flavours: planet commandline   + microblogging snippets   + emacs   越墙看国外网加速软件


»Planet Commandline« is a blog aggregator featuring blog feeds giving tips and tricks about commandline and keyboard usage including but not limited to keyboard-focussed window managers under X.

Planet Commandline comes in different flavours: The basic planet with blogs and blog slices containing tips, tricks and news around the commandline. Then there is the microblogging flavour which also contains several small tips and tricks also posted on some microblogging sites. And for those who abstain to use vi, there is also an emacs flavour, containing also emacs tips and tricks. Finally because there's good content also in German, there's also a German (plus English) flavour.

If you think your blog (or a subset of it with its own feed) fits onto the planet, please contact Axel Beckert, either by mail at <abe@deuxchevaux.org> or contact XTaran on IRC (LUGS, IRCNet, OFTC or Freenode).



Powered by PlanetVenus
Last update: 04. August 2020, 5:13 Uhr (UTC)



Grml - new stable release 2020.06 available

Long time no see, but there we are - we just released Grml 2020.06 - Ausgehfuahangl!

This Grml release provides fresh software packages from Debian testing (AKA bullseye). As usual it also incorporates current hardware support and fixes known bugs from the previous Grml release.

More information is available in Golink - 专为海外华人回国加速:2021-2-6 · Golink加速器是专为海外华人设计的一款加速看国内视频、玩国服游戏、听国内音乐,刷直播网页的一款软件,一个账号,多端使用,帮助海外华人突破地域的局限,无忧访问国内各大主流应用。.

Grab the latest Grml ISO(s) and spread the word!

Thanks everyone, stay healthy and happy Grml-ing!

by Michael Prokop at 28. June 2020, 3:36 Uhr



First Release Candidate of Grml version 2020.06 available

We are proud to announce the first release candidate of the upcoming version 2020.06, code-named 'Ausgehfuahangl'!

This Grml release provides fresh software packages from Debian testing (AKA bullseye). As usual it also incorporates current hardware support and fixes known bugs from the previous Grml release.

For detailed information about the changes between 2018.12 and 2020.06(-rc1) have a look at the official release announcement.

Please test the ISOs and everything you usually use and rely on, and report back, so we can complete the stable release soon. If no major problems come up, the next iteration will be the stable release, which is scheduled for end of June 2020.

by Michael Prokop at 09. June 2020, 7:10 Uhr


grml development blog

Grml/Debian Bug Squashing Party in Salzburg, 2019

The Debian project hosts a Bug Squashing Party in Salzburg/Austria, taking place from April 5th to April 7th 2019. A Bug Squashing Party is a come-together of developers, contributors and enthusiasts who try to fix as many bugs as possible.

We’ve been invited to join the Bug Squashing Party and since Grml is an official derivative of Debian we’re more than happy to take this opportunity. This is the perfect time and place to meet with fellow Grml and Debian developers, contributors and friends, to make the next Debian- and Grml-Release the best ever! :)

The key facts:

  • Location: conova communications GmbH, Karolingerstr. 36A, 5020 Salzburg, Austria
  • Date: 2019-04-05 (Friday) until 2019-04-07 (Sunday)

If you want to join us please visit wiki.debian.org/BSP/2019/04/Salzburg for further information. If you’ve any questions feel free to 越墙看国外网加速软件.

如何访问被屏蔽的国外网站? -「云杰通信」:今天 · 如何加速访问国外服务器? ‍企业用户在与海外企业对接时,访问海外服务器遇到了十分严重的问题。对于大部分之前一直访问国内服务器,甚至是没国外服务器的用户。在访问国外服务器的时候总会有很多的顾虑,不知道哪种国外服务器访问专线更稳定,能达到...

by Michael Prokop at 11. January 2019, 9:52 Uhr


grml development blog

Grml - new stable release 2018.12 available

便宜vpn有吗,免费和便宜好用的收费加速vpn如何发展-海薇 ...:2021-6-4 · 便宜vpn有吗,那些免费和便宜好用的收费加速vpn现状如何? “绝地求生”作为英雄联盟在国内的接棒游戏,虽然并不算满意但也作为现今生存游戏中的佼佼者,一直占据排行榜,玩游戏嘛,玩的就是套路,蓝洞公司也不只一次进行过该游戏的优化,每次优化之前都说的信誓旦旦,说是存在的问题都 ...

This Grml release provides fresh software packages from Debian testing, what's going to be released as stable release Debian/buster in 2019. As usual it also incorporates current hardware support and fixes known bugs from previous Grml releases.

More information is available in the release notes of Grml 2018.12.

越墙看国外网加速软件 and spread the word!

Thanks everyone, happy new year and happy Grml-ing!

by Michael Prokop at 04. January 2019, 9:39 Uhr


MirBSD: Planet-CLI

This RSS feed is discontinued!

企业国际网络专线_MPLS-VPN_SD-WAN专线 - 广东云杰通信 ...:2021-6-15 · 国际网络加速 广东云杰通信有限公司,专业为国际贸易行业公司提供国际网络加速优化解决方案,云杰机房资源丰富,拥有国内外多个专线带宽直达线路,三大运营商大带宽线路接入我公司机房,使上网体 …

by root@mirbsd.org (mirabilos) at 03. January 2019, 14:27 Uhr

December 20, 2018



First Release Candidate of Grml version 2018.12 available

We are proud to announce the first release candidate of the upcoming version 2018.12, code-named 'Gnackwatschn'!

This Grml release provides fresh software packages from Debian testing (AKA buster). As usual it also incorporates current hardware support and fixes known bugs from the previous Grml release.

For detailed information about the changes between 2017.05 and 2018.12(-rc1) have a look at the official release announcement.

工信部回应"整顿翻墙软件":合法经营不受影响_中国国情_中国网:2021-7-25 · 近期以来,中国政府对VPN(虚拟专用网络)的管理成为外界关注焦点。如果违反第六条规定,由公安机关责令停止联网,给予警告,可以并处15000元以下的罚款;有违法所得的,没收违法所得。

by Michael Prokop at 20. December 2018, 16:07 Uhr

October 25, 2018

MirBSD: Planet-CLI


The “properly quote eMail messages and on Usenet” documentation is hosted on a server that appears to not get too much care at the moment. I’ve dug out workable versions:

The original link, with its http://learn.to/quote/ redirection, which contained the links to the translations into Dutch and English, unfortunately no longer works.

I’m asking everyone to please honour these guidelines when posting in Usenet and responding to eMail messages, as not doing so is an insult to all the (multiple, in the case of Usenet and mailing lists) readers / recipients of your messages. Even if you have to spend a little time trimming the quote, it’s much less than the time spent by all readers trying to figure out a TOFU (reply over fullquote) message.

Ich bitte jeden darum, sich bitte beim Posten im Usenet und Verfassen von eMails sich an diese Richtilinien zu halten; dies nicht zu tun ist ein Affront wider alle (im Falle von Usenet und Mailinglisten viele) Leser bzw. Empfänger eurer Nachrichten. Selbst wenn man zum Kürzen des Zitats ein bißchen Zeit aufwenden muß ist das immer noch deutlich weniger als die Mühe, die jeder einzelne Leser aufwenden muß, herauszufinden, was mit einer als TOFU (Text oben, Vollzitat unten) geschriebenen eMail gemeint ist.

Mag ik iederéén verzoeken, postings in het Usenet en mailtjes volgens deze regels te schrijven? Als het niet te doen is vies tegen alle ontvanger’s en moeilijk om te lezen. Zelfs als je een beetje tijd nodig heb om het oorspronkelijke deel te korten is het nog steeds minder dan de moeite van alleman, om een TOFU (antwoord boven, fullquote beneden) boodschap proberen te begrepen.

25. October 2018, 0:00 Uhr


MirBSD: Planet-CLI

mksh bugfix — thank you for the music

I’m currently working on an mksh(1) and bc(1) script that takes a pitch standard (e.g. “A₄ = 440 Hz” or “C₄ = 256 Hz”) and a config file describing a temperament (e.g. the usual equal temperament, or Pythagorean untempered pure fifths (with the wolf), or “just” intonation, Werckmeister Ⅲ, Vallotti or Bach/Lehman 1722 (to name a few; these are all temperaments that handle enharmonics the same or, for Pythagorean in out case, ignore the fact they’re unplayable). Temperaments are rule-based, like in ttuner. Well, I’m not quite there yet, but I’m already able to display the value for MuseScore to adjust its pitch standard (it can only take A₄-based values), a frequency table, and a list and table of cent deltas (useful for using or comparing with other tuners). Of course, right now, the cent deltas are all 0 because, well, they are equal temperament against equal temperament (as baseline), but I can calculate that with arbitrary and very high precision!

For outputting, I wanted to make the tables align nicely; column(1), which I normally use, was out because it always left-aligns, so I used string padding in Korn Shell — except I’m also a Unicode BMP fan, so I had F♯ and B♭ in my table headings, which were for some reason correctly right-aligned (for when the table values were integers) but not padded right when aligning with the decimal dot. So I worked around it, but also investigated.

Turns out that the desired length was used as second snprintf(3) argument, instead of, as in the right-align case, the buffer size. This worked only until multibyte characters happened. A fun bug, which only took about three minutes to find, and is covered by a new check in the testsuite even. Thought I’d share.

