diff options
20 files changed, 784 insertions, 1023 deletions
@@ -10,7 +10,7 @@ Como nunca tengo oportunidad de trabajar en modo monorepo, hay que aprovechar es * [Gran parte del código que soporta mi infraestructura personal](personal_infra/). * [Ideas en las que me gustaría trabajar algún día, pero que cuelgo aquí por si algún incauto pica](IDEAS.org). * [Herramientas que uso](TOOLS.org). -* Artículos varios un poco tipo wiki sobre diversos temas, como [Linux](linux/) y [programación](programming/). +* Artículos varios un poco tipo wiki sobre diversos temas, como [programación](programming/). * [Mi configuración de Emacs](emacs/). * [Unos cuantos scripts que uso en mis "estaciones de trabajo"](scripts/) y [un par de barbaridades para montar un contenedor para Distrobox/Toolbox con algunas de las herramientas que uso](workstation/). * [La definición del modelo de datos del sistema que uso para registrar métricas de salud](weight/), que se convierte en una web gracias a [zqxjkcrud](https://github.com/alexpdp7/zqxjkcrud/), mi framework para desarrollo rápido de CRUD. @@ -30,7 +30,7 @@ Más cosas escritas [en español](https://alex.corcoles.net/notas/) y [en inglé * [Most of the code for my personal infra](personal_infra/). * [Ideas I'd like to work on someday, but mostly making them public to bait people into implementing them instead of me](IDEAS.org). * [Tools I use](TOOLS.org). -* Wiki-like articles on topics such as [Linux](linux/), and [programming](programming/). +* Wiki-like articles on topics such as [programming](programming/). * [My emacs config](emacs/). * [Scripts I use on my workstations](scripts/) and [some bizarre stuff to build Distrobox/Toolbox containers with some tools I use](workstation/). * [The database schema for my health metrics tracking system](weight/), which has a web UI via [zqxjkcrud](https://github.com/alexpdp7/zqxjkcrud/), my CRUD rapid development framework. diff --git a/blog/content/notas/index.gmi b/blog/content/notas/index.gmi index 44ac4157..5c0cc7dc 100644 --- a/blog/content/notas/index.gmi +++ b/blog/content/notas/index.gmi @@ -25,3 +25,5 @@ ## Tecnología => tecnologia/quiero-instalar-linux Quiero instalar Linux +=> tecnologia/problemas Problemas +=> tecnologia/mama-quiero-ser-programador Mamá, quiero ser programador diff --git a/programming/mama_quiero_ser_programador.md b/blog/content/notas/tecnologia/mama-quiero-ser-programador.gmi index 7fc8ded3..01388fe2 100644 --- a/programming/mama_quiero_ser_programador.md +++ b/blog/content/notas/tecnologia/mama-quiero-ser-programador.gmi @@ -1,8 +1,6 @@ # Mamá, quiero ser programador -Nuestro primer ordenador llego a casa cuando yo tenía cuatro años. -A mi madre le gusta repetir que aquel día mi padre, mi hermano y yo no comimos. -Desde entonces me han fascinado los ordenadores, lo que me ha llevado a la fascinación por programar. +Nuestro primer ordenador llego a casa cuando yo tenía cuatro años. A mi madre le gusta repetir que aquel día mi padre, mi hermano y yo no comimos. Desde entonces me han fascinado los ordenadores, lo que me ha llevado a la fascinación por programar. Curiosamente, estudié ingeniería informática un poco por casualidad e incluso cuando acabé la carrera, tenía mis dudas de si sería mi carrera profesional. @@ -14,26 +12,19 @@ Este texto intenta recoger mis opiniones sobre estos temas. ## Observaciones sobre el mercado laboral -Los trabajos de programador parecen reflejar que hay mucho trabajo y poca gente capacitada para hacerlo. -Hay bastantes trabajos comparativamente bien pagados y con buenas condiciones. +Los trabajos de programador parecen reflejar que hay mucho trabajo y poca gente capacitada para hacerlo. Hay bastantes trabajos comparativamente bien pagados y con buenas condiciones. -Sin embargo, esto mayormente aplica a los trabajadores con bastante experiencia. -Gente con poca experiencia comenta que encontrar un trabajo requiere un esfuerzo desproporcionado, si se consigue encontrar siquiera trabajo. +Sin embargo, esto mayormente aplica a los trabajadores con bastante experiencia. Gente con poca experiencia comenta que encontrar un trabajo requiere un esfuerzo desproporcionado, si se consigue encontrar siquiera trabajo. Propongo que esto se debe a que la mayoría de ofertas son para programadores con experiencia y el atractivo de la profesión ha generado un número de candidatos mucho mayor que las ofertas disponibles, creando la situación inversa que la de los programadores con experiencia. -Además, la profesión de programador tiene la peculiaridad de que muchos profesionales dedican mucho de su tiempo libre a ejercer, más allá del trabajo o los estudios. -Como el proceso de obtener un trabajo tiene elementos de competencia con el resto de candidatos a un puesto, entre programadores con poca experiencia se ha popularizado autoformarse para mejorar sus posibilidades. -Esta medida sólo es efectiva cuando nos permite destacar sobre otros competidores, con lo que cada vez parece necesitarse más esfuerzo de autoformación para competir. +Además, la profesión de programador tiene la peculiaridad de que muchos profesionales dedican mucho de su tiempo libre a ejercer, más allá del trabajo o los estudios. Como el proceso de obtener un trabajo tiene elementos de competencia con el resto de candidatos a un puesto, entre programadores con poca experiencia se ha popularizado autoformarse para mejorar sus posibilidades. Esta medida sólo es efectiva cuando nos permite destacar sobre otros competidores, con lo que cada vez parece necesitarse más esfuerzo de autoformación para competir. ### La irrupción de los LLMs y la crisis postpandemia -En 2020, diversos factores generaron un crecimiento del sector mayor de lo habitual. -Sin embargo, a partir de mediados de 2022, se dispararon los despidos en el sector. -<https://layoffs.fyi> recoge cifras de despidos que desde el segundo trimestre de 2022 siempre se han mantenido como mínimo bastante por encima del periodo 2020-2021, con un pico de despidos en el tercer trimestre de 2023. +En 2020, diversos factores generaron un crecimiento del sector mayor de lo habitual. Sin embargo, a partir de mediados de 2022, se dispararon los despidos en el sector. layoffs.fyi recoge cifras de despidos que desde el segundo trimestre de 2022 siempre se han mantenido como mínimo bastante por encima del periodo 2020-2021, con un pico de despidos en el tercer trimestre de 2023. -Además, en noviembre de 2022, OpenAI lanzó ChatGPT. -Desde entonces, muchos han augurado que los LLMs pueden afectar significativamente al mercado laboral en general y al sector en particular. +Además, en noviembre de 2022, OpenAI lanzó ChatGPT. Desde entonces, muchos han augurado que los LLMs pueden afectar significativamente al mercado laboral en general y al sector en particular. Finalmente, muchos interpretan movimientos políticos, económicos y otras inestabilidades como otra crisis mundial en ciernes. @@ -51,42 +42,33 @@ No hay certezas para predecir el futuro, pero podemos observar el pasado. Apostar por la programación antes parece una buena idea a posteriori, pero mucha gente ha abandonado el sector y no todo el mundo ha tenido trabajos buenos y bien pagados. -[Face it: you're a crazy person](https://www.experimental-history.com/p/face-it-youre-a-crazy-person) es un artículo que propone que escoger una profesión debería basarse en lo atractivo que nos resultan *todas* las partes del trabajo, sobre todo las peores. +=> https://www.experimental-history.com/p/face-it-youre-a-crazy-person Face it: you're a crazy person es un artículo que propone que escoger una profesión debería basarse en lo atractivo que nos resultan *todas* las partes del trabajo, sobre todo las peores. Ya cuando estudiaba, mucha gente se imaginaba divirtiéndose programando videojuegos. -En mi opinión, algunas de las peores partes de la programación son las prisas; siempre se hace todo con menos tiempo del que querríamos. -Eso influye en que lo que hacemos y lo que usamos suele estar mal documentado o no funciona bien, haciendo que la programación sea menos "construir cosas que sirven de algo" y más "reparar con mil chapuzas cosas ligeramente estropeadas". +En mi opinión, algunas de las peores partes de la programación son las prisas; siempre se hace todo con menos tiempo del que querríamos. Eso influye en que lo que hacemos y lo que usamos suele estar mal documentado o no funciona bien, haciendo que la programación sea menos "construir cosas que sirven de algo" y más "reparar con mil chapuzas cosas ligeramente estropeadas". -Además, lo otro es que muy probablemente tendremos que dedicar tiempo no remunerado y fuera de nuestra formación en formarnos, en general haciendo cosas que si bien pueden resultar más gratificantes, en general también serán frustrantes. -(Además, de cara a conseguir trabajo, lamentablemente en general también ayudará muchísimo *completar* cosas que podamos poner en nuestro currículum.) +Además, lo otro es que muy probablemente tendremos que dedicar tiempo no remunerado y fuera de nuestra formación en formarnos, en general haciendo cosas que si bien pueden resultar más gratificantes, en general también serán frustrantes. (Además, de cara a conseguir trabajo, lamentablemente en general también ayudará muchísimo *completar* cosas que podamos poner en nuestro currículum.) -A otro nivel, los trabajos de programación que pudieran resultar más motivadores y edificantes son por general los peor pagados y con peores condiciones, mientras que los buenos suelen ser en general los que despertarán menos vocación en nadie. -En mi opinión, es complicado conseguir algo de realización en este sector sin sacrificar la mayoría de beneficios que muchos ven en la profesión. +A otro nivel, los trabajos de programación que pudieran resultar más motivadores y edificantes son por general los peor pagados y con peores condiciones, mientras que los buenos suelen ser en general los que despertarán menos vocación en nadie. En mi opinión, es complicado conseguir algo de realización en este sector sin sacrificar la mayoría de beneficios que muchos ven en la profesión. -A corto plazo, mi previsión es que todo esto empeore. -El sector muy probablemente seguirá siendo una opción mucho mejor que la mayoría, pero creo que las expectativas laborales deberán rebajarse. -El único consejo que se me ocurre es intentar construir cosas similares a las que vemos en el mundo real para ver si nos gusta realmente el trabajo. +A corto plazo, mi previsión es que todo esto empeore. El sector muy probablemente seguirá siendo una opción mucho mejor que la mayoría, pero creo que las expectativas laborales deberán rebajarse. El único consejo que se me ocurre es intentar construir cosas similares a las que vemos en el mundo real para ver si nos gusta realmente el trabajo. ## Consiguiendo un trabajo Los procesos de contratación son una parte proporcionalmente muy pequeña de la vida laboral pero que concentran gran parte de lo que se habla y se protesta en este sector. -Tengo más de dos décadas de experiencia profesional, creo que he tenido muy buenos trabajos y generalmente voy a puestos con menos competencia de lo normal. -Pero para encontrar trabajo, en ocasiones he tenido que presentarme a más de un centenar de ofertas y llevarme innumerables rechazos de todo tipo, silenciosos y sonoros. +Tengo más de dos décadas de experiencia profesional, creo que he tenido muy buenos trabajos y generalmente voy a puestos con menos competencia de lo normal. Pero para encontrar trabajo, en ocasiones he tenido que presentarme a más de un centenar de ofertas y llevarme innumerables rechazos de todo tipo, silenciosos y sonoros. -Hay estudios que parecen demostrar que una parte muy importante de ofertas en el sector incluso son totalmente ficticias. -(Esto seguramente afecte a otros sectores, pero parece especialmente popular en este.) +Hay estudios que parecen demostrar que una parte muy importante de ofertas en el sector incluso son totalmente ficticias. (Esto seguramente afecte a otros sectores, pero parece especialmente popular en este.) Los procesos de selección de personal tienen una gran parte de competencia porque en general, siempre hay otros candidatos que se esfuerzan como nosotros en ser los elegidos. ### Fuentes de ofertas -Aunque creo que las grandes plataformas de empleo son menos efectivas que otras vías para encontrar trabajo, sí vale la pena examinar las ofertas para saber qué demanda el mercado y de paso apuntarse a todas las ofertas que podamos. -Esto último igual hasta nos sirve para entrar en algún proceso y quizá conseguir trabajo, pero también es importante porque los procesos de selección requieren práctica real para mejorar nuestras posibilidades. +Aunque creo que las grandes plataformas de empleo son menos efectivas que otras vías para encontrar trabajo, sí vale la pena examinar las ofertas para saber qué demanda el mercado y de paso apuntarse a todas las ofertas que podamos. Esto último igual hasta nos sirve para entrar en algún proceso y quizá conseguir trabajo, pero también es importante porque los procesos de selección requieren práctica real para mejorar nuestras posibilidades. -Es importante recordar que muy frecuentemente lo que parecen requisitos en estas ofertas de empleo no lo son. -Si una empresa pide más conocimientos en una oferta de lo que es razonable, es muy probable que no encuentren a nadie que los cumpla todos y que contraten a alguien que no cumple todos los requisitos. +Es importante recordar que muy frecuentemente lo que parecen requisitos en estas ofertas de empleo no lo son. Si una empresa pide más conocimientos en una oferta de lo que es razonable, es muy probable que no encuentren a nadie que los cumpla todos y que contraten a alguien que no cumple todos