LEdoian's Bloghttps://blog.ledoian.cz/2024-05-08T00:00:00+02:00Only NAT packets you can deliver responses for2024-05-08T00:00:00+02:002024-05-08T00:00:00+02:00LEdoiantag:blog.ledoian.cz,2024-05-08:/masquerade-with-filter.html<p>When setting up a masquerading nat, it is worth considering masquerading only
packets from known networks. That is, instead of rule like <tt class="docutils literal">iifname <span class="pre">eth-inside</span>
masquerade</tt> use something like <tt class="docutils literal">iifname <span class="pre">eth-inside</span> ip saddr 198.51.100.0/24
masquerade</tt>.</p>
<p>I learned the hard way: my laptop in a masqueraded network picked …</p><p>When setting up a masquerading nat, it is worth considering masquerading only
packets from known networks. That is, instead of rule like <tt class="docutils literal">iifname <span class="pre">eth-inside</span>
masquerade</tt> use something like <tt class="docutils literal">iifname <span class="pre">eth-inside</span> ip saddr 198.51.100.0/24
masquerade</tt>.</p>
<p>I learned the hard way: my laptop in a masqueraded network picked a wrong
source address from a subnet the router had no knowledge about. The outbound
packets passed through right, but the responses came in, undergone translation,
and since the destination was unknown to the router, it used the <em>default</em>
route, sending the packet back to the ISP.</p>
<p>The result: IDS triggered by <em>many</em> packets from my router with source IP
addresses from all around the Internet, all with destination to my private
address. (The ISP was not happy about that.)</p>
Creating own XKB tweaks2024-04-17T16:40:00+02:002024-04-17T16:40:00+02:00LEdoiantag:blog.ledoian.cz,2024-04-17:/custom-xkb-tweaks.html<p>Debugging this took me a bit too long, so I want to write about the caveat.</p>
<p>My problem: My laptop does not have PageUp and PageDown keys, and many other
keyboards I use have similar deficiencies. And I use various environments and
various systems, some of which are shared with …</p><p>Debugging this took me a bit too long, so I want to write about the caveat.</p>
<p>My problem: My laptop does not have PageUp and PageDown keys, and many other
keyboards I use have similar deficiencies. And I use various environments and
various systems, some of which are shared with other people who don't need/want
my tweaks. IOW: I want something generic, but it must be confined to my user –
no system-wide daemon, no udev remapping. (I mostly ended up with these
solutions when I searched for a way to remap keys on Wayland.)</p>
<p>Requirements: xkbcommon implementation of XKB with utilities. It is quite
common these days (duh…), but you could probably just compile this yourself if
you don't have it.</p>
<div class="section" id="the-tweaking">
<h2>The tweaking</h2>
<p>The <a class="reference external" href="https://xkbcommon.org/doc/current/user-configuration.html">xkbcommon guide</a> tells us that we
can inspect the files in <a class="footnote-reference" href="#lazy" id="footnote-reference-1">[1]</a> <tt class="docutils literal">/usr/share/X11/xkb</tt> for the source files
and just write our bits to <tt class="docutils literal"><span class="pre">~/.config/xkb/symbols/ledoian</span></tt>. In particular, I
added this snippet to remap keyboard brightness controls to PageUp/Down:</p>
<pre class="literal-block">
partial
xkb_symbols "qs" {
key <I238> {[ Prior ]};
key <I237> {[ Next ]};
};
</pre>
<p>The key identifiers are taken e.g. from <tt class="docutils literal">xkbcli <span class="pre">interactive-wayland</span></tt>.
However, this is KcCGST <a class="footnote-reference" href="#kccgst-vs-rmlvo" id="footnote-reference-2">[2]</a> description, but layouts are
configured using RMLVO, so I need to define an option and tell what it should
do. The guide wants me to create <tt class="docutils literal"><span class="pre">~/.config/xkb/rules/evdev</span></tt> with:</p>
<pre class="literal-block">
! option = symbols
ledoian:qs = +ledoian(qs)
! include %S/evdev
</pre>
<p>Now I just add <tt class="docutils literal">ledoian:qs</tt> <a class="footnote-reference" href="#option-vs-symbol" id="footnote-reference-3">[3]</a> to my keyboard configuration
and… it does not work. For this, at all, but if I remap e.g. the L key, that
gets applied. The problem? That included file says that the default keyboard
model always includes <tt class="docutils literal">inet(evdev)</tt> symbols. Those symbols set the default
meaning of the keys, but since that got applied later, it overrides my tweak.</p>
<p>Solution: first include, then add my option.</p>
<p>How to debug: read stuff that <tt class="docutils literal">xkbcli <span class="pre">compile-keymap</span> <span class="pre">--verbose</span></tt> tells you
(pass your config as <tt class="docutils literal"><span class="pre">--layout</span></tt>, <tt class="docutils literal"><span class="pre">--variant</span></tt>, <tt class="docutils literal"><span class="pre">--options</span></tt>, …). At the top
it says what it does:</p>
<pre class="literal-block">
xkbcommon: DEBUG: Include path added: /home/ledoian/.config/xkb
xkbcommon: DEBUG: Include path added: /usr/share/X11/xkb
xkbcommon: DEBUG: Compiling from RMLVO: rules 'evdev', model 'pc105', layout 'us', variant '(null)', options '(null)'
xkbcommon: DEBUG: Compiling from KcCGST: keycodes 'evdev+aliases(qwerty)', types 'complete', compat 'complete', symbols 'pc+us+inet(evdev)'
</pre>
<p>My option would appear before the <tt class="docutils literal">inet(evdev)</tt> part.</p>
</div>
<div class="section" id="a-note-about-x11">
<h2>A note about X11</h2>
<p>X11 uses a separate implementation of XKB (the original one, in fact), which
does _not_ look into the user directory, just the system ones. However, you can
compile the keymap yourself using <tt class="docutils literal">xkbcli <span class="pre">compile-keymap</span> [KEYMAP OPTIONS] >
my_layout.xkb</tt> and load it into the X server with <tt class="docutils literal">xkbcomp my_layout.xkb $DISPLAY</tt>.</p>
<hr class="docutils" />
<table class="docutils footnote" frame="void" id="lazy" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-1">[1]</a></td><td>This is not technically accurate, really the paths reference
<tt class="docutils literal">$XDG_something</tt> variables. I am lazy and just copied my system, so YMMV
(probably won't, though).</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="kccgst-vs-rmlvo" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-2">[2]</a></td><td>There are two levels of describing the keymap: the
lowlevel one is called KcCGST (short for keycodes, compat, geometry,
symbols, types) and is considered to be an implementation detail; the
user-facing one is RMLVO (rules, model, layout, variant, options) and that
is what you use in the configs, with <tt class="docutils literal">setxkbmap</tt> &c.</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="option-vs-symbol" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-3">[3]</a></td><td>While both this example and the <a class="reference external" href="https://www.freedesktop.org/wiki/Software/XKeyboardConfig/">upstream</a> layouts name
the symbols and options similarly, I think they don't need to be related –
you should be able to put whatever you want in your options to the left of
<tt class="docutils literal">=</tt>, the right hand side is the name of the symbol file and if a
non-default layout from that file is used, its name is put in the
parentheses.</td></tr>
</tbody>
</table>
</div>
You sure you want to hear the gossip?2024-03-11T22:49:00+01:002024-03-11T22:49:00+01:00LEdoiantag:blog.ledoian.cz,2024-03-11:/do-not-gossip-identities.html<p>Sometimes, not knowing something about your friends is simpler than knowing
something you know you aren't supposed to know…</p>
<p>TL;DR: If you are gossiping, please handle information which change attitude
towards others with care and maybe share them with consent of the <em>listener</em>. <a class="footnote-reference" href="#on-gossiping" id="footnote-reference-1">[1]</a></p>
<p>Some time ago, I was …</p><p>Sometimes, not knowing something about your friends is simpler than knowing
something you know you aren't supposed to know…</p>
<p>TL;DR: If you are gossiping, please handle information which change attitude
towards others with care and maybe share them with consent of the <em>listener</em>. <a class="footnote-reference" href="#on-gossiping" id="footnote-reference-1">[1]</a></p>
<p>Some time ago, I was casually talking with my friend, let's call them Alex.