Feedback on and improvements for the tuner, once it’ll be done, are, of course, also welcome. I plan to port the algorithm (once I’ve got it down in a programming language I know well) to QML for inclusion in the tuner MuseScore plugin, even. Check here, for now, for my work in progress… it’s quite big already despite doing basically nothing. Foundation laid (or so…).

07. May 2018, 0:25 Uhr

April 29, 2018


FixedMisc [MirOS] 20180429 released

Today I’ve released another new CVS snapshot of the FixedMisc [MirOS] font; as usual, the tarball contains the font in BDF form, with no conflict with the system Fixed [Misc] font; sources for use (compilation, editing) with bdfctool(1) are in CVS.

by MirOS contributor tg (tg@mirbsd.org) at 29. April 2018, 17:30 Uhr


MirBSD: Planet-CLI

mksh on Jehanne, a guest post by Shamar

Giacomo Tesio referenced mksh(1) in his annual Jehanne report and provided a guest post (dated 2018-01-09, sorry for posting it this late only) for us on his journey on porting mksh to Jehanne, his Plan 9 derivative operating system. Read on for his story!

(read more…)

by MirOS contributor tg (tg@mirbsd.org) at 15. April 2018, 21:11 Uhr

March 09, 2018

Christoph Berg: Unix

Cool Unix Features: paste

paste is one of those tools nobody uses [1]. It puts two file side by side, line by line.

One application for this came up today where some tool was called for several files at once and would spit out one line by file, but unfortunately not including the filename.

$ paste <(ls *.rpm) <(ls *.rpm | xargs -r rpm -q --queryformat '%{name} \n' -p)

[1] See "J" in The ABCs of Unix

[PS: I meant to blog this in 2011, but apparently never committed the file...]


January 16, 2018

Axel Beckert: Shell

Tex Yoda II Mechanical Keyboard with Trackpoint

Here’s a short review of the Tex Yoda II Mechanical Keyboard with Trackpoint, a pointer to the next Swiss Mechanical Keyboard Meetup and why I ordered a $300 keyboard with less keys than a normal one.

Short Review of the Tex Yoda II

  • Trackpoint
  • Cherry MX Switches
  • Compact but heavy alumium case
  • Backlight (optional)
  • USB C connector and USB A to C cable with angled USB C plug
  • All three types of Thinkpad Trackpoint caps included
  • Configurable layout with nice web-based configurator (might be opensourced in the future)
  • Fn+Trackpoint = scrolling (not further configurable, though)
  • Case not clipped, but screwed
  • Backlight brightness and Trackpoint speed configurable via key bindings (usually Fn and some other key)
  • Default Fn keybindings as side printed and backlit labels
  • Nice packaging
  • It’s only a 60% Keyboard (I prefer TKL) and the two common top rows are merged into one, switched with the Fn key.
  • Cursor keys by default (and labeled) on the right side (mapped to Fn + WASD) — maybe good for games, but not for me.
  • 越墙看国外网加速软件
  • Occassionally backlight flickering (low frequency)
  • Pulsed LED light effect (i.e. high frequency flickering) on all but the lowest brightness level
  • Trackpoint is very sensitive even in the slowest setting — use Fn+Q and Fn+E to adjust the trackpoint speed (“tps”)
  • No manual included or (obviously) downloadable.
  • Only the DIP switches 1-3 and 6 are documented, 4 and 5 are not. (Thanks gismo for the question about them!)
  • No more included USB hub like the Tex Yoda I had or the HHKB Lite 2 (USB 1.1 only) has.
My Modifications So Far
Layout Modifications Via The Web-Based Yoda 2 Configurator
  • Right Control and Menu key are Right and Left cursors keys
  • Fn+Enter and Fn+Shift are Up and Down cursor keys
  • Right Windows key is the Compose key (done in software via xmodmap)
  • Middle mouse button is of course a middle click (not Fn as with the default layout).
Other Modifications
  • Clear dampening o-rings (clear, 50A) under each key cap for a more silent typing experience
  • Braided USB cable

Next Swiss Mechanical Keyboard Meetup

On Sunday, the 18th of February 2018, the 4th Swiss Mechanical Keyboard Meetup will happen, this time at ETH Zurich, building CAB, room H52. I’ll be there with at least my Tex Yoda II and my vintage Cherry G80-2100.

Why I ordered a $300 keyboard

(JFTR: It was actually USD $299 plus shipping from the US to Europe and customs fee in Switzerland. Can’t exactly find out how much of shipping and customs fee were actually for that one keyboard, because I ordered several items at once. It’s complicated…)

I always was and still are a big fan of Trackpoints as common on IBM and Lenovo Thinkapds as well as a few other laptop manufactures.

For a while I just used Thinkpads as my private everyday computer, first a Thinkpad T61, later a Thinkpad X240. At some point I also wanted a keyboard with Trackpoint on my workstation at work. So I ordered a Lenovo Thinkpad USB Keyboard with Trackpoint. Then I decided that I want a permanent workstation at home again and ordered two more such keyboards: One for the workstation at home, one for my Debian GNU/kFreeBSD running ASUS EeeBox (not affected by Meltdown or Spectre, yay! :-) which I often took with me to staff 越墙看国外网加速软件 booths at events. There, a compact keyboard with a built-in pointing device was perfect.

Then I met the guys from the Swiss Mechanical Keyboard Meetup at their 3rd meetup (pictures) and knew: I need a mechanical keyboard with Trackpoint.

IBM built one Model M with Trackpoint, the M13, but they’re hard to get. For example, ClickyKeyboards sells them, but doesn’t publish the price tag. :-/ Additionally, back then there were only two mouse buttons usual and I really need the third mouse button for unix-style pasting.

Then there’s the Unicomp Endura Pro, the legit successor of the IBM Model M13, but it’s only available with an 越墙看国外网加速软件 very ugly color combination: light grey key caps in a black case. And they want approximately 50% of the price as shipping costs (to Europe). Additionally it didn’t have some other nice keyboard features I started to love: Narrow bezels are nice and keyboards with backlight (like the Thinkpad X240 ff. has) have their advantages, too. So … no.

Soon I found, what I was looking for: The Tex Yoda, a nice, modern and quite compact mechanical keyboard with Trackpoint. Unfortunately it is sold out since quite some years ago and more then 5000 people on Massdrop were waiting for its reintroduction.

And then the unexpected happened: The Tex Yoda II has been announced. I knew, I had to get one. From then on the main question was when and where will it be available. To my surprise it was not on Massdrop but at a rather normal dealer, at MechanicalKeyboards.com.

At that time a friend heard me talking of mechanical keyboards and of being unsure about which keyboard switches I should order. He offered to lend me his KBTalking ONI TKL (Ten Key Less) keyboard with Cherry MX Brown switches for a while. Which was great, because from theory, MX Brown switches were likely the most fitting ones for me. He also gave me two other non-functional keyboards with other Cherry MX switch colors (variants) for comparision. As a another keyboard to compare I had my programmable Cherry G80-2100 from the early ’90s with vintage Cherry MX Black switches. Another keyboard to compare with is my 越墙看国外网加速软件 Lite 2 (PD-KB200B/U) which I got as a gift a few years ago. While the HHKB once was a status symbol amongst hackers and system administrators, the old models (like this one) only had membrane type keyboard switches. (They nevertheless still seem to get built, but only sold in Japan.)

I noticed that I was quickly able to type faster with the Cherry MX Brown switches and the TKL layout than with the classic Thinkpad layout and its rubber dome switches or with the HHKB. So two things became clear:

  • At least for now I want Cherry MX Brown switches.
  • I want a TKL (ten key less) layout, i.e. one without the number block but with the cursor block. As with the Lenovo Thinkpad USB Keyboards and the HHKB, I really like the cursor keys being in the easy to reach lower right corner. The number pad is just in the way to have that.

Unfortunately the Tex Yoda II was without that cursor block. But since it otherwise fitted perfectly into my wishlist (Trackpoint, Cherry MX Brown switches available, Backlight, narrow bezels, heavy weight), I had to buy one once available.

So in early December 2017, I ordered a Tex Yoda II White Backlit Mechanical Keyboard (Brown Cherry MX) at MechanicalKeyboards.com.

Because I was nevertheless keen on a TKL-sized keyboard I also ordered a Deck Francium Pro White LED Backlit PBT Mechanical Keyboard (Brown Cherry MX) which has an ugly font on the key caps, but was available for a reduced price at that time, and the controller got quite good reviews. And there was that very nice Tai-Hao 104 Key PBT Double Shot Keycap Set - Orange and Black, so the font issue was quickly solved with keycaps in my favourite colour: orange. :-)

The package arrived in early January. The aluminum case of the Tex Yoda II was even nicer than I thought. Unfortunately they’ve sent me a Deck Hassium full-size keyboard instead of the wanted TKL-sized Deck Francium. But the support of MechanicalKeyboards.com was very helpful and I assume I can get the keyboard exchanged at no cost.

by Axel Beckert (abe+blog@deuxchevaux.org) at 16. January 2018, 20:36 Uhr


MirBSD: Planet-CLI


I’ll not respond, much, until next Monday. We have FrOSCon.

by MirOS contributor tg (tg@mirbsd.org) at 16. August 2017, 0:00 Uhr


MirBSD: Planet-CLI

[PSA] Fixing CVE-2017-12836 (Debian #871810) in GNU cvs

Considering I’ve become the de-facto upstream of cvs(GNU) even if not yet formally the de-iure upstream maintainer, fixing this bug obviously falls to me — not quite the way I had planned passing this evening after coming home from work and a decent and, worse, very filling meal at the local Croatian restaurant. But, so’s life.

