apple really did some real shitty 90s Microsoft-level Embrace, Extend, Extinguish move on their platforms with RSS. when News.app came out it was a generic newsreader, and they made it the handler for all RSS feeds (even if you had another RSS reader installed).

They stopped displaying RSS feeds in Safari or iOS Safari, and opened the News app automatically they came out with the Apple News Format and the Apple Publishing Platform

and then in (i think??) iOS 9.3 they stopped supporting RSS feeds from anything not in the publishing platform. but it’s still the default handler, and the Safaris still can’t display the feed, and News still hijacks it even if you have another newsreader installed

News.app hijacks your legit rss feed and then errors out with “Cannot display content from this site” instead of letting you view the file or send it to your actual reader

anyway

please subscribe to my feed. the code, as always, is available the chee.party repo

like, subscribe, rate 5 stars, it really makes a difference folks.

Greenwich Mean Time GMT

banana split recipe

👦🍌👧

serves 1 abe 👦 and 1 chee 👧

ingredients

the banana 🍌

  • a banana 🍌

the ice cream 🍨

  • 3 scoops 🥄 Neapolitan ice cream 🍨 (1 scoop 🥄 each flavour)

the toppings

sweet nut 🥜

  • a handful of peanuts 🥜
  • a stick of Kerrygold™©® butter
  • 50ml honey 🍯 (preferably w/ a hint of cinnamon)

chocolate 🍫 sauce

  • 20g chocolate 🍫
  • 15ml milk 🥛
  • 15ml cream

directions

  1. Slice the banana 🍌 a single longways cute with the blade of a handleless knife and put it in the bowl 🥣. You only own one bowl 🥣, so use that one.
  2. Scoop a scoop 🥄 of choco 🍫, a scoop 🥄 of vanillum and a scoop 🥄 of strawberring 🍓 into the split of banana 🍌
  3. To a hot pot add the butter, the honey 🍯 and the peanuts 🥜 and cook them til the honey 🍯 cronch
  4. Sprinkle the nuts 🥜 atop the ice cream 🍨 and banana 🍌
  5. Melt the chocolate 🍫 and milk 🥛 and cream together, then pour over the nuts 🥜
  6. Yim yim yim, zip zip zip: eat.

— chee (recipes@chee.party) 2019-01-29

Greenwich Mean Time GMT

adding commands to git

did you know that you can add commands to git by naming them right and placing them in your path?

if you put this:

#!/bin/sh
git branch | awk '/\*/ {print $2}'

into a file called git-current-branch, make it executable and put it somewhere in $PATH (i use ~/bin which i’ve added to $PATH), you will be able to use it like this:

$ git current-branch
feature/lolSausages

and bash/zsh completions will tab complete them too

that example would probably make more sense to be an alias, but what about something like this:

#!/bin/sh
branch=$1

if [ -z "$branch" ]; then
  branch=$(git current-branch)
fi

git branch -u origin/${branch}

ooh! or this, to show changes to a specific function:

#!/bin/sh

function=$1
file=$2

if [ -z "$function" ] || [ -z "$file" ]; then
  echo 'usage: git log-function <function> <file>'
  exit 1
fi

git log -L ":$function:$file"

i’m sure you can come up with something more useful

— chee (hi@chee.party) 2017-01-12

Greenwich Mean Time GMT

building firefox os on a Macintosh

firefox OS, huh?

firefox OS looks cool, doesn’t it? For a while you were a bit embarrassed for Mozilla, seemed like they felt left out as nearly(?) the only major browser manufacturer who hadn’t built an operating system based on JavaScript.

but now you see we live in a defiant new world where CSS3 or 4 never existed and Internet Explorer is actually pretty rad. And in this world, Firefox OS (or Boot2Gecko) is possibly going to be what we all need and it will do what it promised and bring freedom to the world of mobile the way “firefox did to desktop browsing”.

today I saw a screenshot of Mozilla Phoenix and nearly cried my eyes out. Those were the days, huh?

horse’s mouth

read this, the canonical source for building b2g. I’m only here because I ran into a couple prollems you might like to avoid.

the issues I’m going to go into here may well be specific to the Galaxy Nexus build of Firefox OS, and building for the Galaxy Nexus on Mountain Lion. Also, I do a couple of naughty things when I’m working around the bugs. Forgive me.

the stumbling blocks are few, but they tied my shoelaces together when I was trying to build it, so here you go.

i’m assuming you’ve got XCode installed here. There are instructions on how to get that available via the link above and the link below.

first thing, install homebrew if you haven’t already because of some kind of illness you have.

once you’ve installed homebrew and added its bin directory to the the front of ur path, be all like:

curl -fsSL https://raw.github.com/mozilla-b2g/B2G/master/scripts/bootstrap-mac.sh | bash

okay, so that’s boss. that’s installed a whole fireworks display of stuff you’ll need to build B2G. but, if you’re building for an android you’re going to need a couple more packages from homebrew too.