los requisitos. En general, el mejor lugar para encontrar mejores vacantes son las pequeñas comunidades: @@ -95,12 +77,9 @@ En general, el mejor lugar para encontrar mejores vacantes son las pequeñas com * Así mismo, muchas tecnologías también tienen sus propias comunidades, aunque haya menos específicamente españolas. (En general, conseguir trabajos en el extranjero es bastante más complicado, así que recomiendo centrarse en comunidades españolas.) -Muchas de estas comunidades tienen tablones de anuncios de ofertas de empleo. -Muchas de estas ofertas las ponen los miembros de la comunidad y no las empresas, con lo que es más probable que sean reales, y en muchos casos, podremos hablar con la persona que pone el anuncio directamente. -Además, en muchos casos los tablones de anuncios de comunidades tienen reglas más estrictas sobre publicación de rangos salariales y claridad en condiciones (como por ejemplo, la modalidad real de remoto). +Muchas de estas comunidades tienen tablones de anuncios de ofertas de empleo. Muchas de estas ofertas las ponen los miembros de la comunidad y no las empresas, con lo que es más probable que sean reales, y en muchos casos, podremos hablar con la persona que pone el anuncio directamente. Además, en muchos casos los tablones de anuncios de comunidades tienen reglas más estrictas sobre publicación de rangos salariales y claridad en condiciones (como por ejemplo, la modalidad real de remoto). -El volumen es por supuesto muy inferior, pero merece mucho la pena encontrar cuantos más tablones de anuncios de este tipo y centrarse más en sus ofertas. -(Aunque raramente tendremos suficiente con estas ofertas para encontrar empleo, con lo que siempre deberemos tirar de las grandes plataformas.) +El volumen es por supuesto muy inferior, pero merece mucho la pena encontrar cuantos más tablones de anuncios de este tipo y centrarse más en sus ofertas. (Aunque raramente tendremos suficiente con estas ofertas para encontrar empleo, con lo que siempre deberemos tirar de las grandes plataformas.) ### El currículum y la presencia online @@ -118,14 +97,13 @@ Un proceso de selección jamás puede evaluar adecuadamente la capacidad de un c Al no ser algo muy exacto, los procesos de selección tienen muchísimo de imitación y modas. -Esto tiene una ventaja; en cualquier momento determinado de tiempo hay como media docena de tipos de entrevista. -Además, para cada tipo de prueba de moda, hay bastantes materiales para preparar la prueba. +Esto tiene una ventaja; en cualquier momento determinado de tiempo hay como media docena de tipos de entrevista. Además, para cada tipo de prueba de moda, hay bastantes materiales para preparar la prueba. En mi opinión, hay que aceptar los sinsentidos de los procesos de selección, dedicar una cantidad significativa de tiempo para prepararnos los pocos formatos más populares en ese momento, y quizá consolarnos con que el número de formatos populares no es mucho mayor. ### Escogiendo empleos -[La falacia de McNamara dice que a la hora de tomar decisiones damos más importancia a lo que es fácil de medir con un número que a lo que no](https://es.wikipedia.org/wiki/Falacia_de_McNamara). +=> https://es.wikipedia.org/wiki/Falacia_de_McNamara La falacia de McNamara dice que a la hora de tomar decisiones damos más importancia a lo que es fácil de medir con un número que a lo que no. El sueldo es de las pocas variables que podemos conocer cuando tenemos una oferta en la mesa, pero no es tan mala métrica. diff --git a/blog/content/notas/tecnologia/problemas.gmi b/blog/content/notas/tecnologia/problemas.gmi new file mode 100644 index 00000000..da4ee14f --- /dev/null +++ b/blog/content/notas/tecnologia/problemas.gmi @@ -0,0 +1,63 @@ +# Problemas + +Este documento es una lista de cosas que me tocan las narices. En el mundo hay infinidad de problemas más graves, pero quiero destacar esta lista. + +## La basura telefónica está fuera de control + +Recibo frecuentemente tanto llamadas como SMS fraudulentos o de publicidad indeseada. Estoy apuntado en la lista Robinson y simplemente no hay manera de librarse. + +No corro un riesgo severo de ser víctima de un fraude, pero imagino que una cantidad importante de gente sí lo corre. (Aunque una vez, la compañía eléctrica de la que era cliente sí me coló un timo.) + +Hasta donde yo sé: + +* Es trivial falsear la identificación de un SMS para que sea idéntico al que envía una entidad legítima. (E.g.: puedes hacer un SMS que se identifique como "Correos", igual que un SMS legítimo de Correos.) +* No existe, hasta donde yo sé, todo mecanismo de denuncia requiere que identifiquemos al autor de la llamada. Identificar quién llama sólo es posible si la empresa decide identificarse. +* No percibo ninguna consecuencia negativa para nadie que participe en la basura telefónica. Esto incluye a quienes realizan estas llamadas y SMS, y a las operadoras telefónicas por las que fluyen. + +Los filtros de Google son moderadamente efectivos, pero no están al alcance de todo el mundo. Además, los falsos positivos de los filtros pueden hacer perdernos comunicaciones legítimas importantes. + +### Recomendaciones frente a la basura telefónica + +A nivel individual, podemos formarnos para hacernos menos vulnerables a los fraudes, pero es prácticamente imposible evitar las molestias. + +Mi recomendación para quien tenga un móvil con posibilidad de reportar llamadas de spam, es coger las llamadas que muestren un número y: + +* Decir algo. Si no decimos nada, muchas centralitas de spam no conectan a un operador, con lo que no podemos tener 100% la certeza de que sea spam. +* Esperar a que respondan para asegurarnos de que es spam. +* Si parece que hay un robot al otro lado de la línea, colgar inmediatamente. Si parece que hay un humano, esperar a que cuelgue. (Con esto, el humano no está libre para hacer otra llamada, con lo que les frenamos un poco. También podemos intentar alargar la llamada, aunque yo personalmente no tengo paciencia.) +* Marcar la llamada como spam. + +Tengo la sensación de que los indicadores de spam de muchos teléfonos se basan en las denuncias que recibe cada número. Así que cuantas más llamadas se cojan y se marquen como spam, antes aparecerán marcadas claramente como spam para otras personas. + +(Es importante que los filtros antispam sean precisos.) + +### Otras referencias + +=> https://www.hiya.com/global-call-threat-report Hiya Global Call Threat Report Q4 2024 + +## Los protocolos cerrados dan un poder desproporcionado a empresas privadas + +Para la mayoría de gente, WhatsApp es prácticamente una necesidad para la vida cotidiana. + +Esto hace que Meta controle una parte sustancial de nuestras comunicaciones, queramos o no. Además, esto hace que cualquier problema con WhatsApp (incidencia, carencia, etc.) sea inevitable. + +También hay efectos inesperados como que Meta decide qué sistemas operativos móviles son viables y cuáles no. (En un par de ocasiones, me he tenido que cambiar de móvil porque Meta ha decidido dejar de soportarlo. Aunque puedo experimentar con sistemas operativos móviles alternativos, siempre tengo que tener un móvil soportado por WhatsApp.) + +La ley de mercados digitales (DMA) en teoría ayudará parcialmente. Esta ley debería obligar a WhatsApp a interoperar, con lo que podríamos comunicarnos con usuarios de WhatsApp sin usar WhatsApp, mitigando algunos problemas. Sin embargo, aunque lleva en vigor desde el 7 de marzo de 2024, esto todavía no es posible y está por ver cuán efectivo será. + +Muchos sistemas de comunicación existentes son más abiertos que los protocolos modernos: + +* Cualquiera puede montar un servidor de correo y comunicarse con usuarios de correo electrónico de otros proveedores. Pese a que muchos apuntan a que Google y Microsoft tienen un poder desproporcionado de facto, sigue siendo totalmente viable usar otros proveedores. Y aunque se apunta que la interoperabilidad de los correos es causante del spam, muchos otros sistemas cerrados como WhatsApp tienen problemas de spam similares o mayores. +* Aunque no todo el mundo puede hacer emisiones de DVB-T, cualquiera con una antena puede captar las emisiones y visualizarlas. (Los protocolos con los que se codifican las emisiones de DVB-T están disponibles para cualquiera.) También es posible codificar las emisiones de DVB-T para limitar su uso a usuarios que paguen, pero con libertad de consumir los contenidos con cualquier sistema DVB-T de nuestro agrado. + +(Esto en contraste con los servicios de streaming, que sólo podemos usar con dispositivos validados por el servicio de streaming.) + +## Los navegadores son excesivamente complejos + +Gran parte de los contenidos y procesos que tenemos que realizar hoy en día pasan por un navegador web. + +Por diversos motivos, los navegadores cada vez son más sofisticados para permitir mayores funcionalidades. Son tan complejos que Microsoft, una de las mayores empresas tecnológicas del mundo, ha renunciado a desarrollar un navegador propio y reutiliza gran parte de Chrome, un navegador controlado por una empresa con la que compite, Google. + +Fuera de Google Chrome y de Safari de Apple, virtualmente no existen navegadores que compitan con ellos. (Hay más navegadores, pero como Edge de Microsoft, usan el motor de Chrome o de Safari. Firefox es cada vez más minoritario e irrelevante [aunque yo lo uso y animo a todo el mundo a que lo use].) + +La sofisticación y complejidad de Chrome y Safari adicionalmente hacen que cada vez existan más webs y aplicaciones web que son prácticamente inutilizables en dispositivos de rendimiento modesto. Esto hace que sea virtualmente necesario renovar nuestros dispositivos con más frecuencia de la necesaria, a dispositivos más costosos de lo que necesitaríamos para el resto de nuestros propósitos. diff --git a/misc/greek-task-list.md b/blog/content/notes/greek-task-list.gmi index 6979082e..841a6a84 100644 --- a/misc/greek-task-list.md +++ b/blog/content/notes/greek-task-list.gmi @@ -1,83 +1,83 @@ # Greek task list -## From <https://apollos-boyfriend.tumblr.com/post/734812687645786112> +=> https://apollos-boyfriend.tumblr.com/post/734812687645786112 From: -### Icarian task +## Icarian task When you have a task you know you’re going to fail at anyways, so why not have some fun with it before it all comes crashing down -### Cassandrean task +## Cassandrean task When you have to deal with people you KNOW won’t listen to you, despite having accurate information, and having to watch them fumble about when you told them the solution from the start (most often witnessed in customer service) Patroclean task: something that you have a wild misunderstanding of the difficulty involved in accomplishing properly and can only end terribly, but you dive into with your whole heart and the deep faith and conviction that you can accomplish it by sheer force of will. -## From <https://www.tumblr.com/bigdickfartsapolka/734815719754170368/achillean-task-something-you-are-absolutely-and> +=> https://www.tumblr.com/bigdickfartsapolka/734815719754170368/achillean-task-something-you-are-absolutely-and From: -### Patroclean task +## Patroclean task Something that you have a wild misunderstanding of the difficulty involved in accomplishing properly and can only end terribly, but you dive into with your whole heart and the deep faith and conviction that you can accomplish it by sheer force of will. -## From <https://www.tumblr.com/sapphoandvanzetti/791697593363218432/penelopean-task-you-dont-actually-want-the> +=> https://www.tumblr.com/sapphoandvanzetti/791697593363218432/penelopean-task-you-dont-actually-want-the From: -### Penelopean task +## Penelopean task You don't actually want the outcome of the task, so you're self-sabotaging in a clever and undetectable way to keep it from ever being completed. -## From <https://infosec.exchange/users/masek/statuses/115507451151625748> +=> https://infosec.exchange/users/masek/statuses/115507451151625748 From: -### Orphean task +## Orphean task When you almost succeed, but lose everything the moment you turn around to check your progress. -### Daedalean task +## Daedalean task When you’re forced to design something brilliant and functional… that you yourself will inevitably become trapped inside. -### Medusan task +## Medusan task When your project becomes so horrifying that everyone involved freezes in place rather than deal with it. -### Tantaline task +## Tantaline task When success is right there, but bureaucracy or budget cuts keep snatching it away at the last moment, forever. -### Pandoran task +## Pandoran task When fixing one small issue unleashes a thousand new ones, but hey — at least there’s still hope somewhere in the ticket backlog. -### Odyssean task +## Odyssean task When the assignment technically has an end, but it’s buried under so many side quests that you forget what the original goal was. -### Narcissian task +## Narcissian task When the entire effort is about maintaining appearances rather than achieving anything of substance. -### Promethean task +## Promethean task When you give people a powerful new tool that could transform their work — and are punished eternally for doing so. -### Orestian task +## Orestian task When the mess you’re cleaning up is the direct result of the last cleanup you performed. -### Thesean task +## Thesean task When the only way to finish is to disassemble everything piece by piece — until you’re no longer sure if what’s left is the same project you started. -### Achillean task +## Achillean task When your work is flawless except for that one fatal oversight that will, inevitably, destroy you. -### Penelopean task +## Penelopean task When you diligently undo by night what you accomplish by day, just to keep the stakeholders pacified. -### Midasean