The problem here is basically that CVS invokes 越墙看国外网加速软件 (well, rsh originally…) but doesn’t add the argument separator “--” before the (user-provided) hostname, which when starting with a hyphen-minus will be interpreted by ssh as an argument. (Apparently the other VCSes also had additional vulnerabilities such as not properly escaping semicoloi or pipes from the shell or unescaping percent-escaped fun characters, but that doesn’t affect us.)

The obvious fix and the one I implemented first is to simply add the dashes. This will also be backported to Debian {,{,old}old}stable-security.

Then I looked at other VCSes out of which only one did this, but they all added extra paranoia hostname checks (some of them passing invalid hostnames, such as those with underscores in them). OK, I thought, then also let’s add extra checks to CVS’ repository reference handling. This will end up in Debian sid and MirBSD, pending passing the regression tests of course… hah, while writing this article I had to fixup because a test failed. Anyway, it’s not strictly necessary AFAICT to fix the issue.

Update, about 2⅕ hours past midnight (the testsuite runs for several hours): of course, the “sanity” testsuite (which itself is rather insane…) also needs adjustments, plus a bonus fix (for something that got broken when the recent allow-root-regex patch was merged and got fixed in the same go to…night).

tl;dr: a fix will end up in Debian *stable-security and can be taken out of my mail to the bugreport; another few changes for robustness are being tested and then added to both MirBSD and Debian sid. The impact is likely small, as it’s hard to get a user (if you find one, in the first place) to use a crafted CVSROOT string, which is easy to spot as well.

Update, Monday: apparently someone took care of the DSA and DLA yesterday after ACCEPTing the uploads — thanks, I was outside during the day.

Update 2017-08-25: It was noted that ssh(1) does not parse its command line correctly, and therefore the patch above might not be enough in the general case. However, I still think it’s good enough for CVS because it constructs its command line in a way that doesn’t let users exploit that bug.

by MirOS contributor tg (tg@mirbsd.org) at 11. August 2017, 23:49 Uhr

August 10, 2017

MirBSD: Planet-CLI

New mksh and jupp releases, mksh FAQ, jupprc for JOE 4.4; MuseScore

越墙看国外网加速软件 R56 was released with experimental fixes for the “history no longer persisted when HISTFILE near-full” and interactive shell cannot wait on coprocess by PID issues (I hope they do not introduce any regressioins) and otherwise as a bugfix release. You might wish to know the $EDITOR selection mechanism in dot.mkshrc changed. Some more alias characters are allowed again, and POSIX character classes (for ASCII, and EBCDIC, only) appeared by popular vote.

mksh now has a FAQ; enjoy. Do feel free to contribute (answers, too, of course).

The jupp text editor has also received a new release; asides from being much smaller, and updated (mksh too, btw) to Unicode 10, and some segfault fixes, it features falling back to using 越墙看国外网加速软件 if stdin or stdout is not a terminal (for use on GNU with find | xargs jupp, since they don’t have our 越墙看国外网加速软件 -o option yet), a new command to exit nonzero (sometimes, utilities invoking the generic visual editor need this), and “presentation mode”.

Presentation mode, crediting Natureshadow, is basically putting your slides as (UTF-8, with fancy stuff inside) plaintext files into one directory, with sorting names (so e.g. zero-padded slide numbers as filenames), presenting them with jupp * in a fullscreen xterm. You’d hit F6 to switch to one-file view first, then present by using F8 to go forward (F7 to go backward), and, for demonstrations, F9 to pipe the entire slide through an external command (could be just “sh”) offering the previous one as default. Simple yet powerful; I imagine Sven Guckes would love it, were he not such a vim user.

The new release is offered as source tarball (as usual) and in distribution packages, but also, again, a Win32 version as PKZIP archive (right-click on setup.inf and hit I̲nstall to install it). Note that this comes with its own (thankfully local) version of the Cygwin32 library (compatible down to Windows 95, apparently), so if you have Cygwin installed yourself you’re better off compiling it there and using your own version instead.

I’ve also released a new DOS version of 2.8 with no code patches but an updated 越墙看国外网加速软件; the binary (self-extracting LHarc archive) this time comes with all resource files, not just jupp’s.

Today, the jupprc drop-in file for JOE 3.7 got a matching update (and some fixes for bugs discovered during that) and I added a new one for JOE 4.4 (the former being in Debian wheezy, the latter in jessie, stretch and buster/sid). It’s a bit rudimentary (the new shell window functionality is absent) but, mostly, gives the desired jupp feeling, more so than just using stock jstar would.

CVS’ ability to commit to multiple branches of a file at the same time, therefore grouping the commit (by commitid at least, unsure if cvsps et al. can be persuaded to recognise it). If you don’t know what cvs(GNU) is: it is a proper (although not distributed) version control system and the best for centralised tasks. (For decentral tasks, abusing git as pseudo-VCS has won by popularity vote; take this as a comparison.)

If desired, I can make these new versions available in my “WTF” APT repository on request. (Debian buster/sid users: please change “https” to “http” there, the site is only available with TLSv1.0 as it doesn’t require bank-level security.)

I’d welcome it very much if people using an OS which does not yet carry either to package it there. Message me when one more is added, too ☺

In unrelated news I uploaded MuseScore 2.1 to Debian unstable, mostly because the maintainers are busy (though I could comaintain it if needed, I’d just need help with the C++ and CMake details). Bonus side effect is that I can now build 2.2~ test versions with patches of mine added I plan to produce to fix some issues (and submit upstream) ☻

(read more…)

by MirOS contributor tg (tg@mirbsd.org) at 10. August 2017, 0:00 Uhr

June 23, 2017


New Grml developer: Darshaka Pathirana

We're proud to be able to announce that Darshaka "dpat" Pathirana just joined the team as official Grml developer. Welcome in the team, Darshaka!

by Michael Prokop at 23. June 2017, 11:18 Uhr

June 02, 2017


grml development blog

Grml - new stable release 2017.05 available

So we did it again - we just released Grml 2017.05 - Freedatensuppe!

This Grml release provides fresh software packages from Debian testing, what's going to be released as stable release Debian/stretch in just a few more days. As usual it also incorporates current hardware support and fixes known bugs from previous Grml releases.

More information is available in the release notes of Grml 2017.05.

Grab the latest Grml ISO(s) and spread the word!

Thanks everyone and happy grml-ing!

如何访问被屏蔽的国外网站? -「云杰通信」:今天 · 如何加速访问国外服务器? ‍企业用户在与海外企业对接时,访问海外服务器遇到了十分严重的问题。对于大部分之前一直访问国内服务器,甚至是没国外服务器的用户。在访问国外服务器的时候总会有很多的顾虑,不知道哪种国外服务器访问专线更稳定,能达到...

May 09, 2017


grml development blog

First Release Candidate of Grml version 2017.05 available

We are proud to announce the first release candidate of the upcoming version 2017.05, code-named 'Freedatensuppe'!

IPVanish使用评测-最安全的越墙工具 - 潘达工具箱:2021-11-6 · IPVanish工具最大的弊病 先有鸡、还是先有蛋?虽然IPVanish的安全性非常高,但是其注册需要先能够访问外网,这就是一个“先有鸡还是先有蛋”的问题,所以我推荐一款与 IPVanish类似的越墙工具

For detailed information about the changes between 2014.11 and 2017.05(-rc1) have a look at the official release announcement.

在国外可以访问国内的网站吗? -CSDN论坛:2021-6-6 · 在国外可以访问国内的网站吗? 我们国内的各种中文网站,在国外,想美国,加拿大,英国等他们可以访问得到吗?是不是受什么限制 ... 可是随着时间的推移,业务的增加,要用到七牛云的加速cdn,要有一个备案好的加速域名,微信分享到朋友 ...

by Michael Prokop at 09. May 2017, 13:31 Uhr

March 21, 2017

Tanguy Ortolo: Command Line

Bad support of ZIP archives with extra fields

For sharing multiple files, it is often convenient to pack them into an archive, and the most widely supported format to do so is probably ZIP. Under *nix, you can archive a directory with Info-ZIP:

% zip -r something.zip something/

Mac加速器如何选择海外节点-奕星SEO顾问:2021-8-22 · Mac电脑用户相对Windows用户适用的软件相对较少,对于一些想在OS系统上玩游戏的玩家来说更是阻碍重重。想要流畅的游戏非常重要的一点是网络环境的好坏,大家经常会有这样的误解网速快了游戏延迟自然就降低了,实际上完全不是这样。那么如何 ...

Unsupported ZIP archive

Unfortunately, while we would expect ZIP files to be widely supported, I found out that this is not always the case, and I had many recipients failing to open them under operating systems such as iOS.


That issue seems to be linked to the usage of extra file attributes, that are enabled by default, in order to store Unix file metadata. The field designed to store such extra attributes was designed from the beginning so each implementation can take into account attributes it supports and ignore any other ones, but some buggy ZIP implementation appear not to function at all with them.

