Initial commit
commit
d1509d47f4
|
@ -0,0 +1,17 @@
|
||||||
|
;; Change this
|
||||||
|
;; Change this
|
||||||
|
(setq org-publish-project-alist
|
||||||
|
'(("qorg11.net"
|
||||||
|
:base-directory "/home/qorg/docs/repos/qorg_org"
|
||||||
|
:publishing-directory "/home/qorg/docs/repos/qorg_org/out_html"
|
||||||
|
:section-numbers nil
|
||||||
|
:publishing-function org-html-publish-to-html
|
||||||
|
:table-of-contents nil
|
||||||
|
:recursive t
|
||||||
|
)))
|
||||||
|
|
||||||
|
(defun make-qorg ()
|
||||||
|
(interactive)
|
||||||
|
(org-publish "qorg11.net"))
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
#+INCLUDE: "inc/header.html" export html
|
||||||
|
#+options: toc:nil
|
||||||
|
#+OPTIONS: html-postamble:nil
|
||||||
|
#+OPTIONS: html-style:nil
|
||||||
|
#+OPTIONS: num:nil p:nil pri:nil stat:nil tags:nil tasks:nil tex:nil timestamp:nil toc:nil title:nil
|
||||||
|
#+TITLE: Suragu.net
|
||||||
|
#+HTML_HEAD_EXTRA: <link rel="stylesheet" type="text/css" href="css/styles.css"/>
|
||||||
|
#+EXPORT_FILE_NAME: about.html
|
||||||
|
|
||||||
|
* About
|
||||||
|
|
||||||
|
This (very alternative) website exists for the sole purpose of
|
||||||
|
existing. This website has no objetive purpose.
|
||||||
|
|
||||||
|
As if someone cared, here's my neofetch.
|
||||||
|
|
||||||
|
#+begin_export html
|
||||||
|
<a href="img/as_if_someone_cared.png"><img src="img/as_if_someone_cared_thumb.jpg"></a>
|
||||||
|
#+end_export
|
||||||
|
|
||||||
|
** About the person
|
||||||
|
|
||||||
|
[[./img/fermin_trujillo.jpg][Freelancer from Spain]]
|
||||||
|
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 32 KiB |
|
@ -0,0 +1,65 @@
|
||||||
|
body {
|
||||||
|
background-color: black;
|
||||||
|
font-family:monospace;
|
||||||
|
background-image: url(../img/stars.png);
|
||||||
|
|
||||||
|
}
|
||||||
|
h1, h2, h3, h4, h5, h6, p {
|
||||||
|
color: white;
|
||||||
|
}
|
||||||
|
|
||||||
|
.content {
|
||||||
|
position: relative;
|
||||||
|
margin-left: 0px;
|
||||||
|
width: 100%;
|
||||||
|
right: -130px;
|
||||||
|
max-width: calc(100% - 130px);
|
||||||
|
}
|
||||||
|
|
||||||
|
.container {
|
||||||
|
border-style:solid;
|
||||||
|
border-color:#c9423f;
|
||||||
|
padding: 10px;
|
||||||
|
margin-bottom: 10px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.cat_image {
|
||||||
|
border-style: solid;
|
||||||
|
border: 1px solid purple;
|
||||||
|
border-left: 0px;
|
||||||
|
border-top: 0px;
|
||||||
|
border-right: 0px;
|
||||||
|
|
||||||
|
}
|
||||||
|
.button > a {
|
||||||
|
text-decoration: none;
|
||||||
|
font-weight: bold;
|
||||||
|
margin-left: auto;
|
||||||
|
margin-right: auto;
|
||||||
|
font-size: 16px;
|
||||||
|
color: #6a0606;
|
||||||
|
margin: auto;
|
||||||
|
|
||||||
|
}
|
||||||
|
.button {
|
||||||
|
border: 1px;
|
||||||
|
border-style: solid;
|
||||||
|
width: 120px;
|
||||||
|
border-color: purple;
|
||||||
|
margin: 2px;
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
|
||||||
|
.sidebar {
|
||||||
|
position: fixed;
|
||||||
|
top: 0;
|
||||||
|
left: 0;
|
||||||
|
width: 125px;
|
||||||
|
height: 100%;
|
||||||
|
transition: all 0.5s ease;
|
||||||
|
border: 1px solid red;
|
||||||
|
border-top: 0px;
|
||||||
|
border-left: 0px;
|
||||||
|
background-color: rgba(42, 20, 41, .5);
|
||||||
|
|
||||||
|
}
|
Binary file not shown.
After Width: | Height: | Size: 53 KiB |
|
@ -0,0 +1,2 @@
|
||||||
|
</div>
|
||||||
|
<a href="https://soundcloud.com/akvvma/sets/unlimited-aku-works-vol-ii-la-saga-del-exilio"><img src="img/banner_akuma.png" alt="Unlimited Aku works VOL. II La saga del exilio" title="Unlimited Aku works VOL. II La saga del exilio"/></a>
|
|
@ -0,0 +1,23 @@
|
||||||
|
<div class="sidebar">
|
||||||
|
<div class="cat_image">
|
||||||
|
<a href="/">
|
||||||
|
<img src="/img/cat.gif" alt="cat">
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<div class="button">
|
||||||
|
<a href="/about.html">About</a>
|
||||||
|
</div>
|
||||||
|
<div class="button">
|
||||||
|
<a href="/tech_posts">Tech posts</a>
|
||||||
|
</div>
|
||||||
|
<div class="button">
|
||||||
|
<a href="/media.html">Media log</a>
|
||||||
|
</div>
|
||||||
|
<div class="button">
|
||||||
|
<a href="/blog">blog</a>
|
||||||
|
</div>
|
||||||
|
<div class="button">
|
||||||
|
<a href="https://git.suragu.net">git</a>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</div>
|
|
@ -0,0 +1,32 @@
|
||||||
|
#+INCLUDE: "inc/header.html" export html
|
||||||
|
#+options: toc:nil
|
||||||
|
#+OPTIONS: html-postamble:nil
|
||||||
|
#+OPTIONS: html-style:nil
|
||||||
|
#+OPTIONS: num:nil p:nil pri:nil stat:nil tags:nil tasks:nil tex:nil timestamp:nil toc:nil title:nil ^:nil
|
||||||
|
#+TITLE: SURAGU
|
||||||
|
#+HTML_HEAD_EXTRA: <link rel="stylesheet" type="text/css" href="css/styles.css"/>
|
||||||
|
#+HTML_HEAD_EXTRA: <meta name="viewport" content="initial-scale=1,maximum-scale=1,user-scalable=no" />
|
||||||
|
#+EXPORT_FILE_NAME: index.html
|
||||||
|
|
||||||
|
* suragu.net
|
||||||
|
Welcome to suragu.net! My personal website. In which you can read my
|
||||||
|
philosophical posts or my posts about technology.
|
||||||
|
|
||||||
|
* Contact
|
||||||
|
|
||||||
|
You can contact me through email: chief_keef at riseup dot net or
|
||||||
|
XMPP: keef at this domain
|
||||||
|
* Donate
|
||||||
|
|
||||||
|
If you appreciate my work and wish to say thanks, you can send money
|
||||||
|
to any of these cryptocurrencies addresses:
|
||||||
|
|
||||||
|
- Monero: 87nNzDdnACV614EuueWcwiX16hYNr9cVMACzYExHvGRRf2sHDUydjNvFvoMRBRbJntgxanvE9vzGxLTgenydK8PuSMq9aXC
|
||||||
|
- Bitcoin: bc1q8k6f3ja8na82wl6ehw73uhy67d45pkhs63yvy5
|
||||||
|
|
||||||
|
* Mirrors
|
||||||
|
#+begin_export html
|
||||||
|
<p>
|
||||||
|
<a href="http://sukamuzgxigntu7issqf3y5bfsskwg5zzrzbuqjaxxmhkfoxbgiy77qd.onion">[Tor]</a> <a href="http://46egvt2hpvkqwm5xw4wyyozp6hkwvnmbcys7bi6rh4o4wktllpea.b32.i2p/">[I2P]</a>
|
||||||
|
</p>
|
||||||
|
#+end_export
|
|
@ -0,0 +1,172 @@
|
||||||
|
#+INCLUDE: "inc/header.html" export html
|
||||||
|
#+options: toc:nil
|
||||||
|
#+OPTIONS: html-postamble:nil
|
||||||
|
#+OPTIONS: html-style:nil
|
||||||
|
#+OPTIONS: num:nil p:nil pri:nil stat:nil tags:nil tasks:nil tex:nil timestamp:nil toc:nil title:nil
|
||||||
|
#+TITLE: Suragu.net
|
||||||
|
#+HTML_HEAD_EXTRA: <link rel="stylesheet" type="text/css" href="css/styles.css"/>
|
||||||
|
#+EXPORT_FILE_NAME: marijuana_reviews.html
|
||||||
|
|
||||||
|
* SURAGU’s Marijuana Reviews
|
||||||
|
|
||||||
|
Creativity, It’s a known fact that grass increases creativity from
|
||||||
|
eight to eleven times. In fact, everyone finds they’re more creative
|
||||||
|
stoned than straight. Humans have always been very creative at the
|
||||||
|
time to get high. In Spain, stoners were so bored that they found a
|
||||||
|
legal loophole that allowed them to legally consume and sell dispense
|
||||||
|
Cannabis buds. Since I joined one of those clubs, my vision of a
|
||||||
|
fucking plant has changed so damn much. Like everything in
|
||||||
|
contemporany society, you have so much choice it’s depressing. In this
|
||||||
|
post I will review all the strains I have tried.
|
||||||
|
|
||||||
|
But I won’t say “this shit dope” because that would be too boring. And
|
||||||
|
I’m also not going to explain how each bud helps you with insomnia,
|
||||||
|
anxiety, depression and ADHD because despite recent research shows
|
||||||
|
it’s not so darn harmful, i’m not an idiot either.
|
||||||
|
|
||||||
|
So I’ll review the buds using Pen & Pixel Graphics album covers. I am
|
||||||
|
not rating the weed on how good the album is. Just in how weird the
|
||||||
|
cover is.
|
||||||
|
|
||||||
|
I’d like to thank my friend Endemic for the idea of making weed
|
||||||
|
reviews with album covers, for showing me all this awesome music and
|
||||||
|
helping me choose the covers.
|
||||||
|
|
||||||
|
Whatever weed you’re smoking. And despite whatever these reviews says
|
||||||
|
about each strain, there’s this quote from Kabuto Makai I the Great
|
||||||
|
that you should never forget:
|
||||||
|
|
||||||
|
“Sea Indica o Sativa me da igual que guay está la keli echandose
|
||||||
|
un mai”
|
||||||
|
|
||||||
|
** Amnesia (grass)
|
||||||
|
|
||||||
|
Amnesia Haze is a classic, is a strain that anyone who has been
|
||||||
|
smoking real weed for more than 2 minutes has tried. With more than
|
||||||
|
20% of THC, the shit will get anyone high. I will give this strain the
|
||||||
|
rating of DJ Screw - The Legend.
|
||||||
|
|
||||||
|
[[./img/covers/thelegend.jpg]]
|
||||||
|
|
||||||
|
DJ Screw in the sky with a skull behind him it’s something I could
|
||||||
|
have never thought of. And going to a cannabis club is also something
|
||||||
|
I would have never thought of. I also find it pretty funny that
|
||||||
|
there’s a car with Screw by its side.
|
||||||
|
|
||||||
|
** Amnesia (Hash)
|
||||||
|
|
||||||
|
Advantages of going to a Cannabis Social Club is that you know that
|
||||||
|
you’re smoking quality grass and quality hash. The hash here is made
|
||||||
|
by the dudes who work at the club, not by a moor sweating in his
|
||||||
|
room. So it has a very high quality.
|
||||||
|
|
||||||
|
The thing with hash is that it is hash. Too strong for some. But me?
|
||||||
|
It only leaves me thinking very weird funny things and I’m so relaxed
|
||||||
|
I can’t move. Then I move to some kind of backrooms. In which I find
|
||||||
|
myself listening to whatever Antonio Recio is saying. Great
|
||||||
|
experience. Amnesia Hash deservers nothing less than Lil Keke - The
|
||||||
|
commision
|
||||||
|
|
||||||
|
[[./img/covers/thecommision.jpg]]
|
||||||
|
|
||||||
|
Where do I start? Where are them? First time I thought it I felt like
|
||||||
|
this was a GTA San Andreas mission. Like the dudes are in the Four
|
||||||
|
Dragons Casino. And I like how the dude is peacefully smoking a cigar
|
||||||
|
when he got 2 bodyguards. I don’t know. It is pretty surreal.
|
||||||
|
|
||||||
|
** Amnesia Hy-Pro
|
||||||
|
|
||||||
|
I don’t even know what Hy-Pro means. The friend who sold me this told
|
||||||
|
me that it has a shitton of THC. I believe him. It did indeed had a
|
||||||
|
shit ton of THC. It was a psychedelic experience. So high I didn’t
|
||||||
|
even know my name. I have not felt something similar to that since
|
||||||
|
then. So I can give this thing nothing less than Juvenile - 400
|
||||||
|
Degrees
|
||||||
|
|
||||||
|
[[./img/covers/400degres.jpg]]
|
||||||
|
|
||||||
|
I wish I could know where to start with this cover. First we can see
|
||||||
|
that they’re in hell. And there’s this dude burning money. and a gold
|
||||||
|
watch. Dude’s rich and he’s showing off. Then we can see, similary to
|
||||||
|
DJ Screw’s The Legend, a giant face of the same dude in the
|
||||||
|
sky. Presumably Juvenile is the devil. If you look both at the left
|
||||||
|
and right side, you can see, scot-free, hookers. Why are there hookers
|
||||||
|
in hell? I can’t tell. Then you have the Parental Advisory sticker. I
|
||||||
|
couldn’t have known.
|
||||||
|
|
||||||
|
** Chocolope
|
||||||
|
|
||||||
|
Chocolope is a Sativa-Dominant strain. Marijuana journalists says that
|
||||||
|
it has a sweet flavour, tasting simillary to chocolate. In my
|
||||||
|
experience, it just tasted like marijuana smoke. I’ve had better highs
|
||||||
|
in my life. Nevertheless Chocolope is a good strain that gives a good
|
||||||
|
effect. Used it to saw Perturbator live and had a great
|
||||||
|
experience. The Chocolope deserves Three 6 Mafia - The end
|
||||||
|
|
||||||
|
[[./img/covers/theend.jpg]]
|
||||||
|
|
||||||
|
I don’t even know how to explain this cover. What are they on? Is that
|
||||||
|
a car? A giant stereo? I genuinely can’t tell. But for some reason
|
||||||
|
they’re into outer space and you can see the earth behind them. The
|
||||||
|
earth is exploding. Maybe it is trying to say that only Three 6 Mafia
|
||||||
|
survived the apocalypse by riding a giant stereo. Riding a giant
|
||||||
|
stereo to outer space is something that could only happen in Memphis,
|
||||||
|
Tennesse.