For one reason or another, we got to gossip and I learnt a new, very private
information about our mutual friend, Bay. <a class="footnote-reference" href="#names2" id="footnote-reference-2">[2]</a> I knew Bay would not
expect me to know or possibly even want me to know at that time, yet the new
part of their identity would require me to behave differently around Bay in
order not to hurt them. <a class="footnote-reference" href="#non-disclosure" id="footnote-reference-3">[3]</a></p>
<p>That turned my interactions with Bay into a bit of a minefield:</p>
<ol class="arabic simple">
<li>If I behaved according to what I learnt, I may easily overstep Bay's
boundaries and invade their privacy, possibly quite badly. <a class="footnote-reference" href="#my-privacy" id="footnote-reference-4">[4]</a></li>
<li>If I kept my old behaviour, I would feel like I am actively hurting Bay.</li>
<li>If I accidentally slipped my tongue in front of Bay and they notice, I still
ending up invading their privacy as in point 1.</li>
<li>I am also prone to sharing the gossip, maybe accidentally. I would be to
someone else what Alex was to me, and I certainly didn't want to cast this
"curse" on anyone. <a class="footnote-reference" href="#gossip-circumstances" id="footnote-reference-5">[5]</a></li>
<li>If Bay subconsciously noticed I am behaving in line with their secret and in
another interaction I wouldn't, they could feel invalidated (without an
obvious reason why).</li>
</ol>
<p>It sucks, it made talking to Bay needlessly stressful. Please don't do that.</p>
<p>So, to reiterate the message: <strong>Please gossip *safely* and *consensually* about
stuff that is private in nature and would change attitudes towards people.</strong>
For the queer stuff, this can be rephrased in layman's terms as <strong>please just
don't out other people to people who do not explicitly want to know.</strong> <a class="footnote-reference" href="#consent" id="footnote-reference-6">[6]</a></p>
<!-- ReST wtf, why can't I put emphasis in strong? -->
<p>(Again, maybe gossip safely anyway, but for the "regular" gossip you can
usually hide what you know without feeling that bad.)</p>
<div class="section" id="final-remarks">
<h2>Final remarks</h2>
<p>I wrote this post mainly to raise awareness and help learn from past mistakes.
It is not meant to shame Alex for telling me, they might not have been aware
and neither were I at the time.</p>
<p>Apart from the role as "me" in the story, I also were "Bay" a few times,
luckily not with a too intimate part of my identity. And while I try not to be
another "Alex", I cannot rule that completely out unfortunately.</p>
<p>This post has been a long time in my backlog (~6 months maybe), it is not a
reaction to any recent gossip I have heard. (The points I make still hold ofc,
but lately I only heard "the ordinary stuff" which I will probably just forget
and not care about without harming anyone.)</p>
<p>Lastly, Bay eventually told me themself, so my life is peaceful again. I didn't
ask if I am allowed to talk about that and with whom, so I err on the safe side
and will not write here anything else :-)</p>
<hr class="docutils" />
<table class="docutils footnote" frame="void" id="on-gossiping" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-1">[1]</a></td><td>I mean, gossiping is not nice to the mentioned person who
doesn't usually consent, but it's not like I could prevent people from
gossiping, so this post is not about that. Also, you can conceal your
knowledge of "regular" gossip more easily than of gossip which changes your
attitude.</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="names2" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-2">[2]</a></td><td>I originally wanted to have the friends be Alice and Bob, but that
might support the narative that "girls gossip", which is sexist and IME not
accurate (more like "everyone gossips"). So I made my friends be of
ambiguous gender and use they/them pronouns. Sorry, this might make the post
a bit harder to read, but the stereotypes need to die :-)</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="non-disclosure" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-3">[3]</a></td><td>I will not give any more information here. Don't try to
guess, I am not telling. Bay is my friend and deserves privacy. (However, if
you suspect that you might be the Bay of this story, by all means ask me
whether you are. I don't want you to feel bad / insecure / unsure / … (And
in fact, there may be multiple Bays…))</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="my-privacy" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-4">[4]</a></td><td>There are definitely parts of my identity I do not share much
and would probably get upset at various people (and also paranoid) if I got
outed. OTOH, the number of people who know my secrets is non-decreasing
anyway, so I try to prepare that someone unexpected inevitably will overstep
this boundary, possibly in a good faith. (If you want to try to act upon my
secrets, I'd appreciate you asking beforehand to avoid weird reactions.)</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="gossip-circumstances" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-5">[5]</a></td><td>Naturally, this gossip sharing can have various
circumstances: Me (or Alex) being unaware that the listener (call them
Cameron) doesn't know, slipping my tongue in a subtle way yet Cameron
understanding the subtext, being drunk, … It might be difficult to keep the
secret in all those situations.</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="consent" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-6">[6]</a></td><td>If the listener wants to know and go sweeping mines and you are
willing to tell them, ~~sure, tell them~~ it's up to you and I have no say
in that. Learn the consequences and go for the interactions you want to
have!</td></tr>
</tbody>
</table>
</div>
Print your stuff on Möbius bands!2024-03-02T18:07:00+01:002024-03-03T14:59:00+01:00LEdoiantag:blog.ledoian.cz,2024-03-02:/mobius-print.html<p>I found a fun and useful way of printing stuff to ~~both~~all sides of a paper.
I just need to find the right printer!</p>
<div class="section" id="quick-recap-how-to-conventionally-print-stuff-two-sided">
<h2>Quick recap: how to conventionally print stuff two-sided</h2>
<p>A typical way is just sending the page to get printed two-sided (with setting
the correct way …</p></div><p>I found a fun and useful way of printing stuff to ~~both~~all sides of a paper.