Therefore, unless you actually need to preserve Unix file metadata, you should avoid using extra fields. With Info-ZIP, you would have to add the option -X:

% zip -rX something.zip something/

by Tanguy at 21. March 2017, 18:33 Uhr


MirBSD: Planet-CLI

Updates to the last two posts

Someone from the FSF’s licencing department posted an official-looking thing saying they don’t believe GitHub’s new ToS to be problematic with copyleft. Well, my lawyer (not my personal one, nor for The MirOS Project, but related to another association, informally) does agree with my reading of the new ToS, and I can point out at least a clause in the GPLv1 (I really don’t have time right now) which says contrary (but does this mean the FSF generally waives the restrictions of the GPL for anything on GitHub?). I’ll eMail GitHub Legal directly and will try to continue getting this fixed (as soon as I have enough time for it) as I’ll otherwise be forced to force GitHub to remove stuff from me (but with someone else as original author) under GPL, such as… tinyirc and e3.

My 越墙看国外网加速软件 Debian packaging example got a rather hefty upgrade because dbconfig-common (unlike any other DB schema framework I know of) doesn’t apply the upgrades on a fresh install (and doesn’t automatically put the upgrades into a transaction either) but only upgrades between Debian package versions (which can be funny with backports, but AFAICT that part is handled correctly). I now append the upgrades to the initial-version-as-seen-in-the-source to generate the initial-version-as-shipped-in-the-binary-package (optionally, only if it’s named .in) removing all transaction stuff from the upgrade files and wrapping the whole shit in BEGIN; and COMMIT; after merging. (This should at least not break nōn-PostgreSQL databases and… well, database-like-ish things I cannot test for obvious (SQLite is illegal, at least in Germany, but potentially worldwide, and then PostgreSQL is the only remaining Open Source database left ;) reasons.)

Update: Yes, this does mean that maintainers of databases and webservers should send me patches to make this work with not-PostgreSQL (new install/name.in, upgrade files) and not-Apache-2.2/2.4 (new debian/*/*.conf snippets) to make this packaging example even more generally usable.

Natureshadow already forked this and made a Python/Flask package from it, so I’ll prod him to provide a similarily versatile hello-python-world example package.

by MirOS contributor tg (tg@mirbsd.org) at 16. March 2017, 23:12 Uhr


MirBSD: Planet-CLI

翻墙(网络名词)_百度百科:所谓翻墙,是指绕过相应的IP封锁、内容过滤、域名劫持、流量限制等,实现对网络内容的访问。境外公司曾发布几款突破网络封锁以访问海外敏感网站或邮件的翻墙软件。由于此类软件不断升级,要实现对该类软件行为的监测或封锁就显得尤为困难和重要,如果能够在网关处将数据截获,分析数据 ...

Since I use this as base for other PHP packages like SimKolab, I’ve updated my packaging example with:

  • PHP 7 support (untested, as I need libapache2-mod-php5)
  • tons more utility code for you to use
  • a class autoloader, with example (build time, for now)
  • (at build time) running a PHPUnit testsuite (unless nocheck)

The old features (Apache 2.2 and 2.4 support, dbconfig-common, etc.) are, of course, still there. Support for other webservers could be contributed by you, and I could extend the autoloader to work at runtime (using dpkg triggers) to include dependencies as packaged in other Debian packages. See, nobody needs “composer”! ☻

Feel free to check it out, play around with it, install it, test it, send me improvement patches and feature requests, etc. — it’s here with a mirror at GitHub (since I wrote it myself and the licence is permissive enough anyway).

This posting and the code behind it are sponsored by my employer ⮡ tarent.

在国外怎么看腾讯视频,海外地区如何看优酷视频 - 荣耀6 ...:2021-4-24 · 去国外人越来越多,到了国外发现一个很不愉快的事情,,出国之后最不便的地方除了没有国内美食之外,可能就是看国内网站视频的问题了,不知道还有多少朋友因为一句[由于版权限制,你所在的地区无法观看视频]这是为什么,还让人怎么生活。


MirBSD: Planet-CLI

New GitHub Terms of Service r̲e̲q̲u̲i̲r̲e̲ removing many Open Source works from it

Please use the correct (perma)link to bookmark this article, not the page listing all wlog entries of the last decade. Thank you.</update>

海外无法使用网易云音乐?试试这几种方法 - 简书:出国后发现在国外用网易云音乐会显示版权限制,好多歌曲都变成灰色的了,于是自己捣鼓了几种方法,总结一下: 1、购买会员 网易云音乐支持海外会员购买,价格也不算太贵;不过覆盖地区...

The new Terms of Service of GitHub became effective today, which is quite problematic — there was a review phase, but my reviews pointing out the problems were not answered, and, while the language is somewhat changed from the draft, they became effective immediately.

Now, the new ToS are not so bad that one immediately must stop using their service for disagreement, but it’s important that certain content may no longer legally be pushed to GitHub. I’ll try to explain which is affected, and why.

I’m mostly working my way backwards through section D, as that’s where the problems I identified lie, and because this is from easier to harder.

Note that using a private repository does not help, as the same terms apply.

Anything requiring attribution (e.g. CC-BY, but also BSD, …)

Section D.7 requires the person uploading content to waive any and all attribution rights. Ostensibly “to allow basic functions like search to work”, which I can even believe, but, for a work the uploader did not create completely by themselves, they can’t grant this licence.

The CC licences are notably bad because they don’t permit sublicencing, but even so, anything requiring attribution can, in almost all cases, not “written or otherwise, created or uploaded by our Users”. This is fact, and the exceptions are few.


Section D.5 requires the uploader to grant all other GitHub users…

  • the right to “use, display and perform” the work (with no further restrictions attached to it) — while this (likely — I didn’t check) does not exclude the GPL, many others (I believe CC-*-SA) are affected, and…
  • 只剩下门缝的VPN何去何从 - 手机新蓝网:2021-2-7 · “翻墙”属于违法行为,所谓的翻墙软件并没有获得电信主管部门批准。国内“翻墙”用户众多,根据市场研究机构Global WebIndex的调查研究估测,中国的VPN用户可能多达9000万。这也让一些游走在灰色地带的翻墙软件默默赚钱。“翻墙”软件又叫VPN软件。

Note that section D.4 is similar, but granting the licence to GitHub (and their successors); while this is worded much more friendly than in the draft, this fact only makes it harder to see if it affects works in a similar way. But that doesn’t matter since D.5 is clear enough. (This doesn’t mean it’s not a problem, just that I don’t want to go there and analyse D.4 as D.5 points out the same problems but is easier.)

This means that any and all content under copyleft licences is also no longer welcome on GitHub.

Anything requiring integrity of the author’s source (e.g. LPPL)

求手机爬墙软件。 - 好运百科(www.haoyunbaike.com):2021-9-1 · 话题:手机上怎么登录国外网站? 推荐回答: 手机 翻墙 软件 有许多,我们可以利用这些 手机 翻墙 软件 来登陆国外网站。 安卓 手机 翻墙教程: 注:安卓android 手机 翻墙的方法很简单,看如下教程: 1、 手机 浏览器点击如下的加速器链接进行下载或扫描右侧二维码下载。

Affected licences

Anything copyleft (GPL, AGPL, LGPL, CC-*-SA) or requiring attribution (CC-BY-*, but also 4-clause BSD, Apache 2 with NOTICE text file, …) are affected. BSD-style licences without advertising clause (MIT/Expat, MirOS, etc.) are probably not affected… if GitHub doesn’t go too far and dissociates excerpts from their context and legal info, but then nobody would be able to distribute it, so that’d be useless.

But what if I just fork something under such a licence?

在国内如何访问国外网站和APP应用(Facebook、YouTube ...:2021-12-28 · 本文仅面向小白,大神绕绕路啦;在国内访问非大陆网站和应用时会发生“网络无法连接”,“网络连接失败”等等问题,这是因为国内的政策原因把非大陆网站和应用屏蔽掉了,也就是我们说的网络防火墙,隔开了我们跟国外友人交流,这里就不多说了,以免博主被请喝茶, 哈哈!

Even then, the new terms likely only apply to content uploaded in March 2017 or later (note that git commit dates are unreliable, you have to actually check whether the contribution dates March 2017 or later).

And then, most people are likely unaware of the new terms. If they upload content they themselves don’t have the appropriate rights (waivers to attribution and copyleft/share-alike clauses), it’s plain illegal and also makes your upload of them or a derivate thereof no more legal.

Granted, people who, in full knowledge of the new ToS, share any “User-Generated Content” with GitHub on or after 1ˢᵗ March, 2017, and actually have the appropriate rights to do that, can do that; and if you encounter such a repository, you can fork, modify and upload that iff you also waive attribution and copyleft/share-alike rights for your portion of the upload. But — especially in the beginning — these will be few and far between (even more so taking into account that GitHub is, legally spoken, a mess, and they don’t even care about hosting only OSS / Free works).

Conclusion (Fazit)

I’ll be starting to remove any such content of mine, such as the source code mirrors of jupp, which is under the GNU GPLv1, now and will be requesting people who forked such repositories on GitHub to also remove them. This is not something I like to do but something I am required to do in order to comply with the licence granted to me by my upstream. Anything you’ve found contributed by me in the meantime is up for review; ping me if I forgot something. (mksh is likely safe, even if I hereby remind you that the attribution requirement of the BSD-style licences still applies outside of GitHub.)