I think this should cover it:

brew install git coreutils findutils gnu-sed gnupg pngcrush repo

you’ll need a few gnu utilities available under their normal names too, so:

ln -s /usr/local/bin/gfind /usr/local/bin/find && ln -s /usr/local/bin/gsed /usr/local/bin/sed

this will prevent you from getting:

sed: RE error: illegal byte sequence
sed: 1: "/^INSERT$/ { :l; n; p;  ...": unexpected EOF (pending }'s)
target thumb C: dbus-daemon <= external/dbus/bus/desktop-file.c
sed: RE error: illegal byte sequence
sed: 1: "/^INSERT$/ { :l; n; p;  ...": unexpected EOF (pending }'s)
sed: 1: "/^INSERT$/ { :l; n; p;  ...": unexpected EOF (pending }'s)

when you try to build later with a sed that doesn’t work the way seds are meant to work in the modern world.

i like to

export PATH=$(brew --prefix coreutils)/libexec/gnubin:$PATH

too because then I get the GNU coreutils instead of the BSD coreutils. The BSD coreutils are simpler in a cat-v sort of way, but I am lazy and this way when mkdir is all “lol can’t make directory because directory doesn’t exist” i can be all C-p -p RET and it’s all “lol ok” and I’m out of there. because the gnu tools let you put the options after the arguments.

now you’ve got all that, install the Android SDK starter package. once mine was unzipped I put it in ~/Android and added ~/Android/sdk/platform-tools to my $PATH and I felt pretty good about it too.

give ccache a little more room to work with, I gave it 5GB

ccache --max-size 5GB

now, you’re working on OS X and you’ve probably got a case-insensitive file system. That’s gonna cause you some nightmares when it gets to building the android stuff. You’re going to want to create a sparse image and do the rest of the work in there.

hdiutil create -type SPARSE -fs 'Case-sensitive Journaled HFS+' -size 40g ~/omgFirefox.dmg
open ~/omgFirefox.dmg
cd /Volumes/untitled

next, clone the git repo and configure

git clone git://github.com/mozilla-b2g/B2G.git`
cd B2G
./config.sh galaxy-nexus

that worked fine, right? good. and it only took 72 hours! HEre is where the first naughty thing happens.

if you try to build on Mountain Lion it will tell you “nuh-uh, you don’t got 10.6 or 10.5 sdk”, except it’ll pronounce it like this:

build/core/combo/HOST_darwin-x86.mk:42: ***********************************************************
build/core/combo/HOST_darwin-x86.mk:43: * No 10.6 or 10.5 SDK found, do you have Xcode installed? *
build/core/combo/HOST_darwin-x86.mk:44: ***********************************************

i did a naughty thing here. i was all:

mkdir -p /Developers/SDKs
ln -s /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.7.sdk /Developer/SDKs/MacOSX10.6.sdk

don’t tell anyone I did this.

okay, ready? let’s build!

./build.sh

please wait for the next half of your life until you reach an error that looks A LITTLE SOMETHING LIKE THIS:

/Volumes/untitled/external/busybox/scripts/kconfig/mconf.c: In function ‘exec_conf’:
/Volumes/untitled/external/busybox/scripts/kconfig/mconf.c:469: error: ‘SIGWINCH’ undeclared (first use in this function)
/Volumes/untitled/external/busybox/scripts/kconfig/mconf.c:469: error: (Each undeclared identifier is reported only once
/Volumes/untitled/external/busybox/scripts/kconfig/mconf.c:469: error: for each function it appears in.)
/Volumes/untitled/external/busybox/scripts/kconfig/mconf.c: In function ‘main’:
/Volumes/untitled/external/busybox/scripts/kconfig/mconf.c:1051: warning: statement with no effect
/Volumes/untitled/external/busybox/scripts/kconfig/mconf.c:1052: warning: statement with no effect

crying your eyes out? I would be. well it turns out that this busybox is pretty out of date. the new version has been updated to build on Mountain Lion, but this one hadn't. It turns out that nowadays SIGWINCH isn’t declared unless _DARWIN_C_SOURCE is set.

here’s the second naughty bit. i opened up external/busybox/scripts/kconfig/mconf.c in a text editor and changed

#define _XOPEN_SOURCE 700
#include <sys/ioctl.h>

to

#define _XOPEN_SOURCE 700
#define _DARWIN_C_SOURCE 1
#include <sys/ioctl.h>

around line 12. This will help us get past that error.

now you can try building again.

./build.sh

did you make a sparse image? are you doing the work in there? why not?

there’s a problem here if you’re using a case-insensitive file system (why do you do that, OS X? y o y?)

i told you to do that for a very good reason.

a reason that looks like this:

hardware/ti/omap4xxx/camera/../libtiutils/semaphore.h:30: error: previous definition of 'class android::Semaphore'
In file included from hardware/ti/omap4xxx/camera/inc/CameraHal.h:41,
		from hardware/ti/omap4xxx/camera/CameraHal_Module.cpp:28:
hardware/ti/omap4xxx/camera/../libtiutils/Semaphore.h:29: error: redefinition of 'class android::Semaphore'
hardware/ti/omap4xxx/camera/../libtiutils/semaphore.h:30: error: previous definition of 'class android::Semaphore'
make: *** [out/target/product/maguro/obj/SHARED_LIBRARIES/camera.omap4_intermediates/CameraHal_Module.o] Error 1

if you’re getting that error, MAKE A SPARSE IMAGE AND DO THE WORK IN THERE. now,

./build.sh

and we’ll hope and pray that nothing else goes wrong.

if you followed my advice about gnubin:

okay. was that seriously another error? omg. %z what.

it turns out, like a dick, android actually expects to get the old BSD stat; the homebrew version of status is no longer acceptable. you’ll want to take the homebrew stat out of the way for a moment, so you can get the mac version of stat. I did it like this:

export PATH=/usr/bin:$PATH
./build.sh

endif

AND YOU ARE DONE.