I just need to find the right printer!</p>
<div class="section" id="quick-recap-how-to-conventionally-print-stuff-two-sided">
<h2>Quick recap: how to conventionally print stuff two-sided</h2>
<p>A typical way is just sending the page to get printed two-sided (with setting
the correct way of flipping pages). That is, on the other side of page 1 is
page 2, next sheet contains pages 3,4, then 5 & 6, …</p>
<p>This is usually trivial to print on duplex printers, a bit hard to simulate on
one-sided printers (but some drivers can do that) and has drawbacks when you
need to look at stuff on other pages at the same time – you need to flip the
sheet often, as you only can put half of the pairs of pages next to each other
(even one and the following odd one).</p>
<div class="figure">
<object data="https://blog.ledoian.cz/images/mobius-print/twoside.svg" style="width: 66%;" type="image/svg+xml"></object>
<p class="caption">Ordinary two-sided printing. Red arrows show sheet flips between consecutive
pages.</p>
</div>
<p>A slight improvement hack is putting two pages on the same side of the paper
(works well with A-series of papers, I don't know for Letters &co.) – you can
put up to four pages of the original document next to each other, if they are
the right ones, but there are still pairs of pages that need turning sheets.
Also only works if the original pages do not have too tiny features on them.
<a class="footnote-reference" href="#illustrations" id="footnote-reference-1">[1]</a></p>
<p>Booklets are fun and approachable, but still suffer from the same issues as the
conventional duplex print. They might be a bit hard to print, but programs like
<tt class="docutils literal">pdfbook</tt> or <tt class="docutils literal">paperjam</tt> make it easy to prepare for the classic duplex
printing. Also, it is maybe hard to tell which page ends up where, as the order
is: last+first, second+penultimate, third-from-end+third, … until the pages
meet in the middle.</p>
<div class="figure">
<object data="https://blog.ledoian.cz/images/mobius-print/booklet.svg" style="width: 66%;" type="image/svg+xml"></object>
<p class="caption">The most common booklet order with two pages per side for landscape
orientation. (Note that we show more pages, and thus more sheet-flips; the
number of sheet-flips is in fact the same as for two-sided printing.)</p>
</div>
</div>
<div class="section" id="the-improvement-for-seeing-multiple-consecutive-pages">
<h2>The improvement for seeing multiple consecutive pages</h2>
<p>In order to be able to look simultaneously at many consecutive pages of the
original, I think the order of first+first-past-half, second+second-past-half,
… middle+last is much better (or maybe even the best). Since consecutive pages
end up on different sheets (whenever there are at least three pages), if the
original has e.g. figures on different page or long code listing, you can see
it all!</p>
<div class="figure">
<object data="https://blog.ledoian.cz/images/mobius-print/mobius.svg" style="width: 66%;" type="image/svg+xml"></object>
<p class="caption">The "Möbius order" of pages.</p>
</div>
<p>And this is really easy to use: You read a page and when you don't need it
anymore, you flip it and put to the end of the page stack <a class="footnote-reference" href="#ordering" id="footnote-reference-2">[2]</a>. If you
need to look at several pages, just rotate them in the same order as they go the
first time. <a class="footnote-reference" href="#mistake" id="footnote-reference-3">[3]</a></p>
<p>Need to print this? For one-sided printers this is rather easy, too: just print
the first half (the bigger one) on the sheets, then put them back into the tray
and print the rest on them. You might need to experiment which side the sheets
should be put in and whether you need to print the rest in reverse order, but
that is it.</p>
<p>Got the pages shuffled? Sort them by the first half, as if the print was
one-sided.</p>
<p>The only annoying thing for me is that there is not much software that could
reorder the pages for two-sided printing, so that you don't need to re-insert
the sheets back in the tray. So I <a class="reference external" href="https://blog.ledoian.cz/images/mobius-print/interleave.patch">patched</a> <a class="reference external" href="https://mj.ucw.cz/sw/paperjam/">paperjam</a> to enable this. <a class="footnote-reference" href="#multi-mobius" id="footnote-reference-4">[4]</a></p>
<p>And the best part? If you would try to glue consecutive pages side-to-side,
you'd end up with a Möbius band! So if you get a Möbius paper, you can just
print this one-sided (duh :-D)</p>
</div>
<div class="section" id="honorable-mention-leporello">
<h2>Honorable mention: leporello</h2>
<p>Printing leporellos (aka concertina folded) also has many of the same benefits,
since there is only one pair of consecutive pages that need a page flip. The
order is first+last, second+penultimate, … and the original pages can be
shuffled this way with <tt class="docutils literal">paperjam</tt> or simply using the other order for the
second side printing, than for the Möbius band. But there is a bit of fun
topology missing here :-)</p>
<div class="figure">
<object data="https://blog.ledoian.cz/images/mobius-print/leporello.svg" style="width: 66%;" type="image/svg+xml"></object>
<p class="caption">A leporello order is also quite good, with only one sheet-flip in the entire
document.</p>
</div>
</div>
<div class="section" id="is-this-the-best-order">
<h2>Is this the best order?</h2>
<p>Yes, if "best" means "the minimum difference of numbers of pages that get put
on the same sheet is as big as possible". The proof is left as an exercise for
the reader.</p>
<!-- Hint: you cannot pair the middle page to anything else to get a better
result. -->
<p>Of course, this holds for a set of pages with no additional assumptions. In
ordinary print, having a sheet-turn between chapters is fine and under similar
guarantees other approaches may yield better results.</p>
</div>
<div class="section" id="cheat-sheet-paperjam-commands">
<h2>Cheat sheet: paperjam commands</h2>
<table border="1" class="docutils">
<caption>Various commands for ordering pages for duplex printing with paperjam.</caption>
<thead valign="bottom">
<tr><th class="head">Order</th>
<th class="head">Command</th>
</tr>
</thead>
<tbody valign="top">
<tr><td>Classic two-sided</td>
<td><tt class="docutils literal">null</tt></td>
</tr>
<tr><td>Two pages per side</td>
<td><tt class="docutils literal">nup(2)</tt></td>
</tr>
<tr><td>Booklet</td>
<td><tt class="docutils literal">book</tt> (follow with <tt class="docutils literal">nup(2)</tt> for actual booklet print)</td>
</tr>
<tr><td>Leporello</td>
<td><tt class="docutils literal">modulo(2) {1 2} modulo(1,half) {1 <span class="pre">-1}</span></tt> (The first <tt class="docutils literal">modulo</tt> just adds blank pages to the end.)</td>
</tr>
<tr><td>Möbius (with patch)</td>
<td><tt class="docutils literal">interleave(2)</tt></td>
</tr>
<tr><td>Möbius (known page count)</td>
<td><tt class="docutils literal">select <span class="pre">{1..5</span> <span class="pre">10..6}</span> modulo(1,half) {1 <span class="pre">-1}</span></tt></td>
</tr>
<tr><td>Multiple Möbius bands, odd-even</td>
<td><tt class="docutils literal">modulo(4) {1 3 2 4}</tt></td>
</tr>
<tr><td>Multiple bands, "modulo 3"</td>
<td><tt class="docutils literal">modulo(6) {1 4 2 5 3 6}</tt></td>
</tr>
<tr><td>Second half (smaller) of pages in reverse order</td>
<td><tt class="docutils literal">modulo(1,half) <span class="pre">{-1}</span></tt></td>
</tr>
<tr><td>Second half (smaller) of pages in normal order</td>
<td><tt class="docutils literal">modulo(1,half) <span class="pre">{-1}</span> modulo(1) <span class="pre">{-1}</span></tt></td>
</tr>
<tr><td>First half (bigger) of pages</td>
<td><tt class="docutils literal">modulo(2) {1 2} modulo(1,half) {1}</tt></td>
</tr>
</tbody>
</table>
<p>I might create more patches for avoiding the weird <tt class="docutils literal">modulo</tt> commands…</p>
<hr class="docutils" />
<table class="docutils footnote" frame="void" id="illustrations" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-1">[1]</a></td><td>Most of the figures in this article are drawn with a single
page per a side of a sheet. I consider putting more pages on a single side
of paper to be an implementation detail, because it is not always possible
(e.g. with too small font) and sometimes you could put more than two pages
on a single side of paper, which leads to the fact that if you put
everything on one side of the paper, you can see everything at once and save
the other side. Not very useful though… My only exception is the booklet
printing below, because that one seems to be rather common.</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="ordering" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-2">[2]</a></td><td>See how this neatly puts the first-past-half page right after
the half of the stack? Awesome!</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="mistake" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-3">[3]</a></td><td>Also, if you flip the page around the wrong edge, you can just
rotate the rest of the stack and end up with the correct orientation.</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="multi-mobius" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-4">[4]</a></td><td>A slight variation for which I can generate the order
with upstream <tt class="docutils literal">paperjam</tt> is using this order on small subsets of pages.