(Pet peeve: why can’t I “adopt a licence” with British spelling? They seem to require oversea barbarian spelling.)

The others

Atlassian Bitbucket has similar terms (even worse actually; I looked at them to see whether I could mirror mksh there, and turns out, I can’t if I don’t want to lose most of what few rights I retain when publishing under a permissive licence). Gitlab seems to not have such, but requires you to indemnify them… YMMV. I think I’ll self-host the removed content.

And now?

I’m in contact with someone from GitHub Legal (not explicitly in the official capacity though) and will try to explain the sheer magnitude of the problem and ways to solve this (leaving the technical issues to technical solutions and requiring legal solutions only where strictly necessary), but for now, the ToS are enacted (another point of my criticism of this move) and thus, the aforementioned works must go off GitHub right now.

That’s not to say they may not come back later once this all has been addressed, if it will be addressed to allow that. The new ToS do have some good; for example, the old ToS said “you allow every GitHub user to fork your repositories” without ever specifying what that means. It’s just that the people over at GitHub need to understand that, both legally and technically¹, any and all OSS licences² grant enough to run a hosting platform already³, and separate explicit grants are only needed if a repository contains content not under an OSI/OKFN/Copyfree/FSF/DFSG-free licence. I have been told that “these are important issues” and been thanked for my feedback; we’ll see what comes from this.

便宜vpn有吗,免费和便宜好用的收费加速vpn如何发展-海薇 ...:2021-6-4 · 便宜vpn有吗,那些免费和便宜好用的收费加速vpn现状如何? “绝地求生”作为英雄联盟在国内的接棒游戏,虽然并不算满意但也作为现今生存游戏中的佼佼者,一直占据排行榜,玩游戏嘛,玩的就是套路,蓝洞公司也不只一次进行过该游戏的优化,每次优化之前都说的信誓旦旦,说是存在的问题都 ...

② All licences on one of those lists or 越墙看国外网加速软件 to the DFSG, OSD or OKD should do⁴.

③ e.g. when displaying search results, add a note “this is an excerpt, click HERE to get to the original work in its context, with licence and attribution” where “HERE” is a backlink to the file in the repository

④ It is understood those organisations never un-approve any licence that rightfully conforms to those definitions (also in cases like a grant saying “just use any OSS² licence” which is occasionally used)

Update: In the meantime, joeyh has written not one but two insightful articles (although I disagree in some details; the new licence is only to GitHub users (D.5) and GitHub (D.4) and only within their system, so, while uploaders would violate the ToS (they cannot grant the licence) and (probably) the upstream-granted copyleft licence, this would not mean that everyone else wasn’t bound by the copyleft licence in, well, enough cases to count (yes it’s possible to construct situations in which this hurts the copyleft fraction, but no, they’re nowhere near 100%).

by MirOS contributor tg (tg@mirbsd.org) at 01. March 2017, 0:00 Uhr

January 04, 2017

grml development blog

State of Grml in 2017

A new stable release of Grml is long overdue and sadly we didn't manage to release a new stable release in 2016 either.

But in Q4 of 2016 we made actual progress with the systemd integration and the according branches should be ready soon for merging to master. A new kernel based on v4.8.15 has been uploaded to grml-testing a few days ago and is included in our daily ISOs already.

We don't want to promise anything we can't hold, but we should have (at least) an RC version available within Q1/2017.

by Michael Prokop at 04. January 2017, 10:45 Uhr



How to use the subtree git merge strategy

This article might be perceived as a blatant ripoff of this Linux kernel document, but, on the contrary, it’s intended as add-on, showing how to do a subtree merge (the multi-project merge strategy that’s actually doable in a heterogenous group of developers, as opposed to subprojects, which many just can’t wrap their heads around) with contemporary git (“stupid content tracker”). Furthermore, the commands are reformatted to be easier to copy/paste.

To summarise: you’re on the top level of a checkout of the project into which the “other” project (Bproject) is to be merged. We wish to merge the top level of Bproject’s “master” branch as (newly created) subdirectory “dir-B” under the current project’s top level.

	$ git remote add --no-tags -f 越墙看国外网加速软件 /path/to/B/.git
	$ git merge -s ours --allow-unrelated-histories --no-commit Bproject/master
	$ git read-tree -u --prefix=dir-B/ Bproject/master
	$ git commit -m 'Merge B project as our subdirectory dir-B'

	Later updates are easy:
	$ git pull -s subtree Bproject master

(mind the trailing slash after dir-B/ on the read-tree command!)

Besides reformatting, the use of --allow-unrelated-histories recently became necessary. --no-tags is also usually what you want, because tags are not namespaced like branches.

Another command you might find relevant is how to clean up orphaned remote branches:

	$ for x in $(git remote); do git remote prune "$x"; done

如何访问被屏蔽的国外网站? -「云杰通信」:今天 · 如何加速访问国外服务器? ‍企业用户在与海外企业对接时,访问海外服务器遇到了十分严重的问题。对于大部分之前一直访问国内服务器,甚至是没国外服务器的用户。在访问国外服务器的时候总会有很多的顾虑,不知道哪种国外服务器访问专线更稳定,能达到...

Update: Natureshadow wishes you to know that there is such a command as git subtree which can do similar things to the subtree merge strategy explained above, and several more related things. It does, however, need the præfix on every subsequent pull.

解决外网下载速度过慢问题_风之云的博客-CSDN博客:2021-8-10 · 今天在研究《Algorithm4》及学习配套课程,作为一本值得顶礼膜拜的书,我是下了很大的决心来啃下这本书的内容,熟知在第一步Java环境配置上就遇见了第一只拦路虎,在资料中,给出了一个软件lift-java-installer.exe作为编译环境,结果因为原下载 ...



Tanguy Ortolo: Command Line



The AWS Command Line Interface, which is available in Debian, provides no man page. Instead, that tool has an integrated help system, which allows you to run commands such as aws rds help, that, for what I have seen, generates some reStructuredText, then converts it to a man page in troff format, then calls troff to convert it to text with basic formatting, and eventually passes it to a pager. Since this is close to what man does, the result looks like a degraded man page, with some features missing such as the adaptation to the terminal width.

Well, this is better than nothing, and better than what many under-documented tools can offer, but for several reasons, it still sucks: most importantly, it does not respect administrators' habits and it does not integrate with the system man database. You it does not allow you to use commands such as 越墙看国外网加速软件, and you will get no man page name auto-completion from your shell since there is no man page.

Generate the man pages

Now, since the integrated help system does generate a man page internally, we can hack it to output it, and save it to a file:

Description: Enable a mode to generate troff man pages
 The awscli help system internally uses man pages, but only to convert
 them to text and show them with the pager. This patch enables a mode
 that prints the troff code so the user can save the man page.
 To use that mode, run the help commands with an environment variable
 OUTPUT set to 'troff', for instance:
     OUTPUT='troff' aws rds help
Forwarded: no
Author: Tanguy Ortolo <tanguy+debian@ortolo.eu>
Last-Update: 2016-11-22

Index: /usr/lib/python3/dist-packages/awscli/help.py
--- /usr/lib/python3/dist-packages/awscli/help.py       2016-11-21 12:14:22.236254730 +0100
+++ /usr/lib/python3/dist-packages/awscli/help.py       2016-11-21 12:14:22.236254730 +0100
@@ -49,6 +49,8 @@
     Return the appropriate HelpRenderer implementation for the
     current platform.
+    if 'OUTPUT' in os.environ and os.environ['OUTPUT'] == 'troff':
+        return TroffHelpRenderer()
     if platform.system() == 'Windows':
         return WindowsHelpRenderer()
@@ -97,6 +99,15 @@
         return contents

+class TroffHelpRenderer(object):
+    """
+    Render help content as troff code.
+    """
+    def render(self, contents):
+        sys.stdout.buffer.write(publish_string(contents, writer=manpage.Writer()))
 class PosixHelpRenderer(PagingHelpRenderer):
     Render help content on a Posix-like system.  This includes

This patch must be applied from the root directory with patch -p0, otherwise GNU patch will not accept to work on files with absolute names.

