Developers’ Weblog

Sponsored by
HostEurope Logo

Developers’ Weblog

All 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36


28.01.2016 by tg@
Tags: event

Of course, some MirBSD presence will be at FOSDEM this year. There’s no FOSDEM without mirabilos, after all.

We have no booth nor any other set place, and no planned talk schedule either, so coordination of meetups will be tricky. I’ll try to get into IRC at least occasionally, but WLAN is usually shitty.


Fearing loss of the server or the hard disc when reporting the hard disc issue I postponed that and created a snapshot (for i386) and a CVS repository snapshot and uploaded them first then backed up everything worthwhile on fish and created myself some custom rescue media.

(Some background info – this server is from 2006, and back then, they usually cost around 100 €, while this is partially sponsored. I was fearing stopping of the sponsoring or shutdown of such an old real iron hardware even though it works fine for my needs.)

Then I shut the server down and asked HostEurope support to check the HDD and, if possible, when replacing, put the old HDD into the second slot (I checked, the PowerEdge 750 has two of them). With a big German dedicated hoster that shall stay unnamed (it’s not the Uffline one), even with a RAID 1 you’re SOL because they refuse to just swap the discs, but I decided to try anyway.

So I put the request up in KIS and thought they’d do it during normal working hours (as off-hour work costs extra), but no more than four hours later, the HDD was checked as faulty, a new one (even bigger as they don’t stock 80 GB ones any more ☺) was put into the first slot and the old one into the second slot, and… oh well. The machine was booted into BIOS Setup, and I may connect with the DRAC III/XT (which needs a Java 1.4 plugin for MSIE, or telnet (not ssh), and whose password I forget due to unuse).

Some tricking around later I found out that their new netbootable rescue system (a Grml 2014.03 PONY WAGON) doesn’t work with my server, so I resigned to pay the 25 € to have someone boot it up with a Knoppix CD (uh-oh). After all, I just needed any system with which I could dd(1) the custom MirBSD installer ISO I previously made onto /dev/sda then boot into it.

To my surprise, I got an eMail telling me they had booted it with a Grml (not from network) and set it up so I could ssh(1) in… with the “initial password”. One eMail later I found out that this server predates passwords in KIS, and by now I’m in the process of restoring services by copying everything from the old to the new disc (only lost some directories under the anoncvs mirror from ocvs which is easily rsync’d right later)… ah, this completed during writing of this wlog/news entry.

In the end, this all worked perfectly fine, and I’ll be pointing the www RR back to fish after the bad disc was removed and everything has rsync’d back to my satisfaction.

CVE-2016-0777 OpenSSH roaming leak

14.01.2016 by tg@
Tags: bug security snapshot

While our OpenSSH has (now: had) some code related to roaming, I believe our version not affected. If desired, CVS HEAD ships with the entire code removed.

I fixed lots of mksh bugs today!

hardware problems on

14.01.2016 by tg@
Tags: bug hardware news rant

I just got wd0a: uncorrectable data error reading fsbn style messages in dmesg(8) on the machine behind our website. This is rather unfortunate; it’s possible the website will be down for a while, depending on what service I’ll be able to get for the antique thing.

Update: it’s still there after a reboot; I’ll most likely ask the hoster for a hardware check early next week and take the website down durinf that.

I just published the first version of git find on gh/mirabilos/git-find for easy collaboration. The repository deliberately only contains the script and the manual page so it can easily be merged into git.git with complete history later, should they accept it. git find is MirOS licenced. It does require a recent mksh (Update: I did start it in POSIX sh first, but it eventually turned out to require arrays, and I don’t know perl(1) and am not going to rewrite it in C) and some common utility extensions to deal with NUL-separated lines (sort -z, grep -z, git ls-tree -z); also, support for '\0' in tr(1) and a comm(1) that does not choke on embedded NULs in lines.

To install or uninstall it, run…

	$ git clone
	$ cd git-find
	$ sudo ln -sf $PWD/git-find /usr/lib/git-core/
	$ sudo cp git-find.1 /usr/local/share/man/man1/
	… hack …
	$ sudo rm /usr/lib/git-core/git-find \

… then you can call it as “git find” and look at the documentation with “git help find”, as is customary.