|
||||||
|
|
||||||
|
** Unknown Indica Strain
|
||||||
|
|
||||||
|
We got a Special Joint for this mysterious strain we can’t remember
|
||||||
|
the name of. We have vague indications that the strain name was
|
||||||
|
“Wedding cake”. Thing is that we thought that C. Indica were for
|
||||||
|
pussies. We were so damn wrong. We were nailed to the couch for at
|
||||||
|
least 15 minutes. To this thing I can only give SSUR - Guerrillas in
|
||||||
|
the midst
|
||||||
|
|
||||||
|
[[./img/covers/guerrilla.jpg]]
|
||||||
|
|
||||||
|
Why does the Che Guevara look like a Monkey, why are there hookers if
|
||||||
|
they’re in the guerrilla. What’s up with the explosion, what’s with
|
||||||
|
all the money? I’d frame this cover if I could.
|
||||||
|
|
||||||
|
** Terps (Hash)
|
||||||
|
|
||||||
|
It is impossible for a Allah’s Follower to make bad hash. These
|
||||||
|
“Terps” is dry extraction of hash. I don’t know what “Dry” means. My
|
||||||
|
Marijuana Master doesn’t know what “Dry” is. So I just asume it is
|
||||||
|
just zoomer expression to say that a hash is good. But to answer the
|
||||||
|
question if “Was it good?” The answer is the following picture:
|
||||||
|
|
||||||
|
[[./img/covers/greatesthits.jpg]]
|
||||||
|
|
||||||
|
We smoked this hash mixed with Weed Marijuana. When we left the CSC,
|
||||||
|
we were in another dimension. Sadly we had to catch the bus later. We
|
||||||
|
were there and all of us started to feel exagerately dizzy. I don’t
|
||||||
|
rememebr anything that happened in the hour of bus. I just remember
|
||||||
|
that I was listening to some music, I can only rememeber “My mind went
|
||||||
|
blank” my DJ Screw (The Legend). Then they woke me up. First thing I
|
||||||
|
see is a bottle full of vomit.
|
||||||
|
|
||||||
|
** Santa Sativa
|
||||||
|
|
||||||
|
#+begin_quote
|
||||||
|
santa: 1. adj sacred; hallowed: holy ground
|
||||||
|
#+end_quote
|
||||||
|
Santa Sativa is a Sativa Dominant Weed Marijuana strain. Relatively
|
||||||
|
high THC and low CBD. First time we tried this the Terps Incident
|
||||||
|
happened. So the weed must have been good shit. Then we smoked this
|
||||||
|
shit and unbeliable things happened. Everyone I thought to be Cannabic
|
||||||
|
Senseis said this strain was one of the best herbs they have ever
|
||||||
|
consumed. Thus, this strain deserves nothing less than: Snoop Dogg -
|
||||||
|
Da Game Is To Be Sold. Not To Be Told.
|
||||||
|
|
||||||
|
[[./img/covers/dagame.jpg]]
|
||||||
|
|
||||||
|
This masterpiece of the contemporany art is deleightful for our
|
||||||
|
eyes. We can see the motherfucking d-o double g holding a walking
|
||||||
|
stick made from gold. For undisclosed reasons. He is outside the
|
||||||
|
“Snoop World” (See Montana Management Co.) The thing is that his
|
||||||
|
mansion looks like a fucking castle you’d see in Disney
|
||||||
|
World. Perspective fucks with us so much in this one. As he is behind
|
||||||
|
Snoop World mansion, he’s sitting in the bonnet. Smoking what seems to
|
||||||
|
be a Swisher Sweet and his arm is in another car. There are also three
|
||||||
|
dogs in the pictures with shining diamonds.
|
|
@ -0,0 +1,131 @@
|
||||||
|
#+INCLUDE: "inc/header.html" export html
|
||||||
|
#+options: toc:nil
|
||||||
|
#+OPTIONS: html-postamble:nil
|
||||||
|
#+OPTIONS: html-style:nil
|
||||||
|
#+OPTIONS: num:nil p:nil pri:nil stat:nil tags:nil tasks:nil tex:nil timestamp:nil toc:nil title:nil ^:nil -:nil
|
||||||
|
#+TITLE: suragu.net - Media I've consumed
|
||||||
|
#+HTML_HEAD_EXTRA: <link rel="stylesheet" type="text/css" href="css/styles.css"/>
|
||||||
|
#+EXPORT_FILE_NAME: media.html
|
||||||
|
|
||||||
|
* Media I've consumed
|
||||||
|
Well, someone has said, that in this world there are people for
|
||||||
|
everything, or "it takes all sorts to make a world", so there must be
|
||||||
|
someone interested on the media I consume and what I think about
|
||||||
|
it. So here are music albums, movies and similar.
|
||||||
|
|
||||||
|
As i'm not a professional rater, I'm not gonna rate them, in numbers,
|
||||||
|
i'll just say what I think about the thing and that's it.
|
||||||
|
|
||||||
|
Pssss. You can get some of the media listed [[https://files.suragu.net/][here]].
|
||||||
|
|
||||||
|
** Movies
|
||||||
|
I love the "guy who think he's cool" cinema.
|
||||||
|
|
||||||
|
- *Pulp Fiction (1994)*: The movie is stupid, ridicolous and most
|
||||||
|
pejorative adjectives you can think of. But it's my favorite movie
|
||||||
|
nevertheless.
|
||||||
|
- *Kill Bill (2003-2004)*: Good movies.
|
||||||
|
- *Trainspotting (1996)*: Movie about [[https://concealed.world/home.php][Scottish Drug addicts]]. The thing
|
||||||
|
sends a Good Message. And the movie is really enjoyable.
|
||||||
|
- *T2 Trainspotting (2017)*: Not as good as the original but still
|
||||||
|
passable.
|
||||||
|
- *Ghost in the Shell (1995)*: It's the only anime movie i've
|
||||||
|
watched. It's pretty cyberpunk so i like it.
|
||||||
|
- *Torrente: El brazo tonto de la ley (1997)*: Fucking funny garbage, if
|
||||||
|
i wasn't high i wouldn't have liked the thing.
|
||||||
|
- *Torrente 2: Misión en Marbella*: Idem
|
||||||
|
- *El día de la Bestia (1995)*: My favorite movie this country has made
|
||||||
|
- *Acción mutante (1993)*: One of the movies i laughed the most
|
||||||
|
- *Fear and loathing in Las Vegas (1998)*: I don't know what I watched
|
||||||
|
- *Scarface (1983)*: Masterpiece.
|
||||||
|
- *Navajeros (1980)*: Funny at times but didn't like it at all.
|
||||||
|
- *El pico (1983)*: Way better than Navajeros and has a cool message.
|
||||||
|
- *El pico 2 (1984)*: This one was interesting.
|
||||||
|
- *Scary Movie (2000):* Utter shit. But THC boosts movies.
|
||||||
|
- *Ali G Indahouase:* ???
|
||||||
|
- *The Godfather (1972):* Masterpiece
|
||||||
|
- *Lady Snowblood (1973):* I loved Kill Bill. I loved this even more.
|
||||||
|
- *The great lebowski:* Same as fear and loathing in las vegas.
|
||||||
|
** Videogames
|
||||||
|
Well, now I got a decent computer in which I can play games
|
||||||
|
decently. I have completed all the storyline of these games unless
|
||||||
|
stated otherwhise.
|
||||||
|
|
||||||
|
- *Borderlands 2:* One of my favorite games.
|
||||||
|
- *Borderlands: The Pre-sequel*: Still playing it
|
||||||
|
- *Milk (out|in)side a bag of milk (out|in)side a bag of milk*: Had a [[./img/funny.png][funny frame]]
|
||||||
|
** Anime
|
||||||
|
I'm not much of an anime watcher, but eh, sure. I'm including both
|
||||||
|
anime shows and movies in this section.
|
||||||
|
|
||||||
|
- *Serial Experiments Lain*: The anime is cool. I used to simp for Lain
|
||||||
|
but then I discovered I'm suragu, not a insecure, twitter user
|
||||||
|
- *Paranoia Agent*: I remember once a linguistics teacher I had told me
|
||||||
|
to watch this anime. I watched it and I really enjoyed it. A good
|
||||||
|
satire. I have keked big to this one.
|
||||||
|
- *Texhnolyze*: Made by the same guys that made Lain. But i enjoyed this
|
||||||
|
one more than Lain
|
||||||
|
- *Haibane Renmei*: Made by the same guy as Lain and Texhnolyze, this is
|
||||||
|
the only media that made me cry and i have 0 problems admitting it.
|
||||||
|
- *The curse of Kazuo Umezu*: I can't take gore animes seriously
|
||||||
|
because I analyze the situation, which makes me laugh
|
||||||
|
uncontrollably. Altough it was fun to watch.
|
||||||
|
- *Shoujo Tsubaki (1992)* : The thing stated above doesn't apply for this
|
||||||
|
one. This one is actually depressing.
|
||||||
|
- *Belladonna of Sadness (1973)*: Masterpiece. The Japanese version of
|
||||||
|
Pink Floyd's The Wall. Psychedelic, deep, and weird.
|
||||||
|
|
||||||
|
** Books
|
||||||
|
I know how to read
|
||||||
|
|
||||||
|
- *Neuromancer (1984)*: A drugaddict hacker needs to make money but he
|
||||||
|
can't work because he stole from his bosses.
|
||||||
|
** Music
|
||||||
|
This shit will never be complete.
|
||||||
|
|
||||||
|
- *Big Moe - City of Syrup*
|
||||||
|
- *bôa - Twilight*
|
||||||
|
- *CCR - Pendulum*
|
||||||
|
- *Chief Keef - Finally Rich*
|
||||||
|
- *Chief Keef - The Leek, Vol. 1:* Sounds like Korean Vaporwave
|
||||||
|
- *D.R.I. - Crossover* All songs are the same to be honest
|
||||||
|
- *D.R.I. - Thrash zone* Cool
|
||||||
|
- *DJ Screw - All screwed up Vol. II*
|
||||||
|
- *DJ Screw - 3 N’ The Mornin’ Part One*
|
||||||
|
- *DJ Screw - 3 N' The Mornin' Part Two*
|
||||||
|
- *DJ Screw - The Legend*
|
||||||
|
- *Dr. Octagon - Dr. Octagonecologyst*: Kool Keith is a genius.
|
||||||
|
- *Dr. DOOOM - First come, first served*
|
||||||
|
- *Denzel Curry - Melt my eyez see your future*
|
||||||
|
- *Envidia Kotxina - Asi en la tierra komo en el zielo+*
|
||||||
|
- *Gospel - The Moon is a Dead world*
|
||||||
|
- *Iron Maiden - Somewhere in time* My favorite album from these dudes
|
||||||
|
- *Kanye West - My Beautiful Dark Twisted Fantasy (2010)*
|
||||||
|
- *Kendrick Lamar - DAMN.*
|
||||||
|
- *Kendrick Lamar - Section.80*
|
||||||
|
- *Kendrick Lamar - good kid, m.A.A.d. city:* I listen to this album at night while doing stuff and I like it.
|
||||||
|
- *King Geedorah - Take me to your leader
|
||||||
|
- *Living Death - World neuroses* It’s alright
|
||||||
|
- *MF DOOM - MM..FOOD*
|
||||||
|
- *Metallica - Kill ’em all*
|
||||||
|
- *Metallica - Ride the lighting*
|
||||||
|
- *Metallica - Master of Puppets*
|
||||||
|
- *Metallica - …And Justice for All*
|
||||||
|
- *Megadeth - Rust in peace*
|
||||||
|
- *Megadeth - Countdown to extinction*
|
||||||
|
- *Megadeth - Youthanasia*
|
||||||
|
- *MF Grimm - The hunt for the Gingerbread man:* Underrated.
|
||||||
|
- *Madvillain - Madvillany: Masterpiece.*
|
||||||
|
- *Makaveli - The Don Killuminati: The 7 Day Theory*
|
||||||
|
- *Neutral Milk Hotel - In the airplane over the sea:* Dude please learn how to sing.
|
||||||
|
- *Scattle - Backup*
|
||||||
|
- *Scattle - Visitors*
|
||||||
|
- *TOOL - Lateralus*
|
||||||
|
- *Viktor Vaughn - Vaudeville Villain*
|
||||||
|
- *Wu-Tang Clan - Enter the Wu-Tang*
|
||||||
|
- *Zabutom - Zeta force*
|
||||||
|
- *cLOUDEAD - cLOUDEAD*
|
||||||
|
- *death’s dynamic shroud.wmv - I’ll try living like this*: Used to love it. Now it gives me anxiety.
|
||||||
|
- *smashing pumpkins - mellon collie and the infinite sadness:* My mother likes it
|
||||||
|
- *suicideboys - I want to die in new orleans + some of their EPs*
|
||||||
|
- *わたしのココ - カラダは正直:* I was told by my friend that this was noise, I thought noise was about making music breaking plates and stuff. Album was good.
|
|
@ -0,0 +1,482 @@
|
||||||
|
#+INCLUDE: "inc/header.html" export html
|
||||||
|
#+options: toc:nil
|
||||||
|
#+OPTIONS: html-postamble:nil
|
||||||
|
#+OPTIONS: html-style:nil
|
||||||
|
#+OPTIONS: num:nil p:nil pri:nil stat:nil tags:nil tasks:nil tex:nil timestamp:nil toc:nil title:nil
|
||||||
|
#+TITLE: suragu.net - OpenBSD
|
||||||
|
#+HTML_HEAD_EXTRA: <link rel="stylesheet" type="text/css" href="css/styles.css"/>
|
||||||
|
#+EXPORT_FILE_NAME: openbsd.html
|
||||||
|
* Fear and Loathing in OpenBSD, or my experiences with OpenBSD
|
||||||
|
The other day I woke up and I thought "I'm going to migrate my server
|
||||||
|
to OpenBSD for absolutely no reason". And so I did. The operating
|
||||||
|
system have been a pain and a pleasure simultaneously, and in this
|
||||||
|
page I intend to give my experiences with it.
|
||||||
|
|
||||||
|
I will be updating this page as I have more experiences with
|
||||||
|
OpenBSD. So add this page to your booksmarks!