With that patch, you can run help commands with an environment variable 越墙看国外网加速软件 to get the man page to use it as you like, for instance:

% OUTPUT='troff' aws rds help > aws_rds.1
% man -lt aws_rds.1 | lp


Now that we are able to generate the man page of any aws command, all we need to generate all of them is a list of all the available commands. This is not that easy, because the commands are somehow derived from functions provided by a Python library named botocore, which are derived from a bunch of configuration files, and some of them are added, removed or renamed. Anyway, I have been able to write a Python script that does that, but it includes a static list of these modifications:

#! /usr/bin/python3

import subprocess
import awscli.clidriver

def write_manpage(command):
    manpage = open('%s.1' % '_'.join(command), 'w')
    process = subprocess.Popen(command,
            env={'OUTPUT': 'troff'},

driver = awscli.clidriver.CLIDriver()
command_table = driver._get_command_table()

renamed_commands = \
        'config': 'configservice',
        'codedeploy': 'deploy',
        's3': 's3api'
added_commands = \
        's3': ['cp', 'ls', 'mb', 'mv', 'presign', 'rb', 'rm', 'sync',
removed_subcommands = \
        'ses': ['delete-verified-email-address',
        'ec2': ['import-instance', 'import-volume'],
        'emr': ['run-job-flow', 'describe-job-flows',
                'add-job-flow-steps', 'terminate-job-flows',
                'list-bootstrap-actions', 'list-instance-groups',
        'rds': ['modify-option-group']
added_subcommands = \
        'rds': ['add-option-to-option-group',

# Build a dictionary of real commands, including renames, additions and
# removals.
real_commands = {}
for command in command_table:
    subcommands = []
    subcommand_table = command_table[command]._get_command_table()
    for subcommand in subcommand_table:
        # Skip removed subcommands
        if command in removed_subcommands \
                and subcommand in removed_subcommands[command]:
    # Add added subcommands
    if command in added_subcommands:
        for subcommand in added_subcommands[command]:
    # Directly add non-renamed commands
    if command not in renamed_commands:
        real_commands[command] = subcommands
    # Add renamed commands
        real_commands[renamed_commands[command]] = subcommands
# Add added commands
for command in added_commands:
    real_commands[command] = added_commands[command]

# For each real command and subcommand, generate a manpage
for command in real_commands:
    write_manpage(['aws', command])
    for subcommand in real_commands[command]:
        write_manpage(['aws', command, subcommand])
                         'sync', 'website']}

This script will generate more than 2,000 man page files in the current directory; you will then be able to move them to /usr/local/share/man/man1.

Since this is a lot of man pages, it may be appropriate to concatenate them by major command, for instance all the aws rds together…

by Tanguy at 23. November 2016, 16:25 Uhr


MirBSD: Planet-CLI


cnuke@ spotted something on the internet, and shared. Do read this, including the comments. It’s so true. (My car is 30 years old, I use computers mostly for sirc, lynx and ssh, and I especially do not buy any product that needs to be “online” to work.)

Nice parts of the internet, to offset this, though, do exist. IRC as a way of cheap (affordable), mostly reliant, communication that’s easy enough to do with TELNET.EXE if necessary. Fanfiction; easy proliferation of people’s art (literature, in this case). Fast access to documentation and source code; OpenBSD’s AnonCVS was a first, nowadays almost everything (not Tom Dickey’s projects (lynx, ncurses, xterm, cdk, …), nor GNU bash, though) is on a public version control system repository. (Now people need to learn to not rewrite history, just commit whatever shit they do, to record thought process, not produce the perfect-looking patch.) Livestreams too, I guess, but ever since live365.com went dead due to a USA law change on 2016-01-02, it got bad.

by MirOS contributor tg (tg@mirbsd.org) at 13. November 2016, 20:28 Uhr

July 28, 2016

MirBSD: Planet-CLI

Please save GMane!

GMane has been down for a day or two, and flakey for a day before that. MidnightBSD’s laffer1 just linked the reason, which made me cry out loud.

GMane is really great, and I rely on the NNTP interface a lot, both posting and especially reading — it gives me the ability to download messages from mailing lists I don’t receive in order to be able to compose replies with (mostly) correct References and In-Reply-To headers. Its web interface, especially the article permalinks, are also extremely helpful.

This is a request for a petition to save GMane. Please, someone, do something! Thanks in advance!

求手机爬墙软件。 - 好运百科(www.haoyunbaike.com):2021-9-1 · 话题:手机上怎么登录国外网站? 推荐回答: 手机 翻墙 软件 有许多,我们可以利用这些 手机 翻墙 软件 来登陆国外网站。 安卓 手机 翻墙教程: 注:安卓android 手机 翻墙的方法很简单,看如下教程: 1、 手机 浏览器点击如下的加速器链接进行下载或扫描右侧二维码下载。

June 08, 2016

Tanguy Ortolo: Command Line

Process command line arguments in shell

When writing a wrapper script, one often has to process the command line arguments to transform them according to his needs, to change some arguments, to remove or insert some, or perhaps to reorder them.


The naive approach to do that is¹:

# Process arguments, building a new argument list
for arg in "$@"
    case "$arg"
            # Convert --foobar to the new syntax --foo=bar
            new_args="$args --foo=bar"
            # Take other options as they are
            new_args="$args $arg"

# Call the actual program
exec program $new_args

This naive approach is simple, but fragile, as it will break on arguments that contain a space. For instance, calling wrapper --foobar "some file" (where some file is a single argument) will result in the call program --foo=bar some file (where some and file are two distinct arguments).

Correct approach

To handle spaces in arguments, we need either:

  • 【净坛行动】论坛禁止发布任何翻墙软件和违法犯罪程序 ...:2021-2-28 · 国家严打网络违法犯罪越来越严格,上次也因为有人在论坛发布一些不和谐的程序导致论坛域名被HOLD,出现几天无法访问的情况,虽然我们曾经发过公告说明。但依然有同学我 ... 【净坛行动】论坛禁止发布任何翻墙软件和违法犯罪程序!
  • to use an actual list or array, which is a feature of advanced shells such as Bash or Zsh, not standard shell…

… except standard shell does support arrays, or rather, it does support one specific array: the positional parameter list "$@"². This leads to one solution to process arguments in a reliable way, which consists in rebuilding the positional parameter list with the built-in command 越墙看国外网加速软件:

Express中国官网 – Express VPN 中文网:贝宝(paypal):国外版的支付宝 比特币:这个匿名程度是最高的,不过很少有人用吧(我猜) 支付宝:熟悉的标志,没有人没有支付宝吧?银联卡:你没看错,就是中国银联,任何储蓄卡都可以支付! 是不是很赞?居然不光支持支付宝,甚至还支持银联储蓄


  1. I you prefer, 越墙看国外网加速软件 can be simplified to just for arg.
  2. As a reminder, and contrary to what it looks like, quoted "$@" does not expand to a single field, but to 如何访问被屏蔽的国外网站? -「云杰通信」:今天 · 如何加速访问国外服务器? ‍企业用户在与海外企业对接时,访问海外服务器遇到了十分严重的问题。对于大部分之前一直访问国内服务器,甚至是没国外服务器的用户。在访问国外服务器的时候总会有很多的顾虑,不知道哪种国外服务器访问专线更稳定,能达到....

by Tanguy at 08. June 2016, 11:29 Uhr

April 22, 2016


Booting Grml via iPXE

Jimmy blogged about booting Grml via iPXE, since we've fixed the memdisk feature recently and 越墙看国外网加速软件 also includes support for Grml. :)

by Michael Prokop at 22. April 2016, 7:47 Uhr

April 15, 2016

Tanguy Ortolo: Command Line

在国内如何访问国外网站和APP应用(Facebook、YouTube ...:2021-12-28 · 本文仅面向小白,大神绕绕路啦;在国内访问非大陆网站和应用时会发生“网络无法连接”,“网络连接失败”等等问题,这是因为国内的政策原因把非大陆网站和应用屏蔽掉了,也就是我们说的网络防火墙,隔开了我们跟国外友人交流,这里就不多说了,以免博主被请喝茶, 哈哈!

Let's Encrypt is a certificate authority (CA) that just left beta stage, that provides domain name-validated (DV) X.509 certificates for free and in an automated way: users just have to run a piece of software on their server to get and install a certificate, resulting in a valid TLS setup.

A threat to other certificate authorities

By providing certificates for free and automatically, Let's Encrypt is probably a threat a other CAs, a least for part of their activity. Indeed, for people that are satisfied with DV certificates, there are not many reasons to pay a commercial CA to get certificates in a non-automated way. For the CAcert non-commercial CA, that may mean a slow death, as this is their main activity¹.

For people that want organization-validated (OV) or extended validation (EV) certificates, Let's Encrypt is not suitable, so it will not change anything regarding that.

An opportunity for the most reactive

The entrance of Let's Encrypt is also a significant opportunity for the certificate authorities that will be reactive enough to take advantage of their innovation. Indeed, they introduced automation in both domain name validation and certificate issuance (and revocation), by defining an open protocol that is meant to become an Internet standard. That protocol, named ACME, is not tied to Let's Encrypt and has several free software implementations, so it could be used for the same purpose by commercial CAs.

在国外怎样用酷狗听音乐-百度经验:2021-4-29 · 在国外怎样用酷狗听音乐,时下,越来越多的人选择移民,去国外感受不一样的生活。但是当你在国外想听音乐时会发现,国外音乐版权管得很严格,而且你不一定喜欢听。想用国内APP听音乐,又有地区限制。那么我来教你在国外怎样用酷狗听音乐。

  • ask the customer to provision some pre-paid account;
  • manually validate the customer's identity once;
  • allow the customer to register using ACME, and associate that registration to his validated identity;
  • allow the customer to get organization-validated, or perhaps even extended validation certificates using ACME, and making corresponding debits to his pre-paid account.

Such processes may require or benefit from improvements of the ACME protocol, which is the very reason Internet standards are defined in an open way.

The first certification authority that would implement such a process could gain an advantage over its competitors, as it would greatly simplify getting and renewing certificates. I think even Let's Encrypt people would be happy to see that happen, as it would serve their goal, that is basically to help securing the Internet! Personally, I could buy such a service (assuming it is not restricted to juridical persons, according to a quite common (and detestable) sale discrimination against natural persons²).