For example, if you only want to be able to see any two consecutive pages,
you can do this for just four pages – the order is then 1+3, 2+4, 5+7, 6+8,…
Since each sheet either contains two odd or two even pages, the following
page is on different sheet than the previous one. And you can do this
"modulo 3" to see three pages: 1+4, 2+5, 3+6, 7+10, … This "simulates"
multiple smaller Möbius bands, but will be probably harder to use.</td></tr>
</tbody>
</table>
</div>
How to convert CBZ to PDF2024-02-17T16:55:00+01:002024-02-17T16:55:00+01:00LEdoiantag:blog.ledoian.cz,2024-02-17:/cbz-to-pdf.html<ol class="arabic simple">
<li>Extract the archive (cbz is just a zip, cbr is a rar, …)</li>
<li><dl class="first docutils">
<dt>Convert individual pictures to PDF using <tt class="docutils literal">img2pdf</tt></dt>
<dd><ul class="first last">
<li>Many other ways including <tt class="docutils literal">convert</tt> from ImageMagick tend to do weird stuff like breaking aspect ratios or adding margins</li>
</ul>
</dd>
</dl>
</li>
<li>Merge files into the single PDF, e.g. using <tt class="docutils literal">qpdf <span class="pre">--empty</span> <span class="pre">--pages …</span></tt></li></ol><ol class="arabic simple">
<li>Extract the archive (cbz is just a zip, cbr is a rar, …)</li>
<li><dl class="first docutils">
<dt>Convert individual pictures to PDF using <tt class="docutils literal">img2pdf</tt></dt>
<dd><ul class="first last">
<li>Many other ways including <tt class="docutils literal">convert</tt> from ImageMagick tend to do weird stuff like breaking aspect ratios or adding margins</li>
</ul>
</dd>
</dl>
</li>
<li>Merge files into the single PDF, e.g. using <tt class="docutils literal">qpdf <span class="pre">--empty</span> <span class="pre">--pages</span> *.pdf <span class="pre">--</span> output.pdf</tt>.</li>
</ol>
<div class="section" id="references">
<h2>References</h2>
<ul class="simple">
<li><a class="reference external" href="https://askubuntu.com/questions/207172/how-to-convert-cbr-to-pdf">https://askubuntu.com/questions/207172/how-to-convert-cbr-to-pdf</a></li>
<li><a class="reference external" href="https://superuser.com/questions/497293/how-to-convert-calibre-cbr-to-pdf-format-in-linux">https://superuser.com/questions/497293/how-to-convert-calibre-cbr-to-pdf-format-in-linux</a></li>
</ul>
</div>
<div class="section" id="why">
<h2>Why</h2>
<p>My eBook reader (PocketBook Touch Lux) does not seem to be able to handle cbz.</p>
</div>
Do not forget about IPv6 DNS2024-01-24T03:20:00+01:002024-01-24T03:20:00+01:00LEdoiantag:blog.ledoian.cz,2024-01-24:/forgetting-dns6.html<p>Do you think IPv6-only internet works OK? I am going to tell you that it does
not, but it is not immediately visible. TL;DR: The internet can be broken also
by forgetting to add AAAA records of the <em>nameservers</em>. This creates IPv4
requirement for the resolving even when the …</p><p>Do you think IPv6-only internet works OK? I am going to tell you that it does
not, but it is not immediately visible. TL;DR: The internet can be broken also
by forgetting to add AAAA records of the <em>nameservers</em>. This creates IPv4
requirement for the resolving even when the target is reachable using IPv6.</p>
<div class="section" id="quick-recap">
<h2>Quick recap</h2>
<p>Connecting to a website is easy, right? You type in the name, you get the front page.</p>
<div class="figure">
<object data="https://blog.ledoian.cz/images/forgetting-dns6/image1.svg" style="width: 50%;" type="image/svg+xml"></object>
<p class="caption">This is a very naïve idea of connecting to a server.</p>
</div>
<p>OK, it is a bit harder: the computer needs an IP address, so we need to use
this magic box called DNS. The flow looks something like this:</p>
<div class="figure">
<object data="https://blog.ledoian.cz/images/forgetting-dns6/image2.svg" style="width: 50%;" type="image/svg+xml"></object>
<p class="caption">Slightly better, now we at least know the machine-readable address.</p>
</div>
<p>And for IPv6-only everything on the picture has to have IPv6 connectivity and AAAA DNS records.</p>
<div class="section" id="reaching-ipv4-land-from-ipv6-only">
<h3>Reaching IPv4 land from IPv6-only</h3>
<p>There are few^H^H^Hmany sites that still only support IPv4. To reach them, we
need someone who can reach both the IPv4- and IPv6-land to go there on our
behalf – a proxy. This proxy can be ad-hoc (I often use <tt class="docutils literal">ssh <span class="pre">-D</span></tt>) or there
are well-known protocols like NAT64 with DNS64 to do that in a standard and
lightweight manner. <a class="footnote-reference" href="#nat44" id="footnote-reference-1">[1]</a>
In that case, the connection looks like this:</p>
<div class="figure">
<object data="https://blog.ledoian.cz/images/forgetting-dns6/image3.svg" style="width: 100%;" type="image/svg+xml"></object>
<p class="caption">And now we can reach the whole internet.</p>
</div>
<p>You might already know that you need some workaround like this to reach GitHub.
