Unmaintained spaceblacksmith computers drumming bujutsu gaming metal beer diy ...Zola2023-12-23T00:00:00+00:00https://hya.sk/atom.xmlAtelier d'écriture : micro-nouvelles2023-12-23T00:00:00+00:002023-12-23T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/2023/atelier-micro-nouvelles/<p><em>This article in french is about participating to a writing workshop. All the texts are in french, and so is this blog
post, but that shouldn't be too complicated since most writings are very short.</em></p>
<hr />
<h1 id="presentation">Présentation</h1>
<p>J'ai eu le plaisir de participer récemment à un atelier d'écriture animé par <a href="https://hystoires.com">Ythèr</a>. Le thème
était la micro-nouvelle, et les exercices allaient de six mots à trois paragraphes. Nous étions dans un atelier-boutique
d'arts, donc Ythèr nous a proposé de travailler directement à partir des œuvres exposées.</p>
<p>Voici donc sans plus attendre mes productions.</p>
<h1 id="productions">Productions</h1>
<h2 id="exercice-preparatoire">Exercice préparatoire</h2>
<p>Tout ce premier exercice tournait autour de cette œuvre :</p>
<p><img src="https://hya.sk/blog/posts/2023/atelier-micro-nouvelles/./img/le_creu_de_la_dent.jpg" alt="Le creu de la dent" /><br />
<em>Le creu de la dent</em></p>
<p>La première consigne était d'écrire une histoire en une phrase :</p>
<blockquote>
<p>Bien au chaud, bien rose, la palette arrivait enfin au terme de sa cuisson.</p>
</blockquote>
<p>Pas forcément fameux, mais que voulez-vous.</p>
<p>Aurélia a produit la phrase qui a servi de base pour la suite de l'exercice :</p>
<blockquote>
<p>J'ai perdu mes chaussures.</p>
</blockquote>
<p>Nous devions ensuite produire un paragraphe avec cette phrase commune qui serait placée soit au début, soit à la fin :</p>
<blockquote>
<p>J'ai perdu mes chaussures, et ça tombe bien, j'en avais plus besoin. J'ai récemment appris dans une étude
rigoureusement scientifique que marcher pieds-nu entretenait la mémoire. Bon, là, j'ai un peu froid aux pieds. Où ai-je
donc rangé mes chaussettes ?… Oh tiens ! Mes chaussures…</p>
</blockquote>
<p>Julie a produit le paragraphe qui a servi de base pour la suite de l'exercice :</p>
<blockquote>
<p>Hier, j'ai croisé un homme avec un chapeau bleu et une parka noire. J'attendais le bus et il s'est assis pas très loin
de moi. Il parlait tout seul et je ne comprenais pas un mot à ce qu'il disait ! Il me faisait un peu peur. D'un coup,
un gros boum retentit et une lumière vive m'aveuglait. Ma tête tournait dans tous les sens. J'avais mal partout, et ne
voyais plus rien. J'ai froid aux pieds. J'ai perdu mes chaussures.</p>
</blockquote>
<p>Et nous devions ensuite réécrire cette même nouvelle en seulement trois phrases :</p>
<blockquote>
<p>J'attendais le bus au milieu des badauds. Soudain, l'appartement d'en face s'embrasa dans une explosion me projetant
au sol. Maintenant aveugle, je reste vivante.</p>
</blockquote>
<p>Cet exercice pris fin après une petite heure.</p>
<h2 id="productions-autonomes">Productions autonomes</h2>
<p>La suite était simple, produire trois micros-nouvelles en s'inspirant des différentes œuvres exposées.</p>
<h3 id="une-premiere-de-trois-paragraphes-de-trois-quatre-phrases">Une première de trois paragraphes de trois, quatre phrases</h3>
<p><img src="https://hya.sk/blog/posts/2023/atelier-micro-nouvelles/./img/nocturne_du_marais_n2.jpg" alt="Nocturne du marais n°2" /><br />
<em>Nocturne du marais n°2</em></p>
<blockquote>
<p>L'étang était calme ce matin là. Seul le bouchon du petit pêcheur troublait l'eau. Le poisson ne mordait guère, mais
le ciel était bleu, et il faisait bon.</p>
<p>Le bois alentour s'assombrit, le ciel se voila, et une bise glaciale se leva. Une face de sorcière se dessina dans le
blanc des nuages, et son ricanement s'entendait entre les branches dans le lointain. Puis le bouchon disparu.</p>
<p>Midi approchait et la faim le tenaillait. Son unique prise ferait un maigre repas, mais le vieux pêcheur s'en
contenterait. Le temps était doux en cette fin d'été, et seuls les restes de cervelles de carpe éclatés au sol
témoignaient encore du combat qui avait eu lieu ce matin là.</p>
</blockquote>
<h3 id="une-seconde-de-trois-phrases">Une seconde de trois phrases</h3>
<p><img src="https://hya.sk/blog/posts/2023/atelier-micro-nouvelles/./img/levez_la_branche.jpg" alt="Levez la branche !" /><br />
<em>Levez la branche !</em></p>
<blockquote>
<p>Yucca et papyrus transpiraient à grosses gouttes en cet hiver caniculaire. Fort heureusement, la providence orange
arrivait. Bientôt son eau coulerait le long de son bec pour rafraichir les pieds de tout ce petit monde.</p>
</blockquote>
<h3 id="une-derniere-de-six-mots">Une dernière de six mots</h3>
<p><img src="https://hya.sk/blog/posts/2023/atelier-micro-nouvelles/./img/mon_vieux_chausson.jpg" alt="Mon vieux chausson" /><br />
<em>Mon vieux chausson</em></p>
<blockquote>
<p>La laine du vieux chausson souriait.</p>
</blockquote>
<h3 id="bonus">Bonus</h3>
<p>Il y a eu le temps pour quelques bonus de six mots :</p>
<p><img src="https://hya.sk/blog/posts/2023/atelier-micro-nouvelles/./img/cache.jpg" alt="Caché" /><br />
<em>Caché</em></p>
<blockquote>
<p>Six sapins dansent sur ce crâne.</p>
</blockquote>
<p><img src="https://hya.sk/blog/posts/2023/atelier-micro-nouvelles/./img/FC16.jpg" alt="FC16" /><br />
<em>FC16</em></p>
<blockquote>
<p>Pectoraux : saillants<br />
Visage : diforme<br />
Barre : LOURDE !!!</p>
</blockquote>
<h1 id="mot-de-la-fin">Mot de la fin</h1>
<p>Je n'ai pas l'habitude d'écrire, mais le fait d'avoir un cadre très contraint avec des consignes précises qui visent des
productions très courtes a rendu l'expérience tout à fait plaisante. Je ne me mettrai probablement pas à écrire pour autant,
mais il est fort possible que je reparticipe à des ateliers d'écriture similaires à l'occasion.</p>
<p>Merci Ythèr pour l'organisation, l'animation, et le thé, c'était très chouette ! :-)</p>
Renewing my GPG key to fix an old youth error2023-10-17T00:00:00+00:002023-10-17T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/2023/new-gpg-key/<p>Okay. Today, I've generated a <a href="/public.asc">new GPG key</a>, and that went smooth in less than two hours. I've had a thorn in the side
pretty much since I've first setup my Yubikey, and I've solved it today, with so much ease that I can't stop blaming
myself for having waited five years to fix it. This is mostly a kick in the ass of my future self to stop delaying that
kind of thing for ever.</p>
<p>For those only interested in storing their GPG keys on a Yubikey, please just follow this wonderful guide, it will
explain everything far better than me:
<a href="https://github.com/drduh/YubiKey-Guide">https://github.com/drduh/YubiKey-Guide</a></p>
<p>Now here is my miserable story.</p>
<p>I had read, at the time, that it was a good idea to make use of non-standard keys length, you know, for security,
since everyone will try to hack you with the normal sizes, like 2048, 3072, 4096. This is security through obscurity,
and obviously doesn't bring much hardening to any setup, but as I was, and still am, a pure crypto-newbie, I guess I
believed it was such a good idea that I generated a 4000 bits RSA key and dumped it onto my smartcard.</p>
<p>Everything was great and I could <code>ssh</code> to my servers in no time with great success, carrying the same key to any machine
thanks to the SSH agent provided by GPG agent, but after two weeks of bragging about that, someone sent me a GPG
encrypted message, and my wonderful non-standard key couldn't decrypt it.</p>
<p>That sucked.</p>
<p>I was so proud of this setup, I had already put my brand new public SSH key everywhere, and now it seemed I couldn't
use it as promised. Digging a bit, I found out that the signing and authenticating keys were working fine, but the
encrypting one didn't, and failed with the following:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>gpg: public key decryption failed: Hardware problem
</span><span>gpg: decryption failed: No secret key
</span></code></pre>
<p>That really sucked, and most probably the non-standard key length played something in there.</p>
<p>First, still full of hope, I went to <code>grep</code> that error message in the OpenGPG source code, found it, and quickly
realized this wouldn't be a piece of cake to fix that. Then, half-lazy, half-shameful, I just moved on, and thought to
myself that nobody used GPG anymore anyway, with the rise of Matrix, Signal, and other encrypted chat software. So I
just stopped advertising my GPG key, resigned to use it only for SSH auth, and happily lived my digital life for the
past five years.</p>
<p>But now it's 2023, GPG's still here, and even though I do in fact use Matrix and Signal a lot more than email (including
for non-sensitive chat), I thought it was time for me to fix that mistake.</p>
<p>And here we are, it took me less than two hours, including the time to 1) dig up my old laptop with the broken Wifi
card, 2) generate everything and send perfectly standard 4096 bits keys to the Yubikey, 3) test that everything works
including encryption/decryption, 4) replace my SSH key on all the servers/Github/Gitlab/Gitea/whatever accounts, and 5)
be amazed at how seamless the experience is to decrypt stuff using a smartcard, even through Thunderbird!</p>
<p>Fierfek, it almost took me longer to write down that post!</p>
Set a Thinkpad's trackpoint sensitivity on `sway`2023-09-12T00:00:00+00:002023-09-12T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/2023/thinkpad-trackpoint-sensitivity-on-sway/<p>Let's do it quick!</p>
<p>Find your device's <code>sway</code> identifier: <code>swaymsg -t get_inputs</code>.</p>
<p>Mine looks like this:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>...
</span><span>Input device: TPPS/2 Elan TrackPoint
</span><span> Type: Mouse
</span><span> Identifier: 2:10:TPPS/2_Elan_TrackPoint
</span><span> Product ID: 10
</span><span> Vendor ID: 2
</span><span> Libinput Send Events: enabled
</span><span>...
</span></code></pre>
<p>Test what value fits you:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>swaymsg 'input 2:10:TPPS/2_Elan_TrackPoint pointer_accel -0.5'
</span></code></pre>
<p>Value is in range <code>[-1; 1]</code>, <code>0</code> is the default, so <code>-0.5</code> will decrease sensitivity by a half (whatever that means),
and <code>0.9</code> will increase sensitivity almost to its full.</p>
<p>Once you're good, just append the <code>input ...</code> command to your <code>sway</code> config for persistence.</p>
The quest to save a lost `apt full-upgrade`2023-08-16T00:00:00+00:002023-08-16T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/2023/saving-apt-full-upgrade/<h1 id="the-fall-to-oblivion">The fall to oblivion</h1>
<p>During one of my numerous <code>bullseye</code> to <code>bookworm</code> migration, one that should have been painless and straightforward,
the <em>chaotic-evil</em> ancient daemon of computers decided to test my nerves.</p>
<p>As usual, I have cast <code>byobu-enable</code> once in my shell, which means I have the passive advantage of always being in a
<code>tmux</code> session. That normally prevents many accident to happen, like giving you an easy saving roll in case of network
failure during a complex invocation like <code>apt upgrade</code>.</p>
<p>So, well prepared for my quest, and having a bit of time in front of me (which is the last and most useful advantage you
can have in those situation), I <code>ssh</code>'d to my doomed server and began facing the trials.</p>
<p><code>sed</code> the <code>sources.list</code> files, now <code>apt update</code>, then <code>apt full-upgrade</code> and 💥... wooops, missed that trap<sup class="footnote-reference"><a href="#1">1</a></sup> ... and I
wake up deep into oblivion...</p>
<h1 id="figuring-out-my-new-astral-plane">Figuring out my new astral plane</h1>
<p>No problem, I think, I'll just cast another <code>ssh</code> spell, get back my running session, and continue answering <code>apt</code>
whether or not I want to replace my modified config scroll with the new one shipped at the magic academy.</p>
<p>That's precisely where I started to realize why this routine quest has a slight chance of turning to nightmare.</p>
<p><code>ssh -v</code> would correctly ask my gatekeeper for the challenge, which means the communication runs fine with the dungeon,
but then the invocation stopped at the following lines:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>debug1: Sending environment.
</span><span>debug1: channel 0: setting env LANG = "fr_FR.UTF-8"
</span></code></pre>
<p>with nothing more appearing, and most importantly, no interactive shell spawning.</p>
<p>No problem, I'll just use a longer, but simpler invocation to test how things are going: <code>ssh server.of.doom ls</code>. Lo and
behold, this gives me the scrolls of my home! That's good news, the server is not dead, and can still take commands. But
no matter what spell I try to cast that way, my sweet <code>tmux</code> won't come back, and neither will a new shell.</p>
<h1 id="the-way-to-the-upper-levels">The way to the upper levels</h1>
<p>Time to open the old magic manuals and find some clever tricks.</p>
<p><code>bash --norc</code> is the first one taking me forward. With that, you can invoke the <code>bash</code> spell without it reading all
its nice personalization scrolls, like <code>~/.bashrc</code>. It's just a nice and simple <code>bash</code>, but of course, it'll have no
<code>$PS1</code>, thus the prompt will be empty, and the behavior <strong>appears</strong> just like the previous one with the stuck <code>ssh</code>. You
absolutely need to cast some simple spell like <code>ls</code> in it to see if it works! I knew that already, so didn't loose any
time here, but for fellow wizards still learning their basics, that tip might help.</p>
<p>As my final goal is to complete the infamous <code>apt full-upgrade</code> command, better directly cast a privileged shell:
<code>ssh server.of.doom sudo -S su -c \'bash --norc\'</code>.</p>
<h1 id="time-to-fight-the-undead">Time to fight the undead</h1>
<p>Once I reach back the root shell level of my dungeon, things get pretty much easier: I can roll my <code>ps</code>eption to
check for monsters, and obviously find a zombie I'm afraid to stumble upon: <code>byobu</code>. As <code>ssh</code> is not a necromancy
spell, it obviously can't deal with zombies, but still this zombie is retaining my beloved <code>apt</code> in chains, and I need
to free it if I want to bring its cast to completion.</p>
<p>To break the chains, I need a tool. Fortunately for me, I learned a long time ago an almighty spell that can lend me all
the knowledge and wisdom I want. This quickly brings me to the discovery of that powerful new tool: <a href="https://github.com/nelhage/reptyr"><code>reptyr</code></a>.</p>
<p>With that tool, I realize the approach won't be to fight the undead, but to steal what I need without them realizing it.</p>
<h1 id="mastering-the-last-spell">Mastering the last spell</h1>
<p>That new <code>reptyr</code> spell is luckily very easy to cast, but I still have a final twist and turn: I'm in a silence zone
that prevents me from <code>apt install</code>ing anything new, for obvious reasons. Good thing I've also learned about the arcanes
of <code>-static</code> sticks and <code>scp</code> to very quickly recover from being silenced.</p>
<h1 id="finally-getting-out-alive">Finally getting out alive</h1>
<p>Now that I'm all stuffed and know my way around that uncanny dungeon, I quickly cut the chains and free my primary
objective. My terminal is unfortunately not in a very good shape, probably lost a few HP around some mysterious glyphs,
but it's still walking and I can rely on it to complete the spell.</p>
<p>Comes the time of the final boss fight: <code>systemctl reboot</code>, but it seem that I've recovered my <code>apt</code> spell so well that
I managed to trigger fear out of it, and there is basically no fight at all.</p>
<p>A last <code>dpkg --configure -a</code> spell to ensure the exit doors are opened, but that wasn't even necessary.</p>
<p>Until next time, farewell o/</p>
<div class="footnote-definition" id="1"><sup class="footnote-definition-label">1</sup>
<p><a href="https://wiki.debian.org/DebianUpgrade">normal procedure</a> should be <code>apt-get update && apt-get upgrade && apt-get full-upgrade</code>, but in my case, I wonder if it would have changed anything. Still, that's the only step I missed when preparing the quest, and won't forget it next time, just in case.</p>
</div>
Le stockage des armes2023-07-29T00:00:00+00:002023-07-29T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/2023/katana-kake/<p><em>Cet article en français a été rédigé à destination de la revue de l'École Lionel Oudart. Comme les exemplaires papier
sont limités, cette version numérique permet à chacun d'y avoir accès.</em></p>
<hr />
<p>Stocker son matériel n'est pas simple. Que ce soient des outils de bricolage (qui trainent donc sur l'établi), des
casseroles (qui empêchent les tiroirs de fermer), ou des <em>bokens</em> (qui glissent le long du mur contre lequel ils sont
appuyés, et tombent en faisant un boucan d'enfer), le matériel finit toujours par apporter un certain chaos qu'il n'est
pas facile d'éliminer.</p>
<p>Concernant les <em>bokens</em> (et autres <em>wakizachi</em>, <em>naginata</em>, <em>yari</em>, <em>tanto</em>, <em>bo</em>, <em>jo</em>, <em>iaito</em>, <em>tachi</em>, ou que sais-je, mais on va
garder juste le <em>boken</em> pour simplifier), ils viennent du Japon, et comme tout ce qui est japonais, il y a des règles et
des manières de faire pour tout. Donc évidemment, il y a une manière de stocker son <em>boken</em>: le <em>kake</em>.</p>
<h2 id="le-kake">Le Kake</h2>
<p><em>Kake</em> signifie grossièrement <em>support</em>, et est généralement ajouté à l'objet qu'il est sensé supporter: <em>katana-kake</em>,
<em>naginata-kake</em>, <em>yari-kake</em>, etc...</p>
<p>Il en existe plusieurs sortes, comme des <em>katana-kake</em> verticaux, mais la plupart sont horizontaux et permettent
d'accueillir tout type de matériel. Certains se posent sur une surface plane, d'autres sont fixés sur les murs. Certains
n'ont qu'un seul emplacement, tandis que d'autres peuvent aller jusqu'à une dizaine!</p>
<p><img src="https://hya.sk/blog/posts/2023/katana-kake/./kake-vertical.svg" alt="Un katana-kake vertical" /><br />
<em>Un katana-kake vertical</em></p>
<p><img src="https://hya.sk/blog/posts/2023/katana-kake/./kake-horizontal.svg" alt="Un kake horizontal à deux emplacements" /><br />
<em>Un kake horizontal à deux emplacements</em></p>
<p><img src="https://hya.sk/blog/posts/2023/katana-kake/./kake-mural.svg" alt="Un kake mural" /><br />
<em>Un kake mural</em></p>
<p>L'intéret du <em>kake</em> est multiple, mais en premier lieu, il donne un emplacement de stockage dédié à notre matériel,
c'est à dire que l'on ne se pose plus la question de savoir où ranger son <em>boken</em>, on le pose simplement sur le <em>kake</em>,
puisqu'il est là pour ça. Certes, il faut trouver où stocker le <em>kake</em> et c'est là un problème bien épineux, mais on a
normalement à ne résoudre ce problème qu'une seule fois.</p>
<p>Ensuite, et surtout, le <em>kake</em> permet de stocker son matériel correctement, afin de le préserver le mieux possible.</p>
<ul>
<li>Pour un <em>katana-kake</em> vertical, la lame va se retrouver suspendue dans le <em>saya</em> (le fourreau) sans appuyer ni d'un
côté ni de l'autre, ce qui lui évitera de se voiler, surtout si le stockage dur des années.</li>
<li>Pour un <em>kake</em> horizontal, la lame va reposer sur le <em>mune</em> (le dos de la lame), que ce soit un <em>boken</em>, un <em>iaito</em>,
ou un <em>naginata</em>. De même, la lame évitera de se voiler puisqu'elle restera au repos dans une position symétrique
par rapport à la gravité.</li>
<li>Pour les armes longues, attention cependant: il faut que le <em>kake</em> soutienne l'arme par des points plus espacés que
pour un <em>katana</em>, ou bien simplement avec plus de points, afin d'éviter que l'arme se courbe avec le temps.</li>
</ul>
<p><img src="https://hya.sk/blog/posts/2023/katana-kake/./kake-mural-armes-longues.webp" alt="Le kake de Grandfontaine, avec des armes courtes et longues" />
<em>Le kake de Grandfontaine, avec des armes courtes et longues. On voit bien que les armes longues sont soutenues aux extrêmités.</em></p>
<h2 id="fabrication-expresse">Fabrication expresse</h2>
<p>De nombreux modèles de <em>kake</em> sont disponibles à travers les Internets, mais je vous propose ici de découvrir un modèle
simple à réaliser chez soi. L'avantage principal étant de pouvoir facilement l'adapter à ses besoins en terme de nombre
d'emplacement et de dimension, mais aussi en terme de matière et de couleur.</p>
<p><img src="https://hya.sk/blog/posts/2023/katana-kake/./plan_kake.svg" alt="Plan de fabrication d'un kake" title="Plan de fabrication d'un kake" /><br />
<em>Plan schématique, l'échelle n'est pas respectée</em></p>
<p>Matériaux:</p>
<ul>
<li>du tasseau</li>
<li>du tourillon</li>
<li>des chevilles de fixation adaptées au mur d'accueil</li>
</ul>
<p>Matériel:</p>
<ul>
<li>un crayon</li>
<li>un mètre</li>
<li>du papier de verre de finition (180, 240 par exemple)</li>
<li>une scie</li>
<li>une perceuse</li>
<li>un foret de la même taille que le tourillon</li>
</ul>
<p><strong>Astuce</strong>: à chaque étape, on pense à bien commencer par mesurer et tracer les découpes et perçages à l'aide du mètre
et du crayon. Après chaque coupe et perçage, on pense à ébavurer les pièces avec le papier de verre.</p>
<ol>
<li>On commence par couper toutes les pièces aux bonnes dimensions:</li>
</ol>
<ul>
<li>Avec le tasseau, on coupe deux longueurs identiques qui serviront de base verticale au <em>kake</em>. Dans mon exemple, j'ai
fait deux montants de ~1m.</li>
<li>Avec le tourillon, on va découper des chevilles que l'on insérera dans les tasseaux une fois ceux-ci percés. Dans
mon exemple, mes chevilles font ~7cm.</li>
</ul>
<ol start="2">
<li>On perce ensuite les montants à angle (~60°) et interval réguliers (~10cm). Pour l'interval, il suffit de mesurer, et
pour l'angle, on commence par se faire un gabari dans une chute, que l'on utilise ensuite pour tous les trous.</li>
<li>Les trous les plus proches des extrêmités des montants sont ensuite percés pour la fixation au mur.</li>