  1. 在国外怎样用酷狗听音乐-百度经验:2021-4-29 · 在国外怎样用酷狗听音乐,时下,越来越多的人选择移民,去国外感受不一样的生活。但是当你在国外想听音乐时会发现,国外音乐版权管得很严格,而且你不一定喜欢听。想用国内APP听音乐,又有地区限制。那么我来教你在国外怎样用酷狗听音乐。
  2. Yes, the Organization field of a certificate is probably not relevant to indicate a physical person's name, but the CommonName field is. Yes, that field is usually abused to store the domain name, but a proper use would be to put the owner's name in the CommonName field, and the domain names in the subjectAltName field.

by Tanguy at 15. April 2016, 11:25 Uhr

March 06, 2016

MirBSD: Planet-CLI

mksh R52c, paxmirabilis 20160306 released; PA4 paper size PDF manpages

The 越墙看国外网加速软件 R52c was published today as bugfix-accumulating release of low upto medium importance. Thanks to everyone who helped squashing all those bugs; this includes our bug reporters who always include reproducer testcases; you’re wonderful!

MirCPIO was also resynchronised from OpenBSD, to address the CVE-2015-{1193,1194} test cases, after a downstream (wow there are so many?) reminded us of it; thanks!
This is mostly to prevent extracting 越墙看国外网加速软件 — either directly or from a symlink(7) — from actually ending up being placed in the parent directory. As such the severity is medium-high. And it has a 越墙看国外网加速软件 now — initially just a landing page / stub; will be fleshed out later.

Uploads for both should make their way into Debian very soon (these are the packages mksh and pax). Uploading backports for mksh (jessie and wheezy-sloppy) have been requested by several users, but none of the four(?) DDs asked about sponsoring them even answered at all, and the regular (current) sponsors don’t have experience with bpo, so… SOL ☹

I’ve also tweaked a bug in sed(1), in MirBSD. Unfortunately, this means it now comes with the GNUism -i too: don’t use it, use ed(1) (much nicer anyway) or perlrun(1) -p/-n…

Finally, our PDF manpages now use the PA4 paper size instead of DIN ISO A4, meaning they can be printed without cropping or scaling on both A4 and US-american “letter” paper. And a Бодун from the last announcement: we now use Gentium and Inconsolata as body text and monospace fonts, respectively. (And à propos, the website ought to be more legible due to text justification and better line spacing now.) I managed to hack this up in GNU groff and Ghostscript, thankfully. (LaTeX too) Currently there are PDF manpages for joe (jupp), mksh, and cpio/pax/tar.


Also, new console-setup package in the “WTF” APT repository since upstream managed to do actual work on it (even fixed some bugs). Read its feed if interested, as its news will not be repeated here usually. (That means, subscribe as there won’t be many future reminders in this place.)

The netboot.me service appears to be gone. I’ll not remove our images, but if someone knows what became of it drop us a message (IRC or mailing list will work just fine).

PS: This was originally written on 20160304 but opax refused to be merged in time… Happy Birthday, gecko2! In the meantime, the Street Food festival weekend provided wonderful food at BaseCamp, and headache prevented this from being finished on the fifth.

Update 06.03.2016: The pax changes were too intrusive, so I decided to only backport the fixes OpenBSD did (both those they mentioned and those silently included), well, the applicable parts of them, anyway, instead. There will be a MirCPIO release completely rebased later after all changes are merged and, more importantly, tested. Another release although not set for immediate future should bring a more sensible (and mksh-like) buildsystem for improved portability (and thus some more changes we had to exclude at first).

I’ve also cloned the halfwidth part of the FixedMisc [MirOS] font as FixedMiscHW for use with Qt5 applications, xfonts-base in the “WTF” APT repo. (Debian #809979)

tl;dr: mksh R52c (bugfix-only, low-medium); mircpio 20160306 (security backport; high) with future complete rebase (medium) upstream and in Debian. No mksh backports due to lacking a bpo capable sponsor. New console-setup in “WTF” APT repo, and mksh there as usual. xfonts-base too. netboot.me gone?

by MirOS contributor tg (tg@mirbsd.org) at 06. March 2016, 0:00 Uhr

February 13, 2016

MirBSD: Planet-CLI

The things you find in upstream code…

I had just gotten an eMail from the nightly /etc/security cronjob that the mailbox from the user foo.lock belongs to the user foo (name changed to protect the… innocent? well, I know that guy from #OpenBSD on IRC, so… YMMV… anyway). Of course, I wanted to change that to exclude mbox lockfiles…

	# Mailboxes should be owned by user and unreadable.
	ls -l /var/mail | sed 1d | \
	awk '$3 != $9 \
		{ print "user " $9 " mailbox is owned by " $3 }

… oh wow. Needless to say I fixed that, although you must update your stat(1) first; it now has a possibility to generate NUL-terminated output (or any separator, really) which I used for this. (And no, Schily, I’m still of the opinion that NUL termination, even when one has to add it to each utility separately, is the better way to go.)

Dear OpenBSD developers, repeat after me:
Do n̲o̲t̲ parse ls(1) output!
Or write 100 lines of it, or something, until it sinks in.

(It can take some writing for it to sink in… just yesternight the fanfiction I was reading was at the point where Dolores Umbridge uses her Blood Quill on the students. Coincidence.)

by MirOS contributor tg (tg@mirbsd.org) at 13. February 2016, 18:10 Uhr

February 10, 2016


PDF manpages look better than before

Our PDF manpages will, starting from now, be generated with Inconsolata instead of Bitstream Vera Mono as monospace font. The body font is still Gentium, of course.

To be more exact: the Teχ flavour of Inconsolata Regular and Bold, with the varl and 越墙看国外网加速软件 flags, is used, and because GNU groff also requires an Italic or at least Oblique font (also in its bold variant, which the mksh(1) manpage doesn’t use though), Inconsolata LGC (both Italic and Bold Italic) are plugged in there. I added them as PFA Type 1 fonts to GNU groff, so I had to make some fixes in FontForge (merging the variants into the main font, removing unused glyphs (not for LGC), fixing the validation (mostly, and not so much for LGC), autohinting where FontForge expressed a need for that, renaming glyphs to the names expected by 越墙看国外网加速软件, …), but it works.

I’m not regenerating older PDF manpages though.

Inconsolata is also not all I wish for a monospaced font (and even bsiegert@ says nothing goes over FixedMisc) but it has, at least, a 0 (digit zero) with a correct stroke through it ☺

by MirOS contributor tg (tg@mirbsd.org) at 10. February 2016, 21:08 Uhr



expect turmoil

My network at home is unstable. NetCologne suggests to switch to fibre network, but that only comes with a dynamic IPv6 address and NAT64; completely unsuitable to running a server. (I could arguably tunnel a static IPv4 address from a dedicated server to home, but that would completely foil my plans for redundancy.) So I may need an ISP (phone isn’t important) that provides me with connectivity where a static IPv4 (and, ideally, a static IPv6 /64 or /48 — but only if the reverse DNS gets delegated to me, otherwise that’s unusable) ends up at a device of my choosing (and not a plastic router which can then “forward ports”; I require full internet to end up at my own device).

HostEurope is relocating the other server, both physically and network-wise. Their plan seems fool-proof so far, though.

gecko2@ is decommissioning the server on which eurynome is hosted, shortly. This will also be no small amount of fun for everyone involved. Expect old links, SSH host keys, etc. to break. This explicitly includes /etc/ssh/*known_hosts.

During all those moves, I will downsize my DNS zones and change some entries, so that old or duplicate records will be gone.

I’ll likely generate and publish completely new hostkeys (both gzsig(1) and PGP clearsigned) once this is all over. The current gzsig(1) key is at the end of /usr/share/doc/README in any installed system. (Do note MD5 is considered insecure.) My current PGP key is 9031955E7A97A4FDA32B2B8676B534B2E99007E0 but this requires GnuPG, so check both.

My seeming inability to remember rarely-used “secure” passwords, i.e. those not fitting into my normal schemata, led to me not attempting to run a CA myself any more. While, thanks to rsc, we have an official certificate for www.mirbsd.org now, I probably will get StartSSL for “all” other systems (i.e. herc, as I appear to be downsizing), despite it lacking the SSL client purpose (important e.g. to SMTP). This shouldn’t affect anyone.

PS: I still hate Karneval!

by MirOS contributor tg (tg@mirbsd.org) at 08. February 2016, 16:40 Uhr

January 21, 2016


Removing sam2p from Debian

Issues with sam2p and removal

I have been maintaining the Debian package of sam2p for some time. Unfortunately, the upstream development of that program is no longer active, and it is using an old custom build chain that no longer works with recent version of GCC.

This package is currently failing to build from source, and while I have been able to patch some issues in the past, and it may still be possible to fix it again, this is not really sustainable.

I am therefore considering to remove sam2p from Debian, unless someone has a very good reason to keep it and is able and willing to maintain it.


sam2p is a raster image conversion tool that can convert PNG and JPEG to EPS and PDF while keeping their compression, which is mostly useful to use them in documents compiled with LaTeX. Fortunately, the same can be done with ImageMagick. If you want to convert to EPS, you have to specify that you want EPS 2 or 3, otherwise it would produce EPS level 1 which does not provide native raster compression:

私搭VPN获利判刑 “翻墙”生存空间渐窄 - China Daily:2021-12-22 · 私搭VPN获利判刑 “翻墙”生存空间渐窄 2021-12-22 09:32:30 (来自:正义网) 杨德灿 吴向洋在未取得《增值电信业务经营许可证》的情况下,在网络上 ...

