How I learned to not worry and love systemd

I wrote this little piece originally on June 25, 2013 but decided not to push the publish button because it is incendiary, in more of one sense. But…

Systemd is truly a remarkable piece of technology. In the beginning I was skeptic for two reasons:

a.) I tend to orthodoxy when it comes to the core. I started using old skool init more than 20 years ago and it was with *real UNIX®*; at some point I even deemed SysV init style startup scripts the work of the devil. Ha! Like I miss BSD 4.2 init scripts! Everything mashed up in one single 5000 line shell script, *shudder*. Before I go tangential into a rant that is truly for another day, let me say this: All those weenies that say “FreeBSD start up scripts are the simplest and coolest thing since sliced bread” are a bunch of Christmas geese.

b.) I’ve my share of battle scars with “advanced” init systems. Ever had to write a startup script for HP-UX? AIX? What about that horrid abomination Sun Microsystems (R.I.P.) invented for Solaris (their SysVR4/BSD FrankenUNIX), startup scripts written in a horrible dialect of XML? Honestly, I suspect SMF was written in the midddle of a Colt 45 and crack brogrammer frat binge.

Then when Canonical pulled Upstart out of the hat (or may I say, arse?), I certainly put attention. I was already a user of Ubuntu, though not a convert. I had the chance to exchange a couple of mails with Shuttleworth when the the planning and design of the PPA system was in swing and he came accross as a narcissistic know-it-all. In fact, I was vindicated some year later when the man had to do exactly what I told him: People need the option to have several PPAs under the same account particularly if they are a project that hosts in Launchpad. There and then I decided I was not invested enough in Ubuntu nor would I be ever. I just kept using it because it was the best GNOME experience at the time. I’d moved to Fedora right there and then but it was still a POS.

Trolling Requires Quality

I’ve found “Things that BSD owes GNU/Linux | BSD, the truth” http://aboutthebsds.wordpress.com/ a most amusing read. Most of the write ups have the ring and weight of truth, but it is unfortunate that:

a.) The author enjoys personal attacks and character assassination, too much. It is immature and destroys whatever real arguments he/she may present in his/her rants.

b.) The author’s first language is not English and the command is poor. I suspect poor knowledge of his native language as well. Hey! Not all of us have a sound literary education. Unfortunately it shows in the incoherent expression of ideas. This removes credibility. A lot.

Static network IP with systemd

One of the few real hurdles I’ve found with systemd is setting up a static network configuration. This is a solution that cuts the middleman, be it ifupdown, netcfg, NetworkManager or wicd and uses systemd to do it. This comes originally from the Archlinux Wiki on systemd services, but it seems to be deleted and reinstated at the whim of some God entitled pedant so you may not find it there tomorrow.

Make sure that iputils2 are installed. Create a service file network-static.service and a confguration file network-static as shown below and install in the suggested places. Then enable the service with systemctl:

;; /etc/systemd/system/network-static.service
[Unit]
Description=Static Network Service
Wants=network.target
Before=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/network-static
ExecStart=/usr/sbin/ip link set dev ${IF} up
ExecStart=/usr/sbin/ip address add ${ADDR}/${NM} broadcast ${BC} dev ${IF}
ExecStart=/usr/sbin/ip route add default via ${GW} dev ${IF}
ExecStop=/usr/sbin/ip addr flush dev ${IF}
ExecStop=/usr/sbin/ip link set dev ${IF} down

[Install]
WantedBy=multi-user.target
;; /etc/conf.d/network-static
IF=eth0
ADDR=AAA.BBB.CCC.DDD
NM=24
BC=AAA.BBB.CCC.255
GW=AAA.BBB.CCC.EEE

And that’s all there is to it.

Using a *real* x.509 certificate with Irssi and OFTC.

Due to random reasons — read: highest point in the yearly “I’m bored to death” bell distribution curve — my x.509 certificates expire on the last days of the year. Now, I don’t really use them much if at all because PKI certificates have been out of vogue for several years now. But that doesn’t say anything about their usefulness! They can help you be more secure and more conscious of the need of security. In fact, there are places where using a x.509 certificate can simplify your life. Case in file: OFTC.

If you don’t use a x.509 certificate to log in to OFTC, they will make sure your life is miserable, trust me. What do you think of having 10 seconds to login with your password every time you connect. OK, I exaggerate with the time, but you get my point. Right? OFTC’s website is a wiki. Not particularly well-organized, I’m afraid, so you need to go digging for a while to find instructions on how to use a x.509 certificate to login to the network, but after a while you find the darned instructions.

So, I won’t touch that particular theme. Besides I’m sure there are at least 5,230 places out there where you can find that information. What I do want to touch in this post is the matter of x.509 certificates.