task +## Midasean task When everything you touch turns into paperwork, compliance documents, or gold-plated nonsense nobody actually needs. -### Gordian task +## Gordian task Not intended to be actually done, but violence is the answer. diff --git a/blog/content/notes/index.gmi b/blog/content/notes/index.gmi index 2aaf17d7..31188065 100644 --- a/blog/content/notes/index.gmi +++ b/blog/content/notes/index.gmi @@ -1,5 +1,7 @@ # Notes +=> greek-task-list Greek task list + ## Cliff's notes Notes about some books I like: @@ -11,6 +13,13 @@ Notes about some books I like: ## Tech => tech/misc-linux-stuff Misc Linux stuff +=> tech/running-commands-in-linux Running commands in Linux +=> tech/ssh-for-beginners SSH for beginners +=> tech/document-formats Document formats +=> tech/internet-communication-channels Internet communication channels +=> tech/ledger Ledger +=> tech/migadu Migadu +=> tech/ripping Ripping ### Gadgets diff --git a/blog/content/notes/tech/document-formats.gmi b/blog/content/notes/tech/document-formats.gmi new file mode 100644 index 00000000..385c0c0e --- /dev/null +++ b/blog/content/notes/tech/document-formats.gmi @@ -0,0 +1,97 @@ +# Document formats + +Most of the time, when writing a document, I want a document format with the following properties: + +* Fast to write using a plain text editor +* Easy to parse into an AST + +An AST is a programming-friendly representation of a document. ASTs reduce the effort required to write tools such as a program that validates links in a document. Ideally, ASTs contain information to track a document element to the position it occupies in the original document. With this information, if you write a tool such as a spell checker, then you can highlight misspelled works precisely in the original document. + +On top of that, some features that I don't always need: + +* Math support +* Sophisticated code blocks. For example, being able to highlight arbitrary parts of code blocks (not syntax highlighting). +* Diagram support + +## Existing formats + +### Markdown + +* Easy to write using a plain text editor +* Has good AST parsers with position information +* Has math support +* Does not support sophisticated code blocks +* There are many extensions with support for math, diagrams, and many others +* Is very popular and supported everywhere +* However, there is a wide variety of variants and quirks +* Especifically, because Markdown was not designed with parsing in mind, so tools based on different parsers can have differences in behavior + +### Djot + +=> https://djot.net + +It is very similar to Markdown, except: + +* It is designed for parsing, so independent parsing implementations are very compatible with each other +* It is not so popular, so there are less extension and tool support + +### AsciiDoc + +=> https://asciidoc.org + +Compared to Markdown: + +* It's more complex to write, but mostly because it's different and more powerful +* There are attempts to write better parsers, but good parsers with position information are not available yet +* Supports sophisticated code blocks +* It has a smaller ecosystem than Markdown, but many good quality tools such as Antora + +### Typst + +=> https://typst.app + +Checks all my boxes, except: + +* It is designed for parsing and it has an AST, but it is not easy to access +* Currently Typst is very oriented towards generating paged documents (e.g. PDF) +* It includes a full programming language, which is mostly good (very extensible), but this might increase complexity undesirably + +Typst is very new and is not yet very popular. + +=> https://codeberg.org/haydn/typesetter Typesetter is a desktop application that embeds Typst, so no additional setup is needed. However, Typesetter is only available as a Flatpak. + +### Verso + +=> https://github.com/leanprover/verso + +A Markdown-like closely tied to the Lean programming language. + +* Eliminates ambiguous syntax for easier parsing and is stricter (not all text is valid Verso) +* Has a (Lean) data model +* Designed for extensibility + +### TODO: other formats + +=> https://github.com/nota-lang/nota Nota (a document language for the browser) +=> https://github.com/christianvoigt/argdown Argdown (for argumentation) +=> https://github.com/podlite/podlite Podlite +=> https://orgmode.org Org Mode (an Emacs-based tool based on a lightweight markup language) +=> https://github.com/nvim-neorg Neorg (similar to Org Mode for Neovim) +=> https://github.com/sile-typesetter/sile Sile (typesetting system) + +## Creating your own formats + +=> https://github.com/spc476/MOPML Someone created its own lightweight format using Lua and PEGs. +=> https://tratt.net/laurie/blog/2020/which_parsing_approach.html "Which parsing approach" has information about choosing parsing approaches. + +## About gemtext + +=> https://geminiprotocol.net/docs/gemtext-specification.gmi + +Gemtext is an extremely minimalistic markup language designed for use with the Gemini protocol (an extremely minimalistic protocol similar to HTTP). + +The Gemini protocol and gemtext are intentionally designed to limit their power, in my opinion as a comment on the web. + +This document is gemtext-native for use in my own minimalistic publishing system. + +I also use it as a statement, although the limitations of gemtext can be significant in technical writing. For example, gemtext has no inline links, no inline verbatim code, only three levels of headings, etc. diff --git a/blog/content/notes/tech/internet-communication-channels.gmi b/blog/content/notes/tech/internet-communication-channels.gmi new file mode 100644 index 00000000..efdc18af --- /dev/null +++ b/blog/content/notes/tech/internet-communication-channels.gmi @@ -0,0 +1,131 @@ +# Internet communication channels + +If you want to provide a communication channel for a community over the Internet and you are considering options such as: + +* Slack +* Discord +* Reddit +* Telegram +* WhatsApp +* Facebook +* Or any other communication channel controlled by a single big company + +, then please read this article and consider an alternative. + +Because such channels are often convenient, cheap, and easy, they are natural choices. + +However, companies are about maximizing their benefits first. Certainly, providing convenient, cheap, and easy services often help companies make money. But I believe we have seen enough examples of companies putting their benefits first in detriment of their users. + +Using these alternatives will always require more effort. This text is long, and just reading and processing it might take more time than setting up a channel on the services mentioned above. The alternatives I describe certainly have drawbacks compared to the services I am asking you to avoid. However, in the long run I think making an extra effort to make an informed choice pays off. + +## A quick litmus test + +If you only thing about a single thing, then think about this: how many independent clients are for this communication channel? + +How tightly the people behind the channel control clients is a good indicator of how much they want to maximize profits. + +## Alternatives + +### IRC + +IRC is a real-time chat protocol created in 1988 that is still in use. Many perceive flaws in IRC that seem to make it a bad choice. However, many IRC flaws have been addressed in recent times and I believe it is a good choice in many (but not all) scenarios. + +The biggest traditional issue with IRC is channels without history, where you cannot see messages posted while you were offline. (If you suspend or turn off your laptop, you will be offline in IRC. Even if you run your IRC client continuously on your client, if your phone goes out of coverage or your phone suspends your IRC client, you will be offline.) However, nowadays you can create channels with history. + +Channels without history are frequently confusing for new users, because most chat systems have history. Heavy IRC users are either used to having no history [this might seem surprising, but for some this is even a benefit] or have means to be permanently connected to IRC. However, users new to IRC might join a channel, post a question and go offline without anyone having a chance to see their message and reply. Then, unless people remember to answer when they are back, or other means are used, answers will not be visible to the person who asked. + +The chathistory extension addresses this problem. As far as I know, only the Ergo IRC server and their network support this extension. + +Some advantages of IRC are: + +* You can use IRC without creating an account. This can be especially useful for providing a general contact mechanism. You can create links that will ask for a nickname, and place you into a channel without any additional steps. +* IRC is a very simple protocol with more than 30 years of history. This means that many developers have invested significant efforts in creating powerful IRC clients and tools (such as bots). And lately, many easy IRC clients are available. This means that IRC can scale from simple setups that require little effort to use, to powerful setups that can provide interesting features. (If you are used to plain communication clients, you might be surprised at how valuable some features can be.) + +Some drawbacks of IRC are: + +* IRC does not have end-to-end encryption, and thus IRC administrators can read every conversation. This is not a huge problem for public or semi-public channels, but it limits IRC for many scenarios. +* IRC requires more effort from administrators to provide a good experience to entry-level users, control spam, and others. (An important point is that although integration with audio/video conferencing is possible, it requires more effort and provides a lesser experience.) +* IRC is mostly text-based. Although many IRC clients can display images and GIFs, communicating with images and GIFs is harder on IRC. (And IRC also does not have integrated audio/video conferencing.) +* Push notifications are not common yet. Although it is possible to receive instant notifications when you are mentioned or receive a private message, this is frequently difficult. In general, IRC on mobile phones is not as evolved as on desktop computers. + +Interesting projects: + +=> https://github.com/ObsidianIRC/ObsidianIRC ObsidianIRC (web client) +=> https://kiwiirc.com/ Kiwi IRC (web client) +=> https://codeberg.org/emersion/gamja Gamja (web client) +=> https://soju.im/ Soju (bouncer) +=> https://halloy.chat/ Halloy (graphical desktop client) +=> https://git.sr.ht/~delthas/senpai Senpai (terminal client) + +### Delta Chat + +Delta Chat is an instant messaging system that tries to be very similar to the most popular instant messaging systems. + +However, there are multiple clients and anyone can run a server. + +The strangest thing about Delta Chat is that is uses email underneath. However, I would recommend ignoring this fact. + +### XMPP + +XMPP is younger than IRC, but older than Matrix. Compared to Matrix: + +* End-to-end encryption and audio/video conferencing is possible with XMPP, but in practice it can be difficult to access these features. +* There's more XMPP clients than Matrix clients, but it is also hard to find clients that support all the features you need on different platforms. + +For some scenarios, if you find the right combination of XMPP server and clients, XMPP can be a great option. + +Historically, XMPP was not well-suited to mobile usage. Nowadays, mobile usage is better, but finding the right clients to use is still a challenge. + +### Matrix + +Matrix is a more modern chat protocol that addresses some of the drawbacks of IRC: + +* Matrix has end-to-end encryption, so conversations between users are private to Matrix administrators. +* Matrix requires less effort from *channel* administrators. (But running a Matrix server requires significant resources. However, there are public Matrix servers and managed services. Thanks to end-to-end encryption, using a public Matrix server is an interesting option.) +* Matrix has good support for audio/video conferencing, images and GIFs, reactions, push notifications, and phone usage. + +But also some disadvantages compared to IRC: + +* Users need to create accounts. +* Using end-to-end encryption makes some usage harder. (Although end-to-end encryption is optional.) +* There are fewer clients and tools, and generally they are more complex, more resource intensive, and less featureful. (And not all clients support all features.) + +### Other alternatives to consider + +Zulip offers instant messaging, but has some characteristics from forums. (For example, Zulip uses threads with subjects.) + +Mattermost and Rocketchat are designed for communication within organizations. + +And lastly, because all the technologies mentioned in this text allow integrations, there are bridges to join different technologies. + +For example, IRC channels can be bridged to Matrix rooms. + +Although bridges are not ideal, in some cases you can use them to make one channel available over different technologies, which might address the limitations of specific technologies. + +Although my perception is that most communities nowadays communicate over instant messaging, many communities use successfully more asynchronous communication channels. In some cases, providing both instant messaging and an asynchronous channel can also work well. + +Mailing lists (and their sibling, newsgroups) are older than IRC. Although mailing lists are far less popular than in the past, many communities still use mailing lists. + +Mailing lists have several advantages: + +* Having an email address is nearly a necessity for all Internet users. Mailing lists often require no user account