The idea behind this utility is to have a tool like “git grep” that acts on the list of files known to git (and not e.g. ignored files) to quickly search for, say, all PNG files in the repository (but not the generated ones). “git find” acts on the index for the HEAD, i.e. whatever commit is currently checked-out (unlike “git grep” which also knows about “git add”ed files; fix welcome) and then offers a filter syntax similar to find(1) to follow up: parenthesēs, ! for negation, -a and -o for boolean are supported, as well as -name, -regex and -wholename and their case-insensitive variants, although regex uses grep(1) without (or, if the global option -E is given, with) -E, and the pattern matches use mksh(1)’s, which ignores the locale and doesn’t do [[:alpha:]] character classes yet. On the plus side, the output is guaranteed to be sorted; on the minus side, it is rather wastefully using temporary files (under $TMPDIR of course, so use of tmpfs is recommended). -print0 is the only output option (-print being the default).

Another mode “forwards” the file list to the system find; since it doesn’t support DOS-style response files, this only works if the amount of files is smaller than the operating system’s limit; this mode supports the full range (except -maxdepth) of the system find(1) filters, e.g. -mmin -1 and -ls, but it occurs filesystem access penalty for the entire tree and doesn’t sort the output, but can do -ls or even -exec.

The idea here is that it can collaboratively be improved, reviewed, fixed, etc. and then, should they agree, with the entire history, subtree-merged into git.git and shipped to the world.

Part of the development was sponsored by tarent solutions GmbH, the rest and the entire manual page were done in my vacation.

If you install the xfonts-base package from my APT repository you now not only get the FixedMisc [MirOS] type from The MirOS Project type foundry for the X Window System, but now also for GNU GRUB2:

FixedMisc [MirOS] for GNU GRUB2 – Screenshot

Just add GRUB_FONT=/usr/share/grub/FixedMisc.pf2 to /etc/default/grub, make sure gfxterm is enabled (usually by commenting out GRUB_TERMINAL=console and removing the comment sign before GRUB_GFXMODE=640x480), run sudo update-grub and be happy at the next reboot.

The combining and Katakana characters depicted in the above screenshot are the result of manual grub.cfg editing and for demonstration (bragging) purposes only.

The RSS feed of my APT repository will also contain such news…

My waypoint statistics and supporting scripts ceased to handle Munzee in any way whatsoever. This is because they’re getting ridiculous, especially in amount, and loss of play fun due to a too slow “äpp”. This means that my figure is now much closer to the real geocaching count, and you have to look at two, separate, statpics to get the entire scoop, but then, the separation does make it all clearer ☺

mirabilos’ WaypointsIt’s all about the numbers: Munzee

Oktobr Rain

27.10.2015 by tg@
Tags: fun twitxr

The title is a pun on “November Rain” and “Красный Октябрь” (Red Oktober, or nice october)… as a follow-up on my earlier Sakura weblog entry. Again, small images as links to bigger ones:



Go enjoy shell

27.08.2015 by tg@
Tags: debian fun pcli

Dimitri, I personally enjoy shell…

tglase@tglase:~ $ x=車賈滑豈更串句龜龜契金喇車賈滑豈更串句龜龜契金喇
tglase@tglase:~ $ echo ${x::12}
tglase@tglase:~ $ printf '%s\n' 'import sys' 'print(sys.argv[1][:12])' >
tglase@tglase:~ $ python $x

… much more than Python, actually. (Python is the language in which you do not want to write code dealing with strings, due to UnicodeDecodeError and all; even py3k is not much better.)

I would have commented on your post if it allowed doing so without getting a proprietary Google+ account.

carstenh asked in IRC how to make a shebang for mksh(1) scripts that works on both regular Unix and Android.

This is not as easy as it looks, though. Most Unicēs will have mksh installed, either manually or by means of the native package system, as /bin/mksh. Some put it into package manager-specific directories; I saw /sw/bin/mksh, /usr/local/bin/mksh and /usr/pkg/bin/mksh so far. Some systems have it as /usr/bin/mksh but these are usually those who got poettering’d and have /bin a symlink anyway. Most of these systems also have env(1) as /usr/bin/env.