|
||||||
|
|
||||||
|
Last update. 2022-06-09
|
||||||
|
|
||||||
|
For questions or comments on this article feel free to reach me out at
|
||||||
|
teru-sama [at] riseup [dot] net
|
||||||
|
|
||||||
|
** Installation
|
||||||
|
The installation process was pretty straightforward, it was just
|
||||||
|
enter, enter, enter, altough I had to connect an ethernet cable for it
|
||||||
|
to download some necessary firmware (so I could use the network card)
|
||||||
|
and thus, the wireless connection.
|
||||||
|
|
||||||
|
** Setting up services
|
||||||
|
*** httpd(8)
|
||||||
|
The website you're in is the website I care the most, kill-9 can wait
|
||||||
|
because that's only a website in which i complain about
|
||||||
|
things. Complaining about everything is not good because in this life,
|
||||||
|
well, in Ozzy Osbourne words, "Learn how to love and forget how to
|
||||||
|
hate". So I'd rather focus on ebin.city and suragu.net for the
|
||||||
|
time.
|
||||||
|
|
||||||
|
OpenBSD ships with the =httpd= web server. A really simple and very
|
||||||
|
secure http server. The main config file is =/etc/httpd.conf= which
|
||||||
|
has a very simple, human readable syntax.
|
||||||
|
|
||||||
|
One of the features of this webserver is that chroots to a
|
||||||
|
directory. Meaning that, to the web server, anything before the given
|
||||||
|
directory (=/var/www= by default), does not exist. So if a vulnerability
|
||||||
|
is found, the attacker can't do much things, as the attacker can't go
|
||||||
|
beyond =/var/www=.
|
||||||
|
*** slowcgi(8)
|
||||||
|
OpenBSD comes out-of-the-box with a FastCGI implementation, which is
|
||||||
|
very simple to use. you only have to add =fastcgi= at the desired site
|
||||||
|
in =httpd.conf= . The following configuration file is enough to
|
||||||
|
execute CGI scripts.
|
||||||
|
#+begin_src conf-space
|
||||||
|
server "suragu.net" {
|
||||||
|
listen on * port 80
|
||||||
|
root "sites/suragu.net"
|
||||||
|
location "/*.cgi" {
|
||||||
|
fastcgi
|
||||||
|
root "sites/suragu.net"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
But not so fast! Remember that httpd runs in a chroot? Well, your CGI
|
||||||
|
apps won't work by default, because the chroot lacks the binaries that
|
||||||
|
are necessary to execute the program. So if your CGI appliaction is a
|
||||||
|
perl script, you'll have to do something like =cp /usr/bin/perl
|
||||||
|
/var/www/bin=. If your Perl script uses third-party modules, you'll
|
||||||
|
have to copy them to anything that is in =@INC=, so
|
||||||
|
=/usr/var/www/usr/lib/perl5= or something like that. Also your chroot
|
||||||
|
will lack all the core utils. I just installed plan9port and copied
|
||||||
|
the files to =/var/www/bin=, which is more than enough.
|
||||||
|
|
||||||
|
As mentioned before. I haven't been able to setup werc in httpd. Not
|
||||||
|
sure why. I might try to reinstall it some other day. But I guess I'd
|
||||||
|
have to use another server to do that.
|
||||||
|
|
||||||
|
As of 2022-06-02 I got werc to werk under httpd. The config file is a
|
||||||
|
bit weird, but it worked. Altough I had to install an older werc
|
||||||
|
version because the most recent one had some issues. This is the
|
||||||
|
config that worked. Thanks to solene in IRC for the pattern!
|
||||||
|
|
||||||
|
#+begin_src conf-space
|
||||||
|
server "kill-9.xyz" {
|
||||||
|
alias "www.kill-9.xyz"
|
||||||
|
listen on 127.0.0.1 port 1340
|
||||||
|
|
||||||
|
listen on * tls port 443
|
||||||
|
|
||||||
|
tls {
|
||||||
|
certificate "/etc/ssl/kill9cert.pem"
|
||||||
|
key "/etc/ssl/kill9key.pem"
|
||||||
|
}
|
||||||
|
|
||||||
|
# If there's a dot in the URL (i.e. a file extension, don't run it as
|
||||||
|
# a CGI script.)
|
||||||
|
|
||||||
|
location match "%s*%.%s*" {
|
||||||
|
root "/werc/sites/kill-9.xyz"
|
||||||
|
no fastcgi
|
||||||
|
}
|
||||||
|
|
||||||
|
location match "/" {
|
||||||
|
fastcgi param SCRIPT_NAME "/werc/bin/werc.rc"
|
||||||
|
fastcgi param SCRIPT_FILENAME "/werc/bin/werc.rc"
|
||||||
|
fastcgi param DOCUMENT_ROOT "/werc/sites/kill-9.xyz"
|
||||||
|
}
|
||||||
|
root "/werc/sites/kill-9.xyz/"
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
And then I tried to install cgit. When clonning from httpd I got an
|
||||||
|
error I've never got before. Something like "Recieved HTTP/0.9 when
|
||||||
|
not allowed". I don't know what the hell =httpd(8)= meant by that. But
|
||||||
|
it was fixed by nuking the repos and pushing them again from
|
||||||
|
scratch. I guess it had something to do with file corruption. But you
|
||||||
|
have to be crazy on acid to think that sending HTTP/0.9 is a good way
|
||||||
|
to tell a file is corrupted.
|
||||||
|
*** Darknets
|
||||||
|
Not much difference from how you'd install Tor & I2P in a Linux
|
||||||
|
machine. Just install the tor and i2pd packages using =pkg_add(1)= and
|
||||||
|
configure them normally. I had to copy the old private keys from my
|
||||||
|
old machine to the new server. But that was not a big issue. I also
|
||||||
|
migrated from the classic I2P, written in Java to i2pd. Not because I
|
||||||
|
dislike the Java I2P, I think it is, along with Freenet, the only good
|
||||||
|
software written in Java. I just wanted to keep the server as light as
|
||||||
|
possible. And i2pd is way lighter than Java I2P.
|
||||||
|
|
||||||
|
** Programming in OpenBSD
|
||||||
|
OpenBSD claims to be the most secure UNIX out there. This is probably
|
||||||
|
true as it has much features, such as the W^X thing. Which means
|
||||||
|
memory can be written or executed, but not both. Basically an attacker
|
||||||
|
could not execute a buffer overflow attack. Because he can only
|
||||||
|
write. But not execute it. This thing was introdouced in 2003.
|
||||||
|
*** pledge(2)
|
||||||
|
OpenBSD takes security very seriously. This was the reason to be of
|
||||||
|
the =pledge()= syscall. Pledge does, as defined by the manpage:
|
||||||
|
"restrict system operations". This is the prototype:
|
||||||
|
=pledge(const char *promises, const char *execpromises);=
|
||||||
|
|
||||||
|
Check the manpage for the possible promises. This is a quick example:
|
||||||
|
|
||||||
|
|
||||||
|
#+begin_src c
|
||||||
|
#include <stdio.h> /* printf() */
|
||||||
|
#include <unistd.h> /* pledge() */
|
||||||
|
#include <sys/stat.h> /* chmod() */
|
||||||
|
|
||||||
|
int
|
||||||
|
main(void)
|
||||||
|
{
|
||||||
|
/* stdio promise allows basic input output operations. Check the
|
||||||
|
,* manpage for the syscalls this promise allows. */
|
||||||
|
pledge("stdio", "");
|
||||||
|
|
||||||
|
chmod("/etc/passwd",0644);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
/* This code will crash at runtime. the "stdio" promise doesn't
|
||||||
|
,* allow the chmod() syscall. */
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
Running that code will prodouce the following output:
|
||||||
|
|
||||||
|
#+begin_src sh
|
||||||
|
Abort trap (core dumped)
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
This is very useful, imagine that for example, some injects, somehow,
|
||||||
|
malicious code in your =cat(1)= program. Sending data to a remote
|
||||||
|
server. As cat didn't =pledge("inet",...)=, cat won't be able to
|
||||||
|
create a connection.
|
||||||
|
*** unveil(2)
|
||||||
|
I like this syscall more than =pledge(2)= according to the manpage:
|
||||||
|
"unveil parts of a restricted filesystem view" This means that, except
|
||||||
|
for the file specified in the =unveil()= calls, wont' exist for the
|
||||||
|
program. Consider the following code and its output:
|
||||||
|
|
||||||
|
#+begin_src c
|
||||||
|
#include <unistd.h> /* read(), write(), unveil() */
|
||||||
|
#include <fcntl.h> /* open() and flags */
|
||||||
|
#include <string.h> /* strerror() */
|
||||||
|
#include <errno.h> /* errno variable */
|
||||||
|
#include <stdio.h> /* fprintf() */
|
||||||
|
|
||||||
|
int
|
||||||
|
main(void)
|
||||||
|
{
|
||||||
|
/* This program can exclusively open /etc/httpd.conf for reading. */
|
||||||
|
unveil("/etc/httpd.conf","r");
|
||||||
|
/* This call disables further calls to unveil() */
|
||||||
|
unveil(NULL, NULL);
|
||||||
|
/* What happens if we try to open another file? */
|
||||||
|
int fd = open("/etc/passwd", O_RDONLY);
|
||||||
|
|
||||||
|
if(fd == -1) {
|
||||||
|
fprintf(stderr,"Error opening file: %s\n",
|
||||||
|
strerror(errno));
|
||||||
|
_exit(-1);
|
||||||
|
}
|
||||||
|
|
||||||
|
char buf[8192];
|
||||||
|
int bytes = read(fd, buf, 8192);
|
||||||
|
write(STDOUT_FILENO, buf, bytes);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
Output: =Error opening file: No such file or directory=
|
||||||
|
|
||||||
|
Yes, my /etc/passwd file exists.
|
||||||
|
*** perl(1)
|
||||||
|
Perl is the only scripting language that OpenBSD ships. And they have
|
||||||
|
their reasons you can read [[https://marc.info/?l=openbsd-misc&m=159041121804486&w=2][here]]. This means that Perl comes with
|
||||||
|
support for the OpenBSD weird features. This means that you can call
|
||||||
|
=pledge(2)= and =unveil(2)= from your Perl scripts! Here's an example
|
||||||
|
of that:
|
||||||
|
|
||||||
|
#+begin_src perl
|
||||||
|
#!/usr/bin/perl
|
||||||
|
|
||||||
|
# The syscalls come as modules, so you have to import them, the
|
||||||
|
# subroutines are exported by default.
|
||||||
|
|
||||||
|
use OpenBSD::Pledge;
|
||||||
|
use OpenBSD::Unveil;
|
||||||
|
# The manpage says that, without the "stdio" promise, perl is useless,
|
||||||
|
# so it is called by default no matter what you do.
|
||||||
|
pledge("inet rpath wpath unix"); # Some example promises...
|
||||||
|
unveil("/etc/httpd.conf","r");
|
||||||
|
unveil("/etc/pf.conf","r");
|
||||||
|
unveil(); # Restrict further calls to unveil()
|
||||||
|
|
||||||
|
#+end_src
|
||||||
|
*** strlcpy(3) and strlcat(3)
|
||||||
|
The well known =strncpy(3)= and =strncat(3)= functions copy no more
|
||||||
|
than =n= characters, but these functions are not guaranteed to add the
|
||||||
|
'\0' at the end of the string. =strlcpy(3)= and =strlcat(3)= guarante
|
||||||
|
that the string ends with '\0'
|
||||||
|
*** Makefiles
|
||||||
|
For some reasons, I wanted to rewrite the Makefile of one of my
|
||||||
|
programs. And I discovered that BSD make is much better than GNU
|
||||||
|
make. With GNU Make you have to declare pattern rules. And weird
|
||||||
|
syntax. And you have to write similar makefiles for each program. In
|
||||||
|
OpenBSD this is not necessary because makefile has some kind of
|
||||||
|
"templates". This is a perfectly working makefile, /with =clean= and
|
||||||
|
=install= targets/
|
||||||
|
#+begin_src makefile
|
||||||
|
PROG = sakisafecli
|
||||||
|
SRCS += funcs.c sakisafecli.c
|
||||||
|
MAN = sakisafecli.1 sakisafeclirc.5
|
||||||
|
LDADD = -lssl -lz -lpthread -lnghttp2 -lcurl -lconfig -lcrypto -L/usr/local/lib
|
||||||
|
CPPFLAGS = -I/usr/local/include
|
||||||
|
BINDIR=/usr/local/bin
|
||||||
|
.include <bsd.prog.mk>
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
This makefile also works in Linux, but using the =bmake= command
|
||||||
|
instead of =make=. It also works in FreeBSD but you'd have to repleace
|
||||||
|
CPPFLAGS with CFLAGS.
|
||||||
|
*** Libraries
|
||||||
|
OpenBSD, unlike every Linux distribution out there, thinks about
|
||||||
|
everyone. And when you download a library through the package manager,
|
||||||
|
it will install the shared objects (for dynamic linking), the header
|
||||||
|
files (which means, no -dev/-devel packages) AND the .a files. For
|
||||||
|
static linking!
|
||||||
|
** Software and the power it holds
|
||||||
|
OpenBSD comes with a lot of software that should be enough for your
|
||||||
|
normal tasks. But, it's not like OpenBSD grabbed some code and put it
|
||||||
|
in the code, no, they wrote their own versions of popular
|
||||||
|
software. And "ported" them to OpenBSD, so the software that comes
|
||||||
|
with the operating system uses the security features, they call
|
||||||
|
=pledge()=. and stuff like that.
|
||||||
|
|
||||||
|
*** mg(1)
|
||||||
|
This is a Emacs clone. For the people who, for any reason, can't (or
|
||||||
|
don't want) to run GNU Emacs. This clone is pretty complete, the only
|
||||||
|
thing it lacks, regarding emacs, is emacs lisp support and syntax
|
||||||
|
highlighting. But this is a good =nano(1)=, =ed(1)= or =vi(1)= repleacement.
|
||||||
|
*** signify(1)
|
||||||
|
GNU Privacy Guard is kinda heavy, and we don't have any other decent
|
||||||
|
OpenPGP implementation. This is the reason of why the OpenBSD devs
|
||||||
|
created =signify(1)=, a tool to cryptographically sign and verify
|
||||||
|
files and messages. And this is the way OpenBSD images are
|
||||||
|
verified. It's pretty simple to use:
|
||||||
|
|
||||||
|
#+begin_src shell-script
|
||||||
|
# Generate pub and sec key. They have to have the same name. Only
|
||||||
|
# changing the file extension
|
||||||
|
|
||||||
|
$ signify -G -c "raoul's signify key" -p raoul.pub -s raoul.sec
|
||||||
|
|
||||||
|
# Sign a file/message
|
||||||
|
|
||||||
|
$ echo "Hello world!" > message.txt
|
||||||
|
$ signify -S -s raoul.sec -m message.txt
|
||||||
|
|
||||||
|
# Verify file/message
|
||||||
|
|
||||||
|
$ signify -V -p raoul.pub -m message.txt
|
||||||
|
|
||||||
|
# Further examples in the manpage.
|
||||||
|
#+end_src
|
||||||
|
*** tmux(1)
|
||||||
|
Tmux, the legendary terminal multiplexer, that is way better than
|
||||||
|
screen, was initially developed for OpenBSD. I don't think I have to
|
||||||
|
talk a lot about tmux because everyone knows it. tmux in OpenBSD comes
|
||||||
|
with all the security features too.
