I've updated my .plan file once more. The usual warnings apply.
Boots: 14 hole Doc Martens, black, real leather.
Wipe down with damp paper towels.
Wipe down with dry paper towels.
Coat with Dr. Martens Wonder Balsam using included sponge. Be sure to work balsam into stitches and exposed edges. I ordinarily don't like to shill for particular products, but I started using this stuff to help break in my boots (it makes the leather softer, so it adapts to your feet more readily) and I was wearing them clubbing within a month of getting them (instead of six months to a year). It's amazing stuff.
Wait half an hour. Get some coffee, go for a run, something like that.
Buff balsam off with a clean, dry cloth. I use a regular washcloth set aside for doing my boots.
Prep your boot polish. I like Kiwi Shoe Polish Paste, just make sure it's the right color for your boots. Pop the lid and set the polish on fire with a lighter or matches. No, seriously, I mean set it on fire. The polish will melt faster than it burns. When at least half the polish is burning, drop the lid back on and make sure it closes completely.
Wait. The flame will burn itself out because the oxygen inside the container (there isn't much) will be used up. Wait for the pressure to build up inside the tin and pop the lid off with a festive "Poing!"
(If this doesn't happen inside of five minutes, just open the tin. No big deal.)
The shoe polish is now a thick goop instead of a waxy mass. Apply polish to your boots with a sponge.
Wait another half hour.
Buff dried polish off with a clean, dry cloth. I usually flip the washcloth over and use that, but do whatever works. Rub until the finish doesn't look smoky anymore. Mine tend to look clean but a little on the dull side. That goes away as I wear them for a while.
Re-lace and wear for an hour or two to take advantage of the new dose of balsam soaked into the leather making it a bit softer than usual.
Repeat every one or two months, or after cleaning them if they get dirty.
I've mentioned in the past that my exocortex incorporates a number of different kinds of bots that do a number of different things in a slightly different way than Huginn does. Which is to say, rather than running on their own and pinging me when something interesting happens, I can communicate with them directly and they parse what I say to figure out what I want them to do. Every bot is function-specific so this winds up being a somewhat simpler task than it might otherwise appear. One bot runs web searches, another downloads files, videos, and audio, another wakes up and look sat system stats every minute... but where does this all start? How does it all fit together?
It starts with Jabber, the humble XMPP protocol.Click for the rest of the article...
So, here's the situation:
On Windbringer, I habitually run LXDE as my desktop environment because it's lightweight and does what I need: It manages windows, gives me a menu, and stays out of my way so I can do interesting things. For years I've been using a utility called GKrellm to implement not only system monitoring on my desktop (because I like to know what's going on), but to set and change my desktop background every 24 hours. However, GKrellm has gotten somewhat long in the tooth and I've started using something different for realtime monitoring (but that's not the point of this post). So, the question is, how do I set my background now? Conky doesn't have that capability.
I tried a few of the old standbys like feh and nitrogen, but they didn't seem to work. The reason for this appears to be that PCmanFM, which is both the file manager and the desktop... stuff... of LXDE. By this, I refer to the desktop icons as well as the background image. As it turns out, nothing I tried to change the background worked, and that is due to the fact that PCmanFM is a jealous desktop module and doesn't let other tools frob the settings it's in charge of. After some tinkering, here's how I did it:
Short form: pcmanfm -w `ls -d -1 /home/drwho/backgrounds/* | shuf -n 1`
Long form (from inside to outside):
- ls -d -1 /home/drwho/backgrounds/* - List all of the files in /home/drwho/backgrounds. Show the full path to each file. List everything in a single column.
- | - Feed the output of the last command to the input of the next command.
- shuf -n 1 - shuf is a little-known GNU Coreutils tool which randomly shuffles whatever things you give it. It only returns one line of output, a randomly chosen image file.
- The output of the previous two commands (captured between back-ticks) is passed to...
- pcmanfm -w - Set the current desktop background to whatever filename is passed on the command line as a free action.
To set an initial background when I log in, I added the following command to my ~/.config/lxsession/LXDE/autostart file: @pcmanfm -w `ls -d -1 /home/drwho/backgrounds/* | shuf -n 1`
This means that the command will run every time my desktop starts up. The @ symbol tells lxsession to re-run the command if it ever crashes. However, how do I change my background periodically?