Android, on the contrary, ships with precisely one shell. This has been mksh for a while, thankfully. There is, however, neither a /bin nor a /usr directory. mksh usually lives as /system/bin/mksh, with /system/bin/sh a symlink(7) to the former location. Some broken Android versions ship the binary in the latter location instead and do not ship anything that matches mksh on the $PATH, but I hope they merge my AOSP patch to revert this bad change (especially as some third-party Android toolkits overwrite /system/bin/sh with busybox sh or GNU bash and you’d lose mksh in the progress). However, on all official Android systems, mksh is the system shell. This will be important later.

The obvious and correct fix is, of course, to chmod -x the scripts and call them explicitly as mksh scriptname. This is not always possible or desirable; sometimes, people will wish it to be in the $PATH and executable, so we need a different solution.

There’s a neat trick with shebangs – the absence of one is handled specifically by most systems in various ways. I remember reading about it, but don’t remember where; I can’t find it on Sven Mascheck’s excellent pages… but: the C shell variants run a script with the Bourne Shell if its first line is a sole colon (‘:’), the Bourne family shells run it with themselves or ${EXECSHELL:-/bin/sh} in those cases, and the kernel with the system shell, AFAIK. So we have a way to get most things that could call the script to interpret it as Bourne/POSIX shell script on most systems. Then we just have to add a Bourne shell scriptlet that switches to mksh iff the current shell isn’t it (lksh, or something totally different). On Android, there is only ever one shell (or the toolkit installer better preserve mksh as mksh), so this doesn’t do anything (I hope – but did not test – that the kernel invokes the system shell correctly despite it not lying under /bin/sh) nor does it need to.

This leaves us with the following “shebang”:

	case ${KSH_VERSION-} in
	*MIRBSD\ KSH*) ;;
	*)	# re-run with The MirBSD Korn Shell, this is an mksh-specific script
		test "${ZSH_VERSION+set}" = set && alias -g '${1+"$@"}'='"$@"'
		exec mksh "$0" ${1+"$@"}
		echo >&2 E: mksh re-exec failed, should not happen
		exit 127 ;;

The case argument not only does not need to, but actually should not be quoted; the expansion is a set -u guard; the entire scriptlet is set -e safe as well; comments and expansions are safe. exec shall not return, but if it does (GNU bash violates POSIX that way, for example), we use POSIX’ appropriate errorlevel. zsh is funny with the Bourne shell’s way of using "$@" properly. But this should really be portable. The snippet is both too short and too obvious (“only way to do it”) to be protected by copyright law.

Thanks to carstenh and Ypnose for discussing things like this with us in IRC, sending in bugfixes (and changes we decline, with reason), etc. – it feels like we have a real community, not just consuments ☺

さくら – Kirschblüte

28.04.2015 by tg@
Tags: fun twitxr

I took some photos of the cherry blossoms fading today. As usual, small versions (about five à 100K) inline, linking to bigger versions (over 1 MiB each).






They are published under the terms and conditions of The MirOS Licence. Enjoy.

(I am aware that I missed the Kirschblütenfest. This is a deliberate shot, well five, of the blossoms waning. There is another shot of cherry and apple trees in fuller bloom, though I did not take it and thus cannot licence it.)

Update: follow-up post during Autumn.


18.04.2015 by tg@
Tags: food fun tip twitxr

Dies ist ein Rezept für polnische Hefepfannkuchen (Racuchy drożdżowe) mit Äpfeln (z jabłkami). Bei uns zu Hause gab es allerdings auch immer diese Pfannkuchen, nur mit Backpulver statt Hefe. Hefe ist allerdings besser. Das, was man sonst in Deutschland (außer Berlin, da heißen Berliner so, obschon die nicht in der Pfanne zubereitet werden) als Pfannkuchen (oder Eier(pfann)kuchen) kennt heißt bei uns Crêpes (oder Eierkuchen). (Natureshadow und ich haben und jetzt drauf geëinigt, daß der Begriff „Pfannkuchen“ zu überladen ist, und zwischen Pannekōche (wie diese hier, nur mit Backpulver), Hefepfannkuchen (diese hier), Eierkuchen (pfannengroß, ½cm dick, mit Zeug eingebacken), Crêpes (beinahe selber Teig wie Eierkuchen, pfannengroß, deutlich dünner, um Zeug gewickelt) und Berlinern zu unterscheiden.
Die Hefepfannkuchen werden etwas mehr als handtellergroß, sind wunderbar luftig und prall und weich in der Mitte.

