Light

Live stream from the Guile devroom at FOSDEM 2017!

Update: Recordings are coming online at video.fosdem.org/2017/K.4.601/

Here’s the stream to the Guile devroom at #FOSDEM: https://live.fosdem.org/watch/k4601

Schedule (also on the FOSDEM page):

  • 09:45 10:30: Small languages panel Christopher Webber, Ludovic Courtès, Etiene Dalcol, Justin Cormack
  • 10:30 11:00: An introduction to functional package management with GNU Guix Ricardo Wurmus
  • 11:00 11:30: User interfaces with Guile and their application John D

News of the day — and using Freenet as decentralized, pseudonymous communication backend for applications

This is a proposal I wrote for the NLnet Open call for funding 2016-12. It got into the short list but was not selected, so I’m sharing it here. Maybe it spikes your interest or serves as inspiration for something exciting you want to realize with Freenet. I still plan to do this, but in hobby-time it will likely take a few years to realize instead of the 6 months I had planned. Initial work is available in pyFreenet/babcom.py

The project

Organize!

Organize! … That’s the thing that has a chance of preventing all of this, and of saving the most lives when that fails. — Yonatan Zunger

I’m not sure it is a good idea to reply to this article. I am doing it anyway, because it’s already on record that I read this article. Likely even at what pace I read it.

Thank you for this article, Yonatan Zunger. This is frightening, but in an important way. And organized well enough that the essential ideas stick. Important ideas.

With images of cute animals. Added with reason.

What “Things Going Wrong” Can Look Like

Reading deeply recommended.

Building the darknet one ref at a time

Freenet Logo: Follow the RabbitBuilding the darknet one ref at a time. That’s what we have to do. If you invite three people⁰ to Freenet and help those of your friends with similar interests to connect¹², and when the people you invited then do the same, we get exponential growth.

⁰: To invite a friend into Freenet, you can send an email like this:
    Let us talk over Freenet, so I can speak freely again.

¹: Helping your friends to connect works as follows:

In Circles / The memory of time

I feel the time pass in our circles,
each year another one changed,
a head has turned white,
a hand has gone wry,
growing older as time passes by.

In our circle the time is a slide-show,
each year adds a picture or two,
and our memories in vivid colors
show the changes within me and you.

Renaming a Mercurial branch with the evolve extension

Short version (rename from $OLD to $NEW):

ROOT="$(hg id -qr 'first(roots(branch('$OLD')))')"
MSG="$(hg log -r $ROOT -T '{desc}')"  

hg update $ROOT
hg branch $NEW
hg commit --amend -m "$MSG"
hg evolve --all

Mercurial records in which named branch a commit was created. This can be inconvenient when you choose temporary branch names like "foo" or "justworkdamnit".

The evolve extension enables safe, collaborative history editing which removes this inconvenience while preserving the reliability guarantees of Mercurial.

Here I show in a quick example how to rename a branch in Mercurial using the evolve extension.

You can use this method for all changes which you did not transfer elsewhere yet (they must be in draft or secret phase).

Note (2016): The evolve extension is still in testing. Do not use it for production yet. If you want to help stabilizing it, please join evolve-testers. I’ve been using it for more than a year, but I know how to fix things when I hit a bug in the evolve extension.

Thanks for all the fish

AGU publications published "The world's biggest gamble", a short commentary on how to go on with climate change.

I am hard pressed not to become sarcastic. Not because the commentary is wrong. It’s spot on. But because we, as a species, are …

I’ll stop speaking my mind for now. Let’s hope that hope wins against frustration and our children don’t have to pay too dearly for the idiocy of my generation and the generation before.

Oh well, Happy Halloween and enjoy Samhain.

Replacing man with info

GNU info is lightyears ahead of man in terms of features, with sub-pages, clickable links, topic-spanning search, clean html- and latex-export and efficient interactive navigation.

But man pages are still the de-facto standard for getting quick information on a GNU/Linux system.

This guide intends to help you change that for your system. It needs GNU texinfo >= 6.1.

Update: If you prefer vi-keys, adjust the function to call info --vi-keys instead of plain info. You could then call that function iv

Storm through Rock

To the melody of Firesoul by Aryana. Text written 2016 by Draketo (Arne Babenhauserheide). A filk on Soul of Wind, for life is change and change reflects in living songs.

  e                        G
I sigh in the wind, for my soul wants to fly,  
   a                e             D
to wing through the storm just to look at the sky  
  e                        D           e
but choices are made and I stand by my word,
    a             e       D         e
and don’t care if anyone but me has heard.

I move on my path, I’ve chosen my way,
each crossing takes possible futures away,
but never to choose just worsens my need,
and a choice quick retracted does not make a street.

Soul of Wind

To the melody of Firesoul by Aryana. Text written around 2007 by Draketo (Arne Babenhauserheide).

  e                           G
I dance with the wind, for my soul needs to fly,  
  a                e             D
I move through the storm just to look at the sky  
  e                      D           e
I stay of my own will, I need to fly free,  
    a            e           D           e
and just one can bind me and that one is me.