|
||||||
|
*** doas(1)
|
||||||
|
This is a repleacement for sudo that has been developed by OpenBSD. it
|
||||||
|
has also emerged in the linux community. Altough it works best in
|
||||||
|
OpenBSD. I have some issues getting doas to work in Debian, but not in
|
||||||
|
Void Linux. doas is very simple to configure. No need to add yourself
|
||||||
|
to a group or anything like that. You can simply add this to
|
||||||
|
=/etc/doas.conf=
|
||||||
|
|
||||||
|
#+begin_src conf-space
|
||||||
|
permit nopass keepenv raoul as groq
|
||||||
|
# Allow user raoul to execute commands as groq. Keeping all the
|
||||||
|
# environment variables.
|
||||||
|
|
||||||
|
# raoul can't execute commands as any user that is not groq.
|
||||||
|
|
||||||
|
permit nopass keepenv qrog
|
||||||
|
|
||||||
|
# qrog can execute commands as any user.
|
||||||
|
#+end_src
|
||||||
|
*** openrsync(1)
|
||||||
|
Sometimes you want to syncronize files between your computers and
|
||||||
|
servers. And then you realize =cp(1)= is kinda bad for that and =tar=
|
||||||
|
isslow. Then you discover =rsync= and that just works. But this wasn't
|
||||||
|
the case for the OpenBSD guys, they wanted a rsync implementation
|
||||||
|
under the BSD license. So they wrote =[[http://openrsync.org][openrsync=]]. This works just like
|
||||||
|
rsync and, according to the manpage: "openrsync is compatible with
|
||||||
|
rsync protocol version 27 as supported by the samba.org implementation
|
||||||
|
of rsync". Meaning that if you don't have openrsync in other server,
|
||||||
|
it will just worke, and vice versa. This is an example of usage of
|
||||||
|
openrsync.
|
||||||
|
|
||||||
|
#+begin_src shell
|
||||||
|
openrsync --rsync-path=openrsync -av Xanopticon remote_server:/var/www/files/Music
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
As I don't have =rsync= installed in the remote server, but I have
|
||||||
|
=openrsync=, I specify that the path of =rsync= is =openrsync=. This
|
||||||
|
way it just works.
|
||||||
|
|
||||||
|
*** acme-client(1)
|
||||||
|
Today I recieved a mail telling me that the [[https://kill-9.xyz][kill -9]] certificate
|
||||||
|
expired. "Fuck's sake" --- I inmediatly thought. "I have to renew
|
||||||
|
it". But I was not going to install certbot in this OpenBSD server. So
|
||||||
|
I had to find a way. I remembered that OpenBSD ships with
|
||||||
|
=acme-client=. A program that helps you to generate your certificates
|
||||||
|
for TLS connections. And they can be signed with the Let's Encrypt
|
||||||
|
certificate authority. The config file is pretty simple and
|
||||||
|
intuitive. You can copy and paste it from
|
||||||
|
=/etc/examples/acme-client.conf= and only configure the revelant part
|
||||||
|
that would be your domain. In my case I have it like this:
|
||||||
|
|
||||||
|
#+begin_src conf-space
|
||||||
|
authority letsencrypt {
|
||||||
|
api url "https://acme-v02.api.letsencrypt.org/directory"
|
||||||
|
account key "/etc/acme/letsencrypt-privkey.pem"
|
||||||
|
}
|
||||||
|
|
||||||
|
domain suragu.net {
|
||||||
|
alternative names { "www.suragu.net", "files.suragu.net" }
|
||||||
|
domain key "/etc/ssl/suragu.key" ecdsa
|
||||||
|
domain full chain certificate "/etc/ssl/suragu.crt"
|
||||||
|
sign with letsencrypt
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
I used to use wildcard certificates. That were valid to any suragu.net
|
||||||
|
subdomain. But I couldn't make them work in =acme-client=. But as
|
||||||
|
=acme-client= is less of a pain in the ass than certbot. I can
|
||||||
|
certainly just modify the configuration file each time I create a new
|
||||||
|
subdomain. And that doesn't happen too often.
|
||||||
|
** Documentation
|
||||||
|
OpenBSD takes documentation very seriously. So seriously, if a manpage
|
||||||
|
is lacking in a sys util, it's considered a bug. So everything that
|
||||||
|
comes with your OpenBSD installation is very well documented. Config
|
||||||
|
files have their own manpages section, the section 5. so you can learn
|
||||||
|
how to write httpd config files by running =man httpd.conf= This is
|
||||||
|
something more developers should do. There's also the =/etc/examples=
|
||||||
|
directory which contains examples of most config files that you'd want
|
||||||
|
to setup. Those file are commented and everything. But =/etc/examples=
|
||||||
|
always lacks the config file I want or doesn't help at all.
|
||||||
|
** Backups
|
||||||
|
I am a self-proclaimed good sysadmin. This means I should be able to
|
||||||
|
do backups and restore them. Not gonna lie, before OpenBSD i haven't
|
||||||
|
had any backup. Though I have heard that you can do incremental
|
||||||
|
backups with =tar(1)=. I guess this could be useful. But OpenBSD comes
|
||||||
|
with it's features and things. These tools are =dump(8)= and
|
||||||
|
=restore(8)=. Those were a bit confusing to me until I learned how to
|
||||||
|
use them properly. You can read the manpages for [[https://man.openbsd.org/dump.8][=dump(8)=]] and
|
||||||
|
[[https://man.openbsd/restore.8][=restore(8)=]] which explains pretty well how to use the software. At
|
||||||
|
least that's what should have happened. Because it didn't. For some
|
||||||
|
reason OpenBSD insists in using tapes in 2022. So yeah, apparently the
|
||||||
|
-a flag is mandatory these days. You can use this command to backup a
|
||||||
|
directory, =/etc= in this case.
|
||||||
|
#+begin_src shell-script
|
||||||
|
# 0 means it is a level 0 backup. Next backup should be level 1, then
|
||||||
|
# 2... Read the manpage for more details.
|
||||||
|
$ doas dump -0uaf backup_etc.dump /etc
|
||||||
|
#+end_src
|
||||||
|
This will take some time depending how big the directory is. =/etc= is
|
||||||
|
usually not too big so this example will not take a lot of time.
|
||||||
|
|
||||||
|
After 1 hour of wondering why my backup wasn't working, i discovered
|
||||||
|
that =restore(8)= takes everything as relative paths. Meaning that it
|
||||||
|
will restore to the directory you're in, so if you do =restore
|
||||||
|
-xfbackup_etc.dump /etc/httpd.conf=, it will restore it to
|
||||||
|
=$PWD/etc/httpd.conf=, not to =/etc/httpd.conf=. So you should cd to /
|
||||||
|
when restoring backups, something like this:
|
||||||
|
|
||||||
|
#+begin_src sh
|
||||||
|
cd /
|
||||||
|
restore -xf /var/backups/backup_etc.dump /etc/
|
||||||
|
#+end_src
|
||||||
|
** Network
|
||||||
|
First I tried to use the wifi card my computer came with. But for some
|
||||||
|
reason it kept sayin =wpi0: device timeout=. Leaving my computer
|
||||||
|
without connection. So I had to connect the Ethernet cable. And I
|
||||||
|
thought that that would solve the connection problem. But today I woke
|
||||||
|
up and my computer did not have internet connection. But it had LAN
|
||||||
|
connection. Not sure what happened. And well, that's the reason of why
|
||||||
|
my site was down. I'll try to fix it.
|
||||||
|
*** Firewall
|
||||||
|
OpenBSD comes with a firewall, called pf, which stands for Packet
|
||||||
|
Filter. As every other software developed by OpenBSD, it uses its
|
||||||
|
simple config file.
|
||||||
|
|
||||||
|
I used the firewall to deny ssh requests from every IP address except
|
||||||
|
my local network (that is, 192.168.0.0/16) and from my static IPv6
|
||||||
|
address.
|
||||||
|
|
||||||
|
At first the rules were not working for the IPv6 address, because I
|
||||||
|
don't have IPv6 at home, I use a WireGuard interface for that for
|
||||||
|
that, and pf didn't know that. So I had to specify that those rules
|
||||||
|
should also apply to the wireguard interface, like this:
|
||||||
|
|
||||||
|
=pass in on {egress wg0} ...=
|
||||||
|
|
||||||
|
And that just worked.
|
||||||
|
|
||||||
|
Yiou can also limit the connection of an user. For example, the
|
||||||
|
following line will disable all the connection for the user 'groq':
|
||||||
|
|
||||||
|
#+begin_src conf-space
|
||||||
|
# Block outcoming connections to user raoul.
|
||||||
|
block return out proto {tcp udp} user raoul
|
||||||
|
# Block incoming connection to user raoul. Not sure how useful this is.
|
||||||
|
block return in proto {tcp udp} user raoul
|
||||||
|
#+end_Src
|
||||||
|
|
||||||
|
And I've also added some IP addresses that have tried to exploit,
|
||||||
|
ehem, WordPress vulnerabilities in my webserver. I added them to a
|
||||||
|
file, =/etc/spammers=. And used a =pf(8)= feature to block all of
|
||||||
|
them. And I also wanted that ssh would be disabled for everyone except
|
||||||
|
for the machines in the Local Area Network. So only people in my
|
||||||
|
network could ssh to my server. pf.conf has a very readable syntax,
|
||||||
|
which makes this very easy:
|
||||||
|
|
||||||
|
#+begin_src conf-space
|
||||||
|
# Good/Dreaded IP ranges
|
||||||
|
table <localnet> const { 192.168.0.0/16 }
|
||||||
|
table <spammers> const file "/etc/spammers"
|
||||||
|
|
||||||
|
# Block spammers requests to the server. Also requests to spammers.
|
||||||
|
|
||||||
|
block in on { egress wg0 } from <spammers> to any
|
||||||
|
|
||||||
|
# Allow SSH access from the LAN
|
||||||
|
|
||||||
|
block return in log proto tcp from any to port ssh pass in on egress
|
||||||
|
proto tcp from <localnet> to port 22
|
||||||
|
#+end_src
|
||||||
|
|
|
@ -0,0 +1,61 @@
|
||||||
|
#+INCLUDE: "../inc/header.html" export html
|
||||||
|
#+options: toc:nil
|
||||||
|
#+OPTIONS: html-postamble:nil
|
||||||
|
#+OPTIONS: html-style:nil
|
||||||
|
#+OPTIONS: num:nil p:nil pri:nil stat:nil tags:nil tasks:nil tex:nil timestamp:nil toc:nil title:nil
|
||||||
|
#+TITLE: suragu.net - Brotli in OpenBSD's httpd
|
||||||
|
#+HTML_HEAD_EXTRA: <link rel="stylesheet" type="text/css" href="../css/styles.css"/>
|
||||||
|
#+EXPORT_FILE_NAME: index.xhtml
|
||||||
|
|
||||||
|
* Brotli in OpenBSD's httpd
|
||||||
|
|
||||||
|
The modern web is heavy. My website is not heavy, but I still wanted
|
||||||
|
to add compression because why not. Fortunately, compression
|
||||||
|
algorithms exists. Some web servers send compressed versions of the
|
||||||
|
file they serve, to serve bandwith, or to make the site load
|
||||||
|
faster. There are other methods to serve bandwith like minimized CSS,
|
||||||
|
HTML and JavaScript. But I think we can all agree that using a
|
||||||
|
compression algorithm is a better way to accomplish this.
|
||||||
|
|
||||||
|
The main compression algorithm supported by browsers (and web servers)
|
||||||
|
is gzip. A compression algorithm that has been with us
|
||||||
|
since 1992. It's kinda old, but still serves its purpose pretty
|
||||||
|
well. Especially when you use all of its power with the =-9=
|
||||||
|
flag. Which compresses the file way better. At the cost of slower
|
||||||
|
speed of compression and decompression. But this isn't a big problem
|
||||||
|
since the client isn't receiving large files, like more than 100MBs,
|
||||||
|
the client is receiving HTMl, CSS and maybe JavaScript. Not binary
|
||||||
|
files (compression is kinda counterproducent with binary files).
|
||||||
|
|
||||||
|
The OpenBSD httpd comes with the =gzip-static= option, you just add it
|
||||||
|
wherever inside a =server= block in your httpd.conf. Then you =cd= to
|
||||||
|
your webroot and run this command: =gzip -9k *.html=
|
||||||
|
|
||||||
|
=-9= was explained before. And =-k= tells gzip not to delete the files
|
||||||
|
after they have been compressed. As =gzip= deletes the original
|
||||||
|
file. keeping only the =.gz= file.
|
||||||
|
|
||||||
|
This should be enough for most scenarios. gzip compresses files really
|
||||||
|
well. But I wanted more. So I made some changes to the httpd source
|
||||||
|
code to add brotli support.
|
||||||
|
|
||||||
|
At first. I wanted to add zstd support to httpd. And when I had
|
||||||
|
everything done. curl was receiving the zstd files instead of the
|
||||||
|
original files, I realized that browsers do not (yet) have zstd
|
||||||
|
support. So I decided to use brotli instead. It wasn't that difficult
|
||||||
|
to accomplish as I already wrote the hard part. I only had to replace
|
||||||
|
"zstd" with "br".
|
||||||
|
|
||||||
|
This isn't done automatically. If you currently have =gzip-static= on your httpd
|
||||||
|
configuration. You must replace it with =br-static=. And then you have
|
||||||
|
to remove all the =.gz= files in your webroot (as they aren't needed
|
||||||
|
anymore). Then you can read the =brotli= manpage to learn how to use
|
||||||
|
brotli. But I wanted maximum compression. So this command was enough:
|
||||||
|
=brotli --max --keep *.xhtml=.
|
||||||
|
|
||||||
|
[[../img/brotli_httpd.png]]
|
||||||
|
|
||||||
|
You can download the patch [[https://ls.raoul11.net/files/KbQBFQat/brotli.patch][here]].
