So, there was a post by Justine Tunney about her port of OpenBSD’s pledge() to her own libc, the Cosmopolitan libc. She is also calling out that previous attempts at this were flawed: There’s been a few devs in the past who’ve tried this. I’m not going to name names, because most of these projects were never completed. […] The projects that got further along also had oversights like allowing the changing of setuid/setgid/sticky bits. So none of the current alternatives should be use...| Blog on blog.gnoack.org
This explains how to configure multiple keyboards in Sway, and how to use advanced configuration when regular xkb_options are not enough. Sway configuration Luckily, Sway has great support for multiple keyboards with different layouts, so it nicely adjusts to whatever keyboard you have plugged in or can use separate configurations for a physical keyboard and the laptop keyboard. First, identify the identifiers for the keyboards you have plugged in, using the following command: $ swaymsg -t ge...| Blog on blog.gnoack.org
This is a collection of interesting literature on the subject of error handling which I had collected to research my own blog post on the subject a while ago. “A Philosophy of Software Design” by John Ousterhout has a significant section on error handling that I found worth a read. It takes a slightly different angle and gives some good examples on how to design programs in a way so that errors cannot happen, or only happen in the right places. The Smalltalk-80 Blue book had the weirdest ...| Blog on blog.gnoack.org
Tests should be correct by inspection Tests require a different approach than normal code. We don't have tests for tests, so tests need to be correct by inspection -- and the main technique to achieve this is to get rid of the generality of the production code, and exercise only very narrow and specific scenarios. Decide what test to write The goal of testing is to increase confidence A test's purpose is to increase the confidence that you have in your program's correctness. The next test to ...| Blog on blog.gnoack.org
My toy Lisp fn is an inherently single-threaded language, but with its built-in stack-inspection capabilities, it’s easy to build coroutines on top. The implementation only has about 20 lines of code, including comments. This article contains a simplified implementation in-line. In only rewrote some comments to make more sense in context, and removed confusing technicalities like fn’s custom method call syntax, the use of dynamic-wind and remarks about tail calls. Prerequisites In most pr...| Blog on blog.gnoack.org
Recently, almost all my digital drawings were made with a Bamboo Slate tablet and Tuhi. It was good fun to take Tuhi’s drawing data and create my own renderer tuhirender, which can be used from the command line to produce some more advanced effects and tune more of the rendering knobs. tuhirender replaces Tuhi’s own renderer by building on Tuhi’s JSON-based output format for line coordinates and pen pressure data. Basic invocation The basic invocation is: tuhirender -width 200 -fit -o o...| Blog on blog.gnoack.org
The main technique in software design is this: You look at the entirety of your system and you decompose it into pieces that are more manageable and have clear interfaces. This approach is usually referred to as modularization. But what’s the point of investing such an effort if in the end only the externally visible properties of a software matter? In his classic paper “On the Criteria To Be Used in Decomposing Systems into Modules”1, David Parnas gives the following rationale: David P...| Blog on blog.gnoack.org
Renaissance gopher Johannes Gopherberg after inventing html/template I’m using html/template much too seldom to remember how to properly share common template blocks across multiple pages. Today I had to figure it out for the second time. It’s about time to document it! The approach presented here both (1) makes it possible to share template blocks across multiple logical pages, and (2) makes it easy to use them using tmpl.Execute(writer, data) in your HTTP handlers. In particular, with t...| Blog on blog.gnoack.org
Disclaimer: These are Google topics, but based on publicly available resources. I’m writing this not because I get paid for it (I don’t), but because I am truly excited about it, it’s now public, and I hope this will find more wide-spread adoption. Goran Petrović and Marko Ivanković have published a nice paper on the “State of Mutation Testing at Google” a while ago1. I’m a fan of this, because Mutation Testing spots real test coverage issues which regular line-based coverage wo...| Blog on blog.gnoack.org
I’m very happy to hear that Wireguard has made it into the Linux kernel and will be part of Linux 5.6! Wireguard was quite a relief for me after wrestling with OpenVPN before, for multiple reasons. I’m a happy user for about a year now, and I can wholeheartedly recommend it. Wireguard is really pushing the state of the art forward for VPNs: high performance (it’s part of the kernel) very simple setupno wrestling with OpenSSL or X.509 certificates key management1 comparable to OpenSSH, k...| Blog on blog.gnoack.org
Goroutines are a unusual and powerful programming language feature, so they are a tempting toy to play with, and they get a bit overused. There is some indication that the following Go principle holds true: Strive to provide synchronous APIs, let the caller start goroutines. To put this advice into a more concrete code example: Do this: func (t *type) Run(ctx context.Context) { // Implementation of background task } Instead of this: func (t *type) Start() { t.wg.Add(1) go func() { // Implemen...| Blog on blog.gnoack.org
I love Go for many reasons, but this part is still itching me: I postulate that this Go idiom is a burden on our mental capacity: if err != nil { return nil } Error handling is at a tension between two different developer needs. On the one hand, error handling is very annoying and distracting when working on a constructively formulated use case. On the other hand, not dealing with it correctly means that the program blows up in unknown ways when errors happen: data may be lost, I/O may be hal...| Blog on blog.gnoack.org