What I think you might not know, you need similar workaround to reach the Wikipedia.</p>
<p>Disclaimer: I like Wikipedia and this is not meant to shame them, just use as
an example. I am aware of several other sites suffering from the same problem,
including at least one IPv6 test. <a class="footnote-reference" href="#test-aaaa" id="footnote-reference-2">[2]</a> (It would be nice if they added
the missing piece in the puzzle, though.)</p>
</div>
</div>
<div class="section" id="enter-dns">
<h2>Enter DNS</h2>
<p>Our picture has one unexplored magic box: the DNS. As per the definition (which
I just made up and was not bothered to even fully formulate):</p>
<blockquote>
yada yada distributed database of records attached to the strings – domain
names. The records hold various information about the domain depending on the type.</blockquote>
<p>There are three interesting types of records: A records give IPv4 addresses,
AAAA give IPv6 addresses and NS give names of servers who know about the
particular subtree of the database. And to actually resolve the final AAAA
record the (recursive) resolver starts at the <em>root zone</em> and tries to find
the answer. <a class="footnote-reference" href="#dns-simplification" id="footnote-reference-3">[3]</a> The resolution algorithm can be visualised like this:</p>
<div class="figure">
<object data="https://blog.ledoian.cz/images/forgetting-dns6/image4.svg" style="width: 100%;" type="image/svg+xml"></object>
<p class="caption">Yeah, it's a mess.</p>
</div>
<p>There is one extra tricky bit: the NS records contain <em>names</em>, not addresses,
so when resolving we need <em>two</em> queries for each layer (very simplified):
first we ask for the final domain (<tt class="docutils literal">blog.ledoian.cz</tt>) and get a NS record
(when the server does not have the answer) and then we need to ask for the A or
AAAA record of the name from that record, so that we can connect to the server
mentioned in the NS record. (This allows a nameserver to be made redundant
and/or reside on other types of network.)</p>
<p>You might start to see the issue. When the DNS was just a black box, we could
paint the whole picture green and call it a day. And from the regular user's
point of view, that is the case, just use some public DNS like 1.1.1.1, 8.8.8.8
or 9.9.9.9. Oh, right, I meant these easy-to-remember addresses:
2606:4700:4700::1111, 2001:4860:4860::8888 and 2620:fe::fe, respectively. The
point is, they will give you the answer because they are dual-stack, not IPv6-only.</p>
<p>In a way, those servers (or other dual-stack resolvers) act like another proxy,
similar to the SSH, NAT64 and NAT44 ones mentioned earlier. This may not be
much of a problem for many people. But if you have any reason to use your own
recursive DNS server (privacy reasons, DNSSEC validation, ISP provides bad
service, you are the ISP, …) <em>inside</em> an IPv6-only network, you <em>will</em> have
issues. <a class="footnote-reference" href="#dns-behind-nat64" id="footnote-reference-4">[4]</a></p>
</div>
<div class="section" id="example-wikipedia">
<h2>Example: Wikipedia</h2>
<p>Let's now see this in action. You know Wikipedia, right? And you can reach
Wikipedia on IPv6, right? It has an AAAA record (don't mind the CNAME, that
means that the server is really called some other way):</p>
<pre class="literal-block">
$ dig en.wikipedia.org AAAA
[…]
en.wikipedia.org. 18737 IN CNAME dyna.wikimedia.org.
dyna.wikimedia.org. 323 IN AAAA 2a02:ec80:600:ed1a::1
</pre>
<p>And this record does work:</p>
<pre class="literal-block">
$ ncat --ssl 2a02:ec80:600:ed1a::1 443 <<GO
GET /wiki/Main_Page HTTP/1.1
Host: en.wikipedia.org
GO
HTTP/1.1 200 OK
[…]
content-language: en
content-type: text/html; charset=UTF-8
content-length: 98078
<!DOCTYPE html>
[…]
</pre>
<p>But we can dig deeper: let's see what servers we are really asking:</p>
<pre class="literal-block">
$ dig en.wikipedia.org AAAA +trace
; <<>> DiG … <<>> en.wikipedia.org AAAA +trace
;; global options: +cmd
. 78918 IN NS e.root-servers.net.
. 78918 IN NS f.root-servers.net.
. 78918 IN NS g.root-servers.net.
. 78918 IN NS h.root-servers.net.
. 78918 IN NS i.root-servers.net.
. 78918 IN NS j.root-servers.net.
. 78918 IN NS k.root-servers.net.
. 78918 IN NS l.root-servers.net.
. 78918 IN NS m.root-servers.net.
. 78918 IN NS a.root-servers.net.
. 78918 IN NS b.root-servers.net.
. 78918 IN NS c.root-servers.net.
. 78918 IN NS d.root-servers.net.
;; Received 525 bytes from … in 0 ms
org. 172800 IN NS c0.org.afilias-nst.info.
org. 172800 IN NS a2.org.afilias-nst.info.
org. 172800 IN NS a0.org.afilias-nst.info.
org. 172800 IN NS b0.org.afilias-nst.org.
org. 172800 IN NS b2.org.afilias-nst.org.
org. 172800 IN NS d0.org.afilias-nst.org.
;; Received 788 bytes from 202.12.27.33#53(m.root-servers.net) in 24 ms
wikipedia.org. 3600 IN NS ns0.wikimedia.org.
wikipedia.org. 3600 IN NS ns1.wikimedia.org.
wikipedia.org. 3600 IN NS ns2.wikimedia.org.
;; Received 658 bytes from 2001:500:48::1#53(b2.org.afilias-nst.org) in 20 ms
en.wikipedia.org. 86400 IN CNAME dyna.wikimedia.org.
;; Received 94 bytes from 208.80.153.231#53(ns1.wikimedia.org) in 132 ms
</pre>
<p>Hey, there are IPv4 addresses in there! I know, this is cheating, the output is
from a dual-stack machine. But we can still simulate IPv6-only resolution
by adding <tt class="docutils literal"><span class="pre">-6</span></tt> flag:</p>
<pre class="literal-block">
$ dig en.wikipedia.org AAAA +trace -6
; <<>> DiG … <<>> en.wikipedia.org AAAA +trace -6
;; global options: +cmd
. 78915 IN NS d.root-servers.net.
. 78915 IN NS e.root-servers.net.
. 78915 IN NS f.root-servers.net.
. 78915 IN NS g.root-servers.net.
. 78915 IN NS h.root-servers.net.
. 78915 IN NS i.root-servers.net.
. 78915 IN NS j.root-servers.net.
. 78915 IN NS k.root-servers.net.
. 78915 IN NS l.root-servers.net.
. 78915 IN NS m.root-servers.net.
. 78915 IN NS a.root-servers.net.
. 78915 IN NS b.root-servers.net.
. 78915 IN NS c.root-servers.net.
;; Received 525 bytes from … in 0 ms
org. 172800 IN NS d0.org.afilias-nst.org.
org. 172800 IN NS c0.org.afilias-nst.info.
org. 172800 IN NS b2.org.afilias-nst.org.
org. 172800 IN NS a0.org.afilias-nst.info.
org. 172800 IN NS b0.org.afilias-nst.org.
org. 172800 IN NS a2.org.afilias-nst.info.