<li>Il ne reste plus qu'à fixer les montants au mur, et insérer ensuite les chevilles.</li>
<li>Le <em>kake</em> est prêt. Une finition à l'huile de lin augmentera encore d'avantage sa durabilité (de même pour les armes, d'ailleurs).</li>
</ol>
<p><img src="https://hya.sk/blog/posts/2023/katana-kake/./kake-skia.webp" alt="Résultat obtenu, avec quelques finitions supplémentaires" title="Résultat obtenu, avec quelques finitions supplémentaires" /><br />
<em>Le résultat obtenu, avec quelques finitions supplémentaires, comme l'étagère et les chanfreins aux extrêmités des montants</em></p>
<p><a href="https://hya.sk/blog/posts/2023/katana-kake/./galerie/">Galerie complète</a></p>
`inxi`: fetch a machine's detailed information2023-07-26T00:00:00+00:002023-07-26T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/2023/inxi/<p>It seems I'm unable to keep that tool in my head, so let's write down this cheat-sheet once and for all:</p>
<p>Install it:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span># <package-manager-install-command> inxi
</span></code></pre>
<p>Get <strong>F</strong>ull details:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>$ inxi -F
</span></code></pre>
<p>Get anonymi<strong>z</strong>ed <strong>F</strong>ull details:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>$ inxi -zF
</span></code></pre>
<p>Get anonymi<strong>z</strong>ed <strong>F</strong>ull details with e<strong>x</strong>tra:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>$ inxi -zFx
</span></code></pre>
<p>Example on my machine:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>$ inxi -zFx
</span><span>System:
</span><span> Kernel: 6.4.4-100.fc37.x86_64 arch: x86_64 bits: 64 compiler: gcc
</span><span> v: 2.38-27.fc37 Desktop: sway v: 1.7 Distro: Fedora release 37 (Thirty
</span><span> Seven)
</span><span>Machine:
</span><span> Type: Desktop Mobo: ASRock model: X570 Pro4 serial: <superuser required>
</span><span> UEFI: American Megatrends v: P3.90 date: 01/26/2021
</span><span>Battery:
</span><span> Device-1: nintendo_switch_controller_battery_0003:057E:2009.0001 model: N/A
</span><span> charge: Full status: charging
</span><span>CPU:
</span><span> Info: 6-core model: AMD Ryzen 5 5600X bits: 64 type: MT MCP arch: Zen 3+
</span><span> rev: 0 cache: L1: 384 KiB L2: 3 MiB L3: 32 MiB
</span><span> Speed (MHz): avg: 3856 high: 4642 min/max: 2200/4650 boost: enabled cores:
</span><span> 1: 4574 2: 4641 3: 2200 4: 3711 5: 3702 6: 3697 7: 4266 8: 4642 9: 3723
</span><span> 10: 3713 11: 3695 12: 3716 bogomips: 88632
</span><span> Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm
</span><span>Graphics:
</span><span> Device-1: AMD Lexa PRO [Radeon 540/540X/550/550X / RX 540X/550/550X]
</span><span> vendor: Sapphire driver: amdgpu v: kernel arch: GCN-4 bus-ID: 05:00.0
</span><span> Device-2: AMD Navi 23 [Radeon RX 6650 XT / 6700S 6800S]
</span><span> vendor: Tul / PowerColor driver: vfio-pci v: N/A arch: RDNA-2
</span><span> bus-ID: 0c:00.0
</span><span> Device-3: Sony CEVCECM driver: uvcvideo type: USB bus-ID: 5-1.3.2:6
</span><span> Display: wayland server: X.org v: 1.20.14 with: Xwayland v: 22.1.9
</span><span> compositor: sway v: 1.7 driver: X: loaded: amdgpu
</span><span> unloaded: fbdev,modesetting,vesa dri: radeonsi gpu: amdgpu resolution:
</span><span> 1: 1920x1200~60Hz 2: 2560x1440~75Hz
</span><span> API: OpenGL v: 4.6 Mesa 23.0.3 renderer: AMD Radeon RX 550 / 550 Series
</span><span> (polaris12 LLVM 15.0.7 DRM 3.52 6.4.4-100.fc37.x86_64) direct-render: Yes
</span><span>Audio:
</span><span> Device-1: AMD Baffin HDMI/DP Audio [Radeon RX 550 640SP / 560/560X]
</span><span> vendor: Sapphire driver: snd_hda_intel v: kernel bus-ID: 05:00.1
</span><span> Device-2: AMD Navi 21/23 HDMI/DP Audio driver: vfio-pci bus-ID: 0c:00.1
</span><span> Device-3: AMD Starship/Matisse HD Audio vendor: ASRock
</span><span> driver: snd_hda_intel v: kernel bus-ID: 0e:00.4
</span><span> Device-4: Sony CEVCECM driver: hid-generic,snd-usb-audio,usbhid type: USB
</span><span> bus-ID: 5-1.3.4:7
</span><span> API: ALSA v: k6.4.4-100.fc37.x86_64 status: kernel-api
</span><span> Server-1: PipeWire v: 0.3.75 status: active
</span><span>Network:
</span><span> Device-1: Intel I211 Gigabit Network vendor: ASRock driver: igb v: kernel
</span><span> port: d000 bus-ID: 06:00.0
</span><span> IF: enp6s0 state: up speed: 1000 Mbps duplex: full mac: <filter>
</span><span> IF-ID-1: virbr0 state: down mac: <filter>
</span><span>Drives:
</span><span> Local Storage: total: 2.27 TiB used: 383.31 GiB (16.5%)
</span><span> ID-1: /dev/nvme0n1 vendor: Samsung model: SSD 970 EVO Plus 500GB
</span><span> size: 465.76 GiB temp: 30.9 C
</span><span> ID-2: /dev/nvme1n1 vendor: Samsung model: SSD 980 1TB size: 931.51 GiB
</span><span> temp: 27.9 C
</span><span> ID-3: /dev/sda vendor: Samsung model: SSD 860 QVO 1TB size: 931.51 GiB
</span><span> temp: 21 C
</span><span>Partition:
</span><span> ID-1: / size: 464.16 GiB used: 382.97 GiB (82.5%) fs: btrfs dev: /dev/dm-0
</span><span> mapped: luks-3c1eacea-abbd-48f2-9614-3a6e692758db
</span><span> ID-2: /boot size: 973.4 MiB used: 329.9 MiB (33.9%) fs: ext4
</span><span> dev: /dev/nvme0n1p2
</span><span> ID-3: /boot/efi size: 598.8 MiB used: 17.4 MiB (2.9%) fs: vfat
</span><span> dev: /dev/nvme0n1p1
</span><span> ID-4: /home size: 464.16 GiB used: 382.97 GiB (82.5%) fs: btrfs
</span><span> dev: /dev/dm-0 mapped: luks-3c1eacea-abbd-48f2-9614-3a6e692758db
</span><span>Swap:
</span><span> ID-1: swap-1 type: zram size: 8 GiB used: 0 KiB (0.0%) dev: /dev/zram0
</span><span>Sensors:
</span><span> System Temperatures: cpu: 39.6 C mobo: N/A gpu: amdgpu temp: 38.0 C
</span><span> Fan Speeds (RPM): N/A gpu: amdgpu fan: 1787
</span><span>Info:
</span><span> Processes: 371 Uptime: 1m Memory: available: 31.25 GiB used: 2.21 GiB (7.1%)
</span><span> Init: systemd target: graphical (5) Compilers: gcc: 12.3.1 clang: 15.0.7
</span><span> Packages: 28 note: see --rpm Shell: Zsh v: 5.9 inxi: 3.3.27
</span></code></pre>
Completing Horizon Zero Dawn2023-02-15T00:00:00+00:002023-02-15T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/2023-horizon-zero-dawn/<p>That's it. It's done. I've just completed <a href="https://en.wikipedia.org/wiki/Horizon_Zero_Dawn">Horizon Zero Dawn</a>, and it
was a hell of a trip!</p>
<p>The game is really beautiful, particularly in the Frozen Wilds. The snow getting trampled during a fight still amaze me.</p>
<p>The rhythm between main quest and side quest is well mastered. You get the side quests by small batches if you follow
the main quest, and it's rather quick, but still fun, to complete them before going back to the main quest without
having completely forgotten what was all about.</p>
<p>The gameplay is smooth. All the weapons complete each other well, and it's a pleasure to activate the focus, get the
information you need, like the elemental weakness of your foe, then switch to the right tool to tear it to pieces.</p>
<p>The story is spellbinding. The more you discover, the more you want to get more. The audio logs and textbooks hidden all
over the world are short enough to keep you in the game, but still provide much lore that you always want to dig deeper.</p>
<p>The mostly natural outdoor environments with highly technological sci-fi components, tainted with pre-historical
creatures and contemporary historical events, is really well mixed and gives a truly original world that we don't get to
see that often, and thus are very eager to discover.<br />
This also successfully creates a unique atmosphere that supports the storytelling amazingly, but also helps efficiently
in keeping the suspension of disbelief for a smooth playing experience.</p>
<p>On a more technical note, what a pleasure to be able to play this with one click on Linux (Fedora 36), even enjoying
the full support of a comfortable Nintendo Pro Controller, without going through hacks here and there to maintain the
stuff working for the six months I passed playing the game. Maybe 2022 was the year of the Linux desktop after all?</p>
<p>Jokes aside, kudos to all the developers and maintainers of all those systems, Linux, Fedora, Wine, DXVK, Proton,
Steam, etc... It's a pleasure to enjoy the result of all your efforts running at full speed in high resolution and
graphical settings! Take those screenshots as rewards.</p>
<p><img src="https://hya.sk/blog/posts/2023-horizon-zero-dawn/./rosts_house.webp" alt="" /><br />
<em>Aloy contemplating Rost's house after all her adventure</em></p>
<p><img src="https://hya.sk/blog/posts/2023-horizon-zero-dawn/./nora_sacred_land.webp" alt="" /><br />
<em>A view of the Nora Sacred Land from Rost's house</em></p>
Global push-to-talk on `sway`2023-01-19T00:00:00+00:002023-01-19T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/2023-push-to-talk-on-sway/<p>For a few months now, I have a global push-to-talk shortcut. Before discussing it, here is the <code>sway</code> configuration:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>bindcode --locked --no-repeat {
</span><span> # Permanently unmute microphone
</span><span> $mod+121 exec "pactl set-source-mute @DEFAULT_SOURCE@ 0"
</span><span> # Push-to-talk style unmute microphone
</span><span> 121 exec "pactl set-source-mute @DEFAULT_SOURCE@ 0"
</span><span> # Push-to-talk style mute microphone
</span><span> --release 121 exec "pactl set-source-mute @DEFAULT_SOURCE@ 1"
</span><span>}
</span></code></pre>
<p>Keycode <code>121</code> is for <code>XF86AudioMute</code>, as shown by <code>wev</code>:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span> sym: XF86AudioMute (269025042), utf8: ''
</span><span>[14: wl_keyboard] key: serial: 185212; time: 96900271; key: 121; state: 1 (pressed)
</span></code></pre>
<p>Since I never use it to mute my audio output (toggling <em>play/pause</em> on any media is far enough and lowering the volume
down is still possible for extreme situations), it was available to bind to to audio input. Moreover, audio input clearly
is something I want to mute regularly and easily, both for privacy purpose and voice chat etiquette.</p>
<hr />
<p>Now about this config's properties:</p>
<ul>
<li>It's global and managed by my compositor:
<ul>
<li>I can be anywhere, even deep in a full-screen game, the shortcut will work.</li>
<li>I can use any voice application, in a web browser or not, the shortcut will work, and still behave the same.</li>
</ul>
</li>
<li>It manages the <code>@DEFAULT_SOURCE@</code>, meaning I can change my audio input to any device, it'll work the same.</li>
<li>It actually binds three commands:
<ul>
<li>Permanent unmute, with <code>Super+AudioMute</code>: when typing it, I always know I'll be permanently unmuted, useful for
long speeches in video-calls or gaming with my fellows.</li>
<li>Push-to-talk unmute, pressing <code>AudioMute</code>: when pressing it, I always know I can speak, audio input is active.</li>
<li>Push-to-talk mute, releasing <code>AudioMute</code>: when releasing it, I always know I end up muted.</li>
</ul>
</li>
</ul>
<p>In any configuration, I have a shortcut bringing me to any desired state: permanent unmute, push-to-talk unmute,
permanent mute.<br />
And the best: I don't even need any visual feedback! (although I have one on Waybar just in case)</p>
<hr />
<p>Many thanks to the guy behind <a href="https://blog.mfavreaux.fr/">Corners were cut</a> that came up to me with this
configuration idea one day, that's one of my best ergonomic improvements since the day I discovered tiling WM.</p>
<p>Edit: thanks to Nabos for pointing out the <code>--no-repeat</code> option.</p>
A `label`-free `traefik` reverse-proxy2022-12-05T00:00:00+00:002022-12-05T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/label-free-traefik-rp/<p>When the need arise to reverse-proxy services, my go-to solution until recently was <code>nginx</code>.</p>
<p>Since I've now been introduced to <code>traefik</code>, the question is a bit more up for debate, but in any case,
the Internet mostly references configuration leveraging the Docker provider of <code>traefik</code>, with the <code>label</code> system,
which is great, but not always the best solution.</p>
<p>In some situation where you can't or don't want to modify the proxied services' <code>docker-compose.yml</code>
(or <code>docker run</code> command line), it's easiest to fall-back to a more classical file-provider to decorelate
<code>traefik</code>'s configuration from your services' one.</p>
<p>Here is a starting point configuration doing just that:</p>
<p><code>docker-compose.yml</code>:</p>
<pre data-lang="yaml" style="background-color:#0f1419;color:#bfbab0;" class="language-yaml "><code class="language-yaml" data-lang="yaml"><span style="color:#59c2ff;">version</span><span style="color:#bfbab0cc;">: </span><span style="color:#c2d94c;">'3'
</span><span>
</span><span style="color:#59c2ff;">services</span><span style="color:#bfbab0cc;">:
</span><span> </span><span style="color:#59c2ff;">reverse-proxy</span><span style="color:#bfbab0cc;">:
</span><span> </span><span style="color:#59c2ff;">image</span><span style="color:#bfbab0cc;">: </span><span style="color:#c2d94c;">traefik:v2
</span><span> </span><span style="color:#59c2ff;">volumes</span><span style="color:#bfbab0cc;">:
</span><span> - </span><span style="color:#c2d94c;">./config:/etc/traefik
</span></code></pre>
<p><code>config/traefik.toml</code>:</p>
<pre data-lang="toml" style="background-color:#0f1419;color:#bfbab0;" class="language-toml "><code class="language-toml" data-lang="toml"><span>[</span><span style="color:#59c2ff;">entryPoints</span><span>]
</span><span> [</span><span style="color:#59c2ff;">entryPoints</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">http</span><span>]
</span><span> </span><span style="color:#59c2ff;">address </span><span>= </span><span style="color:#c2d94c;">":80"
</span><span>
</span><span>[</span><span style="color:#59c2ff;">log</span><span>]
</span><span> </span><span style="color:#59c2ff;">level </span><span>= </span><span style="color:#c2d94c;">"INFO"
</span><span>
</span><span style="font-style:italic;color:#5c6773;"># Activate access logs on stdout
</span><span>[</span><span style="color:#59c2ff;">accessLog</span><span>]
</span><span>
</span><span style="font-style:italic;color:#5c6773;"># Activate the web UI
</span><span>[</span><span style="color:#59c2ff;">api</span><span>]
</span><span style="color:#59c2ff;">insecure </span><span>= </span><span style="color:#f29718;">true
</span><span>
</span><span>[</span><span style="color:#59c2ff;">providers</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">file</span><span>]
</span><span> </span><span style="color:#59c2ff;">filename </span><span>= </span><span style="color:#c2d94c;">"/etc/traefik/services.toml"
</span></code></pre>
<p><code>config/services.toml</code>:</p>
<pre data-lang="toml" style="background-color:#0f1419;color:#bfbab0;" class="language-toml "><code class="language-toml" data-lang="toml"><span>[</span><span style="color:#59c2ff;">http</span><span>]
</span><span> [</span><span style="color:#59c2ff;">http</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">routers</span><span>]
</span><span> [</span><span style="color:#59c2ff;">http</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">routers</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">dev-api</span><span>]
</span><span> </span><span style="color:#59c2ff;">service </span><span>= </span><span style="color:#c2d94c;">"dev-api"
</span><span> </span><span style="color:#59c2ff;">rule </span><span>= </span><span style="color:#c2d94c;">"Host(`my-dev.host.name`) && PathPrefix(`/api`)"
</span><span> [</span><span style="color:#59c2ff;">http</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">routers</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">dev</span><span>]
</span><span> </span><span style="color:#59c2ff;">service </span><span>= </span><span style="color:#c2d94c;">"dev"
</span><span> </span><span style="color:#59c2ff;">rule </span><span>= </span><span style="color:#c2d94c;">"Host(`my-dev.host.name`) && !PathPrefix(`/api`)"
</span><span> [</span><span style="color:#59c2ff;">http</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">routers</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">staging</span><span>]
</span><span> </span><span style="color:#59c2ff;">service </span><span>= </span><span style="color:#c2d94c;">"staging"
</span><span> </span><span style="color:#59c2ff;">rule </span><span>= </span><span style="color:#c2d94c;">"Host(`my-staging.host.name`)"
</span><span>
</span><span> [</span><span style="color:#59c2ff;">http</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">services</span><span>]
</span><span> [</span><span style="color:#59c2ff;">http</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">services</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">dev-api</span><span>]
</span><span> [</span><span style="color:#59c2ff;">http</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">services</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">dev-api</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">loadBalancer</span><span>]
</span><span> [[</span><span style="color:#59c2ff;">http</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">services</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">dev-api</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">loadBalancer</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">servers</span><span>]]
</span><span> </span><span style="color:#59c2ff;">url </span><span>= </span><span style="color:#c2d94c;">"http://10.0.0.1:4001/"
</span><span>
</span><span> [</span><span style="color:#59c2ff;">http</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">services</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">dev</span><span>]
</span><span> [</span><span style="color:#59c2ff;">http</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">services</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">dev</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">loadBalancer</span><span>]
</span><span> [[</span><span style="color:#59c2ff;">http</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">services</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">dev</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">loadBalancer</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">servers</span><span>]]
</span><span> </span><span style="color:#59c2ff;">url </span><span>= </span><span style="color:#c2d94c;">"http://10.0.0.1:4000/"
</span><span>
</span><span> [</span><span style="color:#59c2ff;">http</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">services</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">staging</span><span>]
</span><span> [</span><span style="color:#59c2ff;">http</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">services</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">staging</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">loadBalancer</span><span>]
</span><span> [[</span><span style="color:#59c2ff;">http</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">services</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">staging</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">loadBalancer</span><span style="color:#bfbab0cc;">.</span><span style="color:#59c2ff;">servers</span><span>]]
</span><span> </span><span style="color:#59c2ff;">url </span><span>= </span><span style="color:#c2d94c;">"http://10.0.0.2:4000/"
</span></code></pre>
Reviving an old hammer2022-11-07T00:00:00+00:002022-11-07T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/reviving-an-old-hammer/<p>I recently stumbled upon an old hammer head. It was rusty and dirty, but looked great and seem to have lived quite a few
hits already, with its face and peen obviously squashed.</p>
<p>This is more specifically a cross-peen head, that was likely used in the past for shaping small metal pieces or sheets
as it's too light for heavy duty, and wouldn't be squashed if used for woodworking.</p>
<p>It missed a handle, but this was quickly fixed with a small maple branch, and a rotating metallic brush did the rest for
the head.</p>
<p><img src="https://hya.sk/blog/posts/reviving-an-old-hammer/./img/IMG_20221103_191409.opti.jpg" alt="" /><br />
<em>The old rusty head</em></p>
<p><img src="https://hya.sk/blog/posts/reviving-an-old-hammer/./img/IMG_20221103_192731.opti.jpg" alt="" /><br />
<em>The nice looking brushed head</em></p>
<p><img src="https://hya.sk/blog/posts/reviving-an-old-hammer/./img/IMG_20221103_192839.opti.jpg" alt="" /><br />
<em>Carving a handle</em></p>
<p><img src="https://hya.sk/blog/posts/reviving-an-old-hammer/./img/IMG_20221103_193738.opti.jpg" alt="" /><br />
<em>Assembling the hammer</em></p>
<p><img src="https://hya.sk/blog/posts/reviving-an-old-hammer/./img/IMG_20221103_193802.opti.jpg" alt="" /><br />
<em>The hammer looking nice on the bench panel</em></p>
<p>Time to do all this: less than an hour.</p>
<p>Why write a blog post about this? Because hammers are great and should be treated with <em>respect</em>!</p>
Hellfest 20222022-06-27T00:00:00+00:002022-06-27T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/hellfest-2022/<p>Last week, I had the pleasure of attending the <a href="https://hellfest.fr/">Hellfest</a>, which is one of the greatest Metal
festival in Europe. I only did the first week-end, because three days are already very exhausting, and I wasn't
available for the second week-end anyway.</p>
<h1 id="pro-tips-against-the-heat">Pro-tips against the heat</h1>
<p>Yes, it was <strong>hot</strong>! Apparent temperature was, according to Meteo France, more than 42°C! Here are some advices to
support that with style:</p>
<ul>
<li>sew a ghetto-style hooded cloak for a medieval festival a few years in advance</li>
<li>add a white pirate-style linen shirt</li>
<li>wear a traditional burgundy lab coat from your
<a href="https://en.wikipedia.org/wiki/Universit%C3%A9_de_technologie_de_Belfort-Montb%C3%A9liard">school</a> around your hips
so that it falls down your legs</li>
</ul>
<p>You now should have every square-centimetre of skin covered, and shouldn't fear sunburns too much. In exchange,
everybody will ask you in awe if you're not too hot with all that fabric, to what you can answer that <a href="https://en.wikipedia.org/wiki/Tuareg_people">Tuareg
people</a> live in the middle of the desert with more clothes than that.