other than an existing email address. +* In a way, email and mailing lists share many similarities with IRC. Although most people are users of just a few mail services and clients, there is a wide variety of services and clients. Email power features are somewhat forgotten, but they still exist and mail clients can have very convenient features. +* Most mailing list have good ways to browse and search past messages. Email discussions are more naturally searchable, thanks to their slower pace and thread organization. + +However, they also have many advantages: + +* As people no longer use email to communicate, going back to email can cause significant friction. +* Finding a good mailing list service is difficult. (And hosting your own is also more difficult than hosting other services.) + +In my opinion, mailing lists are good, but they have become foreign to most people. + +Forums used to be very popular. + +Compared to mailing lists: + +* Forums require creating an account. +* Forums do not have multiple clients, although forum software has also evolved for a long time, and many forums have great features. +* Forums are also a bit out of style, but they are more popular and familiar to most than mailing lists. +* Finding a forum service or hosting one is simpler than email. + +Social networks tend to be slightly different communication channels than instant messaging or asynchronous messaging. Alternatives to social networks also exist. However, in my opinion, social network-style communication is not optimal for "communities" in most cases. Still, you might want to explore alternatives. The Fediverse (or ActivityPub) has many different varieties of communication channels that might suit your needs. diff --git a/misc/ledger.md b/blog/content/notes/tech/ledger.gmi index 18c6f1f1..97a0af3f 100644 --- a/misc/ledger.md +++ b/blog/content/notes/tech/ledger.gmi @@ -1,13 +1,14 @@ # ledger -[ledger](https://ledger-cli.org/) is a double-entry accounting system based on a text file format. -The [Plain text accounting](https://plaintextaccounting.org/) website lists more software based on the ideas. +=> https://ledger-cli.org Ledger is a double-entry accounting system based on a text file format. + +=> https://plaintextaccounting.org/ The Plain text accounting website lists more software based on the ideas. This document contains notes about how I use ledger. ## Configuration -My `~/.ledgerrc` just contains: +My ~/.ledgerrc just contains: ``` --file ~/Nextcloud/finances.ledger @@ -26,8 +27,7 @@ I do so manually without automations. In 2025, I registered over 800 transactions, and I didn't feel it was tedious. -My main text editor is Emacs, so I use [ledger-mode](https://github.com/ledger/ledger-mode/). -ledger-mode: +My main text editor is Emacs, so I use ledger-mode: * Automatically adds indentation and alignment. * Autocompletion of accounts and payees. @@ -40,20 +40,18 @@ ledger reg bankname:accountname Then, I correlate with the running total that my bank websites show to find the first missing transaction and go on from there. -I have a monthly calendar reminder to catch up on all accounts. -In this session, I also update my pension plan accounts with their current value. +I have a monthly calendar reminder to catch up on all accounts. In this session, I also update my pension plan accounts with their current value. ## Tagging -### `who` +### who -I use the `who` tag because I want to make reports based on specific beings. -For example, I want to query quickly costs associated to the cat. +I use the who tag because I want to make reports based on specific beings. For example, I want to query quickly costs associated to the cat. -In 2026, I think I will have some accounts like `Expenses:Supermarket:My Name` too, so I'm experimenting with the following snippet: +In 2026, I think I will have some accounts like "Expenses:Supermarket:My Name" too, so I'm experimenting with the following snippet: ``` -= My Name += :My Name ; who: myname ``` diff --git a/misc/migadu.md b/blog/content/notes/tech/migadu.gmi index b4abc992..9fc5a80e 100644 --- a/misc/migadu.md +++ b/blog/content/notes/tech/migadu.gmi @@ -1,44 +1,41 @@ # Migadu -<https://migadu.com/> +=> https://migadu.com/ ## A strategy to handle email addresses Email addresses can be "vanity" or "non-vanity". -Vanity email addresses are meant to be public and memorable, for example `firstname@lastname.tld`. +Vanity email addresses are meant to be public and memorable, for example firstname@lastname.tld. Set up any vanity domains that you want, and a non-vanity domain. ### Non-vanity email addresses -In the non-vanity domain, you create the `{me}{code}@nonvanity.tld` mailbox. +In the non-vanity domain, you create the {me}{code}@nonvanity.tld mailbox. -`{me}` identifies you, you can have multiple users with different `{me}` identifiers in a single non-vanity domain. +{me} identifies you, you can have multiple users with different {me} identifiers in a single non-vanity domain. -This strategy uses `{code}` to obfuscate email addresses. -When you use `{code}` in an email address, you should be able to identify if the `{code}` is valid or not. +This strategy uses {code} to obfuscate email addresses. When you use {code} in an email address, ideally you should be able to identify if the {code} is valid or not. -For example, you could use a four-digit `{code}` and store what code you have used for each address. -If you use `x3452` and store this code, when you receive an email that does not match, such as `x3453`, you know the code is incorrect. +For example, you could use a four-digit {code} and store what code you have used for each address. If you use x3452 and store this code, when you receive an email that does not match, such as x3453, you know the code is incorrect. Alternatively, you can use hashing so that you do not have to store all codes. -No one except you should know about `{me}{code}@nonvanity.tld`. +No one except you should know about {me}{code}@nonvanity.tld. -Then you create a pattern rewrite from `{me}.*@nonvanity.tld` to `{me}{code}@nonvanity.tld`. +Then you create a pattern rewrite from {me}.*@nonvanity.tld to {me}{code}@nonvanity.tld. -When you need a non-vanity email address, you create a new `{me}.{entity}{code}@nonvanity.tld`, where `{entity}` is the entity that communicates with this email address and `{code}` is a **new** code. +When you need a non-vanity email address, you create a new {me}.{entity}{code}@nonvanity.tld, where {entity} is the entity that communicates with this email address and {code} is a new code. -Mails received at `{me}@nonvanity.tld` are incorrect. -Mails received without the correct code are incorrect. +Mails received at {me}@nonvanity.tld are incorrect. Mails received without the correct code are incorrect. ### Vanity email addresses -Create any needed `{id}@vanity.tld` addresses. +Create any needed {id}@vanity.tld addresses. Different from non-vanity email addresses, vanity email addresses can be guessed and you cannot identify invalid email. -See [email forwarding via IMAP](../linux/misc.md#email-forwarding-via-imap) for notes about forwarding between different email servers. +=> misc-linux-stuff See "email forwarding via IMAP" for notes about forwarding between different email servers. ### TODO Filing @@ -50,18 +47,15 @@ Because each vanity email address and entity has a different email address, you imapsync --user1 xxx@gmail.com -passfile1 gmailpass --user2 a@a.com --host2 imap.a.com --passfile2 pass --gmail1 ``` -To move mail, add `--delete1`. -But this seems to make `imapsync` much slower! +To move mail, add --delete1. But this seems to make `imapsync` much slower! (IIRC, also this didn't remove the emails from GMail!) ### Preventing issues with multiple tags -An email message can have multiple "tags" in Gmail that correspond to IMAP folders. -If you have messages with multiple tags, then the migration will duplicate messages in multiple folders or file mails to one folder at "random". +An email message can have multiple "tags" in Gmail that correspond to IMAP folders. If you have messages with multiple tags, then the migration will duplicate messages in multiple folders or file mails to one folder at "random". imapsync has features to control this, and avoid problems with the "all mail" and "sent mail" Gmail folders, but for further control, you can refile emails to have a single tag. -I have an mbsync replica of my Gmail account for backup purposes. -This replica can be used to find messages with multiple tags: +I have an mbsync replica of my Gmail account for backup purposes. This replica can be used to find messages with multiple tags: ``` find . -path './\[Gmail\]/All Mail' -prune -o -not -name index -type f -exec grep -H ^Message-ID: {} \; >index diff --git a/blog/content/notes/tech/ripping.gmi b/blog/content/notes/tech/ripping.gmi new file mode 100644 index 00000000..c2ab2ede --- /dev/null +++ b/blog/content/notes/tech/ripping.gmi @@ -0,0 +1,67 @@ +# Ripping + +## Media + +=> https://arstechnica.com/civis/threads/ripping-optical-media.1507399/post-43734994 Main source + +### Audio CD + +About 200-300 MB per album CD when ripped to FLAC. + +### DVD + +About 4-8 GB per disc, averaging 5.6 GB per movie as ISO. + +### Blu-ray + +About 20-50 GB per disc, averaging 37 GB per movie as ISO. + +## Hardware + +### Reader + +I got a Verbatim external USB Blu-ray writer for about 120€. + +### Storage + +=> https://diskprices.com/ See diskprices.com + +## Software + +### Audio + +=> https://abcde.einval.com/wiki/ abcde claims to rip and compress to FLAC and tag automatically. + +### DVD + +Use dd to rip DVD. However, dd can fail on some disks, perhaps due to damage or copy protection. + +=> https://unix.stackexchange.com/a/642790 This post on unix.stackexchange describes a trick that works: + +* Start playback of the disc using VLC. +* Try dd first, if it fails, then run a command like "ddrescue -n -b2048 -K1M /dev/sr0 x.iso x.map". +* After dd or ddrescue starts running, quit VLC. + +For playback, most software (including Kodi and VLC for Android) can play back DVD ISO with full menu support + +### Blu-ray + +=> http://fvonline-db.bplaced.net/ FindVUK has the keys to play Blu-ray discs ripped with dd. + +However, with encrypted Blu-ray discs, you need to configure the keys in each device where you want to play back the content. (And this is not easy or possible in some cases.) + +=> https://git.sr.ht/~shironeko/blu-save blu-save can remove the encryption. + +Remember to specify the path to the keys when running blu-save. + +However, VLC is confused by the AACS and CERTIFICATE directories that blu-save copies to the output. If you remove them, then VLC can play the BDMV directory with menus, etc. + +You can repack a Blu-ray extracted with blu-save by running a command like: + +``` +mkisofs -allow-limited-size -o .../my.iso . +``` + +from the directory that contains *only* the BDMV directory. + +VLC for desktop computers can open a repacked Blu-ray ISO and show the menus. Kodi for Android can open a repacked Blu-ray ISO and identify the titles. However, Kodi did not support the menus for the Blu-ray I tested. diff --git a/blog/content/notes/tech/running-commands-in-linux.gmi b/blog/content/notes/tech/running-commands-in-linux.gmi new file mode 100644 index 00000000..4fe4a004 --- /dev/null +++ b/blog/content/notes/tech/running-commands-in-linux.gmi @@ -0,0 +1,259 @@ +# Running commands in Linux + +## Motivating examples + +=> https://cwe.mitre.org/data/definitions/1337.html The 2021 CWE Top 25 Most Dangerous Software Weaknesses helps focus on the biggest security issues that developers face. + +=> https://cwe.mitre.org/data/definitions/78.html Number 5 on that list is Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). + +Software developers often write code that invokes other programs. For example, shell scripts tend to be mostly composed of invocations of programs such as find, grep, etc. Even software developed in languages such as Python, C, or Java often invokes other programs. + +Python software developers use the subprocess module to perform this task. Other languages provide similar facilities. + +Consider the two following Python sessions to execute an equivalent to the bash statement "cat /etc/passwd": + +``` +$ python3 +>>> import subprocess +>>> subprocess.run(["cat", "/etc/passwd"]) +``` + +``` +$ python3 +>>> import subprocess +>>> subprocess.run("cat /etc/passwd", shell=True) +``` + +Both scripts use the same run function, with different values of the shell parameter (the shell parameter defaults to True). When executing a command with many arguments, shell=True seems to be terser. "a b c d e" is shorter and easier to read than ["a", "b", "c", "d", "e"]. Readable code is easier to maintain, so a software developer could prefer the shell=True version. + +However, using shell=True can introduce the "OS Command Injection" weakness easily. + +Create a file named "injection.py" with the following contents: + +``` +import sys +import subprocess + +subprocess.run(f"cat {sys.argv[1]}", shell=True) +``` + +This program uses the cat command to display the contents of a file. +For example, if you run (using Python 3.6 or higher): + +``` +$ python3 injection.py /etc/passwd +``` + +The terminal shows the contents of the `/etc/passwd` file. + +However, if you run: + +``` +$ python3 injection.py '/etc/passwd ; touch injected' +``` + +The terminal shows the same file, but a file named `injected` also appears in the current directory. + +Create a file named "safe.py" with the following contents: + +``` +import sys +import subprocess + +subprocess.run(["cat", sys.argv[1]]) +``` + +Running "python3 safe.py /etc/passwd" has the same behavior as using injection.py. However, repeating the command that creates a file using safe.py results in: + +``` +$ python3 safe.py '/etc/passwd ; touch injected' +cat: '/etc/passwd ; touch injected': No such file or directory +``` + +injection.py is vulnerable to "OS Command Injection" because it uses shell=True, whereas safe.py is not. + +If a malicious user can get strings such as "/etc/passwd ; touch injected" to code that uses shell=True, then the user can execute arbitrary code in the system. Code that does not handle user input might not be exposed to such issues, but user input might creep in and introduce unexpected vulnerabilities. Avoiding the use of `shell=True` and similar features can be safer than making sure that user input is correctly handled in all cases. + +## Writing shell scripts that handle files with spaces in their names + +Create a file called backup.sh with the following contents: + +``` +#!