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,211 @@
|
||||||
|
#+INCLUDE: "../inc/header.html" export html
|
||||||
|
#+options: toc:nil
|
||||||
|
#+OPTIONS: html-postamble:nil
|
||||||
|
#+OPTIONS: html-style:nil
|
||||||
|
#+OPTIONS: num:nil p:nil pri:nil stat:nil tags:nil tasks:nil tex:nil timestamp:nil toc:nil title:nil
|
||||||
|
#+options: ^:{}
|
||||||
|
#+TITLE: SURAGU - Using BSD make
|
||||||
|
#+HTML_HEAD_EXTRA: <link rel="stylesheet" type="text/css" href="../css/styles.css"/>
|
||||||
|
|
||||||
|
* Using BSD make for your (small) project
|
||||||
|
For questions or comments on this article feel free to reach me out at
|
||||||
|
teru-sama [at] riseup [dot] net.
|
||||||
|
|
||||||
|
Alright, so you wrote your software! Bad news kid, now you have to
|
||||||
|
compile it! Worse than that, you have to make that the compilation is
|
||||||
|
not a pain in the ass so more people can actually use your software!
|
||||||
|
|
||||||
|
Thankfully, developers thought about on the unbearable pain of
|
||||||
|
compiling software, and thus =make= was born. =make=, A =makefile= is
|
||||||
|
a set of instructions that tells the software =make= how to compile
|
||||||
|
the software. Being honest, if you're in this website you already know
|
||||||
|
what =make= is.
|
||||||
|
|
||||||
|
BSD Make (also called =bmake=) comes with interesting features that
|
||||||
|
make writing makefiles easier. As it comes with some kind of templates
|
||||||
|
that will surely help you at the time of writing the makefile, bsd
|
||||||
|
makefiles tend to be readable and easily editable. Consider this
|
||||||
|
source tree. I am adding libcurl to this example to add some
|
||||||
|
"complexity" to the makefile.
|
||||||
|
|
||||||
|
main.c:
|
||||||
|
#+begin_src c -n -r
|
||||||
|
#include <stdio.h>
|
||||||
|
|
||||||
|
/* Not gonna create an header file for a simple makefile
|
||||||
|
,* example.... */
|
||||||
|
|
||||||
|
void
|
||||||
|
get_url(const char *s);
|
||||||
|
|
||||||
|
int
|
||||||
|
main(void)
|
||||||
|
{
|
||||||
|
puts("getting suragu.net...");
|
||||||
|
get_url("suragu.net");
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
geturl.c:
|
||||||
|
|
||||||
|
#+begin_src c +n
|
||||||
|
#include <curl/curl.h>
|
||||||
|
|
||||||
|
void
|
||||||
|
get_url(const char *s)
|
||||||
|
{
|
||||||
|
CURL *curl = curl_easy_init();
|
||||||
|
curl_easy_setopt(curl,CURLOPT_URL,s);
|
||||||
|
curl_easy_setopt(curl,CURLOPT_WRITEDATA,stdout);
|
||||||
|
|
||||||
|
curl_easy_perform(curl);
|
||||||
|
|
||||||
|
curl_easy_cleanup(curl);
|
||||||
|
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
This, the traditional Makefile would look a bit like this:
|
||||||
|
|
||||||
|
Makefile:
|
||||||
|
#+begin_src makefile -n -r
|
||||||
|
CC ?= cc
|
||||||
|
LDFLAGS = `pkg-config --cflags --libs libcurl`
|
||||||
|
OBJS = main.o geturl.o
|
||||||
|
TARGET = geturl
|
||||||
|
|
||||||
|
# Link the thing
|
||||||
|
all: $(OBJS)
|
||||||
|
$(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) -o $(TARGET)
|
||||||
|
|
||||||
|
# Compile all source code to object files
|
||||||
|
%.o : %.c
|
||||||
|
$(CC) -c $(CFLAGS) $< -o $@
|
||||||
|
|
||||||
|
.PHONY clean
|
||||||
|
clean:
|
||||||
|
rm *.o $(TARGET)
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
Typing =make= will result on a working makefile, the makefile will
|
||||||
|
compile the software as expected and not much else would happen. The
|
||||||
|
software also works as expected, however, in my opinion =make= syntax
|
||||||
|
makes 0 sense and it could be improved. Fortunately, this can be
|
||||||
|
solved using the BSD make templates. Consider the following Makefile:
|
||||||
|
|
||||||
|
Makefile:
|
||||||
|
#+begin_src makefile -n -r
|
||||||
|
PROG = geturl
|
||||||
|
SRCS = main.c geturl.c
|
||||||
|
LDADD != ${PREFIX}/bin/pkg-config --cflags --libs libcurl
|
||||||
|
MAN =
|
||||||
|
|
||||||
|
.include <bsd.prog.mk>
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
If you're in Linux, you might have to install =bmake=, which is a port
|
||||||
|
of NetBSD make, it is more likely in your distro's repositories. To
|
||||||
|
run that Makefile, just type =bmake=, and magic will happen. But let's
|
||||||
|
explain it
|
||||||
|
|
||||||
|
PROG is like the target, is what the template uses to get the
|
||||||
|
resulting binary. If SRCS is empty, bmake will just compile
|
||||||
|
=progname.c=.
|
||||||
|
=SRCS= are the sources files you want to compile. And =LDADD= are the
|
||||||
|
flags you want to pass to the linker, notice that in this case I used
|
||||||
|
!= instead of \=, this is because when you want to assign the output of
|
||||||
|
a comman in BSD make, you have to do !=, you can't do =SRCS =
|
||||||
|
`pkg-config ...`= because it won't work.
|
||||||
|
|
||||||
|
the =.include <bsd.prog.mk>= line makes all the magic possible. It is
|
||||||
|
the template, and then you pass all the variables you defined before
|
||||||
|
to that template, so the =.include= directive must be at the very
|
||||||
|
bottom of the Makefile.
|
||||||
|
|
||||||
|
Also, this simple makefiles comes with all the rules someone would
|
||||||
|
like. "bmake clean" works, so does "bmake install".
|
||||||
|
|
||||||
|
Notice how there isn't "CFLAGS" in this makefile, this is because, if
|
||||||
|
you want to add any CFLAG, you can do it this way, and BSD make will
|
||||||
|
understand:
|
||||||
|
|
||||||
|
#+begin_src shell -n -r
|
||||||
|
sukamu@wakaran ~/docs/xdd $ bmake CFLAGS="-O2 -pipe -Wall -pedantic"
|
||||||
|
cc -pipe -O2 -pipe -Wall -pedantic -c main.c
|
||||||
|
cc -pipe -O2 -pipe -Wall -pedantic -c geturl.c
|
||||||
|
cc -pipe -o geturl main.o geturl.o -lcurl
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
You can specify default CFLAGS in the Makefile, but when adding CFLAGS
|
||||||
|
in the command line, those will be overwritten.
|
||||||
|
|
||||||
|
** Compilation options using BSD make
|
||||||
|
|
||||||
|
configure scripts have their weird defined optins, such as
|
||||||
|
=--enable-xxx= or =--disable-xxx=, which enables or disables features
|
||||||
|
in the software you're compiling. This can be also be done with BSD
|
||||||
|
make and =CFLAGS= To do this you only have to use the simple Make
|
||||||
|
conditionals. Consider the following C source code:
|
||||||
|
|
||||||
|
#+begin_src c -n -r
|
||||||
|
#include <stdio.h>
|
||||||
|
|
||||||
|
int main(void) {
|
||||||
|
|
||||||
|
#ifdef USE_OPTION
|
||||||
|
puts("This is a string that will only be printed if use-option is enabled at compile time.");
|
||||||
|
#endif
|
||||||
|
puts("Hello world!");
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
#+begin_src makefile -n -r
|
||||||
|
PROG = option
|
||||||
|
SRCS = main.c
|
||||||
|
LDADD != ${PREFIX}/bin/pkg-config --cflags --libs libcurl
|
||||||
|
MAN =
|
||||||
|
|
||||||
|
# Compilation options
|
||||||
|
use-option = "no"
|
||||||
|
.if "${use-option}" == "yes"
|
||||||
|
CFLAGS +="-DUSE_OPTION"
|
||||||
|
.endif
|
||||||
|
|
||||||
|
.include <bsd.prog.mk>
|
||||||
|
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
If you compile normally, nothing weird would happen:
|
||||||
|
|
||||||
|
#+begin_src shell-script -n -r
|
||||||
|
diego@sukamu ~/xdxd $ make
|
||||||
|
cc -pipe -g -MD -c main.c
|
||||||
|
cc -pipe -o option main.o -lcurl
|
||||||
|
diego@sukamu ~/xdxd $ make
|
||||||
|
Hello world!
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
Now, let's recompile with =use-option=yes=.
|
||||||
|
|
||||||
|
#+begin_src shell-script -n -r
|
||||||
|
diego@sukamu ~/xdxd $ bmake use-option=yes
|
||||||
|
cc -pipe -g "-DUSE_OPTION" -MD -c main.c
|
||||||
|
cc -pipe -o option main.o -lcurl
|
||||||
|
diego@sukamu ~/xdxd $ ./option
|
||||||
|
This is a string that will only be printed if use-option is enabled at compile time.
|
||||||
|
Hello world!
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
So, if you add ="use-option=yes"= to the make flags, the Makefile will
|
||||||
|
add the required CFLAGS to enable the compile time option.
|
||||||
|
|
||||||
|
** Conclusion
|
||||||
|
|
||||||
|
BSD make is great for both small and big projects. And maybe more sane
|
||||||
|
than other alternatives, as doesn't require you to write a lot of
|
||||||
|
stuff just to build your project. BSD Make is a build system made for
|
||||||
|
lazy people. And lazy people always come with the simplest solutions.
|
|
@ -0,0 +1,12 @@
|
||||||
|
#+INCLUDE: "../inc/header.html" export html
|
||||||
|
#+options: toc:nil
|
||||||
|
#+OPTIONS: html-postamble:nil
|
||||||
|
#+OPTIONS: html-style:nil
|
||||||
|
#+OPTIONS: num:nil p:nil pri:nil stat:nil tags:nil tasks:nil tex:nil timestamp:nil toc:nil title:nil
|
||||||
|
#+TITLE: suragu.net - Coreboot in a x220
|
||||||
|
#+HTML_HEAD_EXTRA: <link rel="stylesheet" type="text/css" href="../css/styles.css"/>
|
||||||
|
#+EXPORT_FILE_NAME: coreboot_x220.html
|
||||||
|
|
||||||
|
* The memories of a corebooter
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,177 @@
|
||||||
|
#+INCLUDE: "../inc/header.html" export html
|
||||||
|
#+options: toc:nil
|
||||||
|
#+OPTIONS: html-postamble:nil
|
||||||
|
#+OPTIONS: html-style:nil
|
||||||
|
#+OPTIONS: num:nil p:nil pri:nil stat:nil tags:nil tasks:nil tex:nil timestamp:nil toc:nil title:nil
|
||||||
|
#+options: ^:{}
|
||||||
|
#+TITLE: suragu.net - Fear and loathing in Linux
|
||||||
|
#+HTML_HEAD_EXTRA: <link rel="stylesheet" type="text/css" href="../css/styles.css"/>
|
||||||
|
|
||||||
|
* Fear and loathing in Linux (Or BSD user tries Linux)
|
||||||
|
|
||||||
|
If you enjoy this article, please consider donating:
|
||||||
|
https://liberapay.com/raoul11. For questions or comments on this
|
||||||
|
article feel free to reach me out at teru-sama [at] riseup [dot] net.
|
||||||
|
|
||||||
|
One day I said "I want to die with FreeBSD installed", and I still do,
|
||||||
|
FreeBSD is a marvellous operating system that should be the final word
|
||||||
|
in operating systems. Sadly the other day when I bought a new computer
|
||||||
|
they pranked me very well because the network card this computer came
|
||||||
|
with is not supported in the current stable version of
|
||||||
|
FreeBSD. "Father, into your hands I commend my spirit, father, into
|
||||||
|
your hands, why have you forsaken me?" I said, but after some searches
|
||||||
|
I find that this network card WILL be supported and you can test the
|
||||||
|
driver in the -CURRENT branch of FreeBSD, I didn't thought -CURRENT
|
||||||
|
would be much of a pain, knowing I come from "bleeding edge" Linux
|
||||||
|
distributions. So I installed FreeBSD 14.0, the thing worked but when
|
||||||
|
I tried to install the required modules for xorg to work it didn't
|
||||||
|
work. And that's all they had to say. I want a stable system. Not
|
||||||
|
that.
|
||||||
|
|
||||||
|
Some time ago, when I published my [[./freebsd_as_desktop.html][FreeBSD as desktop]] blog post, I got
|
||||||
|
a comment in Hacker News (or lobsters, can't remember) that told me
|
||||||
|
that I was making clickbait because the experience was good. And the
|
||||||
|
title promised "Fear and loathing". Well, this one does have fear and
|
||||||
|
loathing.
|
||||||
|
|
||||||
|
So my first try was the old reliable. Void Linux, a distro that has
|
||||||
|
never failed me. Until yesterday, because when you come from BSD, you
|
||||||
|
know what's wrong with Linux.
|
||||||
|
|
||||||
|
Despite Xfce focuses on Linux operating systems and the BSD support
|
||||||
|
could be a lot better, because it sometimes can't tell the difference
|
||||||
|
between oss and pulse audio, or the microphone doesn't work, or other
|
||||||
|
kinds, doing trivial things was a lot easier on FreeBSD than in Void
|
||||||
|
Linux, but that's okay. I can with it, i've had worse things in my
|
||||||
|
life. So I could configure it. Then I wanted to install some packages
|
||||||
|
for void installation in which I could use my beloved [[https://git.raoul11.net/sakisafe.git][sakisafecli]]. But
|
||||||
|
when I installed it I found out what was wrong with Linux.
|
||||||
|
|
||||||
|
So i tried to run =bmake= in linux (BSD make is much better than GNU
|
||||||
|
make and should cover some trivial makefiles). And it started to give
|
||||||
|
errors, like curl.h is not found. And this is when a BSD user will
|
||||||
|
cause the Fall of Rome. In BSD operating systems, there are not
|
||||||
|
=-devel= (or -dev) packages. So when you install libfoo you install
|
||||||
|
the shared objects (.so files), the header files (the thing in
|
||||||
|
/usr/local/include) and sometimes the .a files for static linking
|
||||||
|
(which is something Linux distributions should also do). I don't think
|
||||||
|
it's very arguable that it is possitive to include the header files in
|
||||||
|
the same package. Because they're just text files that won't take a
|
||||||
|
lot of space. Maybe this is normal for some kind of devices, but if
|
||||||
|
you install arch linux or void in a amd64 machine i don't think you
|
||||||
|
care a lot about space.