Moreover, moistening them gives a very long lasting fresh feeling that makes standing under the sun for hours almost
easy. And rest assured that by more than 40°C, it's not the clothes that make you sweat, but they rather prevent you
from drying too quickly!</p>
<p>I find astonishing that after almost two decades of Hellfest, people still think it's a good idea to wander shirtless
across the festival, and even more, are surprised by someone wearing clothes!</p>
<p>Also, don't forget the golden rule: <em>one pitcher of cider, one pitcher of water</em>!</p>
<h1 id="the-shows">The shows</h1>
<p>As always, the shows were really over the top in the best possible way! Just to name a few, in no particular order:</p>
<ul>
<li>Alestorm</li>
<li>Skáld</li>
<li>Ensiferum</li>
<li>The Inspector Cluzo</li>
<li>Five Finger Death Punch</li>
<li>Leprous</li>
<li>Soen</li>
<li>Frog Leap</li>
<li>Perturbator</li>
<li>Devin Townsend</li>
<li>Jinjer</li>
<li>and of course, Gojira</li>
</ul>
<p>The final with that last, awesome band, followed by the greatly orchestrated fireworks with some music on was really
memorable!</p>
<p>As always, the wonderful setting, the fire everywhere at night, the food, the relaxed and friendly atmosphere, the
numerous volunteers and crew members working hard all day and night, I really can't recommend enough this experience,
even for someone not really fond of Metal.</p>
<p>\m/ See you next time in Hell \m/</p>
Configure syslog-ng with TLS2022-06-14T00:00:00+00:002022-06-14T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/configure-syslog-ng-with-tls/<p>This article is just the compilation of my notes regarding the deployment of a simple log concentrator over TLS.</p>
<h1 id="rsyslog-vs-syslog-ng"><a href="https://en.wikipedia.org/wiki/Rsyslog"><code>rsyslog</code></a> vs <a href="https://en.wikipedia.org/wiki/Syslog-ng"><code>syslog-ng</code></a></h1>
<p>Those are the two main solutions found out there. <code>rsyslog</code> is installed by default on Debian and many derivatives, so I
gave it a go first.</p>
<p>My specifications required the use of a TLS connection between the syslog clients and the server. Nothing fancy, but it
quickly became a pain to set up with <code>rsyslog</code>, since:</p>
<ul>
<li>They updated their configuration syntax, but kept both in the very same file, while leads to <a href="https://github.com/rsyslog/rsyslog/issues?q=is%3Aissue+documentation+label%3Aquestion+">many "questions"
issues</a> and <a href="https://github.com/rsyslog/rsyslog/issues/2626">unneeded
difficulties</a> to understand what is a valid file for which <code>rsyslog</code>
version.</li>
<li>Here is the out of date<sup class="footnote-reference"><a href="#1">1</a></sup> <sup class="footnote-reference"><a href="#2">2</a></sup> but greatly indexed and easy to find documentation: <a href="https://rsyslog.readthedocs.io">https://rsyslog.readthedocs.io</a><br />
It also has the advantage of being Sphinx-based, thus really familiar and easy to browse, which makes the fact that it
covers a version of <code>rsyslog</code> from 2016 even more painful.</li>
<li>Here is the up to date but very unusable doc: <a href="https://www.rsyslog.com/doc/v8-stable/configuration/modules/imtcp.html">https://www.rsyslog.com/doc/v8-stable/configuration/modules/imtcp.html</a><br />
It's actually more like a full API reference, with no real configuration example that would cover simple use-cases.<br />
Discovering every single option is thus easy, but it's very hard to understand how they work together, as well as
which value a given key can take.<br />
e.g: finding the possible options for <code>StreamDriver.Mode</code> takes at least two clicks from the page where you learn its
existence and a too deep knowledge of the internals of <code>rsyslog</code>: the different network drivers, and which is the one
you want for a TLS connection, <code>gtls</code>, <code>ptcp</code>, <code>openssl</code>...</li>
<li>In overall, <a href="https://github.com/rsyslog/rsyslog-doc/issues/394">"documentation is hard to use and badly structured"</a>.</li>
</ul>
<p>This is only my experience of single day trying to setup a TLS connection between two machines. I expect <code>rsyslog</code>
didn't became popular and the default on Debian by accident, so it must have some advantages I didn't see, but after a
while playing with it, I was more hurt than pleased, and finally gave up. Feel free to show me what kind of moron I am :-)</p>
<p>Oh, and fortunately, Proxmox <a href="https://bugzilla.proxmox.com/show_bug.cgi?id=198">stopped</a> depending on it a while ago, so
there's was no problem testing something else in my situation.</p>
<h1 id="syslog-ng-configuration-example"><code>syslog-ng</code> configuration example</h1>
<p>As you may have guessed, the <code>syslog-ng</code> experience was quite different. It took me about 20 minutes setting up a first
proof of concept connection with <code>syslog-ng</code>, and I had all my servers connected in one afternoon, with a clean and
readable configuration. The documentation isn't perfect, but works okay, and the error messages I got when there were
problems were helpful too. <a href="https://www.syslog-ng.com/community/b/blog/posts/common-syslog-ng-error-messages-solutions">This
page</a> is particularly
salutary and easy to find.</p>
<p>Here is a full server configuration:</p>
<pre data-lang="conf" style="background-color:#0f1419;color:#bfbab0;" class="language-conf "><code class="language-conf" data-lang="conf"><span style="color:#ff7733;">options </span><span>{
</span><span> </span><span style="color:#f29718;">create_dirs</span><span>(</span><span style="color:#f29718;">yes</span><span>);
</span><span> </span><span style="color:#f29718;">keep-hostname</span><span>(</span><span style="color:#f29718;">yes</span><span>);
</span><span>};
</span><span>
</span><span style="color:#f29718;">source </span><span>s_network {
</span><span> </span><span style="color:#f29718;">network </span><span>(
</span><span> </span><span style="color:#f29718;">transport</span><span>(</span><span style="color:#c2d94c;">"tls"</span><span>)
</span><span> </span><span style="color:#f29718;">ip</span><span>(</span><span style="color:#f29718;">0.0.0.0</span><span>)
</span><span> </span><span style="color:#f29718;">port</span><span>(</span><span style="color:#f29718;">514</span><span>)
</span><span> </span><span style="color:#f29718;">tls </span><span>(
</span><span> </span><span style="color:#f29718;">ca-dir</span><span>(</span><span style="color:#c2d94c;">"/etc/ssl/certs"</span><span>)
</span><span> </span><span style="color:#f29718;">cert-file</span><span>(</span><span style="color:#c2d94c;">"/etc/ssl/certs/server.example.net.crt"</span><span>)
</span><span> </span><span style="color:#f29718;">key-file</span><span>(</span><span style="color:#c2d94c;">"/etc/ssl/private/server.example.net.key"</span><span>)
</span><span> </span><span style="color:#f29718;">peer-verify</span><span>(</span><span style="color:#c2d94c;">"required-trusted"</span><span>)
</span><span> </span><span style="color:#f29718;">trusted-dn</span><span>(</span><span style="color:#c2d94c;">"*CN=*example.net, *"</span><span>)
</span><span> )
</span><span> );
</span><span>};
</span><span>
</span><span>
</span><span style="font-style:italic;color:#5c6773;">##################################################
</span><span style="color:#f29718;">destination </span><span>d_host</span><span style="color:#f29668;">-</span><span>generic { </span><span style="color:#ffb454;">file</span><span>(</span><span style="color:#c2d94c;">"/storage/logs/$HOST/$YEAR/$MONTH/$HOST-$YEAR-$MONTH-$DAY.log"</span><span>); };
</span><span style="color:#f29718;">destination </span><span>d_host</span><span style="color:#f29668;">-</span><span>auth { </span><span style="color:#ffb454;">file</span><span>(</span><span style="color:#c2d94c;">"/storage/logs/$HOST/$YEAR/$MONTH/auth-$HOST-$YEAR-$MONTH-$DAY.log"</span><span>); };
</span><span style="font-style:italic;color:#5c6773;"># You can put many more here depending on your needs
</span><span>
</span><span style="font-style:italic;color:#5c6773;">##################################################
</span><span style="color:#ff7733;">log </span><span>{ </span><span style="color:#ffb454;">source</span><span>(s_network); </span><span style="color:#ffb454;">filter</span><span>(f_auth); </span><span style="color:#ffb454;">destination</span><span>(d_host</span><span style="color:#f29668;">-</span><span>auth); };
</span><span style="color:#ff7733;">log </span><span>{ </span><span style="color:#ffb454;">source</span><span>(s_network); </span><span style="color:#ffb454;">destination</span><span>(d_host</span><span style="color:#f29668;">-</span><span>generic); };
</span><span style="font-style:italic;color:#5c6773;"># Same as above, add what you need here
</span></code></pre>
<p>And here is the corresponding client configuration:</p>
<pre data-lang="conf" style="background-color:#0f1419;color:#bfbab0;" class="language-conf "><code class="language-conf" data-lang="conf"><span style="color:#f29718;">destination </span><span>d_network {
</span><span> </span><span style="color:#f29718;">network</span><span>(
</span><span> </span><span style="color:#c2d94c;">"server.example.net"
</span><span> </span><span style="color:#f29718;">port</span><span>(</span><span style="color:#f29718;">514</span><span>)
</span><span> </span><span style="color:#f29718;">transport</span><span>(</span><span style="color:#c2d94c;">"tls"</span><span>)
</span><span> </span><span style="color:#f29718;">tls</span><span>(ca</span><span style="color:#f29668;">-</span><span style="color:#ffb454;">dir</span><span>(</span><span style="color:#c2d94c;">"/etc/ssl/certs"</span><span>)
</span><span> </span><span style="color:#f29718;">cert_file</span><span>(</span><span style="color:#c2d94c;">"/etc/ssl/certs/client.example.net.crt.pem"</span><span>)
</span><span> </span><span style="color:#f29718;">key_file</span><span>(</span><span style="color:#c2d94c;">"/etc/ssl/private/client.example.net.key.pem"</span><span>)
</span><span> )
</span><span> );
</span><span>};
</span><span style="color:#ff7733;">log </span><span>{
</span><span> </span><span style="color:#f29718;">source</span><span>(s_src);
</span><span> </span><span style="color:#f29718;">destination</span><span>(d_network);
</span><span>};
</span></code></pre>
<p>Don't forget to open the TCP 514 port in the firewall, and you're good to go!</p>
<div class="footnote-definition" id="1"><sup class="footnote-definition-label">1</sup>
<p>Out of date tutorial, it still uses the old syntax: <a href="https://rsyslog.readthedocs.io/en/latest/tutorials/tls.html">https://rsyslog.readthedocs.io/en/latest/tutorials/tls.html</a></p>
</div>
<div class="footnote-definition" id="2"><sup class="footnote-definition-label">2</sup>
<p>Here is the rework commit, still unreleased as of today: <a href="https://github.com/rsyslog/rsyslog-doc/commit/07bd11c483e0f20068c5f4fd4dc00a698f88a3e6">https://github.com/rsyslog/rsyslog-doc/commit/07bd11c483e0f20068c5f4fd4dc00a698f88a3e6</a></p>
</div>
Store your TOTP seeds on a Yubikey2022-02-28T00:00:00+00:002022-02-28T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/totp-on-a-yubikey/<p><a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm">TOTP</a> is a very common method that websites
implement to provide a second authentication factor, and very often, it is recommended to use the proprietary <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2">Google
Authenticator</a>™ app on your
Android phone. For years, I've been using the great <a href="https://github.com/andOTP/andOTP">andOTP</a> app available in
<a href="https://f-droid.org/">F-droid</a> as a FOSS alternative, since I don't have access to the Play Store.<br />
And yes, I know of <a href="https://gitlab.com/AuroraOSS/AuroraStore">Aurora Store</a>, but I see it only as a workaround for
people with no Google account, rather than a true solution to Google's hegemony in the smartphone world.</p>
<p>In any case, the main problem with this application-based solution is well-known: a smartphone breaks easily.<br />
I've been carrying mine since 2017, which is quite a long time for such a device, and it's now starting to fall apart,
with the screen already cracked, a battery time that I can't rely on, and a protective case in a disastrous
condition, that I find pretty pointless to replace given the state of the phone.</p>
<p>Long story short, my <del>phone</del> second authentication factor can die anytime, leaving me in a state where I can only use
my <a href="https://www.yubico.com/fr/product/yubikey-5-nfc/">Yubikey</a> on the websites I could activate it on, and no other
solution than the recovery codes for the rest. This is pretty bad, and I
<a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&showAllReviews=true">wonder</a> how
people who don't have Yubikey-like solutions do when they drop their phone from a bit too high...</p>
<p>Solutions to that are multiple:</p>
<ul>
<li>Do nothing and keep recovery codes for bad situations.</li>
<li>Use a desktop TOTP app, which is not a very nomad solution when I need to access an account from a friend's computer.</li>
<li>Store the TOTP seeds in my password manager, which breaks the principle of dividing the different MFA information.</li>
<li>Store the TOTP seeds directly into my Yubikey, which is a nice solution I only recently discovered: the secrets are
well-protected, in a very hard to break device, that is also very lightweight, and that I can keep stringed to my
belt (as I already did anyway). In addition, it brings consistency for my second authentication factor, even with
website that don't support <a href="https://en.wikipedia.org/wiki/FIDO2_Project">FIDO2</a>-based MFA.</li>
</ul>
<p>The last solution is moreover very easy to set up, thanks to <a href="https://www.yubico.com/">Yubico</a>'s nice work:</p>
<ul>
<li>Want a GUI? Go for the desktop app: <a href="https://github.com/Yubico/yubioath-desktop">https://github.com/Yubico/yubioath-desktop</a></li>
<li>Want to script? A CLI solution is here: <a href="https://github.com/Yubico/yubikey-manager">https://github.com/Yubico/yubikey-manager</a></li>
</ul>
<p>Both software are cross-platform, easy to install, packaged in most distributions, and their UI is pretty
straightforward. They allow me set a password to protect the access to the codes (a Yubikey can still get stolen!), and
I've yet to find the limit to the number of seeds I can store (currently 19!).</p>
<p>Another nice use-case for this, is to provide a TOTP-protected OpenVPN access to some people without the complexity of
<a href="https://developers.yubico.com/yubico-pam/YubiKey_and_OpenVPN_via_PAM.html">PAM-based</a> or
<a href="https://developers.yubico.com/yubico-piv-tool/">PIV-based</a> solutions. <a href="https://opnsense.org/">OPNsense</a> makes that
server configuration <a href="https://docs.opnsense.org/manual/how-tos/sslvpn_client.html">very easy</a>.</p>
<p>As a good friend reminded me, super top-notch TOTP becomes very less useful when you already have strong and unique
passwords everywhere through a <a href="https://en.wikipedia.org/wiki/Password_manager">password-manager</a>. So go use one! There
are <a href="https://en.wikipedia.org/wiki/List_of_password_managers">plenty</a>
<a href="https://github.com/dani-garcia/vaultwarden">available</a>!<br />
Still, 2FA doesn't hurt, particularly when you are the one enforcing it from an admin perspective: even if you generate
strong and unique passwords for your users, you can't rely on them for keeping them safe indefinitely. Having their
access protected both by something they know <em>and</em> something they own is a welcome peace of mind for me.</p>
<p>Also, for some very important accounts, I'd say better safe than sorry, and I personally don't mind the extra security
step.</p>
Preventing shared disk accidents with libvirt2021-11-20T00:00:00+00:002021-11-20T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/prevent-shared-disk-accidents-with-libvirt/<h1 id="a-quick-story-to-get-the-context">A quick story to get the context</h1>
<p>My gaming setup involves a <a href="https://en.wikipedia.org/wiki/Libvirt">libvirt</a> VM with some
<a href="https://wiki.archlinux.org/title/PCI_passthrough_via_OVMF">passthrough</a>, mainly the GPU, but also sound and USB devices
for example.</p>
<p>Another device that is passed through to the VM is my dedicated SSD, formatted in
<a href="https://en.wikipedia.org/wiki/Btrfs">Btrfs</a>.<br />
Why Btrfs? Because it's both natively supported by the Linux kernel, and by the
<a href="https://github.com/maharmstone/btrfs">WinBtrfs</a> project that brings its support to Windows. That means I can easily
share the same disk for casual gaming that just works™ on the Windows VM, casual gaming that just works™ on the Linux
host with native games, and for Wine/Proton experiments with the same data I use on Windows without duplicating
everything.</p>
<p>That's a setup I've use for years without problem, but a recent adventure proved me I needed <del>to be more careful</del>
something to prevent accidents from happening again. Imagine that for some reason it's the week-end, and you make some
experiments with <a href="https://en.wikipedia.org/wiki/Lutris">Lutris</a> and your <a href="https://en.wikipedia.org/wiki/GOG.com">GOG</a>
library, then a bit later a friend asks you to come have some fun, and the proposed game is a popular one that is <a href="https://www.protondb.com/">known
not to work</a> with Wine/Proton. Then you'll just fire up the VM, play the game for the rest of
the evening, then shut down everything and go to bed.</p>
<p>But on the next day, when you just thought everything was fine and you could go play some more games again, you realize
that nothing works anymore, and that the Btrfs filesystem is completely corrupted because it was mounted two times in
parallel, by two autonomous systems that thought had authority on it. The problem is not that serious, because nothing
on that disk was really important, and to fix it you simply <code>mkfs.btrfs</code> again, and re-install everything. But when
re-installing everything involves re-downloading half a Terabyte, you also realize that a simple safe-guard would
probably not be too much luxury to avoid further accidents, and that's what this article is about!</p>
<h1 id="libvirt-hooks">libvirt hooks</h1>
<p>Fortunately, someone in the <code>libvirt</code> team thought one day that it would be great to run custom scripts when some events
occurred in the VM lifetime, and the <a href="https://libvirt.org/hooks.html">hooks</a> were developed.</p>
<p>Long story short, to prevent the story above from happening again, I just put the script below in the following
executable file: <code>/etc/libvirt/hooks/qemu</code></p>
<pre data-lang="bash" style="background-color:#0f1419;color:#bfbab0;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="font-style:italic;color:#5c6773;">#!/bin/bash
</span><span>
</span><span style="color:#ff7733;">if </span><span style="color:#f07178;">[ </span><span style="color:#c2d94c;">"$</span><span>2</span><span style="color:#c2d94c;">" </span><span style="color:#f29668;">= </span><span style="color:#c2d94c;">"prepare" </span><span style="color:#f07178;">]</span><span style="color:#f29668;">; </span><span style="color:#ff7733;">then
</span><span> </span><span style="color:#ff7733;">if </span><span style="color:#ffb454;">findmnt</span><span> /data</span><span style="color:#f29668;">; </span><span style="color:#ff7733;">then
</span><span> </span><span style="color:#ffb454;">umount</span><span> /data
</span><span> </span><span style="color:#ff7733;">fi
</span><span style="color:#ff7733;">fi
</span></code></pre>
<p>Now, I can completely forget to unmount my shared disk, it will automatically be unmounted before being passed through
to the VM, and I won't have to re-download my game library ever again... <em>famous last words</em></p>
A new Debian release may break your CI2021-08-17T00:00:00+00:002021-08-17T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/debian-release-cycle-breaks-ci/<p>What better way to start your week than discovering that <a href="https://www.debian.org/News/2021/20210814">Debian's latest
release</a> broke all your CI?</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>Running with gitlab-runner ...