;; Received 816 bytes from 2001:500:2::c#53(c.root-servers.net) in 8 ms
wikipedia.org. 3600 IN NS ns0.wikimedia.org.
wikipedia.org. 3600 IN NS ns1.wikimedia.org.
wikipedia.org. 3600 IN NS ns2.wikimedia.org.
couldn't get address for 'ns0.wikimedia.org': not found
couldn't get address for 'ns1.wikimedia.org': not found
couldn't get address for 'ns2.wikimedia.org': not found
dig: couldn't get address for 'ns0.wikimedia.org': no more
</pre>
<p>Some of those IPv4 addresses were benign – the respective servers are reachable
both using IPv4 and IPv6 address or there is an alternative server that is
reachable using IPv6. That is the case for the root nameserver – in the second
case, we used C, which has IPv6 address (2001:500:2::c). In fact, the M server
also has IPv6 address, but dig chose the IPv4 one (it should not matter):</p>
<pre class="literal-block">
$ dig m.root-servers.net AAAA
[…]
m.root-servers.net. 77991 IN AAAA 2001:dc3::35
</pre>
<p>But the latter case is the bigger issue. For the domain <tt class="docutils literal">wikipedia.org</tt> there
are three nameservers:</p>
<pre class="literal-block">
$ dig wikipedia.org NS -6
[…]
wikipedia.org. 86400 IN NS ns0.wikimedia.org.
wikipedia.org. 86400 IN NS ns1.wikimedia.org.
wikipedia.org. 86400 IN NS ns2.wikimedia.org.
</pre>
<p>This is the last answer that we could get on an IPv6-only network, because none of
these three servers has AAAA record (some of them may have IPv6 address unknown to us):</p>
<pre class="literal-block">
$ dig ns0.wikimedia.org AAAA
[…]
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59468
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
</pre>
<p>The NOERROR status says the domain name exists, but we got zero answers for
AAAA records. This is the case for all three nameservers. And here is the
ultimate picture of what is happening and what goes wrong.</p>
<div class="figure">
<object data="https://blog.ledoian.cz/images/forgetting-dns6/image5.svg" style="width: 100%;" type="image/svg+xml"></object>
<p class="caption">The breakage in action</p>
</div>
<p>Also note that the connection from the laptop to the DNS resolver may in fact
consist of a chain of several (caching, non-recursive) DNS resolvers, so that
the final DNS resolver can have dual-stack connectivity.</p>
</div>
<div class="section" id="the-problems-with-this-state">
<h2>The problems with this state</h2>
<p>So, what is the deal. We <em>just</em> need to have a dual-stack DNS resolver
somewhere, and that's it, no? Well, yes but actually yes.</p>
<p>There are two problems with this: First, this means that any new ISP needs to
have <em>at least some</em> IPv4 address, even if they intend to just use IPv6
services. IPv4 addresses are scarce, <a class="reference external" href="https://blog.apnic.net/2021/12/16/opinion-ipv4-address-markets/">expensive</a> and small
blocks <a class="reference external" href="https://labs.ripe.net/author/stephen_strowes/visibility-of-ipv4-and-ipv6-prefix-lengths-in-2019/">don't route well</a>,
which is not great both from the
new ISP's and from overal routing's point of view. It also hinders IPv6
deployment and postpones IPv4 abandonment, needlessly.</p>
<p>The second issue is that this is not very visible. We are building IPv6 world,
but deep inside it still relies on IPv4, which might lead to great surprise
when we start cutting off IPv4 internet. And it might lead to false sense of
having IPv6 deployed, which is not true to the whole extent.</p>
<p>Insert "It was DNS" meme here.</p>
</div>
<div class="section" id="solution">
<h2>Solution</h2>
<p>The solution of this state is simple: get IPv6 connectivity to your
authoritative DNS server (or use another) and do not forget to add an AAAA
record for it in DNS. If the DNS server already has IPv6 it is probably just
a matter of adding a single line to the zone file (and a second one for the DNSSEC
signature), which should not be a big deal.</p>
<p>Unfortunately, this needs to be done for the whole DNS chain.
Especially domain names at universities are infamous for very nested domains.
A domain name may look like
<tt class="docutils literal"><span class="pre">machine.department.location.faculty.university.some-common.suffix</span></tt>. That
tree is deep and so is the resolution of this problem.</p>
</div>
<div class="section" id="amusing-bug-of-almost-good-deployment">
<h2>Amusing bug of almost good deployment</h2>
<p>We have seen there may be multiple NS records for a domain and thus
multiple nameservers. This is good for redundancy. But this does not mean that
the servers will have the same records – they are only supposed to give
equivalent answers (as far as I know).</p>
<p>I have come across a silly misconfiguration: a domain which has several
nameservers, which serve a <em>slightly</em> different set of NS records for its
subdomain. Specifically, the servers which were only reachable using IPv4 were
<em>exactly</em> the servers that knew about one additional nameserver for the
subdomain, which, incidentally, was the <em>only</em> one that was IPv6-capable.</p>
<p>So, while all the correct records were present in DNS (somewhat/somewhere), this still
meant that IPv6-only resolution was doomed to fail because the IPv6 nameserver
chain was broken. (This has already been fixed.)</p>
<hr class="docutils" />
<table class="docutils footnote" frame="void" id="nat44" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-1">[1]</a></td><td>This is very much the same as when you try to reach the
IPv4-public-land from IPv4-private-land, that is, from a private range of IP
addresses. This is called either just NAT, or NAT44 to denote IPv4-to-IPv4 NAT.</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="test-aaaa" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-2">[2]</a></td><td>There are several more tests that do not even have the AAAA
record, lol.</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="dns-simplification" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-3">[3]</a></td><td>In my example, there is a single recursive DNS
resolver external to my machine in order not to complicate it too much.
The real deployment is often trickier.</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="dns-behind-nat64" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-4">[4]</a></td><td>I have not yet tried to run a recursive DNS in a network
with DNS64 and NAT64. Could be fun :-D My wild guess is that I would need
CLAT (i.e. the full 464XLAT deployment) to make that work, since the
resolver is connecting directly to IPv4 addresses and would need to learn to
use NAT64 to resolve them. (The CLAT could be built right into the resolver,
though).</td></tr>
</tbody>
</table>
</div>
About this blog2024-01-10T16:47:00+01:002024-01-10T16:47:00+01:00LEdoiantag:blog.ledoian.cz,2024-01-10:/about-blog.html<p>This is my blog and this article describes its setup and other details about my
intentions. The actual <a class="reference internal" href="#the-setup">setup</a> is probably the most
interesting tech-wise.</p>
<div class="section" id="what-is-this">
<h2>What is this?</h2>
<p>My own space on the internet where I can post whatever and link others to it.
It might end up containing rants …</p></div><p>This is my blog and this article describes its setup and other details about my
intentions. The actual <a class="reference internal" href="#the-setup">setup</a> is probably the most
interesting tech-wise.</p>
<div class="section" id="what-is-this">
<h2>What is this?</h2>
<p>My own space on the internet where I can post whatever and link others to it.