I crave for the gusts, the wind on my wings,
In flight there’s no border, no queens and no kings,
I go where I want and you can’t keep me in,
I need to stay moving, leave friends and leave kin.

I know where I’m going, I’ve chosen my way,
Must heed only myself, whatever you say,
Don’t mourn for my passing, we might meet again,
just savor each moment, for struggling’s in vain.

I was targeted by an attack on GnuPG/PGP

Update: Might not actually be targeted. See Evil 32. Thanks to Ximin Luo for giving me more peace of mind!

Update: I’m not the only one hit by this. Here’s a conversation on GNU social with more people hit - though no one else reported yet having two keys faked and cross-signed.

Update: At the very least you should do this: echo keyid-format long >> ~/.gnupg/gpg.conf

On the 29th of August a colleague asked me “which key should I use to encrypt to you?” I was confused, because I only have one key for that email address. So he showed me the keys he saw:

$ gpg2 --list-keys --fingerprint arne.babenhauserheide
-------------------------------
pub   2048R/A70DA09E 2011-10-07 [expires: 2016-10-05]
uid                  Arne Babenhauserheide <arne.babenhauserheide@kit.edu>
sub   2048R/39829E5F 2011-10-07 [expires: 2016-10-05]

pub   2048R/A70DA09E 2014-06-16 [revoked: 2016-08-16]
uid                  Arne Babenhauserheide <arne.babenhauserheide@kit.edu>

pyFreenet 0.4.1 with auto-spawn support in fcpupload

I just put up a new pyFreenet release (github):

If you have Python3 and pip >= 8 you can get it with pip3 install -U --user --egg pyFreenet3. It provides a cleaned up fcpupload script with --spawn support (requires GNU/Linux):

pip3 install -U --user --egg pyFreenet3
echo 1 > testfile
fcpupload --spawn --fcpPort 9486 testfile 

If you do what you love doing, it becomes what you are good at

comment to You’re Not Meant To Do What You Love. You’re Meant To Do What You’re Good At. by Brianna Wiest, who arguments that the skills of people are "a blueprint of their destiny". For support she describes experience with people who try to do something they do not actually enjoy doing.

This whole argument sits on the assumption that skills develop somehow on their own.

Skills develop, because you use them. So if you do what you love doing (note the nuance!), then — except in rare cases — this becomes what you are good at.

Are there 10x programmers?

→ An answer I wrote to this question on Quora.

Software Engineering: What is the truth of 10x programmers?
Do they really exist?…

Let’s answer the other way round: I once had to take heavy anti-histamines for three weeks. My mind was horribly hazy from that, and I felt awake only about two hours per day.

Create secure passwords, usable on US and German keyboards

Do you want to have secure passwords which are memorable and easy to type? Did you use diceware just to find out that the rate of typos when writing 6 words with 30 letters in total without seeing what you type can be aggravating — especially when you have to enter your password several times a day?

The algorithm here generates secure passwords which are easy to type and to remember.

A major part of this article is concerned with a security estimate of the generated passwords, but firstoff, here’s an example of a password which should survive an attack leveraging all smartphones on the planet until at least 2021 at the current development speed of technology:

hXFV!4Vgf-LrgS

Let’s ramp up password security while making them easier to remember.

Update Also see Keylength - ECRYPT II report on key sizes. The report provides a clean overview of several different recommendations. In short: Use 128 bits. With the method shown here this is equivalent to using 5 blocks of 4 letters (length 20).

Try the Javascript version:

Length:   Password:
Get this code via npm install securepasswords

Conveniently merge a NEWS file without conflicts

Writing a NEWS file (a list of changes per version, targeted at end-users) significantly reduces the effort for doing a release: To write your release notes, just copy the latest entries from the NEWS file into a message. It is one of the gems in the GNU coding standards: Simple yet extremely useful. (For a detailed realization, refer to the Perl Specification for CPAN Changes files.)

However when you’re developing features in parallel, for example by using a pull-request workflow and requiring contributors to update the NEWS file, you will often run into merge conflicts. Resolving these takes time, though the resolution is trivial: Just use the lines from both heads.

To resolve the problem, you can set your version tracking system to use union-merge for NEWS files.

Why Python 3?

At the Institute, we use both Python 2 and Python 3. While researching the current differences (Python 3.5, compared to Python 2.7) I found two beautiful articles by Brett Cannon, the current manager of Python, and summarized them for my work group.

The articles:

  1. Why Python 3: Why Python3 exists
  2. Why use 3: How to pitch Python 3 to Management

The relevant points for us1 are the following:


  1. I have summarized them because I can not expect scientists (or other people who only use Python) to read the full articles, just to decide what they do when they get the channce to tackle a new project. 

How to run your own GNU Hurd (in 140 letters)

Don’t want to rely on other’s opinions about the Hurd? How to run your own GNU Hurd, in 140 letters:

wget http://people.debian.org/~sthibault/hurd-i386/debian-hurd.img.tar.gz; tar xf de*hu*gz; qemu-system-x86_64 -hda de*hu*g -m 1G

This is the GNU Hurd

Which language is best, C, C++, Python or Java?