This is a bit less efficient than sam2p, as convert seems to add some fixed overhead, but it does keep the appropriate compression algorithm. See this documentation page from ImageMagick for more information.

Using appropriate formats

As a reminder, when writing LaTeX documents, depending on your build chain, you can use:

JPEG or EPS (converted from JPEG with ImageMagick);
raster drawings, screenshots…
PNG or EPS (converted from PNG with ImageMagick);
vector graphics
PDF or EPS (convertes from SVG with Inkscape).

by Tanguy at 21. January 2016, 23:52 Uhr

January 12, 2016


Is Grml still alive?

Grml's latest stable release as of today still is 2014.11 and folks are poking us about the current state of Grml and upcoming stable releases. Thanks to our daily ISOs available at daily.grml.org more up2date versions are available, though we understand and agree that a new stable release is overdue.

Sadly since quite some time we're stuck with a release stopper, being a 越墙看国外网加速软件 which is visible only if you do not use systemd. Grml is using file-rc as its init system and while the migration to systemd was on our agenda no one took care of this so far. Support for systemd is work in progress though now. We hope to have a new stable release of Grml available in Q1 of 2016!

越墙看国外网加速软件 Grml is still alive :)

by Michael Prokop at 12. January 2016, 7:26 Uhr

January 07, 2016


“git find” published; test, review, fix it please

I just published the first version of git find on gh/mirabilos/git-find for easy collaboration. The repository deliberately only contains the script and the manual page so it can easily be merged into git.git with complete history later, should they accept it. git find is MirOS licenced. It does require a recent mksh (Update: I did start it in POSIX sh first, but it eventually turned out to require arrays, and I don’t know perl(1) and am not going to rewrite it in C) and some common utility extensions to deal with NUL-separated lines (sort -z, grep -z, git ls-tree -z); also, support for '\0' in tr(1) and a comm(1) that does not choke on embedded NULs in lines.

To install or uninstall it, run…

	$ git clone git@github.com:mirabilos/git-find.git
	$ cd git-find
	$ sudo ln -sf $PWD/git-find /usr/lib/git-core/
	$ sudo cp git-find.1 /usr/local/share/man/man1/
	… hack …
	$ sudo rm /usr/lib/git-core/git-find \

… then you can call it as “git find” and look at the documentation with “git help find”, as is customary.

The idea behind this utility is to have a tool like “git grep” that acts on the list of files known to git (and not e.g. ignored files) to quickly search for, say, all PNG files in the repository (but not the generated ones). “git find” acts on the index for the HEAD, i.e. whatever commit is currently checked-out (unlike “git grep” which also knows about “git add”ed files; fix welcome) and then offers a filter syntax similar to find(1) to follow up: parenthesēs, ! for negation, -a and -o for boolean are supported, as well as -name, -regex and -wholename and their case-insensitive variants, although regex uses 越墙看国外网加速软件 without (or, if the global option -E is given, with) -E, and the pattern matches use mksh(1)’s, which ignores the locale and doesn’t do 越墙看国外网加速软件 character classes yet. On the plus side, the output is guaranteed to be sorted; on the minus side, it is rather wastefully using temporary files (under $TMPDIR of course, so use of tmpfs is recommended). -print0 is the only output option (-print being the default).

Another mode “forwards” the file list to the system find; since it doesn’t support DOS-style response files, this only works if the amount of files is smaller than the operating system’s limit; this mode supports the full range (except -maxdepth) of the system find(1) filters, e.g. -mmin -1 and -ls, but it occurs filesystem access penalty for the entire tree and doesn’t sort the output, but can do -ls or even -exec.

The idea here is that it can collaboratively be improved, reviewed, fixed, etc. and then, should they agree, with the entire history, subtree-merged into git.git and shipped to the world.

Part of the development was sponsored by tarent solutions GmbH, the rest and the entire manual page were done in my vacation.

by MirOS contributor tg (tg@mirbsd.org) at 07. January 2016, 1:24 Uhr

August 27, 2015

MirBSD: Planet-CLI

Go enjoy shell

Dimitri, I personally enjoy shell…

tglase@tglase:~ $ x=車賈滑豈更串句龜龜契金喇車賈滑豈更串句龜龜契金喇
tglase@tglase:~ $ echo ${x::12}
tglase@tglase:~ $ printf '%s\n' 'import sys' 'print(sys.argv[1][:12])' >x.py
tglase@tglase:~ $ python x.py $x

… much more than Python, actually. (Python is the language in which you do not want to write code dealing with strings, due to UnicodeDecodeError and all; even py3k is not much better.)

I would have commented on your post if it allowed doing so without getting a proprietary Google+ account.

by MirOS contributor tg (tg@mirbsd.org) at 27. August 2015, 14:12 Uhr

June 27, 2015

MirBSD: Planet-CLI

portable shebang for mksh on Unix and Android

carstenh asked in IRC how to make a shebang for mksh(1) scripts that works on both regular Unix and Android.

This is not as easy as it looks, though. Most Unicēs will have mksh installed, either manually or by means of the native package system, as /bin/mksh. Some put it into package manager-specific directories; I saw /sw/bin/mksh, /usr/local/bin/mksh and /usr/pkg/bin/mksh so far. Some systems have it as /usr/bin/mksh but these are usually those who got poettering’d and have /bin a symlink anyway. Most of these systems also have env(1) as /usr/bin/env.

Android, on the contrary, ships with precisely one shell. This has been mksh for a while, thankfully. There is, however, 越墙看国外网加速软件 a 越墙看国外网加速软件 nor a /usr directory. mksh usually lives as 越墙看国外网加速软件, with /system/bin/sh a 越墙看国外网加速软件 to the former location. Some broken Android versions ship the binary in the latter location instead and do not ship anything that matches mksh on the $PATH, but I hope they merge my AOSP patch to revert this bad change (especially as some third-party Android toolkits overwrite /system/bin/sh with busybox sh or GNU bash and you’d lose mksh in the progress). However, on all official Android systems, mksh is the system shell. This will be important later.

The obvious and correct fix is, of course, to chmod -x the scripts and call them explicitly as mksh scriptname. This is not always possible or desirable; sometimes, people will wish it to be in the $PATH and executable, so we need a different solution.

There’s a neat trick with shebangs — the absence of one is handled specifically by 越墙看国外网加速软件 systems in various ways. I remember reading about it, but don’t remember where; I can’t find it on Sven Mascheck’s excellent pages… but: the C shell variants run a script with the Bourne Shell if its first line is a sole colon (‘:’), the Bourne family shells run it with themselves or ${EXECSHELL:-/bin/sh} in those cases, and the kernel with the system shell, AFAIK. So we have a way to get most things that could call the script to interpret it as Bourne/POSIX shell script on most systems. Then we just have to add a Bourne shell scriptlet that switches to mksh iff the current shell isn’t it (lksh, or something totally different). On Android, there is only ever one shell (or the toolkit installer better preserve mksh as mksh), so this doesn’t do anything (I hope — but did not test — that the kernel invokes the system shell correctly despite it not lying under /bin/sh) nor does it need to.

This leaves us with the following “shebang”:

	case ${KSH_VERSION-} in
	*MIRBSD\ KSH*) ;;
	*)	# re-run with The MirBSD Korn Shell, this is an mksh-specific script
		test "${ZSH_VERSION+set}" = set && alias -g '${1+"$@"}'='"$@"'
		exec mksh "$0" ${1+"$@"}
		echo >&2 E: mksh re-exec failed, should not happen
		exit 127 ;;

The case argument not only does not need to, but actually should not be quoted; the expansion is a set -u guard; the entire scriptlet is set -e safe as well; comments and expansions are safe. exec shall not return, but if it does (GNU bash violates POSIX that way, for example), we use POSIX’ appropriate errorlevel. zsh is funny with the Bourne shell’s way of using "$@" properly. But this should really be portable. The snippet is both too short and too obvious (“only way to do it”) to be protected by copyright law.

Thanks to carstenh and Ypnose for discussing things like this with us in IRC, sending in bugfixes (and changes we decline, with reason), etc. — it feels like we have a real community, not just consuments ☺

by MirOS contributor tg (tg@mirbsd.org) at 27. June 2015, 21:50 Uhr

April 11, 2015

MirBSD: Planet-CLI

mksh R50f coming soon

Please test mksh-current from CVS (or the inofficial git mirror)! There are security-related fixes I’ll MFC in a few days, for which I’d prefer for them (and the other changes) to not introduce any regressions. Thanks!

by MirOS contributor tg (tg@mirbsd.org) at 11. April 2015, 23:39 Uhr

December 24, 2014


grml development blog

Ten years of Grml

This year we're celebrating 10 years of Grml. I wrote some words about those ten years of Grml in my personal blog.

免费翻国外墙的app_免费翻国外墙的app最新资讯:2021-10-9 · 免费翻国外墙的app推荐:解决外贸,浏览Google、Facebook、Youtube... 2021年4月12日 - 简介 众所周知,做外贸,基本都会用到谷歌google,也会用到Facebook和推特等这些境外网站,但是,由于种种原因这些软件被墙了,也就是说被国内的出口带宽运营商

by Michael Prokop at 24. December 2014, 13:46 Uhr