</span><span> on a-random-builder 4mHpT2K9
</span><span>Preparing the "docker" executor 00:03
</span><span>Using Docker executor with image a-random-debian-buster-based-image ...
</span><span>[...]
</span><span>$ apt update && apt install -y --no-install-recommends python3
</span><span>WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
</span><span>Get:1 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
</span><span>Get:2 http://deb.debian.org/debian buster InRelease [122 kB]
</span><span>Get:3 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
</span><span>Reading package lists...
</span><span>E: Repository 'http://security.debian.org/debian-security buster/updates InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
</span><span>E: Repository 'http://deb.debian.org/debian buster InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
</span><span>E: Repository 'http://deb.debian.org/debian buster-updates InRelease' changed its 'Suite' value from 'stable-updates' to 'oldstable-updates'
</span><span>ERROR: Job failed: exit code 1
</span></code></pre>
<p>To avoid that, don't forget that <code>apt update</code> can also ask questions, and can also accept the <code>-y</code> flag, making your
line look like this: <code>$ apt update -y && apt install -y --no-install-recommends python3</code></p>
Troubleshooting a motherboard with an Arduino2021-08-11T00:00:00+00:002021-08-11T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/motherboard-troubleshooting-with-an-arduino/<p>Remember the old times, when all computer were equipped with a tiny speaker attached directly to the motherboard? I even
remember those speakers being used by <a href="https://en.wikipedia.org/wiki/Commander_Keen_in_Goodbye,_Galaxy">video games</a> to
play musics and sounds!</p>
<p>During the dark times of debugging computer problems, those speakers also served another purpose: it was often the only
way your motherboard had to communicate early boot problems, when even a VGA display was unable to work. Most recent
boards don't have those speaker any more, but sometimes come with a LED fulfilling the same role.</p>
<p>Alas, some motherboards in our recent times come with no speaker nor LED, but thankfully with a speaker header, in case
you happen to have a spare one at home. That's not my case, but it seems I found a more modern workaround tonight, while
debugging one of those temperamental machine.</p>
<p>I simply attached the A0 analog pin of my Arduino UNO to the speaker pin of the motherboard header, flashed the simple
program below, and turned on the serial monitor.</p>
<pre data-lang="cpp" style="background-color:#0f1419;color:#bfbab0;" class="language-cpp "><code class="language-cpp" data-lang="cpp"><span style="color:#ff7733;">void </span><span style="color:#ffb454;">setup</span><span>() {
</span><span> Serial</span><span style="color:#f29668;">.</span><span style="color:#ffb454;">begin</span><span>(</span><span style="color:#f29718;">9600</span><span>)</span><span style="color:#bfbab0cc;">;
</span><span>}
</span><span>
</span><span style="color:#ff7733;">void </span><span style="color:#ffb454;">loop</span><span>() {
</span><span> </span><span style="color:#ff7733;">int</span><span> sensorValue </span><span style="color:#f29668;">= </span><span style="color:#ffb454;">analogRead</span><span>(A0)</span><span style="color:#bfbab0cc;">; </span><span style="font-style:italic;color:#5c6773;">// A0 is plugged to the speaker pin
</span><span> Serial</span><span style="color:#f29668;">.</span><span style="color:#ffb454;">println</span><span>(sensorValue)</span><span style="color:#bfbab0cc;">;
</span><span> </span><span style="color:#ffb454;">delay</span><span>(</span><span style="color:#f29718;">20</span><span>)</span><span style="color:#bfbab0cc;">; </span><span style="font-style:italic;color:#5c6773;">// delay in between reads for stability and readability of the output
</span><span>}
</span></code></pre>
<p><img src="https://hya.sk/blog/posts/motherboard-troubleshooting-with-an-arduino/./arduino-debugging.jpg" alt="" /><br />
<em>Here is the all too complex wiring of the debugging device!</em></p>
<p>I then turned on the machine, and lo and behold, the following printed before my tearful eyes!</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>...
</span><span>20:40:19.209 -> 457
</span><span>20:40:19.209 -> 459
</span><span>20:40:19.242 -> 459
</span><span>20:40:19.242 -> 458
</span><span>20:40:19.275 -> 458
</span><span>20:40:19.308 -> 459
</span><span>20:40:19.308 -> 459
</span><span>20:40:19.342 -> 459
</span><span>20:40:19.342 -> 458
</span><span>20:40:19.374 -> 458
</span><span>20:40:19.408 -> 458
</span><span>20:40:19.408 -> 457
</span><span>20:40:19.441 -> 458
</span><span>20:40:19.474 -> 458
</span><span>20:40:19.474 -> 457
</span><span>20:40:19.507 -> 457
</span><span>20:40:19.507 -> 458
</span><span>20:40:19.540 -> 457
</span><span>20:40:19.573 -> 456
</span><span>20:40:19.573 -> 456
</span><span>20:40:19.606 -> 456
</span><span>20:40:19.606 -> 455
</span><span>20:40:19.639 -> 455
</span><span>20:40:19.672 -> 454
</span><span>20:40:19.672 -> 455
</span><span>20:40:19.705 -> 454
</span><span>20:40:19.705 -> 453
</span><span>20:40:19.738 -> 454
</span><span>20:40:19.771 -> 454
</span><span>20:40:19.771 -> 452
</span><span>20:40:19.804 -> 0
</span><span>20:40:19.804 -> 0
</span><span>20:40:19.837 -> 0
</span><span>20:40:19.870 -> 0
</span><span>20:40:19.870 -> 0
</span><span>20:40:19.904 -> 0
</span><span>20:40:19.937 -> 0
</span><span>20:40:19.937 -> 0
</span><span>20:40:19.970 -> 0
</span><span>20:40:19.970 -> 0
</span><span>20:40:20.003 -> 0
</span><span>20:40:20.036 -> 0
</span><span>20:40:20.036 -> 0
</span><span>20:40:20.069 -> 0
</span><span>20:40:20.069 -> 0
</span><span>20:40:20.102 -> 0
</span><span>20:40:20.135 -> 0
</span><span>20:40:20.135 -> 0
</span><span>20:40:20.168 -> 0
</span><span>20:40:20.168 -> 0
</span><span>20:40:20.201 -> 14
</span><span>20:40:20.234 -> 29
</span><span>20:40:20.234 -> 42
</span><span>20:40:20.267 -> 53
</span><span>20:40:20.300 -> 61
</span><span>20:40:20.300 -> 0
</span><span>20:40:20.333 -> 0
</span><span>20:40:20.333 -> 0
</span><span>20:40:20.366 -> 0
</span><span>20:40:20.400 -> 0
</span><span>20:40:20.400 -> 0
</span><span>20:40:20.433 -> 0
</span><span>20:40:20.433 -> 0
</span><span>20:40:20.466 -> 0
</span><span>20:40:20.499 -> 0
</span><span>20:40:20.499 -> 0
</span><span>20:40:20.532 -> 0
</span><span>20:40:20.532 -> 0
</span><span>20:40:20.565 -> 0
</span><span>20:40:20.598 -> 0
</span><span>20:40:20.598 -> 0
</span><span>20:40:20.631 -> 0
</span><span>20:40:20.631 -> 0
</span><span>20:40:20.664 -> 0
</span><span>20:40:20.697 -> 0
</span><span>20:40:20.697 -> 24
</span><span>20:40:20.730 -> 36
</span><span>20:40:20.763 -> 47
</span><span>20:40:20.763 -> 59
</span><span>20:40:20.796 -> 0
</span><span>20:40:20.796 -> 0
</span><span>20:40:20.829 -> 0
</span><span>20:40:20.862 -> 0
</span><span>20:40:20.862 -> 0
</span><span>20:40:20.896 -> 0
</span><span>20:40:20.896 -> 0
</span><span>20:40:20.929 -> 0
</span><span>20:40:20.962 -> 0
</span><span>20:40:20.962 -> 0
</span><span>20:40:20.995 -> 0
</span><span>20:40:20.995 -> 0
</span><span>20:40:21.028 -> 0
</span><span>20:40:21.061 -> 0
</span><span>20:40:21.061 -> 0
</span><span>20:40:21.094 -> 0
</span><span>20:40:21.127 -> 0
</span><span>20:40:21.127 -> 0
</span><span>20:40:21.160 -> 0
</span><span>20:40:21.160 -> 0
</span><span>20:40:21.193 -> 0
</span><span>20:40:21.226 -> 31
</span><span>20:40:21.226 -> 43
</span><span>20:40:21.259 -> 54
</span><span>20:40:21.259 -> 64
</span><span>20:40:21.292 -> 0
</span><span>20:40:21.325 -> 0
</span><span>20:40:21.325 -> 0
</span><span>20:40:21.358 -> 0
</span><span>20:40:21.358 -> 0
</span><span>20:40:21.392 -> 0
</span><span>20:40:21.425 -> 0
</span><span>20:40:21.425 -> 0
</span><span>20:40:21.458 -> 0
</span><span>20:40:21.491 -> 0
</span><span>20:40:21.491 -> 0
</span><span>20:40:21.524 -> 0
</span><span>20:40:21.524 -> 0
</span><span>20:40:21.557 -> 0
</span><span>20:40:21.590 -> 0
</span><span>20:40:21.590 -> 0
</span><span>20:40:21.623 -> 0
</span><span>20:40:21.623 -> 0
</span><span>20:40:21.656 -> 0
</span><span>20:40:21.689 -> 0
</span><span>20:40:21.689 -> 10
</span><span>20:40:21.722 -> 31
</span><span>20:40:21.722 -> 43
</span><span>20:40:21.755 -> 52
</span><span>20:40:21.788 -> 60
</span><span>20:40:21.788 -> 0
</span><span>20:40:21.821 -> 0
</span><span>20:40:21.855 -> 0
</span><span>20:40:21.855 -> 0
</span><span>20:40:21.888 -> 0
</span><span>20:40:21.888 -> 0
</span><span>20:40:21.921 -> 0
</span><span>20:40:21.954 -> 0
</span><span>20:40:21.954 -> 0
</span><span>20:40:21.987 -> 0
</span><span>20:40:21.987 -> 0
</span><span>20:40:22.020 -> 0
</span><span>20:40:22.053 -> 0
</span><span>20:40:22.053 -> 0
</span><span>20:40:22.086 -> 0
</span><span>20:40:22.086 -> 0
</span><span>20:40:22.119 -> 0
</span><span>20:40:22.152 -> 0
</span><span>20:40:22.152 -> 0
</span><span>20:40:22.185 -> 0
</span><span>20:40:22.218 -> 12
</span><span>20:40:22.218 -> 28
</span><span>20:40:22.251 -> 40
</span><span>20:40:22.251 -> 51
</span><span>20:40:22.284 -> 59
</span><span>20:40:22.317 -> 69
</span><span>20:40:22.317 -> 77
</span><span>20:40:22.351 -> 85
</span><span>20:40:22.351 -> 92
</span><span>20:40:22.384 -> 100
</span><span>20:40:22.417 -> 106
</span><span>20:40:22.417 -> 112
</span><span>20:40:22.450 -> 117
</span><span>20:40:22.483 -> 124
</span><span>20:40:22.483 -> 130
</span><span>20:40:22.516 -> 134
</span><span>20:40:22.516 -> 141
</span><span>20:40:22.549 -> 146
</span><span>20:40:22.582 -> 151
</span><span>20:40:22.582 -> 155
</span><span>20:40:22.615 -> 160
</span><span>20:40:22.615 -> 164
</span><span>20:40:22.648 -> 168
</span><span>20:40:22.681 -> 172
</span><span>20:40:22.681 -> 177
</span><span>20:40:22.714 -> 181
</span><span>20:40:22.714 -> 184
</span><span>20:40:22.747 -> 188
</span><span>20:40:22.780 -> 192
</span><span>20:40:22.780 -> 196
</span><span>20:40:22.813 -> 199
</span><span>20:40:22.847 -> 203
</span><span>20:40:22.847 -> 206
</span><span>20:40:22.880 -> 209
</span><span>20:40:22.880 -> 211
</span><span>20:40:22.913 -> 216
</span><span>20:40:22.946 -> 219
</span><span>20:40:22.946 -> 221
</span><span>20:40:22.979 -> 224
</span><span>20:40:22.979 -> 227
</span><span>20:40:23.012 -> 230
</span><span>20:40:23.045 -> 232
</span><span>20:40:23.045 -> 234
</span><span>20:40:23.078 -> 237
</span><span>20:40:23.111 -> 238
</span><span>20:40:23.111 -> 240
</span><span>20:40:23.144 -> 243
</span><span>20:40:23.144 -> 247
</span><span>20:40:23.177 -> 247
</span><span>20:40:23.210 -> 249
</span><span>20:40:23.210 -> 251
</span><span>20:40:23.243 -> 253
</span><span>20:40:23.243 -> 253
</span><span>20:40:23.276 -> 256
</span><span>20:40:23.310 -> 258
</span><span>20:40:23.310 -> 259
</span><span>20:40:23.343 -> 261
</span><span>20:40:23.343 -> 263
</span><span>20:40:23.376 -> 264
</span><span>20:40:23.409 -> 265
</span><span>20:40:23.409 -> 266
</span><span>20:40:23.442 -> 268
</span><span>20:40:23.475 -> 270
</span><span>20:40:23.475 -> 270
</span><span>20:40:23.508 -> 271
</span><span>20:40:23.508 -> 273
</span><span>20:40:23.541 -> 274
</span><span>20:40:23.574 -> 275
</span><span>20:40:23.574 -> 277
</span><span>20:40:23.607 -> 279
</span><span>20:40:23.607 -> 279
</span><span>20:40:23.640 -> 280
</span><span>...