My answer to the question about the best language on Quora. If you continue reading from here, please stick with me to the end. Ready to read to the end? Enjoy the ride!

My current answer is: Scheme ☺ It gives me a large degree of freedom to explore ways to program which were much harder hard to explore in Python, C++ and Java. That’s why I’m currently switching from Python to Scheme.1

But depending on my current step on the road to improve my skills2 and the development group and project that answer might have been any other language — C, C++, Java, Python, Fortran, R, Ruby, Haskell, Go, Rust, Clojure, ….

I finally got the Freenet junit testsuite to run on Gentoo

Blindfolded Dog1

For years I developed Freenet partially blindfolded, because I could not get the tests to actually run on my Gentoo box.

As of today, that’s finally over: The testsuite runs successfully. My setup is still unclean, but it finally works. No more asking other contributors to run the tests for me.

To reproduce:

Transition to a stronger GnuPG key

I am transitioning my GnuPG key1 from an old 1024-bit key to a stronger 4096-bit key. The old key will continue to be valid for some time, but I prefer all new correspondance to be encrypted in the new key, and will be making all signatures going forward with the new key.

The old key, which I am transitioning away from, is:

sec   1024D/FE96C404 2002-02-04
  Key fingerprint = 6B05 41F0 94FF 2163 6FBA
                    2433 3307 469B FE96 C404

The new key, to which I am transitioning, is:

sec   4096R/2403C3EB 2016-01-04
  Key fingerprint = F34D 6A12 35D0 4903 CD22
                    D5C0 13EF 8D45 2403 C3EB

The transition document below is signed with both keys to validate the transition.

If you have signed my old key, I would appreciate signatures on my new key as well, provided that your signing policy permits that without reauthenticating me.

BitBucket got big on Mercurial — until they got bought by Atlassian

A comment on largefile support missing in BitBucket, despite being a much-requested feature since 2012.

Note that it’s not Atlassian which got big with Mercurial. It’s Bitbucket which got big with Mercurial, and it was later bought by Atlassian.

I agree with just one of the 10 commandments of judaism and christianity

Many christians and many people who talk about “western christian values” like to say that the 10 commandments are universal: everyone can agree with them. So I checked that. I take them by their name: are they suitable as commandments? Not as a fuzzy general guideline, but as binding rules and a foundation for a shared culture?

(1.0) I am god who lead you from slavery in egypt → uhm, no?

(1.1) You shall not have other gods → uhm, why?

The Freenet social trust graph

Are trust relationships different in anonymous networks? This article should give you the tools to find out.

Recently we were asked in the #freenet IRC channel, whether we have a copy of the trust graph in the Web of Trust plugin (which provides service discovery and spam protection).

Freenet for Journalists, funding proposal

This is a funding proposal I sent to Open Technology Fund to make Freenet suitable for Journalists and their sources. Sadly it got rejected, but maybe it helps future proposals.

Project name: Freenet for Journalists
Duration: 24 months
Amount: 800000
Contact name: Arne Babenhauserheide
Contact email: arne_bab -ät- web -punkt- de

Descriptors

  • Status: It's basically done.

Mitigate the Pitch Black attack (the simulation works)

I fixed a small bug in the simulator of thesnark. With that, the simulator shows that the defense against the Pitch Black Attack works: A small number of attackers can no longer kill parts of the keyspace and can also no longer make certain parts of the keyspace inaccessible.

Attackers can still limit the convergence of the network towards a reproduction of the small world network, but since we know that Opennet works quite well with 30% backoff, this limited convergence should suffice for efficient routing.

peer distances under attack

Python chooses Github, therefore I’m releasing the py2guile PDF for free

py2guile book

Python is the first language I loved. I dreamt in Python, I planned in Python, I thought I would never need anything else.

  Download “Python to Guile” (pdf)

You can read more about this on the Mercurial mailing list.

 - Free: html | pdf
   preview edition
   (complete)

Yes, this means that with Guile I will contribute to a language developed via Git, but it won’t be using a proprietary platform.

Conversion factor from ppmv CO₂ to Gt C

I just spent half an hour on finding the references for this, so I can spend 5 minutes providing it for others on the web.

conversion factor footnote

Translating a lookup-dictionary to bash: Much simpler than I thought

I wanted to name Transcom Regions in my plots by passing their names to the command-line tool, but I only had their region-number and a lookup dictionary in Python. To avoid tampering with the tool, I needed to translate the dictionary to a bash function, and thanks to the case statement it was much simpler than I had expected.

This is the original dictionary:

GNU Guix in 5 minutes

So you get excited when you hear about surviving a power-outage during updates without a hitch and you want to give Guix a try — but woes, you only have 5 minutes of time?

Fear not, that’s enough to get it up and running — all the way to per-user environments and package install as non-priviledged user!

The instructions here are from the official docs, specialized for a GNU Linux host and cut to what I need in a working system.

as user:

$ cd /tmp
$ wget ftp://alpha.gnu.org/gnu/guix/guix-binary-0.8.3.x86_64-linux.tar.xz
Inhalt abgleichen
Willkommen im Weltenwald!



Beliebte Inhalte

sn.1w6.org news