The easiest way to set that up was to set a cron job that runs every day. Every user gets their own set of cron jobs (called a crontab) so you don't need any particular privileges to do this (unless your machine's really locked down). If you've never set a cronjob before, the command I used was this: crontab -e
My cronjob looks like this: 00 10 * * * pcmanfm -w `ls -d -1 /home/drwho/backgrounds/* | shuf -n 1`
"At 10:00 hours every day, run the following command..."
And there you have it. One randomly set desktop background in LXDE.
Incidentally, if you're curious about all the nifty things you can do with cron, I recommend playing around at crontab.guru, it's an online editor for crontab settings. It's good for experimenting in such a way that you don't have to worry about messing up your system, and it's also handy for figuring out particularly arcane cronjobs.
Binder Hell - noun - The state of being stuck dealing with varying numbers of people on the phone who are only functionally capable of putting you through processes documented in their three ring binders, even though none of those processes will actually fix the problem you have. Symptomatic of an over-engineered system which has all but programmed out common sense and initiative. For example, a company which is so hell-bent on keeping customers will needlessly obfuscate or entirely eliminate processes that let customers cancel their service. As another example, a telecom provider which demands the serial number of your SIM card when your device doesn't actually have a SIM card.
It's been an interesting couple of weeks, to be sure. While lots of different things have been going on lately, none of them are related in any particularly clear or straightforward fashion, so fitting all of this stuff together is going to be a bit of a struggle. You may as well kick back with the beverage of your choice in a responsible fashion while I spin this yarn.
I suppose it all started with wardriving in northern Virginia many years ago. In a nutshell, I had loaded Windbringer up with a rather small for the time USB GPS unit, installed Kismet, put the wifi NIC into monitor mode so it would pick up frames from every access point within range, and went driving around for a couple of hours. The idea is that the software records the datestamp and GPS coordinates at which you picked up the strongest signal from a wireless access point. Rinse, repeat for as long as your power cells hold out, or as long as you care to drive, bike, walk, ski, or employ any other means of personal transportation to move around. At the time I was uploading my results to wigle.net to contribute to their crowdsourced global map of wireless coverage. Then I moved, and I seem to have accidentally tripped Wigle's bot detector (probably because I was going out for many hours at a time to cover very large areas). End result, I didn't go wardriving for a very long time.
A couple of months back I decided that I needed to get more exercise than I could get at home (which I'll probably ramble about in a later post) so I joined the local gym. Doing so gave me access to a much more broad selection of equipment to work with, and a lot more space than my office at home. There isn't much to say on that particular point other than it's been a great investment, and I spent a nontrivial amount of downtime there working out. While I haven't lost weight per se, I do seem to be trading some amount of body fat for muscle mass. I don't know how much adipose tissue I've actually lost but my clothes are getting tight against my body in different ways than before. I guess that's something.Click for the rest of the article...
If you're plugged into the open source or business communities to any degree, you've probably heard buzz that Microsoft is considering buying Github, an online service with a history of having a toxic work environment due to pervasive sexual harassment but still remains the de facto core of collaboration of the open source community - source code hosting, ticket tracking, archival, release management, documentation, project webpage hosting, and generally learning how to use the Git version control system. At this point it's unclear if they're considering merely investing in the company (currently valued in the neighborhood of $5bus) or buying it outright, the way they did LinkedIn. Github is certainly an attractive property for Microsoft to consider: The service currently has something like 23 million user accounts and 1.5 million organizations. I don't think anybody's tried to count the lines of code that Github stores and serves copies of. It's been observed that Microsoft seems to be carrying out a strategy of controlling as many of the access points to the tech job market. Not only is Github a highly useful service for managing software projects, but if you're trying to get a job in a technical field having a Github account and a couple of repositories is practically a pre-requisite.
There's also the issue that at least some parts of Microsoft have no qualms against stealing things they think will be useful and filing the identifying features off (local mirror), and fuck the license. By this, I refer to Learna. But now I'm getting a little off-track.