Pfannkuchen • Pannekōche • Hefepfannkuchen

Man kann die nicht nur als Apfelpfannkuchen zubereiten, sondern sie schmecken auch mit Erdbeeren total lecker, was allerdings recht matschig ist. Blaubeeren oder Pfirsische bieten sich auch an.

Die Mengenangaben sind für eine Standardfamilie gedacht; auf Arbeit doppeln wir alles, um die halbe Firma satt zu kriegen, und beim Firmenfest haben wir alles vervierfacht; das Rezept skaliert linear sehr gut.


  • 1 Pfund Weizenmehl (½ kg)
  • 1 Prise Salz
  • 50g frische Hefe
  • 3 Eßlöffel Zucker
  • 1½ Tassen Milch auf Zimmertemperatur(!)
  • 1 Ei
  • 3–4 Äpfel (am besten „Topaz“)

Zubereitung: Das Mehl in eine große(!) Schüssel geben (der Teig steigt enorm hoch), das Salz hinzumischen. In die Mitte eine kleine Kuhle machen und dort die Hefe hineingeben und mit dem Zucker überhäufen, danach mit einer halben Tasse Milch übergießen und eine Viertelstunde gehen lassen. Dann das Ei und eine ganze Tasse Milch zugeben, kneten und zugedeckt etwa ein bis zwei Stunden gehen lassen.

Die Äpfel schälen, vierteln und in dünne Scheiben (etwa 2–3 mm dick) schneiden. (Für 16 Äpfel muß man hier über eine Stunde Arbeitszeit einkalkulieren!) Diese nach dem Ziehen dem Teig zugeben und nochmals durchmischen und eine weitere Stunde (im polnischsprachigen Rezept stand 15–20 Minuten, aber wir gehen hier von Erfahrungswerten von Paweł und mir auf Arbeit aus) zugedeckt gehen lassen.

In einer Pfanne (bei doppelter oder gar vierfacher Menge besser in drei Pfannen zu zweit gleichzeitig) Öl mit einem Klecks Butter heißwerden lassen und dann mit einem großen Eßlöffel oder, besser, einem Salatbestecklöffel, drei bis vier Kleckse des Teigs (separat) in die Pfanne geben; nach kurzer Zeit (wenn der Boden und die Ränder schon etwas fest sind) mit einem Pfannenwender umdrehen und leicht obendrauf drücken, dann braten lassen und noch 3–4 Mal wenden, bis sie auf beiden Seiten goldbraun (oft auch etwas mehr als das…) und in der Mitte durch sind, dann auf einen Teller geben, der mit zwei Lagen Zewa ausgelegt wurde, um das überschüssige Fett aufzusaugen. Dann die nächsten Pfannkuchen machen und auf den Teller (oder einen neuen) stapeln. Zielgröße ist etwas mehr als handtellergroß und mehrere Zentimeter dick.

Heiß servieren. Kann man so (sind mir süß genug) oder mit Puderzucker bestreut (mag Paweł lieber) oder mit Marmelade essen. (Wenn man die vierfache Menge für die ganze Firma macht sollte man bereits während des Bratens ab und zu selber einen essen, weil man sonst nix mehr bekommt, weil das so lecker riecht, daß die Kollegen einen belagern…)

Update: Photo. Diesmal mit Vollkornmehl – eher mehr Milch nehmen hierbei, sonst fallen die Äpfel raus. Stevia geht auch, aber ein bißchen Zucker muß zum Gären sein.

All 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

MirOS Logo