</span></code></pre>
<p>The careful reader will have noticed the five series of contiguous zeros, among the apparently random values! That's the
clear sign of a signal that was communicated to me by the distressful mainboard. It was, at least partially, alive!</p>
<hr />
<p>The rest is only usual: — the board seems to still self diagnose, it was the five beeps of a "processor or motherboard
failure", whatever that means... — some random guy on a random forum says that only the VGA output was broken in his
2002 similar situation... — why not, let's try putting in some random old graphic card and getting the display from
another output... — thanks the Force, that worked! — for whatever reason, likely the storms of the past weeks, the MB's
VGA output is burnt, but everything boots fine with a PCI graphic card... — end of debugging, thank you good night!</p>
My 2021 home workstation2021-03-31T00:00:00+00:002021-03-31T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/my-2021-home-workstation/<p>With no introduction, here is my work station, used daily for both personal stuff and for work. Feel free to grab any
interesting idea!</p>
<p><img src="https://hya.sk/blog/posts/my-2021-home-workstation/./img/desk.cleaned.jpg" alt="Picture of my desk" /></p>
<h1 id="hardware">Hardware:</h1>
<h2 id="desk-and-chair">Desk and chair</h2>
<p>The desk is a simple wooden plank, lying on two <a href="https://hya.sk/blog/posts/my-2021-home-workstation/./img/sawhorse.jpg">sawhorses</a>. It's quite wide, very resistant (I'm
able to stand on it without fear), and the wood gives a nice warmth feeling that I love!</p>
<p>My chair is an <a href="https://www.ikea.com/nl/en/p/markus-office-chair-vissle-dark-grey-70261150/">IKEA Markus</a>, mainly
because I had the opportunity to try one at my job for more than a year, and found it satisfying enough to get one at
home.</p>
<h2 id="machines">Machines</h2>
<h3 id="towers">Towers</h3>
<p>My personal machine is a big tower, running the following:</p>
<ul>
<li>Mainboard: <a href="https://www.asrock.com/MB/AMD/X570%20Pro4/index.asp">ASRock x570 Pro4</a></li>
<li>CPU: <a href="https://www.amd.com/en/products/cpu/amd-ryzen-5-5600x">AMD Ryzen 5 5600X</a></li>
<li>RAM: <a href="https://www.crucial.fr/memory/ddr4/ct2k16g4dfd832a">Crucial DDR4 32GB (2x16GB) 3200MHz</a></li>
<li>GPU:
<ul>
<li><a href="https://www.asus.com/us/Motherboards-Components/Graphics-Cards/All-series/PH-GTX1050TI-4G/">ASUS GeForce GTX 1050Ti 4GB</a></li>
<li><a href="https://www.gigabyte.com/Graphics-Card/GV-N610SL-1GI">Gigabyte GeForce GT 610 1GB</a>, salvaged from a friend while
waiting for a better GPU to be available in store<br />
<em>To the reader of the future: we're still in the middle of the Covid-19 pandemic that led to supply chains shortage!</em></li>
</ul>
</li>
<li>Storage:
<ul>
<li><a href="https://www.samsung.com/fr/memory-storage/nvme-ssd/970-evo-plus-nvme-m-2-ssd-500gb-mz-v7s500bw/">Samsung SSD 970 EVO Plus M.2 500 Go</a></li>
<li><a href="https://www.samsung.com/us/computing/memory-storage/solid-state-drives/ssd-860-qvo-2-5-sata-iii-1tb-mz-76q1t0b-am/">Samsung SSD 860 QVO 1 To</a></li>
</ul>
</li>
</ul>
<p>I also have a second tower provided by my job for my daily work.</p>
<h3 id="laptops">Laptops</h3>
<p>When travelling, I use an old <a href="https://www.lenovo.com/us/en/laptops/thinkpad/x-series/x201/">Lenovo Thinkpad x201</a>. It's
a nice old buddy that never let me down, even in desperate situation like bringing the student association's website
back online at 4AM, under the rain because I needed the school's poor Wifi for local network access!</p>
<h2 id="outputs">Outputs</h2>
<h3 id="display">Display</h3>
<ul>
<li>Some random old 27" ASUS monitor</li>
<li>A second random 24" Samsung monitor provided by my dayjob</li>
</ul>
<p>Both displays are standing on an Arctic Z2 Pro (Gen 3). It's a really awesome stand that provides me with both a USB-3 4
ports HUB and a great flexibility for quickly changing my setup, to either work, show something to someone, or play a
video-game. In that last case, the 27" display is put in front of me, and the 24" is shifted aside as a support screen
with a browser, some chat, and an access to a terminal.</p>
<p>Since I have two towers on two screens, my job provided me with a <a href="https://www.startech.com/en-us/server-management/sv231hdmiua">StarTech
SV231HDMIUA</a> <a href="https://en.wikipedia.org/wiki/KVM_switch">KVM
switch</a>, which is very handy to quickly jump to my personal machine when the
day is over.</p>
<h3 id="sound">Sound</h3>
<p>Regarding the sound, I recently acquired a nice <a href="https://steelseries.com/gaming-headsets/arctis-3">steelseries Arctis
3</a>. It's wired (no battery problem!), very comfortable to wear, even
for many hours straight, which is probably the most important criteria for me: if I'm listening to music, that would ask
for very high quality headphones, I do it on my amplified home speakers anyway, and if I need to wear my headphones a
whole day long, that's generally for online meetings that have very poor sound quality in the first place. As for
gaming, I'm usually more absorbed by the game itself as a whole than by its sound only.<br />
Those headphone have good enough sound in any case, and I just don't really see the point in investing more money in
some very high quality headphones for a barely noticeable difference in my use-cases.</p>
<h2 id="inputs">Inputs</h2>
<h3 id="keyboards-and-mouse">Keyboards and mouse</h3>
<p><a href="https://www.ldlc.com/fiche/PB00238141.html">My mouse</a> is a cheap <a href="https://en.wikipedia.org/wiki/Computer_mouse#Ergonomic_mice">vertical, ergonomic
mouse</a> that I've been using for years, and I can't
recommend this kind of mouse enough! The accuracy and sensation for me are basically the same as a normal mouse, but the
physical comfort when using it really is better.</p>
<p>Still in the ergonomics, I use a <a href="https://keeb.io/products/bfo-9000-keyboard-customizable-full-size-split-ortholinear">BFO-9000 mechanical
keyboard</a> from
<a href="https://keeb.io">Keebio</a>. Here is a <a href="https://hya.sk/pub/pictures/bfo9000/">gallery</a> of its making, and you can also
find its <a href="http://www.keyboard-layout-editor.com/#/gists/dcf0e81431c5816b875822b7c6f47b6c">layout</a> or its <a href="https://github.com/Hyask/qmk_firmware">firmware
source code</a> if you want to build the same.</p>
<p>A second cheap keyboard and a second cheap mouse are also available to ease the use of my VM with device passthrough
(more on that in the software part).</p>
<h3 id="sound-and-video">Sound and video</h3>
<p>While the Arctis 3 comes with a microphone, that has pretty good quality, but still uses the motherboard's poor sound
card, which generates noise even with no microphone plugged in.<br />
Fortunately, I have an old Sony CMU-BR100 that came with an old Sony TV. It works pretty well for the sound, less well
for the video (it's old), and as it's USB plugged, it provides a numeric sound input that has far less noise than the
analog one.<br />
But on the other side, it is sensible to far more ambient noises than the directional microphone of the headphone, so I
tend to use one or the other regarding the usage (recording a video, or video conferencing/gaming).</p>
<h3 id="misc">Misc</h3>
<p>I also happen to have two <a href="https://www.yubico.com/fr/product/yubikey-5-nfc/">YubiKeys 5 NFC</a> for storing GPG keys and
using them as second authentication factor. One of them stays at home, as a backup, the other one is kept attached at my
belt, and never physically leaves me. Therefore I never have to think about not forgetting the key plugged in a machine.<br />
For my daily workstation, I even have a USB extension that brings a handy USB port right at my side.</p>
<p>Finally I have some various gamepads laying around, like a <a href="https://en.wikipedia.org/wiki/Nintendo_Switch_Pro_Controller">Nintendo Switch Pro
Controller</a> that work very well with
Steam, or some generic PDP Xbox 360 controllers that work well with anything.</p>
<p>Oh, and did I mention that I use <a href="../homemade-joystick-prototype/">two homemade joysticks</a> when I need to pilot
spaceships?</p>
<hr />
<p>And we're done for the hardware part, let's see about the software!</p>
<h1 id="software">Software</h1>
<p>First of all, so you won't look for them, here are my <em><a href="https://git.hya.sk/skia/HOME">dotfiles</a></em>.</p>
<h2 id="os">OS</h2>
<p>Latest <a href="https://en.wikipedia.org/wiki/Fedora_(operating_system)">Fedora</a> has been running fine on all my personal
machine for about four years, and before that I've been switching from time to time between various flavours of
Debian-like or Ubuntu-like distributions. I really like the stability that a non rolling-release distribution offers,
with the freshness and innovation that Fedora pushes.</p>
<p>My work machine, on its side, runs <a href="https://en.wikipedia.org/wiki/Debian">Debian</a>.</p>
<h2 id="window-manager-and-compositor">Window manager and compositor</h2>
<p>Since I discovered tiling windows management, about ten years ago, with <a href="https://en.wikipedia.org/wiki/Openbox">Openbox</a>
combined with an old script called <em>pytile</em> that doesn't seem to exist any more, I've always felt uncomfortable when
trying back more regular WM. I don't think they don't work, but for an efficient daily use, my heart always goes for
tiling.</p>
<p>I had been using <a href="https://en.wikipedia.org/wiki/Awesome_(window_manager)">Awesome</a> for years until the December 2020
holidays, where I definitely made to jump to the
<a href="https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)">Wayland</a> world with
<a href="https://en.wikipedia.org/wiki/Sway_(window_manager)">Sway</a>. I had a
<a href="https://github.com/swaywm/sway/issues/4771">blocker issue</a> for some time, that I <a href="https://git.hya.sk/skia/swaysome">solved</a>
during those holidays, and I'm now a very happy user, with a bit more <a href="https://www.rust-lang.org">Rust</a> in my stack!</p>
<p><img src="https://hya.sk/blog/posts/my-2021-home-workstation/./img/desktop.cleaned.png" alt="My desktop" /></p>
<h2 id="shell-and-environment">Shell and environment</h2>
<p>Talking about Rust, I've recently adopted a lovely <a href="https://starship.rs/">starship</a> for my prompt, be it on <em>bash</em> or
<em>zsh</em>. It really is wonderful to avoid the <code>$PS1</code> hell while still having a ton of nice features and a shell that still
feels snappy.</p>
<p>About <em>bash</em> and <em>zsh</em>, I have pretty simple configuration for them, but one interesting bit is my chain of <code>source</code>,
starting from either <code>.bashrc</code> or <code>.zshrc</code>, continuing on <code>.aliases</code> which is versioned too, and finishing with
<code>.aliases.local</code>, that is never included my home's <code>git</code> repo, and that allows per-machine configuration.<br />
The main features I like with <em>zsh</em> that makes me keep it on my main machines is its ability to autocomplete <code>w/b/c/p/my/i</code>
into <code>workspace/blog/content/posts/my-2021-home-workstation/index.md</code>, which I find <strong>very</strong> convenient, and the nice,
lazybones-friendly, selection UI for undecidable choice when spamming <code><Tab></code>. But <em>bash</em> remains my shell of choice for
every other usages such as servers, VMs, containers, phone, etc...</p>
<p>As stated in the hardware part, I also use Yubikeys, thus my <code>SSH_AUTH_SOCK</code> variable points to the socket exposed by
<em>gpg-agent</em> launched with the <code>--enable-ssh-support</code> flag.<br />
That's quite handy to basically don't care about how I manage my SSH private keys, since they never really leave my
pocket and are easy to use on any decently modern Linux machine.</p>
<h2 id="terminal-emulator">Terminal emulator</h2>
<p>I've gone a long way with <a href="https://en.wikipedia.org/wiki/GNOME_Terminator">Terminator</a> but recently adopted
<a href="https://en.wikipedia.org/wiki/Alacritty">Alacritty</a> when switching to <em>sway</em>. I didn't really used any of
<em>Terminator</em>'s features anyway, and the <em>vi</em> mode of <em>Alacritty</em> allows pretty easy copy-paste without even touching the
mouse!</p>
<h2 id="text-editor">Text editor</h2>
<p>I've used <a href="https://www.vim.org/">vim</a> and/or <a href="https://neovim.io/">neovim</a> for as long as I remember using Linux. It has
<a href="https://git.hya.sk/skia/HOME/src/branch/master/.vimrc#L7">some nice plugins</a> in my comfortable home setup, but they are
just fancy things to speed me up in the daily usage, and I don't really mind not having them when I'm working on another
machine that only provides a vanilla <em>vim</em>.</p>
<p>I'm not particularly involved in the <a href="https://en.wikipedia.org/wiki/Editor_war">great text editor war</a> and I completely
support people using IDE or other fancy graphical editors, but my personal usage of computers puts me in the need of a
universal editor that I can find on almost every machine, with or without graphical display, and able to edit any text
in a generic manner, be it a configuration file, or some unknown strange code.</p>
<h2 id="web-browser">Web browser</h2>
<p>The situation is about the same as for the text editors: I've used <a href="https://en.wikipedia.org/wiki/Firefox">Firefox</a> for
so much time that I'm completely used to it. Moreover, for the last few years, with the expansion of Chromium-based
browsers, it's also becoming a small contribution towards keeping some diversity in the web world.<br />
I've mainly used nightly for the last couple of year, but I now tend not to reinstall it and keep a more stable Firefox
since most of the new renderers and engines have landed.</p>
<p>I always have a few plugins: <a href="https://darkreader.org/">Dark Reader</a>, <a href="https://ublockorigin.com/">uBlock Origin</a>,
<a href="https://noscript.net/">NoScript</a>, <a href="https://bitwarden.com/download/#web-browser">Bitwarden</a>, and <a href="https://gitlab.com/calfater/shaarli-synchronizer">Shaarli
Synchronizer</a>.</p>
<h2 id="email-and-chat-clients">Email and chat clients</h2>
<p>Like <em>Firefox</em>, <a href="https://en.wikipedia.org/wiki/Mozilla_Thunderbird">Thunderbird</a> has been my main email client for
years, and despite having some flaws like its thread-handling or the fact that it's pretty unusable without a pointing
device, it's still the less worst email client that I've found. <a href="https://www.rainloop.net/">Rainloop</a> is also not that
bad, and I'm pretty happy having it as a backup client for when I'm not at home.</p>
<p>My less and less used <a href="https://en.wikipedia.org/wiki/Internet_Relay_Chat">IRC</a> client is (was?)
<a href="https://en.wikipedia.org/wiki/Irssi">irssi</a>, but with the rise of the
<a href="https://en.wikipedia.org/wiki/Matrix_(protocol)">Matrix</a> protocol, I've been using
<a href="https://en.wikipedia.org/wiki/Element_(software)">Element</a> and <a href="https://github.com/mirukana/mirage">Mirage</a> quite a
lot, and I must say that some modern features, like media integration, reactions, or
<a href="https://en.wikipedia.org/wiki/Technological_convergence#Cell_phone_convergence">convergence</a>, are more than welcome!</p>
<h2 id="vm-and-gaming">VM and gaming</h2>
<p>Maybe the most unexpected part of my setup, but also one that works so well that I wouldn't trade it for anything else!
To play games without having to reboot, but with good performance, and without the random reliability of <em>wine</em>, I use a
Windows 10 VM with <a href="https://en.wikipedia.org/wiki/X86_virtualization#I/O_MMU_virtualization_(AMD-Vi_and_Intel_VT-d)">PCI
pass-through</a> for the
GPU. <a href="https://en.wikipedia.org/wiki/Virtual_Machine_Manager">virt-manager</a> does a very fine job, even if some parameters
required manual XML editing. My keyboard and mouse are also passed-through, so this configuration requires having a
second pair of input devices on my desktop if I want to access the host, but I have enough place, and switching
physically is very convenient and intuitive.</p>
<p>The other subtlety is the disk management: the VM disk is a 40GB <a href="https://en.wikipedia.org/wiki/Qcow">qcow2</a> image, as
expected, but my second, physical, 1TB SATA SSD is again passed-through with
<a href="https://en.wikipedia.org/wiki/VirtIO">VirtIO</a>. It is formatted with <a href="https://en.wikipedia.org/wiki/Btrfs">Btrfs</a>, which
is nowadays probably the best solution to share content between Windows and Linux with the great help of
<a href="https://github.com/maharmstone/btrfs">WinBtrfs</a>, in addition to all the positive aspects <em>Btrfs</em> provides in itself.