/bin/bash + +for a in $1/* ; do + cp $a $a.bak +done +``` + +Run the following statements in the terminal to create a sample directory with files. + +``` +$ mkdir backup_example_1 +$ for a in $(seq 1 9) ; do echo $a >backup_example_1/$a ; done +``` + +These statements create the backup_example_1 directory, and files named 1 ... 9. + +The backup.sh script creates a copy of each file in a directory. If you run: + +``` +$ bash backup.sh backup_example_1/ +``` + +Then the script will copy 1 to 1.bak, and so on. + +However, if you create a new directory with files whose names have spaces: + +``` +$ mkdir backup_example_2 +$ for a in $(seq 1 9) ; do echo $a >backup_example_1/"file $a" ; done +``` + +Then the backup.sh script does not work correctly: + +``` +$ bash backup.sh backup_example_2/ +cp: cannot stat 'backup_example_2//*': No such file or directory +``` + +In order to fix the script, change the contents of backup.sh to: + +``` +#!/bin/bash + +for a in "$1/*" ; do + cp "$a" "$a.bak" +done +``` + +## Background + +### int main(int argc, char *argv[]) + +Programs written in C for Linux define a function called main that is the entry point of the program. Documents such as the N2310 draft of the C language standard describe the main function. Page 11, section 5.1.2.2.1, "Program startup", provides a common definition of main: + +``` +int main(int argc, char *argv[]) { /* ... */ } +``` + +=> http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2310.pdf The N2310 draft of the C language standard + +The argc parameter contains the **c**ount of the arguments provided to the program. The argv parameter contains their **v**alues. + +Create a file named argv.c with the following contents: + +``` +#include <stdio.h> + +int main(int argc, char *argv[]) { + for(int i=0; i<argc; i++) { + printf("Argument %d -%s-\n", i, argv[i]); + } +} +``` + +Compile the file running the following command: + +``` +$ cc argv.c +``` + +This produces an executable file named "a.out". This executable will print the arguments you provide via the command line: + +``` +$ ./a.out +Argument 0 -./a.out- +``` + +``` +$ ./a.out arg1 arg2 arg3 +Argument 0 -./a.out- +Argument 1 -arg1- +Argument 2 -arg2- +Argument 3 -arg3- +``` + +Note that the first argument is the name of the executable file itself. + +Note that when using quoting, the program prints things like: + +``` +$ ./a.out "a b" c +Argument 0 -./a.out- +Argument 1 -a b- +Argument 2 -c- +``` + +So the first argument is "a b" (without quotes). + +### exec(3) + +UNIX-like operating systems provide the "exec" family of functions to invoke commands. "man 3 exec" describes the exec family of functions in Linux. Linux provides the execl, execlp, execle, execv, execvp, and execvpe functions. These functions allow us to execute a command from within a C program. + +Create a file named execlp.c with the following contents: + +``` +#include <stdlib.h> +#include <unistd.h> + +int main() { + exit(execlp("cat", "cat", "/etc/passwd", NULL)); +} +``` + +Compile the file running the following command: + +``` +$ cc execlp.c +``` + +This produces an executable file named "a.out". +Execute it: + +``` +$ ./a.out +``` + +This is equivalent to running in a shell the statement "cat /etc/passwd". + +This article does not describe the intricacies of the exec family of functions. However, let's analyze the call to execlp. + +The exec functions whose name contains a "p" look up the command to execute by searching for executables named like the first argument in the directories listed in the PATH environment variable. In the example, execlp looks up the cat executable in directories such as /usr/bin. + +The second argument is also the name of the program. + +Note that in the preceding argv.c example, the zeroth argument is the name of the program being executed. Some executables in Linux systems are present under different names (using symbolic links). For example, xzcat is a symbolic link to xz. Running xzcat or xz runs the same executable file, but the executable uses the zeroth argument to change its behavior. + +This technique is a simple way to "share" code between similar programs. The BusyBox project provides many common utilities, such as ls and cat, in a single executable. By sharing code among all utilities, the BusyBox executable is smaller. + +The rest of the parameters to execlp are the arguments for the executable file. + +In a way, exec functions "call" the main function of other programs. The parameters to exec are "passed" to the main function. + +### Shells + +Programs such as bash provide a way to execute other programs. When you type a statement such as "cat /etc/passwd", bash parses the statement into a command to execute and arguments. Then, bash uses an exec function to run the program with arguments. + +The simplest bash statements are words separated by spaces, of the form "arg0 arg1 arg2 ... argn". + +On such a statement, bash executes something like: + +``` +execlp(arg0, arg0, arg1, _..._, argn, NULL) +``` + +And the program will receive the string arg0 as the zeroth argument, arg1 as the first argument, and so forth. + +However, using cat to view the contents of files, the user might want to view a file whose name contains spaces. + +The statement "cat a b" has two arguments: a and b. For each argument, cat prints the file of that name. So the "cat a b" statement prints the contents of the a and b files, not of a file named "a b". + +## Further reading + +=> http://teaching.idallen.com/cst8177/13w/notes/000_find_and_xargs.html Using find -exec or xargs to process pathnames with other commands +=> https://infosec.exchange/@david_chisnall/115116683569142801 Early UNIX did glob expansion in the shell not because that’s more sensible than providing a glob and option parsing API in the standard library, but because they didn’t have enough disk space or RAM to duplicate code and they didn’t have shared libraries... For example, on FreeBSD, I often do pkg info foo* to print info about packages that start with some string. If I forget to quote the last argument, this behaves differently depending on whether the current directory contains one or more files that have the prefix that I used. If they do, the shell expands them and pkg info returns nothing because I don’t have any installed packages that match those files. If they don’t, the shell passes the star to the program, which does glob expansion but against a namespace that is not the filesystem namespace. The pkg tool knows that this argument is a set of names of installed packages, not files in the current directory, but it can’t communicate that to the shell and so the shell does the wrong thing. Similarly, on DOS the rename command took a load of source files and a destination file or pattern. You could do rename *.c *.txt and it would expand the first pattern, then do the replacement based on the two patterns. UNIX’s mv can’t do that and I deleted a bunch of files by accident when I started using Linux because it’s not obvious to a user what actually happens when you write mv *.c *.txt. There is a GNU (I think?) rename command and its syntax is far more baroque than the DOS one because it is fighting against the shell doing expansion without any knowledge of the argument structure. + +## TODO + +=> https://news.ycombinator.com/item?id=36722570 SSH particularities diff --git a/blog/content/notes/tech/ssh-for-beginners.gmi b/blog/content/notes/tech/ssh-for-beginners.gmi new file mode 100644 index 00000000..0c74b2e4 --- /dev/null +++ b/blog/content/notes/tech/ssh-for-beginners.gmi @@ -0,0 +1,88 @@ +# SSH for beginners + +Some simple advice for people who are starting to use ssh. + +## Use the config + +If you create a file "~/.ssh/config", with contents like: + +``` +Host xxx + HostName yyy + Port 1234 + User zzz +``` + +, then if you type "ssh xxx", the result will be like executing "ssh -p 1234 zzz@yyy". + +Any ssh command line arguments can be encoded in an SSH client configuration file, so you can access any server by just passing a host to ssh without any additional parameters. + +Additionally, most modern systems configure SSH tab completion, so if you type "ssh <tab><tab>", your shell will complete with the hosts in your configuration file. + +## Use public key authentication + +By default, ssh uses passwords for authentication. If you use a good password, then password authentication is a decent authentication method. + +However, you can use other methods, such as public key authentication. With public key authentication, you have a public and private key. + +If you are working on system A with your *private* key, and you copy your *public* key to system B, then you can ssh from system A to system B without entering a password. + +### Security + +Note that if someone obtains your private key, they will be able to log in to systems that trust your key. Knowledge of your private key is similar to knowledge of a password. Take care making your private key truly private. + +If you suspect someone else has been able to obtain your private key, then generate a new key and remove the leaked public key from all systems. + +Note that you can generate as many keys as you want. Managing multiple keys requires more effort, but in some cases it might be more convenient. For example, if a key is suspected to be leaked, then you might only need to revoke a key and continue using other keys. + +### Generating SSH keys + +To generate your private and public keys: + +``` +$ ssh-keygen +Generating public/private rsa key pair. +Enter file in which to save the key (/home/alex/.ssh/id_rsa): +Created directory '/home/alex/.ssh'. +Enter passphrase (empty for no passphrase): +Enter same passphrase again: +Your identification has been saved in /home/alex/.ssh/id_rsa +Your public key has been saved in /home/alex/.ssh/id_rsa.pub +The key fingerprint is: +SHA256:... +The key's randomart image is: ++---[RSA 3072]----+ +... +``` + +### Key type choice + +OpenSSH, the standard ssh client, changed its default type of key generation to Ed25519 in version 9.5 released in late 2023. Previously, ssh-keygen generated RSA keys, as in the example above. Many Linux distributions still use OpenSSH versions earlier than 9.5. + +You can find advisories like: + +> It is quite possible the RSA algorithm will become practically breakable in the foreseeable future. All SSH clients support this algorithm. + +=> https://www.ssh.com/academy/ssh/keygen + +Although as of the time of writing this, RSA is considered safe. However, you can consider generating an Ed25519 key instead, following the most recent OpenSSH defaults. + +### Passphrases + +By default, if you provide an empty passphrase to ssh-keygen, your private key will be stored unprotected. Anyone that can read the private key file can obtain your key. + +You can use a passphrase to protect your key. If someone obtains a private key file but they don't know the passphrase, then they cannot use the key. + +Using a passphrase means that you need to type the passphrase every time you use the key, or use a system such as ssh-agent. This creates a tradeoff between security and convenience. + +(Note that a popular criticism of SSH public key authentication is that it is not easy for systems administrators to enforce the use of SSH passphrases.) + +## Further SSH features + +Many developers have added many useful features to SSH during many years, such as: + +* The scp command to transfer files using SSH +* Tunnels to establish bidirectional communication between systems without such connectivity. (For example, to connect to your workstation from a remote system.) +* Jump hosts that expedite the connection to a system that is not directly accessible, by using SSH to establish connection through intermediate systems. + +Also, SSH integrates very well with UNIX pipes and tools such as rsync, Git, and many others. diff --git a/linux/running_commands_in_linux.adoc b/linux/running_commands_in_linux.adoc deleted file mode 100644 index b31c39bb..00000000 --- a/linux/running_commands_in_linux.adoc +++ /dev/null @@ -1,292 +0,0 @@ -= Notes on Running Commands in Linux - -== Motivating Examples - -=== CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - -The https://cwe.mitre.org/data/definitions/1337.html[2021 CWE Top 25 Most Dangerous Software Weaknesses] helps focus on the biggest security issues that developers face. -Number 5 on that list is https://cwe.mitre.org/data/definitions/78.html[Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')]. - -Software developers often write code that invokes other programs. -For example, shell scripts tend to be mostly composed of invocations of programs such as `find`, `grep`, etc. -Even software developed in languages such as Python, C, or Java often invokes other programs. - -Python software developers use