I have a confession to make. I used to put two spaces after each sentence, as it used to be done by typewriter typists before computers [citation needed]. The moment when I started to form this habit was around 2010. I was young and easy to impress, and I was picking up more advanced Emacs use working on the TeX source for my diploma thesis. While editing these large chunks of free-form text was when I discovered the fill-paragraph function, otherwise known as M-q, for automatically breaking ...| Blog on blog.gnoack.org
The 9P protocol is the protocol for network file systems used in Plan9. Plan9 is not a widely used operating system, but it’s widely considered more true to the Unix spirit than Unix is, coming from some of the same people who made Unix as well. Overview To get a rough idea of the 9P protocol, consider a system where all the original core Unix syscalls (open, close, read, write, …) are lifted to be remote procedure calls. These can be sent over the network, making file systems in Plan9 ne...| Blog on blog.gnoack.org
A code review that doesn’t go right. (image by Manu Cornet, CC BY-NC-ND 3.0) I’ve reviewed over 3000 code changes so far in my career, and gone through about same amount of reviews as change author. When reviewing code, here is the golden rule I follow: Any code change that’s a strict improvement should be approved. Most incoming code reviews are both improvements in some aspects and make things worse in other aspects. Understand the change It’s tempting to glance over a change and on...| Blog on blog.gnoack.org
Update: This setup stopped working after a few firmware updates; there were apparently some software updates after the catalog of internet radio stations broke down. Maybe they also read my bug report about the broken encoding and found my blog post. I didn’t investigate much; superficially it looked like the radio is just ignoring the returned IP address if it’s a local one. Have you ever wondered what your Internet-connected devices are doing behind your back? My internet radio had some...| Blog on blog.gnoack.org
There are my core dumps!| blog.gnoack.org
Landlock Your Vibe Coding| blog.gnoack.org
Argument passing adventures| blog.gnoack.org
I accidentally broke Emacs mouse support on the Linux console. o_O The TIOCLINUX patch for disabling dangerous IOCTLs for the Linux console driver (background discussed on the Wiki) ended up accidentally making the mouse cursor invisible on the Linux console (the proper text mode one, not xterm). I apologize for breaking this. We luckily found a patch for it and it is now rolling out to stable Linux kernels. If your mouse does not work as expected in Emacs on the Linux console, please update ...| Blog on blog.gnoack.org
Git without a hosted platform| blog.gnoack.org
Thoughts on sandboxing, found via Aaron Swartz’s weblog, who in turn found it in a writeup about Dan Bernstein’s 2005 research activities (at the end): The software installed on my newest home computer contains 78 million lines of C and C++ source code. Presumably there are hundreds of thousands of bugs in this code. Removing all of those bugs would be quite expensive. Fortunately, there’s a less expensive way to eliminate most security problems. Consider, for example, a compressed musi...| Blog on blog.gnoack.org
Upcoming conferences 2025 Q1| blog.gnoack.org
📢 I gave a talk about the recent changes in Landlock and its new support for restricting IOCTL usage at the Linux Security Summit Europe 2024 in Vienna: 🌍 Talk page | 🎥 Video on YouTube | 😎 We have stickers! Talk Summary The Landlock security module lets Linux processes restrict what they can do and puts developers in charge of defining appropriate sandboxing policies for their programs. We will give a brief overview over Landlock’s current features, recent developments, and tal...| Blog on blog.gnoack.org
In the context of Alejandro Colomar stepping down as a man-pages maintainer :(, I learned from him that it is possible with git to create an email patch set that spans multiple target repositories. Specifically, he pointed to a review thread by Jiri Olsa where this was done, and whose outline takes a similar shape to this (simplified): [PATCH proj v3 0/3] foobar: Add transmogrifier [PATCH proj v3 1/3] foobar: Prepare flux compensator [PATCH proj v3 2/3] foobar: Add transmogrifier feature [PAT...| Blog on blog.gnoack.org
The Landlock security module lets Linux processes restrict what they| blog.gnoack.org
Landlock IOCTL control in Linux 6.10| blog.gnoack.org
Hot take!| blog.gnoack.org
A dive into Linux' /proc file system| blog.gnoack.org
Go-Landlock: Networking support| blog.gnoack.org
The Design of Mailprint| blog.gnoack.org
Motivation and use of the Go Landlock library| blog.gnoack.org
In which I decide to leave social media and use this blog instead| blog.gnoack.org
A Unix trick that took me too many years to realize| blog.gnoack.org
How to make your use of Landlock backwards compatible with older kernels| blog.gnoack.org
Landlock truncation support in Linux 6.2| blog.gnoack.org
Unprivileged self-sandboxing on Linux| blog.gnoack.org
An opinion piece on code style matters.| blog.gnoack.org
Go: Test Cleanup in Go 1.14| blog.gnoack.org
Go: Path simplification library| blog.gnoack.org
There are some use cases where abstractions with generics are better| blog.gnoack.org
How to make beautiful art from a few lines of code| blog.gnoack.org
Shared base fixture| blog.gnoack.org
GPG with the CCID Driver| blog.gnoack.org
Hexiamonds| blog.gnoack.org
Python-like generator functions| blog.gnoack.org
If you subscribe to Linux mailing lists in 2023, you're doing it wrong.| blog.gnoack.org
A comparison of programming idioms for doing cleanup work| blog.gnoack.org
A systematic approach for surfacing each error to the right stakeholder| blog.gnoack.org