It might end up containing rants, guides, ideas, or maybe nothing at all in the
end. Only the future will tell.</p>
<p>The blog might even serve as my personal web page/introduction. Maybe. Maybe not…</p>
<p>The main motivation is to have low-effort way to post random stuff. Which leads
to my requirements for this thing.</p>
</div>
<div class="section" id="requirements">
<h2>Requirements</h2>
<p>(The requirements are a bit too idealistic, so not all of them were satisfied…)</p>
<ul class="simple">
<li>low-effort, me-friendly, low-maintenance – I don't want to have to learn too
many new technologies to use this. This includes the required technologies:
Python, Markdown/reStructuredText, Jinja2, git, …</li>
<li>Technical and math content ~~friendly~~ compatible – I expect that to appear
here.</li>
<li>Static site – for security, coolness factor and control. Also static on the
front-end, because I don't like JavaScript and/or running untrusted code on
my machine (even when in a sandbox). The SSG should likely be aimed at
creating blogs, not documentation. Also, self-contained, as in not depending
on third-party sites.</li>
<li>No moving parts in the infrastructure (or as few as possible) – if it works
on my machine, it should just get mirrored to the public site with as few
modifications as possible.</li>
<li>Transparent – I should be able to understand it, maybe others could also use
it as a resource or take inspiration. (At one point, this deployment itself
started being interesting, so if I can share the background as well as the
final webpage, it would be cool.)</li>
<li>Followable – I know you internet guys like to ~~stalk~~ follow people :-)</li>
<li>Aligned with my values: minimalist, simple, extensible/hackable, FLOSS</li>
<li>If the platform could distinguish translations and do strikethroughs, it would
be nice, but that is not a hard requirement.</li>
</ul>
<p>There are several features of conventional blogs that I consider to be a
non-goals or even anti-goals. Mostly it is about interactivity – I don't aim
for having any kind of comments here, or really anything that would require
JavaScript or complex HTML/CSS. And appearance goes past me as well, I instead
try to let the browser decide how to display this page – more on that <a class="reference internal" href="#design-considerations">below</a>.</p>
<p>The workflow I wanted to achieve is something like: Write the content, git it,
build it (locally, no CI/CD), push it, done. Single write, single push, very
simple.</p>
<p>And I managed to achieve something like that, via learning (too much?) about
git.</p>
<!-- TODO: fix the worktree bug already! -->
</div>
<div class="section" id="the-setup">
<h2>The setup</h2>
<p>Naturally for a sysadmin/netadmin, the setup consists of 7 ~~ISO/OSI~~ layers:</p>
<ol class="arabic simple">
<li><strong>Physical layer</strong>: cheap Hetzner VPS. Not physical, but whatever.</li>
<li><strong>Network layer</strong>: Nginx</li>
<li><strong>Persistence layer</strong>: <a class="reference external" href="https://gitea.ledoian.cz/LEdoian/blog">this git repo</a>. I will elaborate below why can
you see this both rendered here and in the source form in Forgejo.</li>
<li><strong>Content layer</strong>: Markdown or reStructuredText files.</li>
<li><strong>Business logic layer</strong>: <a class="reference external" href="https://getpelican.com">Pelican</a>. It's rather
popular and written in Python, I didn't look further.</li>
<li><strong>Presentation layer</strong>: I hacked my own theme, because I didn't like any in
the <a class="reference external" href="https://github.com/getpelican/pelican-themes">pelican-themes repo</a>.
I was a bit inspired by the layout of <a class="reference external" href="https://eev.ee/blog">eevee's blog</a>, but I wanted a dark theme. And as you can see, I
can't do quality frontend, so it ended up horrible… :-D</li>
<li><strong>Stalking layer</strong>: Pelican's built-in RSS and Atom feed generators. Not
linked from anywhere at the moment, but <a class="reference external" href="https://gitea.ledoian.cz/LEdoian/blog/src/branch/blog/output/feeds">the repo will tell you</a> what
hides under the <tt class="docutils literal">/feeds/</tt> path. Or you can utilize the repo (for personal
use – the content's license is not decided at the moment)…</li>
</ol>
<p>Most of this is straightforward, the fancy part is my repo. The repo contains
both source and rendered content, so that I can point Nginx right at a checkout
and have Git solve both persistence and deployment without additional moving
parts.</p>
<p>There are two tricks in the configuration of Git repositories: pushing to a
checked out repo is enabled by configuring <tt class="docutils literal">receive.denyCurrentBranch =
updateInstead</tt> in the target repository (which is just a normal repo, not a
bare one), and then I just told my source repositories <a class="footnote-reference" href="#multiple-src" id="footnote-reference-1">[1]</a> to use
two push targets for the remote (the first line <em>replaces</em> the original push
address for some reason):</p>
<pre class="literal-block">
git remote set-url --add --push blog_remote gitea@gitea.ledoian.cz:LEdoian/blog.git
git remote set-url --add --push blog_remote blog_user@blog.ledoian.cz:blog_dir
</pre>
<p>The blog user is just a user with SSH access via authorized keys, no special
sauce there. Nginx is then pointed to serve <tt class="docutils literal">~blog_user/blog_dir/output/</tt> at
<tt class="docutils literal">blog.ledoian.cz</tt>. (The <tt class="docutils literal"><span class="pre">git-remote(1)</span></tt> manpage requires me to have both
repositories in sync, but as long as I configure all my repositories this way,
I should be safe, and I think I could get away with my blog checkout getting
behind accidentally.)</p>
</div>
<div class="section" id="my-workflow-and-lots-of-drafts">
<h2>My workflow and lots of drafts</h2>
<p>It's Git so it's only natural for me to use various branches and repositories
even for a dumb blog. There are in fact 4 stages an article may go through <a class="footnote-reference" href="#skipping-stages" id="footnote-reference-2">[2]</a>:</p>
<ol class="arabic">
<li><p class="first">A private draft: lives on a branch <tt class="docutils literal">priv/something</tt>, may contain private
infos (like when I would just copy-paste from terminal without redaction)
and this branch will probably never be merged to the main repo. Nothing
about these branches is guaranteed.</p>
</li>
<li><p class="first">A public WIP draft: uses a branch called <tt class="docutils literal">pub/something</tt> which is pushed
to Forgejo (and in fact also to the blog itself, but that is just an
implementation detail). The draft is either does not build or is very
incomplete and I expect to add stuff in a way that could break the build, so
I put it on a separate branch. The branch will be probably merged to the
main branch (called <tt class="docutils literal">blog</tt>) when it is ready.</p>
<p>The <tt class="docutils literal">pub/…</tt> branches can be created either manually or by cherry-picking
from the respective <tt class="docutils literal">priv/…</tt> branch, but that will likely not be
distinguishable. (I am too lazy to keep the references even in the commit
logs.)</p>
</li>
<li><p class="first">When a draft is almost ready (or the content has simple syntax), it gets
placed on the <tt class="docutils literal">blog</tt> branch. The only thing that designates it as a draft
is <tt class="docutils literal">status: draft</tt> in the frontmatter, which means that the article will
get rendered and put somewhere on the public blog, but not reachable from
the title page ("unlisted").</p>
</li>
<li><p class="first">Of course, eventually (and hopefully) the article gets published for
everyone to see. At that point, it is complete (or at least that is what I
thought when marking it as published). Possibly it might be updated in the