the `subprocess` module to perform this task. -Other languages provide similar facilities. - -Consider the two following Python sessions to execute an equivalent to the `bash` statement `cat /etc/passwd`: - ----- -$ python3 ->>> import subprocess ->>> subprocess.run(["cat", "/etc/passwd"]) ----- - ----- -$ python3 ->>> import subprocess ->>> subprocess.run("cat /etc/passwd", shell=True) ----- - -Both scripts use the same `run` function, with different values of the `shell` parameter (the `shell` parameter defaults to `True`). -When executing a command with many arguments, `shell=True` seems to be terser. -`a b c d e` is shorter and easier to read than `["a", "b", "c", "d", "e"]`. -Readable code is easier to maintain, so a software developer could prefer the `shell=True` version. - -However, using `shell=True` can introduce the "OS Command Injection" weakness easily. - -Create a file named "injection.py" with the following contents: - ----- -import sys -import subprocess - -subprocess.run(f"cat {sys.argv[1]}", shell=True) ----- - -This program uses the `cat` command to display the contents of a file. -For example, if you run (using Python 3.6 or higher): - ----- -$ python3 injection.py /etc/passwd ----- - -The terminal shows the contents of the `/etc/passwd` file. - -However, if you run: - ----- -$ python3 injection.py '/etc/passwd ; touch injected' ----- - -The terminal shows the same file, but a file named `injected` also appears in the current directory. - -Create a file named "safe.py" with the following contents: - ----- -import sys -import subprocess - -subprocess.run(["cat", sys.argv[1]]) ----- - -Running `python3 safe.py /etc/passwd` has the same behavior as using `injection.py`. -However, repeating the command that creates a file using `safe.py` results in: - ----- -$ python3 safe.py '/etc/passwd ; touch injected' -cat: '/etc/passwd ; touch injected': No such file or directory ----- - -`injection.py` is vulnerable to "OS Command Injection" because it uses `shell=True`, whereas `safe.py` is not. - -If a malicious user can get strings such as `/etc/passwd ; touch injected` to code that uses `shell=True`, then the user can execute arbitrary code in the system. -Code that does not handle user input might not be exposed to such issues, but user input might creep in and introduce unexpected vulnerabilities. -Avoiding the use of `shell=True` and similar features can be safer than making sure that user input is correctly handled in all cases. - -=== Writing Shell Scripts that Handle Files with Spaces in Their Names - -Create a file called `backup.sh` with the following contents: - ----- -#!/bin/bash - -for a in $1/* ; do - cp $a $a.bak -done ----- - -Run the following statements in the terminal to create a sample directory with files. - ----- -$ mkdir backup_example_1 -$ for a in $(seq 1 9) ; do echo $a >backup_example_1/$a ; done ----- - -These statements create the `backup_example_1` directory, and files named `1`, ..., `9`. - -The `backup.sh` script creates a copy of each file in a directory. -If you run: - ----- -$ bash backup.sh backup_example_1/ ----- - -Then the script will copy `1` to `1.bak`, and so on. - -However, if you create a new directory with files whose names have spaces: - ----- -$ mkdir backup_example_2 -$ for a in $(seq 1 9) ; do echo $a >backup_example_1/"file $a" ; done ----- - -Then the `backup.sh` script does not work correctly: - ----- -$ bash backup.sh backup_example_2/ -cp: cannot stat 'backup_example_2//*': No such file or directory ----- - -In order to fix the script, change the contents of `backup.sh` to: - ----- -#!/bin/bash - -for a in "$1/*" ; do - cp "$a" "$a.bak" -done ----- - - -== Background - -=== `int main(int argc, char *argv[])` - -Programs written in C for Linux define a function called `main` that is the entry point of the program. -Documents such as http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2310.pdf[the _N2310_ draft of the C language standard] describe the `main` function. -Page 11, section 5.1.2.2.1, _Program startup_, provides a common definition of `main`: - ----- -int main(int argc, char *argv[]) { /* ... */ } ----- - -The `argc` parameter contains the **c**ount of the arguments provided to the program. -The `argv` parameter contains their **v**alues. - -Create a file named `argv.c` with the following contents: - ----- -#include <stdio.h> - -int main(int argc, char *argv[]) { - for(int i=0; i<argc; i++) { - printf("Argument %d -%s-\n", i, argv[i]); - } -} ----- - -Compile the file running the following command: - ----- -$ cc argv.c ----- - -This produces an executable file named `a.out`. -This executable will print the arguments you provide via the command line: - ----- -$ ./a.out -Argument 0 -./a.out- ----- - ----- -$ ./a.out arg1 arg2 arg3 -Argument 0 -./a.out- -Argument 1 -arg1- -Argument 2 -arg2- -Argument 3 -arg3- ----- - -Note that the first argument is the name of the executable file itself. - -Note that when using quoting, the program produces prints things like: - ----- -$ ./a.out "a b" c -Argument 0 -./a.out- -Argument 1 -a b- -Argument 2 -c- ----- - -So the first argument is `a b` (without quotes). - -=== `exec(3)` - -UNIX-like operating systems provide the `exec` family of functions to invoke commands. -`man 3 exec` describes the `exec` family of functions in Linux. -Linux provides the `execl`, `execlp`, `execle`, `execv`, `execvp`, and `execvpe` functions. -These functions allow us to execute a command from within a C program. - -Create a file named `execlp.c` with the following contents: - ----- -#include <stdlib.h> -#include <unistd.h> - -int main() { - exit(execlp("cat", "cat", "/etc/passwd", NULL)); -} ----- - -Compile the file running the following command: - ----- -$ cc execlp.c ----- - -This produces an executable file named `a.out`. -Execute it: - ----- -$ ./a.out ----- - -This is equivalent to running in a shell the statement `cat /etc/passwd`. - -This article does not describe the intricacies of the `exec` family of functions. -However, let's analyze the call to `execlp`. - -The `exec` functions whose name contains a `p` look up the command to execute by searching for executables named like the first argument in the directories listed in the `PATH` environment variable. -In the example, `execlp` looks up the `cat` executable in directories such as `/usr/bin`. - -The second argument is also the name of the program. - -[NOTE] -==== -Note that in the preceding `argv.c` example, the zeroth argument is the name of the program being executed. - -Some executables in Linux systems are present under different names (using symbolic links). -For example, `xzcat` is a symbolic link to `xz`. -Running `xzcat` or `xz` runs the same executable file, but the executable uses the zeroth argument to change its behavior. - -This technique is a simple way to "share" code between similar programs. -The https://www.busybox.net/about.html[BusyBox] project provides many common utilities, such as `ls` and `cat`, in a single executable. -By sharing code among all utilities, the BusyBox executable is smaller. -==== - -The rest of the parameters to `execlp` are the arguments for the executable file. - -In a way, `exec` functions "call" the `main` function of other programs. -The parameters to `exec` are "passed" to the `main` function. - -=== Shells - -Programs such as `bash` provide a way to execute other programs. -When you type a statement such as `cat /etc/passwd`, `bash` parses the statement into a command to execute and arguments. -Then, `bash` uses an `exec` function to run the program with arguments. - -The simplest `bash` statements are words separated by spaces, of the form `arg0 arg1 arg2 _..._ argn`. - -On such a statement, `bash` executes something like: - ----- -execlp(arg0, arg0, arg1, _..._, argn, NULL) ----- - -And the program will receive the string `arg0` as the zeroth argument, `arg1` as the first argument, and so forth. - -However, using `cat` to view the contents of files, the user might want to view a file whose name contains spaces. - -The statement `cat a b` has two arguments: `a` and `b`. -For each argument, `cat` prints the file of that name. -So the `cat a b` statement prints the contents of the `a` and `b` files, not of a file named `a b`. - -== Further reading - -* http://teaching.idallen.com/cst8177/13w/notes/000_find_and_xargs.html[Using find -exec or xargs to process pathnames with other commands] -* https://infosec.exchange/@david_chisnall/115116683569142801[Early UNIX did glob expansion in the shell not because that’s more sensible than providing a glob and option parsing API in the standard library, but because they didn’t have enough disk space or RAM to duplicate code and they didn’t have shared libraries... For example, on FreeBSD, I often do pkg info foo* to print info about packages that start with some string. If I forget to quote the last argument, this behaves differently depending on whether the current directory contains one or more files that have the prefix that I used. If they do, the shell expands them and pkg info returns nothing because I don’t have any installed packages that match those files. If they don’t, the shell passes the star to the program, which does glob expansion but against a namespace that is not the filesystem namespace. The pkg tool knows that this argument is a set of names of installed packages, not files in the current directory, but it can’t communicate that to the shell and so the shell does the wrong thing. Similarly, on DOS the rename command took a load of source files and a destination file or pattern. You could do rename *.c *.txt and it would expand the first pattern, then do the replacement based on the two patterns. UNIX’s mv can’t do that and I deleted a bunch of files by accident when I started using Linux because it’s not obvious to a user what actually happens when you write mv *.c *.txt. There is a GNU (I think?) rename command and its syntax is far more baroque than the DOS one because it is fighting against the shell doing expansion without any knowledge of the argument structure.] - -== TODO - -* SSH particularities: https://news.ycombinator.com/item?id=36722570[] diff --git a/linux/ssh_for_beginners.md b/linux/ssh_for_beginners.md deleted file mode 100644 index e04b4b97..00000000 --- a/linux/ssh_for_beginners.md +++ /dev/null @@ -1,97 +0,0 @@ -Some simple advice for people who are starting to use ssh. - -# Use the config - -If you create a file `~/.ssh/config`, with contents like: - -``` -Host xxx - HostName yyy - Port 1234 - User zzz -``` - -, then if you type `ssh xxx`, the result will be like executing `ssh -p 1234 zzz@yyy`. - -Any ssh command line arguments can be encoded in an SSH client configuration file, so you can access any server with a simple `ssh host` command, without any additional parameters. - -Additionally, most modern systems configure SSH tab completion, so if you type `ssh <tab><tab>`, your shell will complete with the hosts in your configuration file. - -# Use public key authentication - -By default, ssh uses passwords for authentication. -If you use a good password, then password authentication is a decent authentication method. - -However, you can use other methods, such as public key authentication. -With public key authentication, you have a public and private key. - -If you are working on system A with your *private* key, and you copy your *public* key to system B, then you can ssh from system A to system B without entering a password. - -## Security - -Note that if someone obtains your private key, they will be able to log in to systems that trust your key. -Knowledge of your private key is similar to knowledge of a password. -Take care making your private key truly private. - -If you suspect someone else has been able to obtain your private key, then generate a new key and remove the leaked public key from all systems. - -Note that you can generate as many keys as you want. -Managing multiple keys requires more effort, but in some cases it might be more convenient. -For example, if a key is suspected to be leaked, then you might only need to revoke a key and continue using other keys. - -## Generating SSH keys - -To generate your private and public keys: - -``` -$ ssh-keygen -Generating public/private rsa key pair. -Enter file in which to save the key (/home/alex/.ssh/id_rsa): -Created directory '/home/alex/.ssh'. -Enter passphrase (empty for no passphrase): -Enter same passphrase again: -Your identification has been saved in /home/alex/.ssh/id_rsa -Your public key has been saved in /home/alex/.ssh/id_rsa.pub -The key fingerprint is: -SHA256:... -The key's randomart image is: -+---[RSA 3072]----+ -... -``` - -## Key type choice - -OpenSSH, the standard ssh client, [changed its default type of key generation to Ed25519 in version 9.5 released in late 2023](https://www.openssh.com/txt/release-9.5). -Previously, `ssh-keygen` generated RSA keys, as in the example above. -Many Linux distributions still use OpenSSH versions earlier than 9.5. - -You can find advisories like [the following](https://www.ssh.com/academy/ssh/keygen): - -> It is quite possible the RSA algorithm will become practically breakable in the foreseeable future. All SSH clients support this algorithm. - -Although as of the time of writing this, RSA is considered safe. -However, you can consider generating an Ed25519 key instead, following the most recent OpenSSH defaults. - -## Passphrases - -By default, if you provide an empty passphrase to `ssh-keygen`, your private key will be stored unprotected. -Anyone that can read the private key file can obtain your key. - -You can use a passphrase to protect your key. -If someone obtains a private key file but they don't know the passphrase, then