This gives me great IO performance on both systems, and a nice way to have the games ready for play on Windows, or ready
for trying to play with <em>wine</em> on Linux (when I'll have a more suitable GPU)!</p>
Au revoir Lionel2021-03-20T00:00:00+00:002021-03-20T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/au-revoir-lionel/<p><em>J'ai appris ta disparition avec tristesse, mais en réalité, je me réjouis énormément d'avoir pu te connaitre, et de tout
ce que tu as pu m'apporter, directement, ou indirectement. Ta façon de voir la vie et de présenter les arts martiaux m'a
marqué à tout jamais, et continuera d'influer sur ma propre existence à travers tout ton héritage.</em></p>
<p><em>Bon voyage auprès des Kamis, et encore merci.</em></p>
<p><img src="https://hya.sk/blog/posts/au-revoir-lionel/./lionel.jpg" alt="Lionel" /></p>
<hr />
<p>À Lionel Oudart, maître de Katori Shinto Ryu, qui a fait notto le 19 Mars 2021.</p>
<p>Une très ancienne vidéo de lui exécutant <em>Kusanagi No Ken</em> et recevant une correction de ses maîtres japonais:</p>
<p><video src="./kusanagi_no_ken.webm" controls></video></p>
<p>source: <a href="https://www.youtube.com/watch?v=qdjJk4gyaX0">https://www.youtube.com/watch?v=qdjJk4gyaX0</a></p>
Helios64 - Part 2 - Software2020-12-11T00:00:00+00:002020-12-11T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/helios64-software/<p>I recently achieved a satisfying level of configuration on my new Helios64 ARM
NAS, therefore I think it's time to put it into words for my own memory, and for
sharing with the world.<br />
If you didn't read the <a href="../helios64-hardware/">previous part</a> about the
hardware, it may probably interest you, but it's not required to follow this
post.</p>
<blockquote>
<p>TL;DR: Debian Bullseye + ZFS + Docker compose + a bunch of services,
everything run fine!</p>
</blockquote>
<h1 id="os">OS</h1>
<p>The Helios64 being quite recent, the support is not yet completely upstreamed in
<a href="https://gitlab.denx.de/u-boot/u-boot/-/tree/ee1e04558ff8c8ed812b986939447f129bb0b0bb">U-Boot</a>
nor in the
<a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?id=34816d20f173a90389c8a7e641166d8ea9dce70a&qt=grep&q=helios64">Kernel</a>.<br />
That means that only a small set of distributions are currently supporting this
NAS. The <a href="https://wiki.kobol.io/download/#helios64">official ones</a> are currently
only Armbian builds of Debian 10 (Buster) and Ubuntu 20.04 (Focal).</p>
<p>For the fun, and because I wanted to give it a shot, I went on trying to put
Fedora on it, before realizing at the end of the installation that it was not
supported yet. Why the installer booted is still a mystery, but I didn't take
the time to really investigate that, and I suspect that the bootloader I had
flashed before helped a lot in that process.</p>
<p>As I'm really comfortable with Debian, I choose Buster for a first real install,
and simply followed the <a href="https://wiki.kobol.io/helios64/install/emmc/">official
guide</a> which is really easy and
clear.</p>
<p>Sadly, as at the time, there were
<a href="https://github.com/openzfs/zfs/issues/10985">some</a>
<a href="https://forum.armbian.com/topic/15441-unable-to-build-zfs-module-on-buster-rockchip64/">difficulties</a>
for installing ZFS on Buster, I quickly performed a migration to Bullseye
(current Debian testing), and got everything running well on this OS. As it's
only for personal use, it's no problem being a bit bleeding-edge, and so far,
this Debian testing installation has been very stable!</p>
<h1 id="storage">Storage</h1>
<p>As I spoiled in the previous section, the storage runs on
<a href="https://en.wikipedia.org/wiki/ZFS">ZFS</a> for multiple reasons that are beyond
the scope of this article (check out the Internet on this filesystem if you've
never heard of it!).</p>
<h2 id="hardware-and-redundancy">Hardware and redundancy</h2>
<p>I'm really far from being an expert regarding all the available HDD on the
market, so I basically purchased some 4TB Seagate Ironwolf, mainly because I've
seen some of them running for quite some time at work, and they have some
good reviews on the Internet.</p>
<p>It took me quite some time to think about the redundancy layout, but I finally
settled on
<a href="https://en.wikipedia.org/wiki/ZFS#ZFS'_approach:_RAID-Z_and_mirroring">RAID-Z2</a>,
because in the case of one disk failure, that would allow me to continue using
the NAS with some confidence while waiting for the new replacement disk to
arrive. Besides, with 5 4TB HDDs, that grants me about 12TB of usable
space, which is far enough for my personal use!</p>
<h2 id="poor-man-s-benchmarks">Poor man's benchmarks</h2>
<p>I knew that ZFS had the reputation of eating all the available RAM, and I even
experienced it already on some other machines, so I was a bit afraid of its
performances on this 4GB NAS. Therefore I quickly went on some poor man's
benchmarks with <code>dd</code>, to get rough results on what I could expect:</p>
<ul>
<li><strong>Writing 4GB with 1MB block size</strong></li>
</ul>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span># dd if=/dev/zero of=test bs=1M count=4000 conv=fsync status=progress
</span><span>4194304000 octets (4,2 GB, 3,9 GiB) copiés, 16,5515 s, 253 MB/s
</span></code></pre>
<ul>
<li><strong>Writing 4GB with 10MB block size</strong></li>
</ul>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span># dd if=/dev/zero of=test bs=10M count=400 conv=fsync
</span><span>4194304000 octets (4,2 GB, 3,9 GiB) copiés, 15,2559 s, 275 MB/s
</span></code></pre>
<ul>
<li><strong>Reading 4GB</strong></li>
</ul>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span># dd if=test of=/dev/null
</span><span>4194304000 octets (4,2 GB, 3,9 GiB) copiés, 89,0503 s, 47,1 MB/s
</span></code></pre>
<ul>
<li><strong>Writing 20GB with 1MB block size</strong></li>
</ul>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span># dd if=/dev/zero of=test bs=1M count=20000 conv=fsync
</span><span>20971520000 octets (21 GB, 20 GiB) copiés, 75,329 s, 278 MB/s
</span></code></pre>
<ul>
<li><strong>Reading 20GB</strong></li>
</ul>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span># dd if=test of=/dev/null
</span><span>20971520000 octets (21 GB, 20 GiB) copiés, 464,902 s, 45,1 MB/s
</span></code></pre>
<ul>
<li><strong>Copying 20GB</strong></li>
</ul>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span># dd if=test of=test2 conv=fsync
</span><span>20971520000 octets (21 GB, 20 GiB) copiés, 1378,97 s, 15,2 MB/s
</span></code></pre>
<p>As always with ZFS, the results are a bit surprising, but can easily be
explained once you are aware that ZFS runs checksums at every read. Most
importantly, even if the performances are not the best we've seen, they will be
largely decent enough to get my home services up and running!</p>
<h2 id="partitionning-voluming-datasetting-filesysteming"><del>Partitionning</del> <del>Voluming</del> Datasetting? Filesysteming?</h2>
<p>As with most modern filesystems, the notion of
<a href="https://en.wikipedia.org/wiki/Disk_partitioning">partition</a> tends to disappear
in favour of things like <a href="https://en.wikipedia.org/wiki/Logical_volume_management">logical
volumes</a>, or in the
case of ZFS, datasets, that are far more flexible and reliable.</p>
<p>As it's fairly easy to roll that back, I went into the extreme by making a
dataset per logical entity I have to store. This gives me a shitload of
"filesystems" (the most common kind of ZFS dataset), but that's not really a
problem, and besides, that allows me to quickly monitor the used storage without
firing up <del><code>du</code></del> <code>ncdu</code>. This can also provide some fine quota tuning in the
future if need be.<br />
The icing on the cake is ZFS's built-in NFS server, that allows a simple <code>zfs set sharenfs=on storage/data/tvshows</code> to let <a href="https://kodi.tv/">Kodi</a> access the
TV shows without hassle!</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span># zfs list
</span><span>NAME USED AVAIL REFER MOUNTPOINT
</span><span>storage 2.05T 8.38T 170K /storage
</span><span>storage/backup 36.3G 8.38T 170K /storage/backup
</span><span>storage/backup/bep 36.3G 8.38T 36.3G /storage/backup/bep
</span><span>storage/config 2.40G 8.38T 3.80M /storage/config
</span><span>storage/config/jackett 4.12M 8.38T 4.12M /storage/config/jackett
</span><span>storage/config/jellyfin 1.43G 8.38T 1.43G /storage/config/jellyfin
</span><span>storage/config/nextcloud 634M 8.38T 634M /storage/config/nextcloud
</span><span>storage/config/pihole 44.6M 8.38T 44.6M /storage/config/pihole
</span><span>storage/config/radarr 236M 8.38T 236M /storage/config/radarr
</span><span>storage/config/sonarr 49.8M 8.38T 49.8M /storage/config/sonarr
</span><span>storage/config/swag 24.3M 8.38T 24.3M /storage/config/swag
</span><span>storage/config/transmission 2.51M 8.38T 2.51M /storage/config/transmission
</span><span>storage/config/wireguard 263K 8.38T 263K /storage/config/wireguard
</span><span>storage/data 2.01T 8.38T 213K /storage/data
</span><span>storage/data/downloads 35.7G 8.38T 35.7G /storage/data/downloads
</span><span>storage/data/movies 627G 8.38T 627G /storage/data/movies
</span><span>storage/data/music 185G 8.38T 185G /storage/data/music
</span><span>storage/data/nextcloud 380G 8.38T 380G /storage/data/nextcloud
</span><span>storage/data/postgres_nextcloud 157M 8.38T 157M /storage/data/postgres_nextcloud
</span><span>storage/data/tvshows 834G 8.38T 834G /storage/data/tvshows
</span></code></pre>
<h1 id="deploying-some-services">Deploying some services</h1>
<p>A new installation is the perfect time to think about reworking how every
service is deployed. That was especially true as my previous server had been
installed more than 6 years ago (2013!), when I was still a second-year student.<br />
I've learned a lot since that time!</p>
<p>Long story short: the awesome guys at
<a href="https://www.linuxserver.io/">Linuxserver.io</a> maintain a bunch of Docker images
for most of the common services. If anything was to be missing, it's still very
hard to find a project that doesn't have its own <code>Dockerfile</code>.<br />
<a href="https://docs.docker.com/compose/">docker-compose</a> also being a nice and easy
way to manage the containers, I would have a very short and consistent
configuration in no time.</p>
<p>As the whole configuration is in overall pretty boring,
<a href="https://hya.sk/blog/posts/helios64-software/./docker-compose.yml">here is my <code>docker-compose.yml</code></a>, that you just have to
drop in <code>/storage/config</code> if you reproduced the filesystems mentioned above.</p>
<p>Every service is basically on its own network, with its own system user, so that
everyone is at least somewhat isolated from each other. It's pretty basic, but I
think it's sufficient for my personal usage.<br />
The only really interesting bit is about the seedbox and the VPN, which will
make a fine post on its own, but won't be covered in this article.</p>
<p>With all the currently running services (<a href="https://pi-hole.net/">PiHole</a>,
<a href="https://nextcloud.com/">Nextcloud</a> with its <a href="https://www.postgresql.org/">PostgreSQL</a>,
<a href="https://docs.linuxserver.io/images/docker-swag">Swag</a>,
<a href="https://radarr.video/">Radarr</a>, <a href="https://sonarr.tv/">Sonarr</a>,
<a href="https://github.com/Jackett/Jackett">Jackett</a>,
<a href="https://www.wireguard.com/">WireGuard</a>, and
<a href="https://transmissionbt.com/">Transmission</a>), I have about 500MB of free RAM
available, and everything is performing quite well.<br />
The load is usually around 1.2, and sometime jumps over 2 when reading a film.
Of course, performing big operations in Nextcloud or the media libraries may be
slower than on a traditional x86 NAS, but since that remains fairly uncommon and
not at all in the daily usage, I'm fine with it!</p>
<h1 id="hosting-a-borg-repository-too">Hosting a Borg repository too</h1>
<p>As a side note, it's worth mentioning that the NAS also performs nightly
backups for another server, and that the server part of
<a href="https://www.borgbackup.org/">Borg</a> behaves extremely normally, running its 45GB
archive job usually in less than 10 minutes.<br />
Here is the report of last night, for those who seek more accurate stats:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>Time (start): Fri, 2020-12-11 04:38:56
</span><span>Time (end): Fri, 2020-12-11 04:46:54
</span><span>Duration: 7 minutes 58.36 seconds
</span><span>Number of files: 204638
</span><span>Utilization of max. archive size: 0%
</span><span>------------------------------------------------------------------------------
</span><span> Original size Compressed size Deduplicated size
</span><span>This archive: 45.59 GB 39.67 GB 239.98 MB
</span><span>All archives: 422.20 GB 366.55 GB 39.10 GB
</span><span>
</span><span> Unique chunks Total chunks
</span><span>Chunk index: 184323 1986320
</span></code></pre>
<p>Speaking about backups, the Helios64 does not yet have some off-site backup, but
rest assured that it's something that is planned, and will be detailed in
another future blog post.</p>
<h1 id="conclusion">Conclusion</h1>
<p>The Helios64 has been running fine for two weeks now, without noticeable
performance issues (Nextcloud taking a few seconds waking up after some
time idling doesn't count!), and in overall, I'm super happy with it!</p>
<p>Both the hardware and the software please me very much, and the configuration
with a single <code>docker-compose.yml</code> file is so painless that I won't go back to a
classic, bloated system anytime soon.</p>
<p>See you in the next post detailing the VPN and seedbox setup!</p>
<p>Oh, and by the way, the <a href="https://robertsspaceindustries.com/iae2950">IAE</a> was an
awesome event, thank you CIG!</p>
Run a seedbox through a VPN, easily2020-12-11T00:00:00+00:002020-12-11T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/vpn-seedbox-setup/<p><em>Requirements</em>: have <a href="https://transmissionbt.com/">Transmission</a> and
<a href="https://github.com/Jackett/Jackett">Jackett</a> tunnelled, so that if my ISP
doesn't respect the <a href="https://en.wikipedia.org/wiki/Net_neutrality">net
neutrality</a>, they won't be
impacted. Upgrading packages, or serving a Nextcloud from the machine must not
depend on that VPN to be up and running though.</p>
<p><em>Solution</em>: have a Docker network dedicated to that VPN,
<a href="https://www.wireguard.com/">WireGuard</a> in a container attached to that network,
with a specific rule to not route the local network traffic through the VPN (to be able to
access my services), and
<a href="https://docs.docker.com/engine/reference/run/#network-container">attach</a> the
Transmission and Jackett containers to the WireGuard's network stack. The port
binding for Transmission and Jackett's web UIs must of course be done in the
WireGuard container's configuration.</p>
<p>Here is a sample of the WireGuard config:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>[Interface]
</span><span>Address = 10.8.0.2/32
</span><span>PrivateKey = <private_key>
</span><span>DNS = <dns_that_respects_more_net_neutrality_than_my_isp>
</span><span>PostUp = ip rule add to 192.168.0.0/24 table main # Don't use VPN for local network
</span><span>PostDown = ip rule del to 192.168.0.0/24 table main
</span><span>
</span><span>[Peer]
</span><span>PublicKey = <public_key>
</span><span>Endpoint = <end_point_address>
</span><span>AllowedIPs = 0.0.0.0/0 # Allow everything to get through VPN
</span><span>PersistentKeepalive = 21
</span></code></pre>
<p>And here are the interesting parts of an associated <code>docker-compose.yml</code>:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>networks:
</span><span> vpn_net:
</span><span>
</span><span>services:
</span><span> wireguard:
</span><span> image: ghcr.io/linuxserver/wireguard
</span><span> container_name: wireguard
</span><span> networks:
</span><span> - vpn_net
</span><span> ports:
</span><span> - 9091:9091 # Map Transmission's port
</span><span> - 9117:9117 # Map Jackett's port
</span><span>
</span><span> transmission:
</span><span> image: linuxserver/transmission
</span><span> depends_on:
</span><span> - wireguard
</span><span> network_mode: service:wireguard # Same as `--net=container:wireguard` in `docker run`
</span><span>
</span><span> jackett:
</span><span> image: ghcr.io/linuxserver/jackett
</span><span> depends_on:
</span><span> - wireguard
</span><span> network_mode: service:wireguard
</span><span>
</span><span> sonarr:
</span><span> image: ghcr.io/linuxserver/sonarr
</span><span> networks:
</span><span> - vpn_net # It use the same network, but doesn't require to go through the VPN
</span><span> ports:
</span><span> - 8989:8989
</span></code></pre>
<p>Of course, this example won't run as-is, but it highlights the key parts of the
configuration.</p>
<p>Enjoy!</p>
Helios64 - Part 1 - Hardware2020-11-23T00:00:00+00:002020-11-23T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/helios64-hardware/<p>I'm so very super happy to have received my Helios64 NAS, from
<a href="https://kobol.io/">Kobol</a>, that I can't wait to write about it!</p>
<p>I just passed the last two hours assembling the hardware, thanks to their very
well-made and illustrated <a href="https://wiki.kobol.io/helios64/kit/">guide</a>. Some
steps were naturally a bit tedious, like the wiring of the <a href="https://wiki.kobol.io/helios64/kit/#step-6-install-hdd-harness">HDD
harness</a>, but
nothing impossible.<br />
The case, and all the components, are very well finished metal pieces, except for the
disk trays made of nice flashy pink plastic, giving the whole lot a amazing look.<br />
It's just beautiful!</p>
<p>I've not yet power-up the beast, because I did not anticipate that I would need
a micro-SD card for the installation<sup class="footnote-reference"><a href="#1">1</a></sup>, and it's already 9pm, and also mainly
because the
<a href="https://robertsspaceindustries.com/pledge/ships/crusader-mercury-star-runner/Mercury-Star-Runner">MSR</a>
is <a href="https://robertsspaceindustries.com/comm-link/transmission/17856-IAE-2950-Schedule">exposed
tonight</a>
at the <a href="https://robertsspaceindustries.com/iae2950">IAE</a>!<br />
That means I currently have no idea at all about how the software I'll put on it
will run, and how well it will handle any IO load (it's an ARM SoC, after all,
not an x64 one), but rest assured that I'll come back here to talk about it.</p>
<p>I'll now join the 'verse and leave you with some pictures:</p>
<p><img src="https://hya.sk/blog/posts/helios64-hardware/./img/IMG_20201123_202513.cleaned.jpg" alt="Installing the HDD harness" /><br />
<em>Installing the HDD harness</em></p>
<p><img src="https://hya.sk/blog/posts/helios64-hardware/./img/IMG_20201123_205650.cleaned.jpg" alt="The back-panel with two fans and the ports" /><br />
<em>The back-panel with two fans and the ports</em></p>
<p><img src="https://hya.sk/blog/posts/helios64-hardware/./img/IMG_20201123_205836.cleaned.jpg" alt="View from the front, without HDD" /><br />
<em>View from the front, without HDD</em></p>
<p><img src="https://hya.sk/blog/posts/helios64-hardware/./img/IMG_20201123_212134.cleaned.jpg" alt="HDD are now mounted" /><br />
<em>HDD are now mounted</em></p>
<p><img src="https://hya.sk/blog/posts/helios64-hardware/./img/IMG_20201123_212305.cleaned.jpg" alt="And the front-panel is in place!" /><br />
<em>And the front-panel is in place!</em></p>
<div class="footnote-definition" id="1"><sup class="footnote-definition-label">1</sup>
<p>though it's well written in <a href="https://wiki.kobol.io/helios64/install/preliminary/">the doc</a>!</p>
</div>
Reviewable drafts with Hugo2020-10-20T00:00:00+00:002020-10-20T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/reviewable-drafts-with-hugo/<p><a href="https://gohugo.io">Hugo</a> is the static website generator I use for this blog.
It supports a <code>draft: true</code> <a href="https://gohugo.io/content-management/front-matter/">front
matter</a> variable, but when it
is used, <code>hugo</code> can only completely ignore the page, or generate it, show it in
the post list and RSS feed, and basically handle it like a normal page with the
<a href="https://gohugo.io/commands/hugo/#options"><code>-D</code></a> flag.</p>
<p>A great in-between is to be able to generate the page without publishing it.
That way, the page can be sent to reviewers using its link, but won't appear to
people visiting the website or subscribed to the feeds.</p>
<p>This can be achieved with the <a href="https://gohugo.io/content-management/build-options/">build
options</a>, in the front
matter variables. Instead of writing <code>draft: true</code>, the following can be set for
your new work-in-progress article:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>_build:
</span><span> render: always
</span><span> list: never
</span></code></pre>
<p>The website can be generated without the <code>-D</code> flag, as this WIP article is not
considered a draft.</p>
How I built and designed my home-made joystick (prototype part)2020-10-16T00:00:00+00:002020-10-16T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/homemade-joystick-prototype/<h2 id="why-would-you-do-that">Why would you do that?</h2>
<p>After playing <a href="https://robertsspaceindustries.com/">Star Citizen</a> for more than
a year, it became evident that I needed to fly with something more immersing
than a mouse and a keyboard.<br />
I made some research and quickly discovered that there are basically two kind of
sensors for the <a href="https://en.wikipedia.org/wiki/Gimbal">gimbal</a> axis:
<a href="https://en.wikipedia.org/wiki/Potentiometer">potentiometers</a> and <a href="https://en.wikipedia.org/wiki/Hall-effect_sensor">Hall-effect
sensors</a>. The first ones are
cheap and easy to employ, but less precise than the second ones, that leverage
magnetic field, and may be trickier to use. As you would expect, cheap joysticks
on the market usually use potentiometers, while expansive ones use Hall-effect
sensors.</p>
<p>The second reason is that it looked like a very fine project to combine multiple
skills: mechanical engineering to build the gimbal, and the whole hardware
thing, electronic for the circuitry, and programming for the firmware. As a
computer science engineer, I knew almost nothing on the two first skills and I
would have to learn a lot.<br />
I must precise that 3D printing was not really an option to me, because I have
no 3D printer, and no easy access to one. Moreover, it was a lot more fun to do
everything on my own, using more traditional techniques.</p>
<h2 id="designing-the-gimbal">Designing the gimbal</h2>
<p>The most difficult part from a mechanical point of view was of course the
gimbal, which in this application is more a <a href="https://en.wikipedia.org/wiki/Universal_joint">universal
joint</a> than a true gimbal.</p>
<p>The design is pretty simple, and I did not invent anything here, but I thought it
would be fun to cast <a href="https://en.wikipedia.org/wiki/Zamak">Zamak</a> for making the
pieces, as I had some available, and I know it is pretty easy to meld and cast.
For reference, it melds at about 380°C, which is easily reached in a pot on a
standard electric hotplate.</p>
<p><img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200616_004849.jpg" alt="Molten Zamak in a pot" /><br />
<em>Molten Zamak in a pot</em></p>
<p>Machining was quickly considered, but it requires more industrial tools to be
able to produce multiple identical pieces. It would produce a lot of chip, which
is not good for keeping the flat clean, and also has the caveat of generating
losses.</p>
<h3 id="sculpting-the-pattern">Sculpting the pattern</h3>
<p>Building the pattern was a very straightforward step. Just melting some candle
paraffin wax, sculpting it with a knife, and I was done.
<img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200527_200800.jpg" alt="Sculpting the paraffin wax block" /><br />
<em>Sculpting the paraffin wax block</em></p>
<p><img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200527_224747.jpg" alt="The pattern is ready" /><br />
<em>The pattern is ready</em></p>
<h3 id="making-a-re-usable-mold-and-casting-multiple-identical-pieces">Making a re-usable mold, and casting multiple identical pieces</h3>
<p>I had already cast some piece in Zamak, but always unique ones, with the mold
being destroyed in the process. Now, I had to make a mold that would be able to
make at least 4 times the same piece. As the <a href="https://en.wikipedia.org/wiki/Draft_(engineering)">draft angle</a>
was not really a functional constraint, and I would have the possibility to
machine it afterwards, I started with
<a href="https://en.wikipedia.org/wiki/Plaster">plaster</a>, hoping that it would be easy
to remove the piece from the top.<br />
<img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200527_231603.jpg" alt="Plaster drying with the pattern" /><br />
<em>Plaster drying with the pattern</em></p>
<p>Indeed, it was easy to remove the piece. Sadly, during the multiple tries, the
mold always ended-up being fractured by the hot temperature of the metal. It was
time to try something else.
<img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200601_193130.jpg" alt="A first broken mold" /><br />
<em>A first broken mold</em></p>
<p><img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200616_135442.jpg" alt="A second mold that did not make it" /><br />
<em>A second mold that did not make it</em></p>
<p>Looking for solutions on the Internet, I stumbled upon <a href="https://www.youtube.com/watch?v=v_f51IXWYFU">this
video</a> made by a fisherman, that
shows how to make a mold to cast lead using <a href="https://en.wikipedia.org/wiki/RTV_silicone">RTV
silicon</a>. Thankfully, lead and zamak
have similar melting points, usually around 350°C and 400°C, depending on the
alloys, meaning I should be able to use the same technique. RTV Silicone is not
that hard to find, and <a href="https://www.boutique.resines-et-moulages.com/silicones-moulages-artistiques-polycondensation/429-kit-rtv-silicone-145c-ht-rouge.html">this one</a>
worked pretty well!