As one might imagine, once word got around people began expressing their intention to bail on Github if the takeover went through. Not that there are no alternatives to Github which not only have many of the same features but are self-hosted, meaning that all you need to do is get an inexpensive virtual machine someplace, install the package, set up backups (you DO back your stuff up, right?), pull your stuff out of Github (easy to do because just about everything is a Git repository), and then push it all back up to your new server. This is possible because when you clone a Git repository, you get the entire history of the repo - every change ever made, from the very first gets copied to your workstation. This means that if you then do a `git push` to a new repository, you're effectively making a backup copy of the entire thing to that new remote. This also means that if there is even a single copy of a Git repository someplace, you can reconstitute the entire project. This is how I maintain multiple copies of my projects' source code repos simultaneously. Among these self-hosted alternatives to Github are Gitlab (which is a bit of a bear to maintain, I'm told), Gogs, Gitea, and even Keybase's Git support.
There is, however, another option that I'd like to talk about a little, which I think would be a good alterantive to Github. It's called Fossil.Click for the rest of the article...
vulnerability - noun - A group of one or more blockchains.
(source: Sarah Jamie Lewis)
A fact of life in the twenty-first century are data breaches - some site or other gets pwned and tends to hundreds of gigabytes of data get stolen. If you're lucky just the usernames and passwords for the service have been taken; if you're not, credit card and banking information has been exfiltrated. Good times.
You've probably wondered why stolen passwords are dangerous. There are a few reasons for this: The first is that people tend to re-use passwords on multiple sites or services. Coupled with the fact that many online services use e-mail addresses as usernames, this means that all someone has to do is try to log into... well, everything.. with those stolen credentials and see which ones work. The second is that attackers now have lists of passwords that people actually use, and not huge dictionaries of potential passwords assembled for completeness. This means that password cracking attacks can be much more precisely targeted and will probably take less time.
There is no shortage of helpful suggestions for generating passwords that are relatively strong and easy to remember. The one that I find the most useful is the Diceware technique, which is fairly straightforward.
- Get a handful of six sided dice.
- Take a large dictionary of words where each word is numbered, and each number consists only of the digits 1 through 6, i.e., 41524
- Roll the dice. Find the word with the corresponding number in the dictionary.
- Do this until you have a long passphrase.
It's a bit tedious, though. Of course, people have written their own implementations of Diceware for various platforms and with varying states of usability. I use plain old diceware on Windbringer, mostly because it's available through the AUR but it lacks a few features that I really find useful. For one, to mix things up I like to sprinkle numbers over my generated passwords, like so: rerun-anteater-idly-00877-lining-paddling-8283
(No, I don't really use that passphrase anywhere. Come on.)
So, I decided to write my own Diceware utility in Python. I wrote it to be as self-contained as possible, which is to say as long as you have Python installed on a system it should run. The wordlist is built into the utility (which accounts for most of its size) and it's as easy to use as I can make it. I deliberately did not make some options I prefer defaults because I wanted it to be as helpful to people as possible. Per GNU standard, running ./diceware.py --help will print the online help. It's also open source so feel free to use it anywhere you like. I've tested it on Arch Linux and Mac OSX, and I don't see any reason why it wouldn't work on, say, Ubuntu or Raspbian.
Share and enjoy!
If you have multiple systems (like I do), a problem you've undoubtedly run into is keeping your bookmarks in sync across every browser you use. Of course, there are services that'll happily do this job on you behalf, but they're free, and we all know what free means. If you're interested in being social with your link collection there are some social bookmarking services out there for consideration, including what's left of Delicious. For many years I was a Delicious user (because I liked the idea of maintaining a public bookmark collection that could be useful to people), but Delicious got worse and worse every time it was sold to a new holding company. I eventually gave up on Delicious, pulled my data out, and thought long and hard about how often anybody actually used my public link collection. The answer wound up being "In all probability, not at all," largely because I never received any feedback at all, on-site or off. Oh, well.
For a couple of years I used an application called Unmark to manage my link collection, and it did a decent enough job. It also had some annoying quirks that, over time got farther and farther under my skin, and earlier this year I kicked Unmark in the head and started the search for a replacement. Quirks like, about half the time bookmarks would be saved without any of the descriptions or tags I gave them. No search API. The search function sucked so I couldn't plug my own search function in. Eventually, the Unmark hosted service started redirecting to the Github repository, and then even that redirect went away. Unmark hasn't been worked on in eight months, and Github tickets haven't been touched in about as long. In short, Unmark seems dead as a doornail.
So I migrated my link collection to a new application called Shaarli, and I'm quite pleased with it.Click for the rest of the article...