they cannot use the key. - -Using a passphrase means that you need to type the passphrase every time you use the key, or use a system such as `ssh-agent`. -This creates a tradeoff between security and convenience. - -(Note that a popular criticism of SSH public key authentication is that it is not easy for systems administrators to enforce the use of SSH passphrases.) - -# Further SSH features - -Many developers have added many useful features to SSH during many years, such as: - -* The `scp` command to transfer files using SSH -* Tunnels to establish bidirectional communication between systems without such connectivity. - (For example, to connect to your workstation from a remote system.) -* Jump hosts that expedite the connection to a system that is not directly accessible, by using SSH to establish connection through intermediate systems. - -Also, SSH integrates very well with UNIX pipes and tools such as rsync, Git, and many others. diff --git a/misc/aws/account_setup_notes.md b/misc/aws/account_setup_notes.md deleted file mode 100644 index 46647fe1..00000000 --- a/misc/aws/account_setup_notes.md +++ /dev/null @@ -1,88 +0,0 @@ -# Account setup notes - -> [!CAUTION] -> I do not have AWS training nor significant experience. -> The information here can be insecure and dangerous. - -## Initial setup - -### Creating the initial management account and initial configuration - -Opening an account requires a credit card, a phone number and an email address. - -Once an email address is associated with an AWS account, no other AWS account can be created with the same email address, even if you delete the AWS account. -However, you can change the email address of the AWS account to "free" the email address. - -Create use multiple email addresses or plus addressing for experiments, etc.. -(OVH "redirect", Gmail and Google Groups support plus addressing.) - -Go to "IAM Identity Center" and enable it in your preferred region. -This enables AWS Organizations and creates a `Root` OU that contains the management account. - -By default, this uses an internal "Identity Center directory". -Alternatively, you can integrate with an external identity provider. -(TODO: using SAML?) - -Create an `Admins` group. - -Create an `admin` user, adding the user to the `Admins` group. - -Create a predefined permission set with the `AdministratorAccess` policy. - -Go to multi-account permissions, AWS accounts, select the management account and click "assign users or groups". -Assign the `Admins` group with the `AdministratorAccess` permission set. - -Note the "AWS access portal URL", users use this URL to log in. - -### Setting up the `admin` user - -Depending on how you created the user, you create the password by following an email link or you receive an initial password. - -You have to set up MFA. - -When the user signs in, they are redirected to the AWS access portal. -An account tab displays the AWS accounts that the user can access. -Expand the account and click `AdministratorAccess` to access the AWS Console with full administrator access. - -#### Configuring `awscli` - -``` -$ aws configure sso -SSO session name (Recommended): ${enter something} -SSO start URL [None]: ${the AWS access portal URL from an earlier step} -SSO region [None]: ${enter one} -SSO registration scopes [sso:account:access]: ${leave blank} -``` - -The `configure sso` command prints: - -``` -aws s3 ls --profile ${your profile name} -``` - -You can use this command to test access. - -To log in again: - -``` -aws sso login --profile ${the profile name from an earlier step} -``` - -## First steps with AWS Organization Formation - -``` -npx --package aws-organization-formation -- org-formation init ${starter template yaml} --profile ${the profile name from an earlier step} -``` - -This command creates a `${starter template yaml}` file with the skeleton of your current AWS account structure. - -## Account closure - -TODO: verify when deleting an account disposes resources that incur billing. - -## References - -* [AWS Organization Formation](https://github.com/org-formation) declarative management of AWS accounts - * [org-formation-reference](https://github.com/org-formation/org-formation-reference) A reference architecture which aims to provide some best practices for any AWS Organization starting out using org-formation. - * [Part 1 – Managing AWS accounts like a PRO](https://fourtheorem.com/managing-aws-accounts-part-1/) - * [Part 2 – Managing accounts using IaC with OrgFormation](https://fourtheorem.com/managing-accounts-using-iac-and-orgformation/) diff --git a/misc/document-formats.md b/misc/document-formats.md deleted file mode 100644 index 9ee21acc..00000000 --- a/misc/document-formats.md +++ /dev/null @@ -1,83 +0,0 @@ -# Document formats - -Most of the time, when writing a document, I want a document format with the following properties: - -* Fast to write using a plain text editor -* Easy to parse into an AST - -An AST is a programming-friendly representation of a document. -ASTs reduce the effort required to write tools such as a program that validates links in a document. -Ideally, ASTs contain information to track a document element to the position it occupies in the original document. -With this information, if you write a tool such as a spell checker, then you can highlight misspelled works precisely in the original document. - -On top of that, some features that I don't always need: - -* Math support -* Sophisticated code blocks. - For example, being able to highlight arbitrary parts of code blocks (not syntax highlighting). -* Diagram support - -## Existing formats - -### Markdown - -* Easy to write using a plain text editor -* Has good AST parsers with position information -* Has math support -* Does not support sophisticated code blocks -* There are many extensions with support for math, diagrams, and many others -* Is very popular and supported everywhere -* However, there is a wide variety of variants and quirks -* Especifically, because Markdown was not designed with parsing in mind, so tools based on different parsers can have differences in behavior - -### [Djot](https://djot.net/) - -It is very similar to Markdown, except: - -* It is designed for parsing, so independent parsing implementations are very compatible with each other -* It is not so popular, so there are less extension and tool support - -### [AsciiDoc](https://asciidoc.org/) - -Compared to Markdown: - -* It's more complex to write, but mostly because it's different and more powerful -* There are attempts to write better parsers, but good parsers with position information are not available yet -* Supports sophisticated code blocks -* It has a smaller ecosystem than Markdown, but many good quality tools such as Antora - -### [Typst](https://typst.app/) - -Checks all my boxes, except: - -* It is designed for parsing and it has an AST, but it is not easy to access -* Currently Typst is very oriented towards generating paged documents (e.g. PDF) -* It includes a full programming language, which is mostly good (very extensible), but this might increase complexity undesirably - -Typst is very new and is not yet very popular. - -[Typesetter](https://codeberg.org/haydn/typesetter) is a desktop application that embeds Typst, so no additional setup is needed. -However, Typesetter is only available as a Flatpak. - -### [Verso](https://github.com/leanprover/verso) - -A Markdown-like closely tied to [the Lean programming language](https://lean-lang.org/): - -* Eliminates ambiguous syntax for easier parsing and is stricter (not all text is valid Verso) -* Has a (Lean) data model -* Designed for extensibility - -### TODO: other formats - -- https://github.com/nota-lang/nota -- https://github.com/christianvoigt/argdown -- https://github.com/nvim-neorg -- https://github.com/podlite/podlite/ -- https://orgmode.org/ -- https://github.com/sile-typesetter/sile - -## Creating your own formats - -https://github.com/spc476/MOPML someone created its own lightweight format using Lua and PEGs. - -https://tratt.net/laurie/blog/2020/which_parsing_approach.html has information about choosing parsing approaches. diff --git a/misc/internet-communication-channels.md b/misc/internet-communication-channels.md deleted file mode 100644 index 7ba95f0e..00000000 --- a/misc/internet-communication-channels.md +++ /dev/null @@ -1,203 +0,0 @@ -# Internet communication channels - -If you want to provide a communication channel for a community over the Internet and you are considering options such as: - -* Slack -* Discord -* Reddit -* Telegram -* WhatsApp -* Facebook -* Or any other communication channel controlled by a single big company - -, then please read this article and consider an alternative. - -Because such channels are often convenient, cheap, and easy, they are natural choices. - -However, companies are about maximizing their benefits first. -Certainly, providing convenient, cheap, and easy services often help companies make money. -But I believe we have seen enough examples of companies putting their benefits first in detriment of their users. - -Using these alternatives will always require more effort. -This text is long, and just reading and processing it might take more time than setting up a channel on the services mentioned above. -The alternatives I describe certainly have drawbacks compared to the services I am asking you to avoid. -However, in the long run I think making an extra effort to make an informed choice pays off. - -## A quick litmus test - -If you only thing about a single thing, then think about this: how many independent clients are for this communication channel? - -How tightly the people behind the channel control clients is a good indicator of how much they want to maximize profits. - -## Alternatives - -### Instant messaging - -#### IRC - -IRC is a real-time chat protocol created in 1988 that is still in use. -Many perceive flaws in IRC that seem to make it a bad choice. -However, many IRC flaws have been addressed in recent times and I believe it is a good choice in many (but not all) scenarios. - -The biggest traditional issue with IRC is channels without history, where you cannot see messages posted while you were offline. -(If you suspend or turn off your laptop, you will be offline in IRC. -Even if you run your IRC client continuously on your client, if your phone goes out of coverage or your phone suspends your IRC client, you will be offline.) -However, nowadays you can create channels with history. - -Channels without history are frequently confusing for new users, because most chat systems have history. -Heavy IRC users are either used to having no history [this might seem surprising, but for some this is even a benefit] or have means to be permanently connected to IRC. -However, users new to IRC might join a channel, post a question and go offline without anyone having a chance to see their message and reply. -Then, unless people remember to answer when they are back, or other means are used, answers will not be visible to the person who asked. - -[The `chathistory` extension](https://ircv3.net/specs/extensions/chathistory) addresses this problem. -As far as I know, only [the Ergo IRC server](https://ergo.chat/about) and [their network](https://ergo.chat/about-network) support this extension. - -Some advantages of IRC are: - -* You can use IRC without creating an account. - This can be especially useful for providing a general contact mechanism. - You can create links that will ask for a nickname, and place you into a channel without any additional steps. - -* IRC is a very simple protocol with more than 30 years of history. - This means that many developers have invested significant efforts in creating powerful IRC clients and tools (such as bots). - And lately, many easy IRC clients are available. - This means that IRC can scale from simple setups that require little effort to use, to powerful setups that can provide interesting features. - (If you are used to plain communication clients, you might be surprised at how valuable some features can be.) - -Some drawbacks of IRC are: - -* IRC does not have end-to-end encryption, and thus IRC administrators can read every conversation. - This is not a huge problem for public or semi-public channels, but it limits IRC for many scenarios. - -* IRC requires more effort from administrators to provide a good experience to entry-level users, control spam, and others. - (An important point is that although integration with audio/video conferencing is possible, it requires more effort and provides a lesser experience.) - -* IRC is mostly text-based. - Although many IRC clients can display images and GIFs, communicating with images and GIFs is harder on IRC. - (And IRC also does not have integrated audio/video conferencing.) - -* Push notifications are not common yet. - Although it is possible to receive instant notifications when you are mentioned or receive a private message, this is frequently difficult. - In general, IRC on mobile phones is not as evolved as on desktop computers. - -Interesting projects: - -* Web clients - * https://github.com/ObsidianIRC/ObsidianIRC - * https://kiwiirc.com/ - * https://codeberg.org/emersion/gamja -* https://soju.im/ (Bouncer) -* https://halloy.chat/ (Graphical desktop client) -* https://git.sr.ht/~delthas/senpai (Terminal client) - -### Delta Chat - -Delta Chat is an instant messaging system that tries to be very similar to the most popular instant messaging systems. - -However, there are multiple clients and anyone can run a server. - -The strangest thing about Delta Chat is that is uses email underneath. -However, I would recommend ignoring this fact. - -#### XMPP - -XMPP is younger than IRC, but older than