|
||||||
|
|
||||||
|
That was the moment in which I remembered that one day a friend of my
|
||||||
|
told me that arch linux doesn't have -devel packages. And that was
|
||||||
|
enough for me to install Artix Linux, I don't even know what init
|
||||||
|
system I'm using.
|
||||||
|
|
||||||
|
Let the _fear and loathing_ begin.
|
||||||
|
|
||||||
|
** Operation: filesystem
|
||||||
|
The state of ZFS in Linux is quite commedic because OpenZFS is under
|
||||||
|
the CCLD and Linux is on the GPL and CCDL is incompatible with the
|
||||||
|
GPL. So because of the GPL we can't have ZFS endorsed by the kernel on
|
||||||
|
Linux systems. Just because the GPL, I don't think it's pretty good
|
||||||
|
that a so-called "free" software license tells you that you *must*
|
||||||
|
share your changes. And I think it's pretty idiotic that, because a
|
||||||
|
License, they can't add a sequence of ASCII characters to a kernel.
|
||||||
|
|
||||||
|
It was pretty funny because one day I found this message regarding
|
||||||
|
btrfs on FreeBSD on the forums:
|
||||||
|
|
||||||
|
[[../img/freebsd_user_on_btrfs.png]]
|
||||||
|
|
||||||
|
When I was installing Artix and it was part to create the partitions,
|
||||||
|
I audibly chuckled, and I selected btrfs as my file system. And began
|
||||||
|
using btrfs because I'm always open to try new things.
|
||||||
|
|
||||||
|
As mentioned before, the state of ZFS on Linux is commedic, because of
|
||||||
|
differences between Artix and Arch, I couldn't install the 3rdparty
|
||||||
|
zfs module from the AUR, so I had to compile OpenZFS code myself. This
|
||||||
|
wasn't much of a problem.
|
||||||
|
|
||||||
|
Meanwhile, I also looked for "artix zfs" in my search engine and I
|
||||||
|
found this blog post that was funny to me because it's like the
|
||||||
|
counter part of the other post:
|
||||||
|
|
||||||
|
[[../img/btrfs_better_than_zfs.png]]
|
||||||
|
|
||||||
|
So well, installing ZFS from source wasn't much of a problem. After
|
||||||
|
building and installing it =modprobe zfs= just worked and I could
|
||||||
|
mount my pools just fine. And thus, restoring my data. so no big
|
||||||
|
problem there.
|
||||||
|
|
||||||
|
I wanted to try btrfs features because I am curious, and apparently
|
||||||
|
btrfs is "zfs for linux", so i wanted to try its features
|
||||||
|
|
||||||
|
Our man break19 was right, because if I want to add compression
|
||||||
|
to my storage devices I have to do some weird stuff in the fstab, and
|
||||||
|
that's too much, i prefer the old good "zfs set compression=gzip
|
||||||
|
zroot" rather than editing that file. I also can't play with btrfs
|
||||||
|
subvolumes or snapshots because the btrfs command line utility is
|
||||||
|
horrible and I haven't figured anything out.
|
||||||
|
|
||||||
|
** Package management and the power it holds
|
||||||
|
|
||||||
|
Different commands. Same shit, the only package managers that has
|
||||||
|
innovated in something are GNU Guix and Nix, but I don't think there
|
||||||
|
is much difference between =pkg= and =pacman=.
|
||||||
|
|
||||||
|
What is true is that =pacman= has a syntax that sucks, for example. in
|
||||||
|
FreeBSD you'd do =pkg install emacs=, while with Artix you do =pacman
|
||||||
|
-S emacs=, like I know what -S means, and apparently "pacman -Ss" is
|
||||||
|
better than "pacman search", so i prefer FreeBSD package manager.
|
||||||
|
|
||||||
|
But what was funny to me is that when I installed =clang=, pacman
|
||||||
|
notified me that also =gcc= will be installed. I thought this was very
|
||||||
|
curious so I asked in the artix IRC channel, the answer frightened me:
|
||||||
|
|
||||||
|
#+begin_src text
|
||||||
|
<raoul> | Hello, nice operating system and all, but I have a question
|
||||||
|
why does clang depends on gcc
|
||||||
|
<Dudemanguy> | it's because clang uses the standard library provided by gcc
|
||||||
|
most linux distros are like this
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
As a computer user I tell you, that no big problem. But as a BSD user
|
||||||
|
I ask "why"?
|
||||||
|
|
||||||
|
I didn't know it, but pacman is very fast. It downloads things in
|
||||||
|
parallel and uses zstd, a fast compressing/decompressing software for
|
||||||
|
compression, so I have no issues with pacman's speed. It is pretty
|
||||||
|
fine.
|
||||||
|
|
||||||
|
When I did some research on why I couldn't install wine in Artix linux
|
||||||
|
I found out that my packages are being maintained by people with anime
|
||||||
|
profile pictures. And I also discovered that, for some reason, they
|
||||||
|
wanted to split all the repositories in separate repositories. Not
|
||||||
|
sure why, they have like 5 repositories for everything. I can
|
||||||
|
understand separating repositories with free/non-free software. But
|
||||||
|
here they don't even do that. They're just making thing more complex
|
||||||
|
for people who just want to install packages. In BSD this didn't
|
||||||
|
happen as the main repo had all the 30k packages someone would ever
|
||||||
|
need. And this operating system lacks packages. I had to build
|
||||||
|
=cmusfm= myself.
|
||||||
|
|
||||||
|
** Desktop
|
||||||
|
I hate to say it but Artix was less of a pain to setup as a desktop
|
||||||
|
than FreeBSD, this is because the installation was made with Calamares
|
||||||
|
installer. So I didn't had to install Xorg and configure manually, the
|
||||||
|
installer did all that for me. This wasn't the case in FreeBSD in
|
||||||
|
which I had to configure Xorg manually. And this is appreciated. The
|
||||||
|
Xfce setup just worked. And I bothered on ricing it like Windows XP
|
||||||
|
because I live in the past. Some people ask me why I riced it why XP,
|
||||||
|
the reason is because I can and I wanted.
|
||||||
|
|
||||||
|
I have 0 reasons to complain about Linux in this case. So I just
|
||||||
|
won't.
|
||||||
|
** Conclusion
|
||||||
|
If you haven't tried a BSD operating system. Don't, you'll get hooked to
|
||||||
|
it and if you ever have to come back to Linux, you'll find yourself
|
||||||
|
prefering to get a castration than installing Linux, because when you
|
||||||
|
learn how BSD works, and its awesome features, the development
|
||||||
|
philosophy (focusing in making a great operating system instead of
|
||||||
|
focusing in a weird definition of freedom), you start to know why
|
||||||
|
linux sucks.
|
||||||
|
|
|
@ -0,0 +1,298 @@
|
||||||
|
#+INCLUDE: "../inc/header.html" export html
|
||||||
|
#+options: toc:nil
|
||||||
|
#+OPTIONS: html-postamble:nil
|
||||||
|
#+OPTIONS: html-style:nil
|
||||||
|
#+OPTIONS: num:nil p:nil pri:nil stat:nil tags:nil tasks:nil tex:nil timestamp:nil toc:nil title:nil
|
||||||
|
#+options: ^:{}
|
||||||
|
#+TITLE: suragu.net - Fear and loathing in FreeBSD
|
||||||
|
#+HTML_HEAD_EXTRA: <link rel="stylesheet" type="text/css" href="../css/styles.css"/>
|
||||||
|
|
||||||
|
* Fear and loathing in FreeBSD, or raoul's experiences with FreeBSD
|
||||||
|
** Introduction
|
||||||
|
Not so long ago I wrote [[../openbsd.xhtml][my experiences with OpenBSD]]. This post was
|
||||||
|
about my experiences with OpenBSD but as a server, not as
|
||||||
|
desktop. Using an operating system as a desktop is completly
|
||||||
|
different than using it as a server.
|
||||||
|
|
||||||
|
One day I thought "damn, Linux sucks! But I have to use this because
|
||||||
|
the developer of the browser that I use is an asshole!". And had to
|
||||||
|
stick to Linux for a while. But then another day I thought "Hmm,
|
||||||
|
FreeBSD claims to run Linux binaries better than Linux, let's give it
|
||||||
|
a try". Good operating systems have to sell themselves some
|
||||||
|
way. And that claim worked for me. So I went to FreeBSD.org, clicked
|
||||||
|
the big yellow button that says "Download FreeBSD" and downloaded the
|
||||||
|
memstick image for amd64 because that's what my computer runs.
|
||||||
|
|
||||||
|
I will be updating this site as I have more experiences with
|
||||||
|
FreeBSD. So add to bookmarks!
|
||||||
|
|
||||||
|
Last update: 2022-06-21
|
||||||
|
|
||||||
|
|
||||||
|
** Installation
|
||||||
|
The installation was pretty straight forward. I don't think people can
|
||||||
|
get lost in this. I just selected ZFS as my file system (more on that
|
||||||
|
later). And I don't remember much other things in the
|
||||||
|
installation. And as I forgot them. I don't think they are worth
|
||||||
|
mentioning.
|
||||||
|
|
||||||
|
** Networking
|
||||||
|
I want to connect to the internet because, among other reasons, I have
|
||||||
|
a website, electronic mail and I like to talk to internet people
|
||||||
|
sometimes.
|
||||||
|
*** Wireless connection
|
||||||
|
Sadly I no longer have the router in my room so I can't use an
|
||||||
|
ethernet cable. So I have to use the dreaded wireless card. I was very
|
||||||
|
surprised when I found out that FreeBSD supports this Atheros card.
|
||||||
|
so I don't have to open the computer and put an Intel one. For the
|
||||||
|
network card to work, I only had to modify the kernel booting
|
||||||
|
process. Sounds very hard but it is just editing
|
||||||
|
=/boot/loader.conf/)=. I added the following lines to use the =ath=
|
||||||
|
driver:
|
||||||
|
|
||||||
|
#+begin_src shell-script
|
||||||
|
if_ath_load="YES"
|
||||||
|
if_ath_pci_load="YES"
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
Then, in =/etc/rc.conf= (we will talk about it later)
|
||||||
|
|
||||||
|
#+begin_src shell-script
|
||||||
|
wlans_ath0="wlan0"
|
||||||
|
ifconfig_wlan0="up"
|
||||||
|
ifconfig_wlan0="WPA DHCP"
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
That will automatically start =wpa_supplicant= and use DHCP to get an
|
||||||
|
IP address
|
||||||
|
*** DNS server
|
||||||
|
Normally for resolving domains you'd use a server like 8.8.8.8,
|
||||||
|
1.1.1.1 or 192.168.1.1. But I thought using local_unbound would be a
|
||||||
|
good idea for this, as if i'm my own DNS resolver, I can choose what
|
||||||
|
to resolve and what not to. I followed [[https://vermaden.wordpress.com/2020/11/18/unbound-dns-blacklist/][this guide]] to configure
|
||||||
|
local_unbound, with some block lists. And I also modified
|
||||||
|
/etc/dhclient.conf to use =127.0.0.1= as default DNS server. I did not
|
||||||
|
setup a fallback DNS server because if my computer is up, unbound is
|
||||||
|
up as well. So I don't really need a fallback DNS server.
|
||||||
|
|
||||||
|
#+begin_src conf
|
||||||
|
interface "wlan0" {
|
||||||
|
append domain-name-servers 127.0.0.1;
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
** Making the fresh installed system a desktop.
|
||||||
|
|
||||||
|
I'm no longer a Linux user. Now I am a BSD user. As such I must be
|
||||||
|
aware about this "X11" thing. So I had to install the =xorg=
|
||||||
|
package. FreeBSD comes with a binary package manager called =pkg=. We
|
||||||
|
will talk more about this in the packages section. I just had to run
|
||||||
|
=# pkg install xorg=. Add the user =raoul= to the =video= group and
|
||||||
|
configure my =.xinitrc= so everytime i run =startx=, =bspwm= is
|
||||||
|
started.
|
||||||
|
|
||||||
|
I had to add i915kms_load="YES" to =/boot/loader.conf). Which is the
|
||||||
|
driver for Intel integrated graphics cards. Or something like that.
|
||||||
|
|
||||||
|
As mentioned before. I had to modify my .xinitrc (something that as a
|
||||||
|
former Linux user I have never done because I always used lxdm as
|
||||||
|
display manager. But as FreeBSD doesn't have lxdm available I had to
|
||||||
|
get alternatives). My .xinitrc looks like this:
|
||||||
|
|
||||||
|
#+begin_src shell-script
|
||||||
|
dunst&
|
||||||
|
xrdb .Xdefaults&
|
||||||
|
compton&
|
||||||
|
xset r rate 300 50&
|
||||||
|
feh --bg-fill ~/.wall.png
|
||||||
|
sxhkd
|
||||||
|
exec bspwm
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
With that =.xinitrc=, running =startx= just works.
|
||||||
|
|
||||||
|
** Package management
|
||||||
|
|
||||||
|
FreeBSD comes with 2 options to install packages: binary-based
|
||||||
|
packages and port-based packages which installs packages compiling
|
||||||
|
them from source code.
|
||||||
|
|
||||||
|
*** Binary package management
|
||||||
|
|
||||||
|
I installed an operating system because I wanted to use it. And it is
|
||||||
|
impossible to use an operating system if you cannot install software
|
||||||
|
in it. Fortunately, FreeBSD comes with a package manager called =pkg=,
|
||||||
|
a very original name for a package manager. It is simple to use,
|
||||||
|
and blazing fast. I would say it is faster, or at least as fast as
|
||||||
|
=xbps=, the fastest package manager I know. Using it is utter simple,
|
||||||
|
here are some examples:
|
||||||
|
|
||||||
|
#+begin_src shell-script
|
||||||
|
# All these commands must be run as root.
|
||||||
|
|
||||||
|
# Install the package "emacs"
|
||||||
|
pkg install emacs
|
||||||
|
# Deinstall the package "emacs"
|
||||||
|
pkg remove emacs
|
||||||
|
# Remove all the unneeded dependencies
|
||||||
|
pkg autoremove
|
||||||
|
# List all packages that contain "edit" in its name
|
||||||
|
pkg search edit
|
||||||
|
# List all packages that contain "editor" in its comment
|
||||||
|
pkg search -S comment editor
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
Unfortunately, =pkg= comes with insane defaults. You have to type
|
||||||
|
'y' and then 'enter' to confirm you want to install a package. As
|
||||||
|
=pkg= defaults to "No". I guess this is a security feature for some
|
||||||
|
users. But as I'm too lazy to press the 'Y' key, and I'd rather just
|
||||||
|
to press enter, I edited =/usr/local/etc/pkg.conf= and added the
|
||||||
|
following content:
|
||||||
|
|
||||||
|
#+begin_src conf
|
||||||
|
# I don't want to press 'Y' everytime.
|
||||||
|
DEFAULT_ALWAYS_YES=yes
|
||||||
|
AUTOCLEAN=yes
|
||||||
|
IP_VERSION=4
|
||||||
|
# I don't want to wait to upgrade a package. I'll update my system
|
||||||
|
# only when I want :)
|
||||||
|
REPO_AUTOUPDATE=no
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
*** Source package management
|
||||||
|
Sadly I can't talk a lot about this one because I have a overheated
|
||||||
|
machine and if I compiled something in this computer we would have the
|
||||||
|
biggest destruction known to civilized man since 476 A.D.