<img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200625_194047.jpg" alt="A Zamak pattern made from the previous steps, ready to get the silicon for a new mold." /><br />
<em>A Zamak pattern made from the previous steps, ready to get the silicon for a new mold.</em></p>
<p><img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200630_210855.jpg" alt="The second part of the silicon mold is almost ready." /><br />
<em>The second part of the silicon mold is almost ready.</em></p>
<p><img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200701_002258.jpg" alt="One piece of the gimbal, freshly cast." /><br />
<em>One piece of the gimbal, freshly cast.</em></p>
<p><img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200717_184444.jpg" alt="The four gimbal pieces, once polished and drilled." /><br />
<em>The four gimbal pieces, once polished and drilled.</em></p>
<h3 id="assembling-the-gimbal-and-testing-the-sensors">Assembling the gimbal and testing the sensors</h3>
<p>Now that I had most of the pieces for the gimbal, I tried to assemble it a first
time to test the sensors and make a first proof-of-concept.</p>
<p>The assembly was pretty simple, with the X and Y axis being hold on some old
<a href="https://en.wikipedia.org/wiki/Inline_skates">inline-skates</a>
<a href="https://en.wikipedia.org/wiki/Ball_bearing">bearing</a> that I salvaged. The axis
themselves are made with two bits of 8mm <a href="https://en.wikipedia.org/wiki/Threaded_rod">threaded
rod</a> tied together with iron wire.</p>
<p>For the test, I just flashed a <a href="https://hya.sk/blog/posts/homemade-joystick-prototype/./ReadAnalogVoltage.ino">simple program</a> that
just printed the analog values to the serial output.<br />
Those values are physically an electric tension, varying between 0V and 5V
(theoretically). Once read by the analog input pin of the Arduino, they are
represented by a positive integer varying between 0 and 1023.
On the measurements I've made with the test program, I've managed to get the
following values, which are, in my opinion, completely satisfying in terms of
accuracy and range:</p>
<table><thead><tr><th></th><th>X</th><th>Y</th><th>Z</th></tr></thead><tbody>
<tr><td>Min</td><td>130</td><td>155</td><td>330</td></tr>
<tr><td>Max</td><td>835</td><td>950</td><td>730</td></tr>
<tr><td>Range (Max-Min)</td><td>705</td><td>795</td><td>400</td></tr>
</tbody></table>
<p>X and Y have very decent ranges, which is super great, but in any case, the
sensors are so precise, that the step between two values is only one, if I move
the stick gently enough. Clearly, at last 400 different values, and up to 795,
are more than enough for me to fly anything in any game! I'm also not sure about
what level of flying would require more precision.</p>
<p><img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200717_212014.jpg" alt="Gimbal is first assembled." /><br />
<em>Gimbal is first assembled.</em></p>
<p><img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/joystick_sensor.gif" alt="A sensor and its magnet in the final state after the adjusments." /><br />
<em>A sensor and its magnet in the final state after the adjusments.</em></p>
<h2 id="carving-the-handle">Carving the handle</h2>
<p>It happened that I had a <a href="https://en.wikipedia.org/wiki/Buxus">boxtree</a> branch
available. Boxwood is a very fine wood to carve, and the diameter of the branch
was perfect for sculpting a handle, while passing some wires inside it for the
buttons. I am quite happy with the result of the handle itself, but the
revolute-joint that binds it to the gimbal is currently not at its best.
Reworking that part is already planned.
<img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200620_142152.jpg" alt="The piece of boxwood before anything happened." /><br />
<em>The piece of boxwood before anything happened.</em></p>
<p><img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200718_204905.jpg" alt="Carving the inside of the handle, to make place for the wires." /><br />
<em>Carving the inside of the handle, to make place for the wires.</em></p>
<p><img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200719_170722.jpg" alt="A button, ready to be put in place behind the trigger." /><br />
<em>A button, ready to be put in place behind the trigger.</em></p>
<h2 id="wiring-the-electronic">Wiring the electronic</h2>
<p>Nothing really fancy here, the electronic is really simple.</p>
<p>Hall-effect sensors are wired the same way potentiometers are. That means a pin
to the ground, a pin to the +5V, and the third pin will be the output tension,
that must be connected to an analog input of the Arduino micro.</p>
<p>For the buttons, using the QMK firmware makes wiring a <a href="https://en.wikipedia.org/wiki/Keyboard_matrix_circuit">diode matrix</a> possible.
This allows a great number of switches on a very small number of inputs on the
controller.
<img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./schematics/joystick/skia_joystick.svg" alt="Schematics" /><br />
<em>Schematics</em></p>
<p><a href="https://hya.sk/blog/posts/homemade-joystick-prototype/./schematics/joystick/skia_joystick.sch">Download schematics</a>
<img src="https://hya.sk/blog/posts/homemade-joystick-prototype/img/arduino_micro_pinout_and_ISP_pins.png" alt="Arduino micro pinout diagram" /><br />
<em>Arduino micro pinout diagram</em></p>
<h2 id="programming-the-controller">Programming the controller</h2>
<p>At the very beginning of this project, I had already found <a href="https://github.com/qmk/qmk_firmware/pull/4226">this pull-request</a>
in the <a href="https://qmk.fm/">QMK firmware</a> project, which I had tested on my
<a href="https://keeb.io/products/bfo-9000-keyboard-customizable-full-size-split-ortholinear">BFO-9000</a>,
leveraging the virtual axis feature to fly ships using a keyboard recognized as
a joystick by Star Citizen (most games would work too).<br />
While this worked pretty bad for flying (spoiler alert: discrete, all or none
axis are not that great!), this gave me confidence that the real analog axis
would work fine too from the game's point of view.</p>
<p>By the time I had the joystick assembled for the first time, the PR had even
been merged, and was fully functional! <a href="https://git.hya.sk/skia/qmk_firmware/src/commit/285333ad0576619d259eee76898faaa12833fed7">Here</a>
is my firmware code at the time of writing.</p>
<p><img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200720_225942.jpg" alt="Calibrating the joystick using jstest-gtk" /><br />
<em>Calibrating the joystick using <code>jstest-gtk</code></em></p>
<p><img src="https://hya.sk/blog/posts/homemade-joystick-prototype/./img/IMG_20200920_182823.jpg" alt="Finally testing the joystick in game!" /><br />
<em>Finally testing the joystick in game!</em></p>
<p>For those who want to see more pictures, <a href="https://hya.sk/blog/posts/homemade-joystick-prototype/./gallery/">here is a gallery</a> with photos of all the building steps.</p>
<h2 id="next-steps">Next steps</h2>
<p>Even if the joystick is currently working, it's still a very early prototype
that needs improvements. Here are some of them that I already thought of:</p>
<ul>
<li>Mount the stick on a proper bearing for less play and smoother feeling.</li>
<li>Make an adjustable spring system, for fine tuning the rest position.</li>
<li>Make a case around the gimbal to protect the wiring, and host more buttons.</li>
<li>Mount everything on a decent metal plate instead of a thin wooden plank.</li>
<li>Build a second joystick to handle 3 more axis!</li>
</ul>
Enjoying Tool live2019-07-02T00:00:00+00:002019-07-02T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/tool-in-concert/<p>Last summer, I had the pleasure to see
<a href="https://en.wikipedia.org/wiki/Tool_(band)">Tool</a> in concert at the Hellfest
festival, and that really was awesome for multiple reasons:</p>
<ul>
<li>The musicians are technically very skilled, being in studio as well as on
stage.</li>
<li>The show is centred on the music and the visual light effects combined
together to create a very mesmerizing performance.</li>
<li>They even ask the public not to take pictures or videos to enjoy the moment as
one that must be lived and felt, rather than watched later on a small, inhuman
screen.</li>
<li>The sound tuning was just perfect, and I don't remember being at a metal show
with that many people able to listen to the music without their ear
protection. Thank you Hellfest for that!</li>
<li>They played some of their new titles that weren't released yet at the time.</li>
</ul>
<p>Of course, going to another show now would probably fulfil only the three first
points in my list, but I find them far good enough to recommend <em>Tool</em> for your
next concert!</p>
Boardgame review: Outlive & Captain Sonar2019-01-03T00:00:00+00:002019-01-03T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/outlive-captainsonar/<p>A long time a go, in a blog not so far away, someone stopped writing, for no
real reason. Many happy new years later, that guy tested two wonderful
boardgames, and started writing again.</p>
<h1 id="outlive">Outlive</h1>
<p>Let's start by the most common of the two:
<a href="https://www.philibertnet.com/fr/la-boite-de-jeu/50119-outlive-3770004610105.html">Outlive</a>.</p>
<p>In this survival game, you compete with other players to collect the too few
resources available and optimize your shelter, so that you get better bonuses
and make more "survival point" to win the game.</p>
<p>One of the fun part regarding other games is that you can directly interact with
other by putting "pressure" on their characters so that you steal them
resources, which can make a great difference in their, and your ability to
realize one or the other action.</p>
<p>All in one, it's quite a challenging game for those who want to calculate the
many possibilities at each turn, since there are always multiple ways to win.</p>
<h1 id="captain-sonar">Captain Sonar</h1>
<p>The second game is in a far less common style. <a href="https://www.philibertnet.com/fr/matagot/43073-captain-sonar-3760146643017.html">Captain
Sonar</a>
is here to immerse yourself in a submarine crew member, dividing the players in
two teams competing on the same map to destroy the other, a bit like a classical
naval battle.</p>
<p>But the really awesome part is that this game is made to be played in real-time,
meaning that a team can just navigate faster than the other by simply being more
efficient in coordinating itself. Though, speed will not help when it comes to
launch a torpedo on the other submarine, and a great part of the work is first
to spot the enemy ship without giving too much informations about your own
position.</p>
<p>Really fast to learn, but very difficult to master, this game is perfect to play
with 6 to 8 players, and is seriously awesome for a week-end with friends, even
if some of them are not particularly fond of boardgames.</p>
First workshop at the Grehack2016-11-20T00:00:00+00:002016-11-20T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/grehack/<p>Last Friday, I was in Grenoble, at the Grehack, to give my very first workshop!
<a href="https://dustri.org/b/radare2-at-the-grehack-2016.html">Dustri</a> asked me a few weeks ago if I could come with him, since
this was about <a href="http://rada.re/">radare2</a>, the very famous reverse engineering framework that I had worked for in RSoC
2014.</p>
<p>This was a very fun experience, with everyone being pretty happy learning the mysteries of r2. I even helped a bit
a guy using r2 during the CTF that followed, this was really encouraging.<br />
Of course, you can grad the slides and the material here: <a href="https://hya.sk/pub/grehack_2016.tar.xz">link</a>. Feel free
to contact me if you have problems trying to (re)do the workshop at home.</p>
<p>During the day, there were also some various talks, more or less interesting. That was also the occasion to talk a
bit with cool guys from <a href="http://www.tetrane.com/">Tetrane</a> about their awesome tool Reven (almost as awesome as
r2! :D).</p>
<p>The organisation was great, but there were some small hiccups that made the Grehack a bit messy. Anyway, the staff was
really kind, and I'd still be happy to come back another year.</p>
Reviewing the Touch Lux 3, by Pocketbook2016-05-22T00:00:00+00:002016-05-22T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/pocketbook/<p>For my birthday, my parents offered me an ebook reader, the <a href="http://www.pocketbook-int.com/fr/products/pocketbook-touch-lux-3"><em>Touch Lux 3</em>, by
<strong>Pocketbook</strong></a>.
I already knew a bit about it, since it's not the first one I see around me, and
I was again happy seeing a printed version of the GPL in the box.<br />
Indeed, it is a really nice product, both in quality and in <em>open-mindness</em>. It
runs a Linux based OS, can read a lot of file formats with or without DRM, and
has a lot of nice applications, from the <em>Web browser</em> to the <em>Chess game</em>.</p>
<p>E-pubs and PDFs are great, but I have in my library tons of comics in various
strange formats, such as .CBR (rar), .CBZ (zip), or .CBT (tar), which are
archives containing pictures. Sadly, the Pocketbook can not read those formats,
but after a small research, I found that an amazing guy did a great job in <a href="http://www3.telus.net/rkomar/pbimageviewer/">this
page</a>!</p>
<p>Thanks to the open design of the reader, we have really easy access to the
system, and thus, we can add applications as we want. That's how the man did
manage to implement a new viewing application supporting the .CBx formats, and
allowing me to read my comics on the Pocketbook.</p>
<p>It's still a bit small and in black and white, but the books are nicely readable
when rotating the screen, and the refresh time is less than 1s to get a complete
new page, which I find really quick and makes me really happy with it!</p>
Quitting mailoo2016-05-20T00:00:00+00:002016-05-20T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/mailoo/<p>I've been using <a href="http://mailoo.org">Mailoo</a> for a few years now, and I was pretty happy with it. But recently, as I
changed my password, I was upset, as every time, when I again received the confirmation e-mail saying something like:
<em>"Great, you changed your password, your new password is <strong>blahblahblah4000</strong>!"</em>.<br />
That made me sad, but I passed over, as always, still saying to myself that I really should change my e-mail provider.</p>
<p>And what a surprise! The next morning, I began to receive a lot of messages from friends (contacts) saying <em>"yeah? what
do you need?"</em> and other strange answers to a message I didn't send. I quickly changed my password again, and no mail
have been oddly resend since, but the evil was done...</p>
<p>Today, two days later, I've already made a new address with my friend <a href="https://smagnin.org">Piké</a> on our dedicated
server, self hosting one more service, and replacing the aliases I had at <a href="https://www.gandi.net">Gandi</a>.</p>
<p>You can now write me at skia [at] libskia (dot) so, and soon, the old addresses at mailoo.org won't work anymore (I'm
still waiting a bit before deleting everything, since I use theses e-mail every day).</p>
The Force has awoken...2015-12-16T00:00:00+00:002015-12-16T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/star-wars-awakens/<p>Today is the 16th December, and the world (at least the France) sees the release
of <strong>Star Wars VII: The Force Awakens</strong>. In this special occasion, I take the
time to write a bit about how much I've been loving the <em>Star Wars</em> universe,
and that for a very long time!</p>
<p>It all began when I first saw <strong>A New Hope</strong> when I was young (I don't remember
precisly when). Since then, I grew up <a href="https://www.youtube.com/watch?v=HoRXYZD0Zc8">playing the Jedi
master</a>, making stop-motion Star
Wars Lego movies (that I sadly lost), even <a href="https://www.youtube.com/watch?v=gmVg-ubmlJo">becoming sometimes a Sith
Lord</a>, when not too busy
collecting/playing with about fifteen Lego spaceships, and more than thirty
characters!</p>
<p>I continued exploring the Star Wars universe
<a href="http://starwars.wikia.com/wiki/The_Thrawn_trilogy">reading</a>
<a href="http://starwars.wikia.com/wiki/Darth_Maul:_Shadow_Hunter">books</a>,
<a href="http://starwars.wikia.com/wiki/Star_Wars:_Jedi_Knight:_Jedi_Academy">playing</a>
<a href="http://starwars.wikia.com/wiki/Republic_Commando">video</a>-<a href="http://starwars.wikia.com/wiki/KOTOR">games</a>,
and still now playing a lost, Jedi to become,
<a href="http://starwars.wikia.com/wiki/Kiffar">Kiffar</a> vagabond, in a <a href="https://hya.sk/pub/Star-Wars-Fate-Edition.pdf">very cool
role-playing game</a>!</p>
<p>And today, I'm very happy that the universe continues to live through a new
movie!</p>
<p>Many people have asked me how I felt about Lucasfilm beeing sold to Disney, and
I always answered that it was great.<br />
It's great to do so while George Lucas has not yet joined the Force (sadly, it
will happen).<br />
It's great to do so because Disney has a lot of money, and it's great that they
use it to make more Star Wars stuff.<br />
It's great because they trusted J.J. Abrams to make this new movie, and I think
he has done a good job previously with the new Star Trek films.<br />
It's great because we will see the old characters played by the old actors, and
I already know that it will be a magic moment!<br />
It's great because while writing these lines, I'm listening to the soundtrack
that made John Williams for the first and second trilogy, and I'm really happy
that he doing a third one!</p>
<p>More generally, I'm also very happy with how Disney managed to keep the giant
extended-universe by creating the
<a href="http://starwars.wikia.com/wiki/Star_Wars_Legends">Legend</a>, without beeing hold
back for the new films. Indeed, keeping the universe consistant would have been
almost impossible without using a entire new place, with very few references to
the old movies.</p>
<p>That said, I'm still waiting patiently to see the awaken of the Force, although
I know that within me, it already awoke <em>a long time ago...</em></p>
SSLH, ssh&co though Proxies2015-11-09T00:00:00+00:002015-11-09T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/sslh/<p>During my intership, I wanted to access my server, to continue using IRC in my
<a href="http://www.irssi.org/">irssi</a>. I need for that to ssh to
<a href="https://hya.sk">hya.sk</a>, but the problem came from the proxy that
provide my Internet connection, because it's blocking everything except ports 80
and 443.</p>
<p>First thought: easy, I just have to set SSH to listen on port 443!</p>
<p>Problem: we (<a href="https://smagnin.org/">Piké</a> and I), are running website with
<a href="https://en.wikipedia.org/wiki/HTTPS">HTTPS</a> enabled, and it's running, of
course, on port 443.</p>
<p>From there, I had many solutions. I could put in place a VPN using some option
like
<a href="https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAH">port-share</a>
but it was a bit heavy for just an SSH connection... Moreover, VPNs are stictly
forbidden by the local policy, so it wasn't a really good idea.</p>
<p>I also could have used <a href="https://github.com/yudai/gotty">GoTTY</a>, to get a shell
in my browser, but I didn't really like this solution, especially for IRC
notifications, that are forwarded though screen to my terminal, to have a little
"beep" when someone highlights me.</p>
<p>I finally found a far better solution:
<a href="http://www.rutschle.net/tech/sslh.shtml">SSLH</a>. It's a small SSL multiplexer
that, once set to listen on <code>$PUBLIC_IP:443</code>, can forward many protocols to
their respective interfaces.</p>
<p>Here is how I call SSLH. You can of course set it in <em>/etc/default/sslh</em> and run
it as a daemon.</p>
<pre data-lang="bash" style="background-color:#0f1419;color:#bfbab0;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#ffb454;">sslh</span><span style="color:#f29718;"> --user</span><span> sslh</span><span style="color:#f29718;"> --listen</span><span> 12.123.123.132:443</span><span style="color:#f29718;"> --ssh</span><span> 127.0.0.1:22</span><span style="color:#f29718;"> --ssl</span><span> 127.0.0.1:443</span><span style="color:#f29718;"> --openvpn</span><span> 127.0.0.1:1194
</span></code></pre>
<p>That way, I have SSH, HTTPS, and even OpenVPN that can pass through port 443,
and that's very useful when you work behind weird restrictive proxies!</p>
<p><strong>Bonus</strong>: that works in both sides, so when you have server in a DMZ where, for
<em>security reasons</em>, the network admin blocked SSH port, but allowed, say, HTTPS
for example, you can have a direct secure shell without any weird reverse tunnel
with SSLH.</p>
Discovering Gogs2015-06-11T00:00:00+00:002015-06-11T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/gogs/<p>I just discovered <a href="http://gogs.io/">Gogs</a>, a light Git web fronted written in
Go. After reading a bit on its website, I decided to try a bit, just for fun. It
was <em>really</em> easy to install it with NginX as reverse proxy, everything is Gogs'
documentation, and it was ready in less than 10 minutes. Wonderful!</p>
<p>It's still in beta, but already very functional, providing most of the classic
features such as issues, milestones, ssh keys, <em>README.md</em> parser, etc...</p>
<p>Finally, I just dropped my old Gitweb<sup class="footnote-reference"><a href="#1">1</a></sup>, and I welcome you to my new <a href="https://git.hya.sk/skia">Gogs</a>! :)</p>