Matrix. -Compared to Matrix: - -* End-to-end encryption and audio/video conferencing is possible with XMPP, but in practice it can be difficult to access these features. - -* There's more XMPP clients than Matrix clients, but it is also hard to find clients that support all the features you need on different platforms. - -For some scenarios, if you find the right combination of XMPP server and clients, XMPP can be a great option. - -Historically, XMPP was not well-suited to mobile usage. -Nowadays, mobile usage is better, but finding the right clients to use is still a challenge. - -#### Matrix - -Matrix is a more modern chat protocol that addresses some of the drawbacks of IRC: - -* Matrix has end-to-end encryption, so conversations between users are private to Matrix administrators. - -* Matrix requires less effort from *channel* administrators. - (But running a Matrix server requires significant resources. - However, there are public Matrix servers and managed services. - Thanks to end-to-end encryption, using a public Matrix server is an interesting option.) - -* Matrix has good support for audio/video conferencing, images and GIFs, reactions, push notifications, and phone usage. - -But also some disadvantages compared to IRC: - -* Users need to create accounts. - -* Using end-to-end encryption makes some usage harder. - (Although end-to-end encryption is optional.) - -* There are fewer clients and tools, and generally they are more complex, more resource intensive, and less featureful. - (And not all clients support all features.) - -#### Other instant messaging alternatives to consider - -* Zulip: Zulip offers instant messaging, but has some characteristics from forums. - (For example, Zulip uses threads with subjects.) - -* Mattermost, Rocketchat are designed for communication within organizations. - -And lastly, because all the technologies mentioned in this text allow integrations, there are bridges to join different technologies. - -For example, IRC channels can be bridged to Matrix rooms. - -Although bridges are not ideal, in some cases you can use them to make one channel available over different technologies, which might address the limitations of specific technologies. - -### Asynchronous messaging - -Although my perception is that most communities nowadays communicate over instant messaging, many communities use successfully more asynchronous communication channels. -In some cases, providing both instant messaging and an asynchronous channel can also work well. - -#### Mailing lists - -Mailing lists (and their sibling, newsgroups) are older than IRC. -Although mailing lists are far less popular than in the past, many communities still use mailing lists. - -Mailing lists have several advantages: - -* Having an email address is nearly a necessity for all Internet users. - Mailing lists often require no user account other than an existing email address. - -* In a way, email and mailing lists share many similarities with IRC. - Although most people are users of just a few mail services and clients, there is a wide variety of services and clients. - Email power features are somewhat forgotten, but they still exist and mail clients can have very convenient features. - -* Most mailing list have good ways to browse and search past messages. - Email discussions are more naturally searchable, thanks to their slower pace and thread organization. - -However, they also have many advantages: - -* As people no longer use email to communicate, going back to email can cause significant friction. - -* Finding a good mailing list service is difficult. - (And hosting your own is also more difficult than hosting other services.) - -In my opinion, mailing lists are good, but they have become foreign to most people. - -#### Web forums - -Forums used to be very popular. - -Compared to mailing lists: - -* Forums require creating an account. - -* Forums do not have multiple clients, although forum software has also evolved for a long time, and many forums have great features. - -* Forums are also a bit out of style, but they are more popular and familiar to most than mailing lists. - -* Finding a forum service or hosting one is simpler than email. - -### Other possibilities - -Social networks tend to be slightly different communication channels than instant messaging or asynchronous messaging. -Alternatives to social networks also exist. -However, in my opinion, social network-style communication is not optimal for "communities" in most cases. -Still, you might want to explore alternatives. -The Fediverse (or ActivityPub) has many different varieties of communication channels that might suit your needs. diff --git a/misc/problemas.md b/misc/problemas.md deleted file mode 100644 index c8da58f6..00000000 --- a/misc/problemas.md +++ /dev/null @@ -1,91 +0,0 @@ -# Problemas - -Este documento es una lista de cosas que me tocan las narices. -En el mundo hay infinidad de problemas más graves, pero quiero destacar esta lista. - -## La basura telefónica está fuera de control - -Recibo frecuentemente tanto llamadas como SMS fraudulentos o de publicidad indeseada. -Estoy apuntado en la lista Robinson y simplemente no hay manera de librarse. - -No corro un riesgo severo de ser víctima de un fraude, pero imagino que una cantidad importante de gente sí lo corre. -(Aunque una vez, la compañía eléctrica de la que era cliente sí me coló un timo.) - -Hasta donde yo sé: - -* Es trivial falsear la identificación de un SMS para que sea idéntico al que envía una entidad legítima. - (E.g.: puedes hacer un SMS que se identifique como "Correos", igual que un SMS legítimo de Correos.) -* No existe, hasta donde yo sé, todo mecanismo de denuncia requiere que identifiquemos al autor de la llamada. - Identificar quién llama sólo es posible si la empresa decide identificarse. -* No percibo ninguna consecuencia negativa para nadie que participe en la basura telefónica. - Esto incluye a quienes realizan estas llamadas y SMS, y a las operadoras telefónicas por las que fluyen. - -Los filtros de Google son moderadamente efectivos, pero no están al alcance de todo el mundo. -Además, los falsos positivos de los filtros pueden hacer perdernos comunicaciones legítimas importantes. - -### Recomendaciones frente a la basura telefónica - -A nivel individual, podemos formarnos para hacernos menos vulnerables a los fraudes, pero es prácticamente imposible evitar las molestias. - -Mi recomendación para quien tenga un móvil con posibilidad de reportar llamadas de spam, es coger las llamadas que muestren un número y: - -* Decir algo. - Si no decimos nada, muchas centralitas de spam no conectan a un operador, con lo que no podemos tener 100% la certeza de que sea spam. -* Esperar a que respondan para asegurarnos de que es spam. -* Si parece que hay un robot al otro lado de la línea, colgar inmediatamente. - Si parece que hay un humano, esperar a que cuelgue. - (Con esto, el humano no está libre para hacer otra llamada, con lo que les frenamos un poco. - También podemos intentar alargar la llamada, aunque yo personalmente no tengo paciencia.) -* Marcar la llamada como spam. - -Tengo la sensación de que los indicadores de spam de muchos teléfonos se basan en las denuncias que recibe cada número. -Así que cuantas más llamadas se cojan y se marquen como spam, antes aparecerán marcadas claramente como spam para otras personas. - -(Es importante que los filtros antispam sean precisos.) - -### Otras referencias - -* [Hiya Global Call Threat Report Q4 2024](https://www.hiya.com/global-call-threat-report), que redirige a [este PDF](https://6751436.fs1.hubspotusercontent-na1.net/hubfs/6751436/Global%20Call%20Threat%20Report_2024Q4.pdf). - -## Los protocolos cerrados dan un poder desproporcionado a empresas privadas - -Para la mayoría de gente, WhatsApp es prácticamente una necesidad para la vida cotidiana. - -Esto hace que Meta controle una parte sustancial de nuestras comunicaciones, queramos o no. -Además, esto hace que cualquier problema con WhatsApp (incidencia, carencia, etc.) sea inevitable. - -También hay efectos inesperados como que Meta decide qué sistemas operativos móviles son viables y cuáles no. -(En un par de ocasiones, me he tenido que cambiar de móvil porque Meta ha decidido dejar de soportarlo. -Aunque puedo experimentar con sistemas operativos móviles alternativos, siempre tengo que tener un móvil soportado por WhatsApp.) - -[La ley de mercados digitales (DMA)](https://maldita.es/malditatecnologia/20240313/dma-ley-mercados-digitales-usuarios/) en teoría ayudará parcialmente. -Esta ley debería obligar a WhatsApp a interoperar, con lo que podríamos comunicarnos con usuarios de WhatsApp sin usar WhatsApp, mitigando algunos problemas. -Sin embargo, aunque lleva en vigor desde el 7 de marzo de 2024, esto todavía no es posible y está por ver cuán efectivo será. - -Muchos sistemas de comunicación existentes son más abiertos que los protocolos modernos: - -* Cualquiera puede montar un servidor de correo y comunicarse con usuarios de correo electrónico de otros proveedores. - Pese a que muchos apuntan a que Google y Microsoft tienen un poder desproporcionado de facto, sigue siendo totalmente viable usar otros proveedores. - Y aunque se apunta que la interoperabilidad de los correos es causante del spam, muchos otros sistemas cerrados como WhatsApp tienen problemas de spam similares o mayores. - -* Aunque no todo el mundo puede hacer emisiones de DVB-T, cualquiera con una antena puede captar las emisiones y visualizarlas. - (Los protocolos con los que se codifican las emisiones de DVB-T están disponibles para cualquiera.) - También es posible codificar las emisiones de DVB-T para limitar su uso a usuarios que paguen, pero con libertad de consumir los contenidos con cualquier sistema DVB-T de nuestro agrado. - -(Esto en contraste con los servicios de streaming, que sólo podemos usar con dispositivos validados por el servicio de streaming.) - -## Los navegadores son excesivamente complejos - -Gran parte de los contenidos y procesos que tenemos que realizar hoy en día pasan por un navegador web. - -Por diversos motivos, los navegadores cada vez son más sofisticados para permitir mayores funcionalidades. -Son tan complejos que Microsoft, una de las mayores empresas tecnológicas del mundo, ha renunciado a desarrollar un navegador propio y reutiliza gran parte de Chrome, un navegador controlado por una empresa con la que compite, Google. - -Fuera de Google Chrome y de Safari de Apple, virtualmente no existen navegadores que compitan con ellos. -(Hay más navegadores, pero como Edge de Microsoft, usan el motor de Chrome o de Safari. -Firefox es cada vez más minoritario e irrelevante [aunque yo lo uso y animo a todo el mundo a que lo use].) - -La sofisticación y complejidad de Chrome y Safari adicionalmente hacen que cada vez existan más webs y aplicaciones web que son prácticamente inutilizables en dispositivos de rendimiento modesto. -Esto hace que sea virtualmente necesario renovar nuestros dispositivos con más frecuencia de la necesaria, a dispositivos más costosos de lo que necesitaríamos para el resto de nuestros propósitos. - -He escrito más sobre el tema en inglés en [a plan against the current web](../programming/a_plan_against_the_current_web.md) y [the content web manifesto](../programming/the-content-web-manifesto/README.md). diff --git a/misc/ripping.md b/misc/ripping.md deleted file mode 100644 index f985c43f..00000000 --- a/misc/ripping.md +++ /dev/null @@ -1,71 +0,0 @@ -# Ripping - -## Media - -[Main source](https://arstechnica.com/civis/threads/ripping-optical-media.1507399/post-43734994). - -### Audio CD - -About 200-300 MB per album CD when ripped to FLAC. - -### DVD - -About 4-8 GB per disc, averaging 5.6 GB per movie as ISO. - -### Blu-ray - -About 20-50 GB per disc, averaging 37 GB per movie as ISO. - -## Hardware - -### Reader - -I got a Verbatim external USB Blu-ray writer for about 120€. - -### Storage - -See <https://diskprices.com/>. - -## Software - -### Audio - -* [abcde](https://abcde.einval.com/wiki/) claims to rip and compress to FLAC and tag automatically. - -### Video - -#### DVD - -Use `dd` to rip DVD. -However, `dd` can fail on some disks, perhaps due to damage or copy protection. -[This post on unix.stackexchange describes a trick that works](https://unix.stackexchange.com/a/642790): - -* Start playback of the disc using [VLC media player](https://www.videolan.org/vlc/). -* Try `dd` first, if it fails, then run a command like `ddrescue -n -b2048 -K1M /dev/sr0 x.iso x.map`. -* After `ddrescue` starts running, quit VLC. - -For playback, most software (including Kodi and VLC for Android) can play back DVD ISO with full menu support - -#### Blu-ray - -[FindVUK](http://fvonline-db.bplaced.net/) has the keys to play Blu-ray discs ripped with `dd`. -However, with encrypted Blu-ray discs, you need to configure the keys in each device where you want to play back the content. -(And this is not easy or possible in some cases.) - -[blu-save](https://git.sr.ht/~shironeko/blu-save) can remove the encryption. -Remember to specify the path to the keys when running blu-save. - -However, VLC is confused by the `AACS` and `CERTIFICATE` directories that blu-save copies to the output. -If you remove them, then VLC can play the `BDMV` directory with menus, etc. - -You can repack a Blu-ray extracted with blu-save by running a command like: - -``` -mkisofs -allow-limited-size -o .../my.iso . -``` - -from the directory that contains *only* the `BDMV` directory. - -VLC for desktop computers can open a repacked Blu-ray ISO and show the menus. -Kodi for Android can open a repacked Blu-ray ISO and identify the titles. -However, Kodi did not support the menus for the Blu-ray I tested. |