|
||||||
|
|
||||||
|
But I can compile small software without a lot of problem.
|
||||||
|
|
||||||
|
First you have to get the port collection if you didn't do it in the
|
||||||
|
installer with the following command:
|
||||||
|
|
||||||
|
=# portsnap fetch extract=
|
||||||
|
|
||||||
|
Which will, fetch the port collection and extract them in
|
||||||
|
=/usr/ports=. These ports are just a collection of Makefiles. Which
|
||||||
|
will download and build the source code from you. These makefiles are
|
||||||
|
kinda easy to work with, and also to write. As i'm the maintainer for
|
||||||
|
some FreeBSD packages :)
|
||||||
|
|
||||||
|
You can also configure which CFLAGS you want *by default*. Just edit
|
||||||
|
the =/etc/make.conf= file. Mine looks like this:
|
||||||
|
|
||||||
|
#+begin_src conf
|
||||||
|
CFLAGS+= -O2 -pipe -march=native -mtune=native
|
||||||
|
DEVELOPER=yes
|
||||||
|
MAKE_JOBS_UNSAFE=yes
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
** Linux emulation
|
||||||
|
As I mentioned before, what was keeping me at the Linux hell was the
|
||||||
|
Web Browser known as Pale Moon. I followed [[https://docs.freebsd.org/en/books/handbook/linuxemu/][the guide]] to run Linux
|
||||||
|
software in FreeBSD. Downloaded Pale Moon, and after installing a few
|
||||||
|
dependencies, yup, it worked just like if I was using it in Linux.
|
||||||
|
|
||||||
|
Then I =rm -rf palemoon= and moved to firefox. Don't really know why.
|
||||||
|
** Multimedia
|
||||||
|
This was kind of a pain, =oss= didn't want to work for undisclosed
|
||||||
|
reasons. Too lazy to install sndio. So I went the easy way and just
|
||||||
|
installed pulseaudio. Call me what you will. But I want to listen to
|
||||||
|
Madvillain, not say "I DON'T USE PULSEAUDIO" in the internet. I use
|
||||||
|
=cmus= as my music player. The binary distribution of cmus comes with
|
||||||
|
the PulseAudio plugin disabled so I had to install it from the ports
|
||||||
|
system.
|
||||||
|
|
||||||
|
mpv and audio in FireFox just worked.
|
||||||
|
** ZFS
|
||||||
|
After years of using UFS, it was time for a change. ZFS was
|
||||||
|
introdouced experimentally in FreeBSD 7. And in the latest version, it
|
||||||
|
is the default filesystem. This filesystem is, described by itself as
|
||||||
|
"The last word in file system" That makes sense to me. They are not
|
||||||
|
going to say it's a bad filesystem if they want people to use it. And
|
||||||
|
if i'm using a filesystem that takes most of my RAM, it should be good
|
||||||
|
at least. And, yes, ZFS is good.
|
||||||
|
*** Pools and storage
|
||||||
|
"A storage pool is the most basic building block of ZFS. A pool
|
||||||
|
consists of one or more vdevs, the underlying devices that store the
|
||||||
|
data.". I don't understand any of that. But a pool must be created to
|
||||||
|
create your filesystems (datasets) and volumes. In the default
|
||||||
|
installation, the dataset is called "zroot".
|
||||||
|
|
||||||
|
These "file systems" are similar to partitions. It is mounted wherever
|
||||||
|
you want and has its own metadata.
|
||||||
|
*** Creating and configuring datasets
|
||||||
|
My friend Endemic has a lot of media that must be stored, he has lost
|
||||||
|
media, music from bands no one has ever heard of and soviet movies and
|
||||||
|
obscure breakcore. This kind of media has to be archived and zfs does
|
||||||
|
a great work creating that. ZFS has also a compression feature,
|
||||||
|
supporting a lot of compression algorithms.
|
||||||
|
|
||||||
|
So to create the zpool that I want to be mounted in /storage, I ran
|
||||||
|
the following commands (as root)
|
||||||
|
|
||||||
|
#+begin_src shell-script
|
||||||
|
# Create the pool storage in the /dev/da0 device, which is an external
|
||||||
|
# hard drive
|
||||||
|
zpool create storage /dev/da0
|
||||||
|
# Set zstd-9 compression in the pool.
|
||||||
|
zfs set compression=zstd-9 storage
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
And that's it. Then when you copy big files to /storage they will be
|
||||||
|
compressed. And as our CPU is fast and zstd uses a fast algorithm, you
|
||||||
|
probably won't notice that you're actually compressing and
|
||||||
|
decompressing files all the time. Which is good. You can also use
|
||||||
|
zstd-19 as compression, which redouce the filesize of everything by a
|
||||||
|
lot. But this has a drawback, quoting from the [[https://docs.freebsd.org/en/books/handbook/zfs/index.html][FreeBSD ZFS reference]]:
|
||||||
|
|
||||||
|
#+begin_quote
|
||||||
|
ZFS offers 19 levels of Zstd compression, each offering
|
||||||
|
incrementally more space savings in exchange for slower
|
||||||
|
compression. The default level is zstd-3 and offers greater
|
||||||
|
compression than LZ4 without being much slower. Levels above 10
|
||||||
|
require large amounts of memory to compress each block and systems
|
||||||
|
with less than 16 GB of RAM should not use them. ZFS uses a selection
|
||||||
|
of the Zstd_fast_ levels also, which get correspondingly faster but
|
||||||
|
supports lower compression ratios. ZFS supports zstd-fast-1 through
|
||||||
|
zstd-fast-10, zstd-fast-20 through zstd-fast-100 in increments of 10,
|
||||||
|
and zstd-fast-500 and zstd-fast-1000 which provide minimal
|
||||||
|
compression, but offer high performance.
|
||||||
|
#+end_quote
|
||||||
|
|
||||||
|
And as I use a ThinkPad in which I didn't even bother on adding more
|
||||||
|
RAM. I use zstd-9. Which compresses the files somehow good. You can
|
||||||
|
see the stats with =zfs get used,compressratio,compression,logicalused
|
||||||
|
dataset=.
|
||||||
|
|
||||||
|
#+begin_src
|
||||||
|
zroot used 64.1G -
|
||||||
|
zroot compressratio 1.15x -
|
||||||
|
zroot compression zstd-9 local
|
||||||
|
zroot logicalused 66.1G -
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
Used is the revelant to the filesystem size. And logicalused is the
|
||||||
|
size the filesystem would have without compression. So this means I
|
||||||
|
have saved 2GBs thanks to zstd-9. I do not feel any performance difference.
|
||||||
|
*** Snapshots
|
||||||
|
We all fuck it sometime. And that is okay. What is not okay is to lose
|
||||||
|
data. ZFS contains a tool to create snapshots of a dataset. Which are
|
||||||
|
basically backups that restore your filesystem to a certain
|
||||||
|
point. These are very useful to recover lost data. You can create a
|
||||||
|
backup of your =home= partition like this:
|
||||||
|
|
||||||
|
#+begin_src shell-script
|
||||||
|
zfs snapshot zroot/usr/home@(date +%F)
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
After creating the snapshot and completly trusting ZFS, i ran rm -rf
|
||||||
|
~/*. Which nuked my home directory and everything in it. Then I ran
|
||||||
|
=zfs rollback zroot/usr/home@2022-06-18= and it was restored. Like
|
||||||
|
nothing ever happened. According to the FreeBSD reference, snapshots
|
||||||
|
can take a lot of disk space so you should delete them as they're no
|
||||||
|
longer needed.
|
||||||
|
*** Other features
|
||||||
|
|
||||||
|
ZFS has features like incremental backups, encryption, RAIDS, but I
|
||||||
|
haven't tried them.
|
||||||
|
** Jails
|
||||||
|
TODO
|
|
@ -0,0 +1,28 @@
|
||||||
|
#+INCLUDE: "../inc/header.html" export html
|
||||||
|
#+options: toc:nil
|
||||||
|
#+OPTIONS: html-postamble:nil
|
||||||
|
#+OPTIONS: html-style:nil
|
||||||
|
#+OPTIONS: num:nil p:nil pri:nil stat:nil tags:nil tasks:nil tex:nil timestamp:nil toc:nil title:nil ^:nil
|
||||||
|
#+TITLE: suragu.net - Tech posts
|
||||||
|
#+HTML_HEAD_EXTRA: <link rel="stylesheet" type="text/css" href="../css/styles.css"/>
|
||||||
|
#+EXPORT_FILE_NAME: index.html
|
||||||
|
|
||||||
|
* suragu.net tech posts
|
||||||
|
|
||||||
|
I have a [[../blog/][blog]], but I to keep it to very weird things that come to my
|
||||||
|
mind that don't require text formatting, images, or anything that is
|
||||||
|
not plain text.
|
||||||
|
|
||||||
|
The intention of this section of my website is to make a space for all
|
||||||
|
the weird things that are related with tech. Which mostly always
|
||||||
|
require formatting like syntax highlighting, images, or monospaced
|
||||||
|
text. So I decided to create this section for the tech related posts.
|
||||||
|
|
||||||
|
These articles are sorted from oldest to newest.
|
||||||
|
|
||||||
|
1. [[./org_mode_as_ssg.html][org-mode as static site generator]]
|
||||||
|
2. [[./freebsd_as_desktop.html][raoul's experiences with FreeBSD as desktop.]]
|
||||||
|
3. [[./brotli_in_openbsd_http.html][brotli in OpenBSD's httpd.]]
|
||||||
|
4. [[./fear_and_loathing_in_artix.html][Fear and Loathing in Artix (or BSD user tries Linux)]]
|
||||||
|
5. [[./bsd_make.html][Using BSD make as build system]]
|
||||||
|
6. [[./modern_perl.html][Perl in CURRENT_YEAR]]
|
|
@ -0,0 +1,214 @@
|
||||||
|
#+INCLUDE: "../inc/header.html" export html
|
||||||
|
#+options: toc:nil
|
||||||
|
#+OPTIONS: html-postamble:nil
|
||||||
|
#+OPTIONS: html-style:nil
|
||||||
|
#+OPTIONS: num:nil p:nil pri:nil stat:nil tags:nil tasks:nil tex:nil timestamp:nil toc:nil title:nil ^:nil
|
||||||
|
#+TITLE: suragu.net - Perl in CURRENT_YEAR
|
||||||
|
#+HTML_HEAD_EXTRA: <link rel="stylesheet" type="text/css" href="../css/styles.css"/>
|
||||||
|
#+EXPORT_FILE_NAME: modern_perl.html
|
||||||
|
|
||||||
|
* Perl in CURRENT_YEAR
|
||||||
|
|
||||||
|
Perl is a programming language that will always live deep into my
|
||||||
|
heart. It was the first programming language I can say I
|
||||||
|
mastered. But it's sad that not even God uses this programming
|
||||||
|
language anymore. It's a great programming language, it has evolved in
|
||||||
|
the latest years, so much that it even looks like a modern programming
|
||||||
|
language. Some of the stupid design of perl has been fixed.
|
||||||
|
|
||||||
|
It is known by everyone that the perl Syntax sucks. It makes 0 sense,
|
||||||
|
at least for learners. Experimented perl programmers no longer fear
|
||||||
|
anything.
|
||||||
|
|
||||||
|
For comments or questions on this post, email me at sukamu at riseup
|
||||||
|
dot net.
|
||||||
|
** Function prototypes
|
||||||
|
Perl always lacked function signatures (prototypes), the way you
|
||||||
|
passed arguments to a function in perl was horrible, it is like
|
||||||
|
functions in bash:
|
||||||
|
|
||||||
|
#+begin_src perl -n
|
||||||
|
sub sum() {
|
||||||
|
my ($x, $y) = @_;
|
||||||
|
return $x + $y;
|
||||||
|
}
|
||||||
|
|
||||||
|
print sum(3, 4); # Prints 7
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
You define the function parameters inside the function, just like in
|
||||||
|
bash. This is, in my opinion, horrible, but since perl 5.36, you can
|
||||||
|
have function signatures, to use perl's new features, you have to
|
||||||
|
specify the version of perl you want to use, to do this just use the
|
||||||
|
=use= keyword.
|
||||||
|
|
||||||
|
#+begin_src perl -n
|
||||||
|
use v5.36;
|
||||||
|
|
||||||
|
sub sum($x, $y) {
|
||||||
|
return $x + $y;
|
||||||
|
}
|
||||||
|
say sum(4, 5); # prints 9, and adds a newline.