<div class="footnote-definition" id="1"><sup class="footnote-definition-label">1</sup>
<p>even if you can still reach it though <a href="http://git.hya.sk"><em>http</em></a></p>
</div>
24h in the airport2015-04-27T00:00:00+00:002015-04-27T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/24h-at-airport/<p>Being in holidays for two days, I had last month bought my tickets to go to
Nothern Ireland with a friend. We arrived at the airport at least half an hour
before the time that was written in the email we received, but when asking for
the boarding pass, we were refused because it was apparently too late... I never
really travelled by plane in a big airport, so I didn't know that we should have
arrived at least one hour earlier to get the flight.</p>
<p>We managed to change the ticket for the following day (today!) but we had to
wait for the 24h in the airport, without anything but my small travelling bag
and my laptop...</p>
<p>This resulted in some <a href="https://hya.sk/pub/darkvador.sh">useless things</a>, but
also some more useful <a href="http://rada.re">r2 commits</a>. This was anyway really
tiresome, noisy, and boring to death, and I wish it won't happen again (for the
comeback trip, for example :D)</p>
A new motherboard for my X602015-04-21T00:00:00+00:002015-04-21T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/new-motherboard/<p>A few weeks ago, I was playing putting water on my thinkpad, because it can
normally handle it, and mostly because a friend of mine didn't believed it. The
water went as usual through the laptop, but this time, I think I put a little
too much, and I broke the battery loading circuits.</p>
<p>The result was a perfectly working motherboard, but the battery was not able to
charge. That was a little embarrassing, and I decided to completely take the
laptop apart to see <code>1)</code> if I could see something strange around the battery, and
<code>2)</code> how the laptop was built exactly.</p>
<p><code>1)</code> showed nothing, but even better, it bricked the board... Watching
<a href="http://libreboot.org">libreboot</a>'s output did not really helped, because I'm
not a coreboot dev, and because it worked until a moment where it just stopped,
without error... Hard to debug...</p>
<p>Still, I really needed that laptop, because during that period, I had dug my old
X31 up, but this one was a bit too slow, so I bought on Ebay a second-hand
motherboard for only 9€!</p>
<p>Putting it into the X60 went pretty good (I love how the thinkpad is done,
btw!), but I faced a strange matter: the Lenovo bios couldn't boot with my
Atheros Wifi card. Anyway, this was only one more good reason the flash
libreboot, because it worked very good on the old motherboard, and I wanted to
do it myself at least once (first time, I bought the laptop from
<a href="http://shop.gluglug.org.uk/">Gluglug</a> and it came preflashed).</p>
<p>This went very well thanks to libreboot's
<a href="http://libreboot.org/docs/install/index.html#flashrom_lenovobios">tutorial</a> and
I was now able to use my laptop with a very new and state-of-the-art software
for an even better hardware!</p>
Strange high ping2015-04-20T00:00:00+00:002015-04-20T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/strange-high-ping/<p>Currently rebuilding my student association's infrastructure, I have to deal
with Proxmox 3.4 quit a lot. Having up to 5 VM, I decided to first install one,
called <strong>generic</strong>, that I would backup, then restore 5 times to get all my VM
with a basic configuration without efforts.</p>
<p>That worked perfectly a first time, and I have been able to deploy our
<a href="https://about.gitlab.com/">Gitlab</a> quit quickly.</p>
<p>Then I wanted to work on our <strong>proxy</strong> VM, so I restored the generic image, and
logged into the VM with the console interface to change at least its name and
IP. After that, I was able to ssh to the machine, but I remarked that when
typing a command, it was really slow to answer.</p>
<p>Some quick ping based investigations told me that there were many lost packages,
and the average ping was up to half a second! Of course, everything was in a
local network, and pinging the Proxmox host was pretty normal, just as the first
Gitlab VM. Why was that second machine causing so much trouble?</p>
<p>The answer was very dummy: restoring an image restores really everything, and
even the MAC address! Changing that address fixed the problem, but that story
reminds me how shitty I am with networks! :D</p>
Using WinZip2015-04-10T00:00:00+00:002015-04-10T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/loosezip/<p>This morning, I decided to begin my AI course project, so I went to my
<a href="http://www.ipseity-project.com/">professor's library's website</a> to download it
and see how it worked.</p>
<p>So I had now two zip files, that I tried to unzip without success. <em>Unzip</em> says
<code>End-of-central-directory signature not found.</code>, and <em>7z</em> says <code>Unsupported Method</code> for every non directory file... Weird...</p>
<p>Okay, no problem, the binaries are only for W$, so the zip must have been done
with WinZip, or some other strange archieving tool. I was at school, so I had a
few time to try using Wine and WinZip on my X31. Great idea!</p>
<p>Wine went without problem, but I gave up when I faced the following error:</p>
<p><img src="https://hya.sk/blog/posts/loosezip/./images/loozip.png" alt="screenshot" /></p>
<p>I really thank you, WinZip, for giving me so much fun this morning! :)</p>
Sauvetage d'un serveur2015-01-30T00:00:00+00:002015-01-30T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/sauvetage/<p>Un petit déterrage pour ce premier post de 2015. Il s'agit là simplement d'un
article que j'avais rédigé dans un wiki, et qui est resté depuis le seul article
du dit wiki. Plutôt donc de le laisser moisir, je le ressors ici, où il aura un
peu plus sa place... :)</p>
<p>#Récupération d'un serveur perdu</p>
<h2 id="le-probleme">Le problème</h2>
<p>Au cours de manipulation visants à augmenter la sécurité du serveur, j'ai
malheureusement un peu trop joué avec les droits, ce qui fait qu'en essayant de
se connecter via ssh, celui-ci, après avoir afficher les quelques lignes de
bienvenue et au moment de lancer le shell:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>/bin/zsh: permission denied
</span><span>connection to pike.tf closed
</span></code></pre>
<p>Plutôt problématique, n'est-ce pas?</p>
<h2 id="la-solution">La solution</h2>
<p>Comme tout problème a une solution, il fallait donc la trouver. Fort
heureusement, on pouvait toujours envoyer des fichiers par FTP dans le dossier
root d'apache, donc on pouvait uploader un script PHP qui nous sauverait la vie.</p>
<p>J'ai testé quelques script codés moi même, mais finalement, j'ai plutôt utilisé
un reverse shell, bien plus pratique pour tester différentes commandes. Le
script est dispo ici :
<a href="http://pentestmonkey.net/tools/web-shells/php-reverse-shell">http://pentestmonkey.net/tools/web-shells/php-reverse-shell</a>. Tout y est très
bien expliqué et l'on obtient rapidement un pseudo shell sur notre machine
locale.</p>
<p>Un autre problème se posait alors à moi: il fallait que j'execute une commande
avec les droits root pour chmoder les fichiers de zsh. Pour cela, deux options:
<code>su</code> et <code>sudo</code>. Mais en faisant <code>su</code>, la commande nous répond</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>su: must be run from a terminal
</span></code></pre>
<p>Pour <code>sudo</code>, le problème est différent. La commande fonctionnait tout à fait,
sauf que le script qui l'execute est lancé par www-data, l'user d'apache, et
celui-ci n'est pas dans le sudoers, donc il ne peut rien faire.</p>
<p>J'ai donc trouvé une nouvelle astuce sur cette page : <a href="http://evertpot.com/189/">http://evertpot.com/189/</a>,
qui donne deux lignes à rentrer dans notre pseudo shell pour executer un "vrai"
shell via python. Bien sûr, il faut que Python soit installé sur le serveur, ce
qui était notre cas. La première ligne créer un script placé dans <code>/tmp</code>, et la
deuxième l'execute, nous donnant un shell dans lequel on peut ensuite executer
<code>su</code> sans aucun problème.</p>
<h2 id="en-resume">En résumé</h2>
<ul>
<li>Uploader la page de script du reverse-shell une fois modifiée, comme
indiquée sur le site, en spécifiant l'adresse IP de la machine
local sur laquelle vous obtiendrez le pseudo shell, ainsi qu'un
port disponible sur lequel vous allez pouvoir faire écouter votre
machine. Attention, si vous êtes derrière une box, penser à
forwarder le port!</li>
<li>Lancer la commande <code>nc</code> avec les options qui vont bien sur votre
machine pour qu'elle soit prête à écouter sur le port, par exemple
avec le port 1234:<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>nc -v -n -l -p 1234
</span></code></pre>
</li>
<li>Lancer le script en accédant à son URL dans votre naviguateur, votre
pseudo-shell est alors disponible là où vous aviez lancé netcat</li>
<li>Executer les deux commande Python pour avoir ensuite un vrai shell
et pouvoir lancer <code>su</code><pre style="background-color:#0f1419;color:#bfbab0;"><code><span>echo "import pty;
</span><span>pty.spawn('/bin/bash')" > /tmp/asdf.py
</span><span>python /tmp/asdf.py
</span></code></pre>
</li>
</ul>
<p>Voilà, vous pouvez désormais récupérer votre serveur!</p>
<p>Merci à <a href="http://dustri.org">Dustri</a> pour les nombreuses indications
fournies pendant la récupération! :)</p>
Putting HTTPS in place2015-01-30T00:00:00+00:002015-01-30T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/ssl/<p>For a few time I have set up this blog, and I always said that I should put SSL
in place, to provide secure connection for most of the hosted services.</p>
<p>Now it's done!</p>
<p>Certification was made by <a href="https://www.cacert.org/">CACert</a>, and this went
pretty quick, thanks to a few <a href="https://www.linode.com/docs/security/ssl/ssl-certificates-with-nginx/">Nginx tutorials</a>,
and the <a href="http://www.bortzmeyer.org/cacert.html">CACert presentation by S. Bortzmeyer</a> (in French).</p>
<p>That wasn't so hard, after all, and I still wonder why it took me so
much time... :/</p>
<p>Memo:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>openssl req -new -days 365 -nodes -newkey rsa:2048 -keyout hya.sk.key -out hya.sk.csr
</span></code></pre>
The RSoC is finished2014-11-26T00:00:00+00:002014-11-26T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/rsoc-end/<p>That's sad, I know, but the RSoC is now finished since 2 months and I haven't
post for even longer! :/</p>
<p>I have done quit a few commits this summer, and that was really nice to
implement new features in a project such as <a href="https://radare.org/">radare2</a>!
Still, I have some regrets not to have had enough time for the RSoC... I had no
time to implement all the task I was given, and I even still have some that I
hope to do in the next few weeks.</p>
<p>And this year, having a lot of responsibilities in my school's associations, and
having a few school projects, I find even less time than this summer, so I don't
think I'll be able to contribute a lot as I expected.</p>
<p>Now stop complaining about my free time and let's do a quick summary of what
I've done. The task was about structure templates, so the goal is to define a
human readable structure, a bit like a C header for example, and to apply it on
a binary to see each field easily. The method with header file is quickly
described <a href="http://radare.today/types/">here</a>, and I think I'll do a more
complete example one day.</p>
<p>But my work was more focused on one r2 feature related to structures: <code>pf</code>. That
is the basic command for which you can have a quick help on r2 by hitting <code>pf?</code>.</p>
<p>The command works as follow:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>pf iwf foo bar troll
</span></code></pre>
<p>Applies the <code>iwf</code> format at current offset. The <code>iwf</code> format is an
integer named <strong>foo</strong>, a word called <strong>bar</strong>, and a float, <strong>troll</strong>.<br />
This gives the following output:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>[0x00000000]> pf iwf foo bar troll
</span><span> foo : 0x00000000 = 1179403647
</span><span> bar : 0x00000004 = 0x0101
</span><span>troll : 0x00000006 = 1.000000
</span></code></pre>
<p>More fields type can be easily found in the <code>pf</code> help.</p>
<p>Moreover, <code>pf</code> supports some nice tricks like pointers by using <code>*</code> or arrays
using <code>[]</code>...<br />
eg:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>pf *i[2]w pointer_to_int array_of_words
</span></code></pre>
<p>The next point is to store a format by entering following command:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>pf.name iwf foo bar meh
</span></code></pre>
<p>We can now apply the format with <code>pf.name</code>. But the thing is that we can now use
the stored format as a structure in a new format using <code>?</code>.<br />
eg:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>[0x00000000]> pf.meh iw int word
</span><span>[0x00000000]> pf.boh i?w otherint (meh)plop otherword
</span><span>[0x00000000]> pf.boh
</span><span> otherint : 0x00000000 = 1179403647
</span><span> plop : struct<meh>
</span><span> int : 0x00000004 = 65793
</span><span> word : 0x00000008 = 0x0000
</span><span>otherword : 0x0000000a = 0x0000
</span></code></pre>
<p>That way, you can define linked lists for example, to apply on memory
dumps, or create nested structures for complex templates.</p>
<p>Other features are the JSON output, with <code>pfj</code>, or the already done templates
such as the elf32 header that you can easily load with <code>pfo elf32</code>.</p>
<p>On last thing is the writing mode (not fully supported for arrays and nested
structs, which are my remaining tasks) that you can use that way.<br />
You define a format:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>pf.name iwf foo bar meh
</span></code></pre>
<p>And then you can modify its field with:</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>pf.name.bar=0xfa0
</span></code></pre>
<p>That prints the command you should have to type to write 0xfa0 at the
right offset, and a bit of r2 shell makes life easy (see the dot before
the command, to execute the output of it as if entered in r2):</p>
<pre style="background-color:#0f1419;color:#bfbab0;"><code><span>[0x00000000]> pf.name
</span><span>foo : 0x00000000 = 0
</span><span>bar : 0x00000004 = 0x0000
</span><span>meh : 0x00000006 = 0.000000
</span><span>[0x00000000]> .pf.name.bar=0xfa0
</span><span>[0x00000000]> pf.name
</span><span>foo : 0x00000000 = 0
</span><span>bar : 0x00000004 = 0x0fa0
</span><span>meh : 0x00000006 = 0.000000
</span></code></pre>
<p>There are still some features in <code>pf</code>, but I think you now have a good overview
of what <code>pf</code> can do, and so what I've done during my RSoC.</p>
<p>To sum up, that was a great wonderful experience, and I've learned a lot of
various interesting things. I hope to finish the last tasks soon, and after
that, <code>pf</code> will really be a powerful tool to dump nice elf headers, or
analyse strange corrupted PNG files! :)</p>
<p>Finally, I really thank my mentors <a href="https://twitter.com/trufae">pancake</a>,
<a href="https://github.com/XVilka">xvilka</a>, and <a href="https://dustri.org/">jvoisin</a> for
helping me doing the task, and for organizing the RSoC in general. I also thank
<a href="https://github.com/Maijin">maijin</a> for having done a lot of tests in <code>pf</code>
and for reporting a lot of unexpected features, and I also thank all the r2
community for being nice on the IRC chan, and for supporting such a great
project!</p>
Open Laptop2014-07-13T00:00:00+00:002014-07-13T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/x60/<p>First, let me introduce my laptop: it's a Thinkpad X60, he's called
<a href="http://starwars.wikia.com/wiki/Kiffu">Kiffu</a> and was bought ~6 months ago from
<a href="http://www.gluglug.org.uk/">Gluglug</a>, and as the <a href="https://www.fsf.org/">FSF</a>
said, it's an open-laptop, and that means that it runs without any proprietary
software, nor any blob, not even the CPU microcode!</p>
<p>Yesterday, I decided to clean my keyboard, and for that,
<a href="http://maat.mooo.com/">Maat</a> and I had no better idea than putting it under the
tap! Of course it was powered off, but I put a bit too much of water, and
everything didn't go though it. It was now a bit wet, and I decided to wait for
the full night before pluging and running it again... But the whole night wasn't
enough, and when I ran it, it worked for five minutes, and then I got some
strange things on the screen, before it self rebooted, then reboot again, and
behaved very oddly... I shut it down, removed the battery, unpluged, and decided
to dry it <strong>really</strong>. I opened it completely, removed the SSD, the keyboard, and
even the upper body! Drying and waiting for a bit, I then decided to try to run
it, but I was too lazy to rebuild it, and then redry if it still didn't worked,
so I run it completly opened!</p>
<p>Everything went well, and I even took a few pictures with the webcam, without
any problems: <img src="https://hya.sk/blog/posts/x60/images/x60-1.jpg" alt="pict1" /> <img src="https://hya.sk/blog/posts/x60/images/x60-2.jpg" alt="pict2" />
<img src="https://hya.sk/blog/posts/x60/images/x60-3.jpg" alt="pict3" /> <img src="https://hya.sk/blog/posts/x60/images/x60-4.jpg" alt="pict4" /></p>
<p>Finally, I just rebuilt the laptop and wrote this article, because I just found
that fun and wanted to share the pictures... ;)</p>
Clearing my mind about my task2014-07-10T00:00:00+00:002014-07-10T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/clearing/<h1 id="clearing-my-mind-about-my-task">Clearing my mind about my task</h1>
<p>After receiving XVilka's mail, asking for our status about the RSoC, I was asked
to join the <code>#radare-rsoc</code> channel, a very smaller chan much more adapted to the
student of the RSoC. If I say that, it's because despite everybody says "feel
free to..." on the main chan, I really felt outnumbered by so many people
talking about such advanced things, and honestly, I didn't dare to ask even a
small question... Stupid life.... :)</p>
<p>Anyway, after joining the RSoC chan, I explained what I had already done, and I
was answered that many things were already done! In fact, the biggest part was
mainly done, and for now, the priority was to write tests for the <code>pf</code> command,
the one that make use of a kind of template (my task)...</p>
<p>I quickly went to the test directory, forked the
<a href="https://github.com/radare/radare2-regressions">radare2-regressions</a> repo on my
Github, and began to learn how <code>pf</code> worked, in order to test it in the test
suite. Two hours or three later, my commits were merged, and I even discovered
my first bug in r2, as pancake said when I wondered about the result of a
command...</p>
<p>Next step now is to fix the bugs in <code>pf</code>, then to improve it to support nested
types, and then, we'll see...</p>
First step in the RSoC2014-06-26T00:00:00+00:002014-06-26T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/first-step-rsoc/<h1 id="first-step-in-the-rsoc">First step in the RSoC</h1>
<p>A <a href="https://dustri.org/b/">friend</a> of mine motivated me for doing the
<a href="http://rada.re/rsoc/">Radare Summer of Code</a> a few month ago. I took a
look, and found it very interesting, so I applied, asking to do the
Struct Templates job. I was accepted, and I began to take some interest
to the project. I did a very few commit here and there, trying to
understand how the project worked, how it was organized, and also
learning how to use the different tools, like GitHub that I had never
really known before.</p>
<p>The start was given last week, but having a
<a href="https://git.hya.sk/skia/snp_compiler">project</a> to finish for the
school, I had no time to take it... Now that the project is done, I'll
have more time to spend on r2, and it's what I've done tonight: I
looked precisely at some file, trying to understand how the thing was
done, and beginning to think what I'll have to do to complete the task.</p>
<p>I really feel happy that the school project was a compiler and not some
other shit, because reading a C parser is now far easier than it would
have been otherwise! As we could say in Molière's tongue: <em>C'est en
forgeant que l'on devient forgeron</em> (<em>Smithing makes the smith</em>, or
more likely <em>Practice makes perfect</em>) and as we all know, that's really
true for programming!</p>
<p>Concerning that blog, I'll try to post for every step I'll complete,
in order to keep something about my first commitment in a free project!
And if you want to contribute to r2, you can find a list of idea
<a href="https://pad.nopcode.org/p/r.kbQMywcnKtU6z6wn">there</a> and join us on
<code>freenode#radare</code>!</p>
A very new blog2014-06-20T00:00:00+00:002014-06-20T00:00:00+00:00Unknownhttps://hya.sk/blog/posts/new-blog/<p>Hi there!</p>
<p>I'm proud to announce to the world that I'm at least opening a blog.
The purpose isn't to tell you everything about my super life, but to
provide information about interesting (or not) stuff I've done...</p>
<p>Feel free to contact me if you think you have to!</p>
<p>-- Skia --</p>