What do I call a real certificate? One emitted by a recognized certificate authority. And if I can get it for free, I’m in for as long as the ride lasts. So instead of creating my own self-signed x.509 certificate as the OFTC instructions suggest, I decided to use a real x.509 certificate with a real certificate chain. What to do?

First, there was the matter of choosing a certificate authority that would give me a x.509 certificate for free. Thawte stopped its personal PKI a couple of years ago. So the ones left, to my knowledge, are CAcert and StartSSL. After some thought I chose StartSSL, because they work as a OpenID authentication source as well.

Now, the problem was how to use the certificate. To generate the certificate I used Firefox, not because I wanted to but rather because I had trouble with Chromium doing the right thing. After exporting it I had a PKCS12 file where both public and private keys are encrypted with a password of my choice. But irssi needs a PEM file where both keys are unencrypted in ASCII armor format. So what now? Here is the hack:

openssl pkcs12 -in in.p12 -out out.pem -nodes -clcerts

Give your encryption password when asked. Make sure you don’t give a password to the private key! Use out.pem according to the instructions in OFTC’s wiki, and that’s it. Of course, the usual “don’t be a moron” precautions ensue: Set file permissions so that only you can read the file, don’t do it in a shared or public computer, perhaps use something like ecryptfs to keep your $HOME/.ssh directory encrypted, or do it with your whole home directory or, better yet, encrypt your partitions with dmcrypt! All depends on your level of paranoia and real need of security.

¿Es el infierno exotérmico o endotérmico?

[La nota original se encuentra en http://www.pinetree.net/humor/thermodynamics.html]

¿Es el infierno exotérmico o endotérmico?

Cuando estudie para exámenes, recuerde que no es la cantidad si nó la calidad. Y que no hay substituto para la mierda pura y sin adulterar.

El Dr. Robert L. Shambaugh de la Escuela de Ingeniería Química de la Universidad de Oklahoma es conocido por preguntar cosas como “¿Por qué vuelan los aviones?” en sus exámentes finales. La única pregunta de su exámen final del curso “Momento, calor y transferencia de masa II” en mayo de 1997 fué: “¿Es el infierno exotérmico o endotérmico? Soporte su respuesta con pruebas.”

La mayoría de los estudiantes escribió pruebas de sus creencias usando la ley de Boyle u otra variante. Un estudiante, sin embargo, escribió lo siguiente:

Primero, postulamos que si las almas existen deben tener alguna masa. Si estas la tienen, entonces un mol de almas también puede tener masa. Así que, ¿a que tasa de transferencia entran las almas al infierno y a que tasa de transferencia salen? Yo creo que podemos asumir con seguridad que una vez una alma entra al infierno, no saldrá.

Por lo tanto, no salen almas. Respecto a las almas que entran al infierno, examinemos las diferentes religiones que existen en el mundo hoy. Algunas de estas religiones establecen que si no eres miembro de esa religión, te irás al infierno. Ya que hay mas de una de estas religiones y la gente no pertenece a más de una religión, podemos proyectar que toda la gente y almas se van al infierno. Con las tasas de nacimiento y muerte tal como están podemos esperar que el número de almas en el infierno incremente exponencialmente.

Ahora, veamos la tasa de cambio en el volumen del infierno. La ley de Boyle establece que para que la temperatura y presión en el infierno permanezcan constantes, la relación de la masa de almas al volumen del infierno debe permanecer constante.

Existen dos opciones:

  1. Si el infierno se expande a una tasa menor que la tasa a la que entran almas al infierno, entonces la temperatura y presión en el infierno aumentarán hasta que el infierno explote.
  2. Si el infierno se expande a una tasa mayor que el incremento de almas en el infierno, entonces la temperatura y presión disminuirán hasta que el infierno se congele.

Entonces, ¿cual es? Si aceptamos la afirmación dada a mí por Theresa Manyan durante mi primer año de universidad, “será una noche fría en el infierno antes de que yo me acueste contigo” y tomando en cuenta el hecho que yo todavía NO he podido tener relaciones sexuales con ella, entonces la opción 2 no puede ser cierta… Así pues, el infierno es exotérmico.

El estudiante, Tim Graham, obtuvo la única A.

On the Difference Between Being Opinionated and Being a Fool

We all are entitled to our opinions but there is a huge difference between a private opinion and a public opinion.

Private opinions are based on cultural bias, ignorance, hubris and vanity. Yes. you are entitled to believe in the tooth fairy despite all facts denying its existence. But when you start shouting it to the four winds and to deceptively convince people you not only know what you are talking about but that they should believe in everything you say, you have crossed the boundary into that realm where madness lives. And in the process, those who are not weak of mind nor heart will know for certain that you are a fool.

Thus, here is my little piece of free advice to all self-appointed pundits out there: Check your facts and make sure you are not an ignorant sod.