I hope that was a fair enough guide to building boot2gecko on mac.

quick recap:

  • read the mozilla wiki on the subject
  • install the necessary packages
  • get gnu sed and gnu find in your path
  • make a sensitive sparse image and get inside
  • clone the repo
  • fix external/busybox/scripts/kconfig/mconf.c
  • celebrate.

i’ll tell you this:

./flash.sh
./flash.sh gaia

you need to flash gaia separately on the Nexus.

i love you, goodbye.

— chee (hi@chee.party) 2012-12-08

Greenwich Mean Time GMT

Making git-svn work over SSH tunnel, SOCKS proxy + HTTP proxy

bad connection, worse VCS

At work we use svn. They say there’s nothing we can do about it. I thought perhaps we could burn everything. Subversion is a terrible piece of software. I would really rather merge two branches with a magnet than with subversion.

I’m on holiday in Portugal right now. The hotel advertised free wi-fi available in “all rooms”. I think the router is perhaps closer to Australia than to this room.

The gombuter the central subversion repo lives on is set up only to accept connections from a few whitelisted IP addresses. I forgot about this before I came here. I did say holiday up there, but that’s not quite accurate. I’m just in Portugal for kicks. When you work remotely, why work in any place in particular? Might as well be in a country full of nightmareish howling midnight jackal-dogs, hundreds upon thousands of hungry wild cats, upturned noses, sand and cheap wine. No need to be in a warm comfy bed at home when you can come halfway across the world to live in a shoebox for a thousand dollars a night.

So, first problem:

Subversion hates your guts.

% git svn dcommit
URL access forbidden for unknown reason: access to 'http:///dev.peoplebrowsr.com/svn/projects/site/trunk' forbidden at /usr/local/Cellar/git/1.8.0/lib/Git/SVN.pm line 148
URL access forbidden for unknown reason: access to 'http:///dev.peoplebrowsr.com/svn/projects/site/trunk' forbidden at /usr/local/Cellar/git/1.8.0/lib/Git/SVN.pm line 717

:(.

Luckily when I was getting my IP address whitelisted, I also got them to whitelist the IP address of my Linode.

I have a copy of the repo on the Linode, but it is out of date and I’ve made local changes and commited them and the connection is terrible and I keep losing connectivity and nothing about this seems tasty.

then I recall that I can use SSH to create some kind of a sexy TUNNEL and push through that!

Wear your lucky socks.

☀  chee@stickers ~ % ssh -CD2000 snaek
You have mail.
★  chee@zomg ~ %

I used -C for ssh compression, to halp deal with the bad network. -D 2000 to set the local port for the dynamic forwarding.

Then I open up my network settings over on the local side and tell gombuter to use SOCKS proxy on localhost:2000.

Then I look into how to get git to push over a socks proxy.

Chain my proxy to the bedposts

Things don’t go well for me in this hunt. So I decide to use a chaining proxy that presents as an HTTP proxy, and can pass off to a SOCKS. I chose Privoxy for my own private and mysterious reasons. They are none of your concern.

brew install privoxy
# or
apt-get install privoxy
# or
pacman -S privoxy # like a boss.

in my privoxy config, I set:

forward-socks4 / localhost:2000 .

to forward all traffic that uses the http proxy to pass off through the SSH tunnel.

Getting closer!

% export http_proxy='http://localhost:8118'

annnnnd…! nothing.

wat.

It’s still not working. So I spend some time reading about getting git to use an http proxy, and try a bunch of things until I realise I’m a moron.

open ~/.subversion/servers in your favourite politically neutral editor.

% $EDITOR ~/.subversion/servers

Talk dirty in subversion

now, I don’t have any other SVN things going on, so I was happy enough to set it globally:

[global]
http-proxy-host = localhost
http-proxy-port = 8118
http-compression = yes

stuck http-compression on too, because what the hell.

Now a git svn fetch and a dcommit and we’re flying~! hooray!

So, to recap

  • Set up an ssh tunnel on the whitelisted remote server
  • Start your local Privoxy, telling it to pass its traffic to the tunnel
  • Tell SVN to route its traffic through privoxy

On a side note, I no longer ever use a public wi-fi hotspot without setting up a tunnel and letting all my traffic go through that. I’m starting to realise I’m not the only person who ever found out how to install Wireshark.

— chee (hi@chee.party) 2012-11-25