future, but no such update is anticipated at the moment of publishing. <a class="footnote-reference" href="#update-this" id="footnote-reference-3">[3]</a></p>
</li>
</ol>
<p>I use Git to synchronize my private branches among machines, so there are
actually two "server-side" repositories (private and public one) and thus two
remotes. <a class="footnote-reference" href="#private-branches-wish" id="footnote-reference-4">[4]</a></p>
<p>As for the actual workflow, for the main branch it usually consists of: writing
content, committing it, building the web, checking it locally, committing the
built blog and pushing it. Sometimes I do the commits together, but I always
separate the rendering/building commits from the content-creating ones, so that
I can handle those differently if needed (i.e. there is no point in
cherry-picking the built content, I can generate it). <a class="footnote-reference" href="#git-purists" id="footnote-reference-5">[5]</a></p>
<p>For other branches I use some applicable subset of the steps above, probably.</p>
</div>
<div class="section" id="design-considerations">
<h2>Design considerations</h2>
<p>The appearance of the blog is maybe not nice. That is for two reasons: I don't
have the right idea about how to make it much better and I want to have a
rather simple CSS for the web. The latter wish is because I tend to tweak
appearance of sites I visit using my own styles, so I would like you to be able
to do the same.</p>
<p>And for the former reason, if you have any ideas / improvements (including user
styles), hit me at <a class="reference external" href="mailto:blog@pokemon.ledoian.cz">blog@pokemon.ledoian.cz</a> :-)</p>
<p>My overall idea is a dark-by-default <a class="footnote-reference" href="#light-theme" id="footnote-reference-6">[6]</a> minimalist page with a single menu on the
right containig all the relevant links. The page should not dictate too much
but rather let the user agent decide the rendering (<a class="reference external" href="https://html.spec.whatwg.org/multipage/rendering.html#rendering">it does anyway…</a>).</p>
<p>I want my blog to render similarly in Gecko-, WebKit- and Blink-based browsers
(e.g. Firefox, Badwolf, Qutebrowser). Others should be usable.
Browser-/engine-specific styles are not welcome – let's keep it simple. And no
JavaScript…</p>
</div>
<div class="section" id="work-in-progress-todos">
<h2>Work in progress / TODOs</h2>
<p>This thing is at the moment very barebones, which is sufficient for the main
purpose. However, I would like to have some features here, one day, hopefully:</p>
<ul class="simple">
<li>Dates in the article headers (and maybe more improvements of the theme, see
above)</li>
<li>Stable category and tag names and a page with a description of them. As of
now I haven't really invented a system of sorting my content, which leads to
a mess… Please don't rely on categories having any particular name / URL for
now.</li>
<li>Link the RSS feeds from somewhere</li>
<li>Personal info with links to my other profiles</li>
<li>Some linking to the Fediverse and using it for comments (since there will be
no comments here)</li>
<li>Sensible translations, maybe (if I/someone ever get to write the same content
again in a different language…)</li>
<li>Improve the list of talks I've given (create some kind of sensible table maybe?)</li>
<li>Decide on a licence for the content (If you want to utilize something here
before I do that, please ask me, I think we can find a way :-))</li>
</ul>
<p>If you are so upset with this blog (or maybe bored) that you want to improve
it, send me patches / ideas. I don't expect anyone to do that, though :-D (And
I do not promise you that I will use the patch, even if it matches all my
opinions above. I also have some gut feelings about what I like…)</p>
<p>Also, tell me if you hate something else about my page. I want to at least know
whom I upset :-D (but I will probably also think about your gripes and whether
I can and should try to avoid them…)</p>
<hr class="docutils" />
<table class="docutils footnote" frame="void" id="multiple-src" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-1">[1]</a></td><td>I also use multiple machines on which I can write stuff.</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="skipping-stages" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-2">[2]</a></td><td><p class="first">I am lazy and chaotic (good), so the stages are optional
and non-linear, and sometimes involve paper. This article is a prime
example: parts of it were on two different private branches, but at the end
I wrote it from scratch directly on the main branch. And the requirements
were written on a paper originally.</p>
<p class="last">Nevertheless, the general idea still holds and may inspire others, so it
makes sense to keep this part in the article. (Also, this footnote might not
make sense before reading the definition of the stages, but I didn't find a
better place to put it…)</p>
</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="update-this" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-3">[3]</a></td><td>Well, given this article contains some future plans, I
actually anticipate update of this one, but maybe not in the near future. So
the outline is not really correct, but I make the rules :-) (There
were some build breaks on the main branch, too :-D)</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="private-branches-wish" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-4">[4]</a></td><td>I would love if my Forgejo could have "private
branches", but I understand that the overhead for doing this is not nice,
since it would need to be able to decide for any object, whether it is
public or not (you can do <tt class="docutils literal">git fetch <remote> <span class="pre"><object-hash></span></tt>) and somehow
keep track even with rebases, merges, force-pushes, many branches, … Having
a separate private repository is not a big problem in comparison.</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="git-purists" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-5">[5]</a></td><td>Git purists might want to tell me that committing build
artifacts is not good practice. I know and I explicitly don't care in case
of this repo, because here I prioritise my own comfort of being able to
check everything locally and then be reasonably sure the deployed version
will also work, all this with only a single push somewhere. Of course, one
could argue that with that there is no reason to create two commits, but it
does not really bother me to run something like <tt class="docutils literal">git commit <span class="pre">-m"render"</span>
output/</tt> when I am sure it works, and this keeps readable diffs separate
from the non-readable ones (i.e. the changes in generated HTML).</td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="light-theme" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#footnote-reference-6">[6]</a></td><td>Having the page be dark-by-default is my preference, but I
respect that others may prefer light sites. However, I have not yet
determined what colors should be used (probably still cyan / blue / maybe
purple-ish, but I don't know what shade) nor understood how to use
<tt class="docutils literal"><span class="pre">@media(prefers-color-scheme)</span></tt> in a maintainable and simple way (in the
context of my theme). So naturally, this is postponed to the future…</td></tr>
</tbody>
</table>
</div>
Smršť 2023 (CZ)2023-12-02T18:00:00+01:002023-12-02T18:00:00+01:00LEdoiantag:blog.ledoian.cz,2023-12-02:/smrst2023-cs.html<p>Na <a class="reference external" href="https://ksp.mff.cuni.cz/akce/smrst/2023/">Smršti</a> jsem přednášel o distribuci SW a o technicky zajímavých železničních neštěstích.</p>
<div class="section" id="materialy">
<h2>Materiály</h2>
<ul class="simple">
<li><a class="reference external" href="https://blog.ledoian.cz/static/talks/smrst2023/talk.pdf">Slidy ke přednášce o neštěstích</a></li>
</ul>
<p>(Pozn.: Možná se ještě změní adresa téhle stránky, protože je to celé WIP…)</p>
</div>