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
The function signature feature was added in Perl v5.20, but it started
|
||||||
|
to be considered stable at v5.36. There is also this new "say"
|
||||||
|
function that is just like =print= but adds a =newline= at the end of
|
||||||
|
the line, like python's =print= or C's =puts()=. These features were
|
||||||
|
inhereted from Raku.
|
||||||
|
|
||||||
|
** Try/Catch
|
||||||
|
|
||||||
|
Perl added an experimental Try/Catch blocks in v5.34. These are still
|
||||||
|
considered experimental as of v5.36. But you can still use them. The
|
||||||
|
=try/catch= (also =finally= if you're using v5.36) works like any
|
||||||
|
other programming language that has try/catch blocks. As this feature
|
||||||
|
is still experimental and should not be used seriously, you have to
|
||||||
|
specify that you want to use the experimental feature ='try'=:
|
||||||
|
|
||||||
|
#+begin_src perl -n
|
||||||
|
use v5.36;
|
||||||
|
use strict;
|
||||||
|
use warnings;
|
||||||
|
|
||||||
|
use experimental 'try';
|
||||||
|
|
||||||
|
sub attempt() {
|
||||||
|
say "I'm doing something!";
|
||||||
|
die "Goodbye cruel world";
|
||||||
|
return 42;
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
my $x = attempt();
|
||||||
|
} catch($e) {
|
||||||
|
say "Exception: $e";
|
||||||
|
} finally {
|
||||||
|
say "Finished";
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
|
||||||
|
And the thing does exactly that, the script dies inside the =try=
|
||||||
|
block, so it's passed to the =catch= block as an exception. And
|
||||||
|
finally, the =finally= block is executed.
|
||||||
|
|
||||||
|
** the =isa= operator
|
||||||
|
|
||||||
|
The isa operator tests whether an object has a instance of a certain
|
||||||
|
class, in non-object programming slang, it just checks the type of a
|
||||||
|
variable. The =isa= operator was introdouced as an experimental
|
||||||
|
feature in perl v5.34.0 and was no longer considered experimental in
|
||||||
|
the current v5.36.0.
|
||||||
|
|
||||||
|
#+begin_src perl -n
|
||||||
|
#!/usr/bin/perl
|
||||||
|
|
||||||
|
use v5.36;
|
||||||
|
use LWP::UserAgent;
|
||||||
|
my $ua = LWP::UserAgent->new;
|
||||||
|
|
||||||
|
|
||||||
|
if ($ua isa LWP::UserAgent ) {
|
||||||
|
say "LWP::UserAgent object instanced successfully";
|
||||||
|
} else {
|
||||||
|
die "something that should not have happened happened.";
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
Before this operator, you had to use the =ref= function and string
|
||||||
|
checker to accomplish the same thing, like this;
|
||||||
|
|
||||||
|
#+begin_src perl -n
|
||||||
|
use LWP::UserAgent;
|
||||||
|
my $ua = LWP::UserAgent->new;
|
||||||
|
|
||||||
|
if(ref($ua) eq "LWP::UserAgent") {
|
||||||
|
# Do stuff...
|
||||||
|
} else {
|
||||||
|
# Do stuff when failed.
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
Which clearly makes a difference at the moment of reading and writing
|
||||||
|
new code.
|
||||||
|
|
||||||
|
** The defer block
|
||||||
|
|
||||||
|
This is a feature that others programming languages have, C++ calls it
|
||||||
|
RAII, there are plans to add it to the next version of the C
|
||||||
|
programming language, also golang has the defer block. Thing is that
|
||||||
|
in perl it works like this:
|
||||||
|
|
||||||
|
#+begin_src perl -n
|
||||||
|
#!/usr/bin/perl
|
||||||
|
|
||||||
|
use v5.36;
|
||||||
|
|
||||||
|
use experimental 'defer';
|
||||||
|
my $x = 0;
|
||||||
|
{
|
||||||
|
$x = (2^31)-1;
|
||||||
|
defer {
|
||||||
|
say "The block has finished it's execution";
|
||||||
|
$x = 0;
|
||||||
|
};
|
||||||
|
say "Let's pretend i'm doing stuff...";
|
||||||
|
say "x value: $x";
|
||||||
|
}
|
||||||
|
say "x value: $x";
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
Simillary to =try/catch=, this function is experimental and should not
|
||||||
|
be used in production. Or use it if you want. But don't blame the perl
|
||||||
|
devs if something breaks (which, honestly, I doubt that your system
|
||||||
|
will break because of an experimental feature. Just don't abuse it or
|
||||||
|
use it in very weird ways and you'll be fine).
|
||||||
|
|
||||||
|
** builtin values
|
||||||
|
|
||||||
|
=builtin= is a new core module that shipts with perl v5.36. This
|
||||||
|
package are plains function and behave like user defined
|
||||||
|
cuntions. They do not provide any special thing you have never seen in
|
||||||
|
perl before. But they're still good to have, as they help to make the
|
||||||
|
code more easy to write and read. These functions are also
|
||||||
|
experimental so be careful at the moment of using them.
|
||||||
|
|
||||||
|
#+begin_src perl -n
|
||||||
|
use v5.36;
|
||||||
|
use experimental 'builtin';
|
||||||
|
use builtin qw(true false is_bool trim
|
||||||
|
reftype created_as_string
|
||||||
|
created_as_number); # There are more builtin functions...
|
||||||
|
my $bool_value = true;
|
||||||
|
|
||||||
|
if ($bool_value) {
|
||||||
|
say "The value is true";
|
||||||
|
} else {
|
||||||
|
say "The value is false";
|
||||||
|
}
|
||||||
|
|
||||||
|
say is_bool($bool_value); # Will print "true";
|
||||||
|
|
||||||
|
my $str = "\t\n\r Hello world\t\r\n";
|
||||||
|
$str = trim($str); # This trim() function will remove all the whitespace
|
||||||
|
#characteres defined by unicode (https://perldoc.perl.org/perlrecharclass#Whitespace)
|
||||||
|
|
||||||
|
print $str; # Will print "Hello world", without newlines, tabs, or
|
||||||
|
# carriage returns.
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
These new functions are not the greatest or most useful thing ever,
|
||||||
|
but they are still helpful.
|
||||||
|
|
||||||
|
** Conclusion
|
||||||
|
|
||||||
|
Perl's not dead. At least that's what I kept telling myself because I
|
||||||
|
don't want to see this programming language dying in my lifespan. But
|
||||||
|
it's pretty cool that they still add new features to Perl 5. Despite
|
||||||
|
everything you could say, perl is still alive, but no one uses it, but
|
||||||
|
well, no one uses Haskell either. :^)
|
||||||
|
** Sources
|
||||||
|
- 1. https://perldoc.perl.org/5.36.0/builtin
|
||||||
|
- 2. https://perldoc.perl.org/5.36.0/perldelta
|
||||||
|
- 3. https://perldoc.perl.org/5.34.0/perldelta
|
|
@ -0,0 +1,153 @@
|
||||||
|
#+INCLUDE: "../inc/header.html" export html
|
||||||
|
#+options: toc:nil
|
||||||
|
#+OPTIONS: html-postamble:nil
|
||||||
|
#+OPTIONS: html-style:nil
|
||||||
|
#+OPTIONS: num:nil p:nil pri:nil stat:nil tags:nil tasks:nil tex:nil timestamp:nil toc:nil title:nil
|
||||||
|
#+options: ^:{}
|
||||||
|
#+TITLE: suragu.net - Org-mode as a Static Site Generator
|
||||||
|
#+HTML_HEAD_EXTRA: <link rel="stylesheet" type="text/css" href="../css/styles.css"/>
|
||||||
|
* org-mode as a Static Site Generator
|
||||||
|
Created: 2022-06-14
|
||||||
|
Last updated: 2022-06-14
|
||||||
|
** Introduction
|
||||||
|
There are a lot of static site generators out there, you can think of
|
||||||
|
Jekyll, Hugo, sblg. Those are good (I guess) but, as I was too lazy to
|
||||||
|
check them out, I tried to perform the same task (In this case,
|
||||||
|
generating a website from a language in a weird markup language) that
|
||||||
|
looks very much the same as it was written in pure html. And emacs'
|
||||||
|
org-mode was able to do this perfectly. Not much flaws were found in
|
||||||
|
this process.
|
||||||
|
|
||||||
|
And yes, this article was written in =org-mode=.
|
||||||
|
|
||||||
|
If you enjoy this article, please consider donating:
|
||||||
|
[[https://liberapay.com/raoul11][https://liberapay.com/raoul11]]. For questions or comments on this
|
||||||
|
article feel free to reach me out at teru-sama [at] riseup [dot] net.
|
||||||
|
|
||||||
|
** The basics
|
||||||
|
|
||||||
|
Every emacs users (I hope) knows about org-mode, it is a very powerful
|
||||||
|
markup language, in my opinion, better than markdown as it uses more
|
||||||
|
common sense, like *bold* text are written with only one asterisk and
|
||||||
|
/italic/ text is written with slashes, which makes more sense inside
|
||||||
|
my head than markdown's one asterisk for italic and two asterisks for
|
||||||
|
bold. The headers are written with an asterisk followed by the text,
|
||||||
|
and you can insert code blocks with =#+begin_src <language>=. (and close
|
||||||
|
them with #+end_src) And
|
||||||
|
guess what! Emacs will export the source code *highlighted* to html!
|
||||||
|
The output colors will be defined by your *current Emacs theme*
|
||||||
|
|
||||||
|
When you are finished writing your .org file, you can export it to
|
||||||
|
html with =M-x org-html-export-to-html=. This will create a =.html= file
|
||||||
|
with the same name of the =.org= file. You can open it and it won't be
|
||||||
|
so much different than a =.md= file converted to =.html= using =pandoc=. But
|
||||||
|
we can fix that using the multiple =org-mode= options!
|
||||||
|
** org-mode options
|
||||||
|
There are a lot of =org-mode=. You can check all of them [[https://orgmode.org/manual/Publishing-options.html][here]] and
|
||||||
|
[[https://orgmode.org/manual/Export-Settings.html][here]]. Check them if you need an option that is not here. Pretty sure
|
||||||
|
there's an option for whatever you want.
|
||||||
|
|
||||||
|
So, when you make a website, you most likely want to make it somewhat
|
||||||
|
artistic, so you want to add, say, a header, and a stylesheet
|
||||||
|
file. This is possible with =org-mode= options. The following text lines
|
||||||
|
will insert a header file and a stylesheet file into the resulting
|
||||||
|
.html file:
|
||||||
|
|
||||||
|
#+begin_src org
|
||||||
|
#+INCLUDE: "inc/header.html" export html
|
||||||
|
#+HTML_HEAD_EXTRA: <link rel="stylesheet" type="text/css" href="css/styles.css"/>
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
This will include, before everything in the =.org= file, the content of
|
||||||
|
the file located at =inc/header.html=. And will append that <link/> HTML
|
||||||
|
tag to the <head> section of the resulting =.html= file. So it will give
|
||||||
|
the stylesheet to the resulting html site.
|
||||||
|
n
|
||||||
|
But by default =org-mode= gives us the number of headings, preambles and
|
||||||
|
postambles, a table of contents, some html style we never asked for,
|
||||||
|
and a lot of things we never asked for. But obviously, theres an
|
||||||
|
option to take care of all of that!
|
||||||
|
|
||||||
|
#+begin_src org
|
||||||
|
#+options: toc:nil
|
||||||
|
#+OPTIONS: html-postamble:nil
|
||||||
|
#+OPTIONS: html-style:nil
|
||||||
|
#+OPTIONS: num:nil p:nil pri:nil stat:nil tags:nil tasks:nil tex:nil timestamp:nil toc:nil title:nil
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
That snippet inside the codeblock will disable all the things we don't
|
||||||
|
want in a personal website (but maybe we want in an academic
|
||||||
|
article?). I don't know. The thing is that you can disable or enable
|
||||||
|
them as needed. As you should know, =nil= in emacs-lisp means =false= and
|
||||||
|
=t= means =true=. So if you want to enable some option of those you give
|
||||||
|
it =t= instead of =nil=.
|
||||||
|
|
||||||
|
So you have to add that to all the .org files you have. You can
|
||||||
|
probably setup those options as default by setting the family of
|
||||||
|
=org-export= variables to =nil= as needed. But I keep it that way because
|
||||||
|
I am too lazy to set all of those variables.
|
||||||
|
|
||||||
|
Then, you have to do =M-x org-html-export-to-html= in each .org file and
|
||||||
|
upload them to your webroot. And everything should work when you visit
|
||||||
|
your website. If not, check if the path of the css and header is
|
||||||
|
correct (In this post i'm assuming your .html files are in =inc/= and
|
||||||
|
your css is in =css/styles.css=, which are both relative paths).
|
||||||
|
** Inserting custom HTML in Org
|
||||||
|
Something great about Markdown is that you can insert HTML by simply
|
||||||
|
adding it as normal text. You cannot do this in org-mode. You can't
|
||||||
|
just put <b>thing</b> and expect org-mode to compile that as html. You
|
||||||
|
have to use an =export= block. Those work just as the codeblocks we've
|
||||||
|
seen before. But instead of src, it's export, so it will
|
||||||
|
be #+begin_export html. Following there's an example
|
||||||
|
#+begin_export html
|
||||||
|
<b style="color:red;">This is custom HTML (it has the style attribute) inserted into org-mode :D</b>
|
||||||
|
#+end_export
|
||||||
|
** Exporting a whole directory with .org files to html
|
||||||
|
|
||||||
|
For most of the time running this website using =org-mode= as static
|
||||||
|
site generator, i used to run =M-x org-html-export-to-html= as
|
||||||
|
needed. But I thought this was unnecessary and repetitive and there
|
||||||
|
wasn't really a need to do that. I wanted something like =make=. Where
|
||||||
|
you run and you get everything compiled. And if a file didn't change,
|
||||||
|
don't compile it again (as it isn't needed). So I asked about this in
|
||||||
|
the #emacs irc channel:
|
||||||
|
|
||||||
|
#+begin_src text
|
||||||
|
<sukamu> Hello, is it possible to use org-html-export-to-html in a
|
||||||
|
emacs lisp program to export a file? Documentation says it only
|
||||||
|
"exports the current buffer", But i want to export all the .org files
|
||||||
|
in a directory as html
|
||||||
|
<sukamu> (I'm using org-mode as a ssg)
|
||||||
|
<wgreenhouse> > export all the .org files in a directory as html
|
||||||
|
<wgreenhouse> sukamu: it sounds like you want org-publish
|
||||||
|
<wgreenhouse> (info "(org) Publishing")
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
So I checked out that "=org-publish=" thing this IRC user was talking
|
||||||
|
about. And indeed it was exactly what I needed. I had to read the
|
||||||
|
documentation. And I came to this following emacs-lisp files which can
|
||||||
|
compile my website just well:
|
||||||
|
|
||||||
|
#+begin_src emacs-lisp
|
||||||
|
;; Change this
|
||||||
|
(setq org-publish-project-alist
|
||||||
|
'(("suragu.net"
|
||||||
|
:base-directory "~/repos/suragu_org/"
|
||||||
|
:publishing-directory "~/repos/suragu_org/out_html"
|
||||||
|
:section-numbers nil
|
||||||
|
:publishing-function org-html-publish-to-html
|
||||||
|
:table-of-contents nil
|
||||||
|
:recursive t
|
||||||
|
)))
|
||||||
|
|
||||||
|
(defun make-suragu ()
|
||||||
|
(interactive)
|
||||||
|
(org-publish "suragu.net")
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
And that's it! Everytime I want to recompile this website I just have
|
||||||
|
to run =M-x make-suragu= and org-publish will do the rest for me!
|
||||||
|
** Conclusion
|
||||||
|
=org-mode= is a great markup language that can repleace markdown in most
|
||||||
|
tags and also works well as a static site generator. What else do you
|
||||||
|
want me to say
|
Loading…
Reference in New Issue