Misadventures in MP-WP setup, the sad work-in-progress post

Filed under: Software — Jacob Welsh @ 05:54

I was to write an article for publication today recounting how I finally got my blog set up. When I reported, later than I should have, that I couldn't actually get that done, my Master directed me to publish whatever I had at this point, because it is important that others can trust my exact words at any moment. I'm not proud of the "dump" format, though who knows, perhaps someone with time for a little digging might even find something useful in it.

Overview of questions, problems and other discoveries encountered.

  • I didn't have build recipes or ports (semi-automated builds for my Linux distribution) for either apache or mysql, the mainstream recommendations, as I hadn't needed these since my "industrial" days. Alternatives workable? If not, what versions to use?
  • My php port (5.6) was likely missing necessary options (libxml2, fopenwrappers)
  • Found sqlite-integration plugin; "unmaintained" and pretty invasive anyway
  • Robinson started on his own blog on rockchip: mysql dependency calculations hung indefinitely until USE -perl
  • How much time to schedule for Wordpress install? At least for one stage Robinson guessed 1.5h, I guessed 7, both ran way over
  • Upstream mysql site didn't appear to make historical versions available, likewise the Gentoo mirrors
    • I later find where they're hidden
  • MySQL build as far back as 5.5 requires CMake, which I dislike even more than autoconf and also lack a port.
  • What's the latest in mp-wp vpatches? billymg's cleanup
  • Decided to share Rockchip. How to configure Apache?
    • I don't like distributions' default apache configs, especially Gentoo's; wanted to write my own, enumerate goodness.
    • Robinson, sensibly enough, wanted to follow existing guides.
    • The dilemma of spending time untangling things up-front versus getting stuck with complexity later...
    • Gentoo has Apache 2.4; I don't like that they broke config compatibility. Can a config file be written to support both?
  • How to route requests without having to migrate existing stuff?
    • I don't much like subdomains without good reason; already have nginx gateway
    • So I can play around with my config without interfering by running a separate apache instance on an alternate port as my backend.
    • I observe the gentoo config is 1330 lines across 21 files, plus 181 lines of "init script"; replaced with 40 line config and no init script needed.
  • How to secure wp-admin? SSH in port forwarding or SOCKS proxy mode oughta work...
  • How to press keccak vpatches on rockchip?
    • Robinson works through GNAT based guides on amd64 and transfers resulting press
    • I apply the patches manually on server, but build my C Keccak util to have on hand
  • Are .htaccess files required / why? Existing guides assume their use, but I like to keep all Apache config together in the Apache config file.
  • How to configure mysql?
    • Passwords?
  • How to configure php.ini?
  • Rockchip Gentoo quirks: no syslog; ACCEPT_KEYWORDS="**"; editing manpath doesn't work
  • My parallel apache refuses to work; strace reveals gentoo has changed the documented behavior of how it finds config file
  • Was there a benefit to having a 'wpuser' unix account along with apache and one's normal user?
  • Apache 2.4 complains about NameVirtualHost directive, previously mandatory
  • Dependencies between Apache modules not well handled or documented; resulting errors confusing
  • What's the AUTH_KEY business in wp-config.php? Does the code at least use "good" PRNG?
  • "Famous five minute wordpress installation process" - didn't work
  • Found stray .orig file, turned out to be in genesis; found empty files, as I'd missed patch -E
  • Should the "post revisions" feature be enabled?
  • My ssh-based wp-admin begins to run afoul of Wordpress assumptions
    • plain HTTP proxy with port forward (rather than SOCKS) seems to help, but causes different trouble later
    • SOCKS works for Robinson, once source IP to allow is figured out, as he doesn't have the backend/frontend URL divergence
  • Working DNS needed on server to support pingbacks
  • JS needs to be allowed for some of the admin functionality
  • PHP warning spam, despite following existing suggestions for reducing it
  • Sidebar not shown on articles in the default theme
  • Contents of some external RSS feed got slurped up into the database
  • Suspicious "post via email" feature with no "off" switch
  • RSS feed XML syntax broken if extra newlines sneak into your wp-config.php or similar outside the ?php tags
  • New problem with gateway: wordpress uses the client IP address, e.g. for antispam
    • Apache has a mod_remoteip, but feels like piling on more complexity
  • Footnotes plugin once had an admin page, possibly unsecured, now absent
  • Footnotes entity escaping quirk
  • "In-band signalling" of the default footnote delimiters, and regex brokenness when trying to change
  • Yet another problem with gateway: pingbacks involve two-way verification where IPs must match
  • How to back up blog
  • What if anything to do about my existing VPS dependence
  • How to back up larger system? ...broached just before ISP went dark
  • Falling back to VPS then, but what?
  • mod_access_compat: not actually compatible!
  • Firefox SOCKS DNS checkbox doesn't actually work to disable

Chat logs.

April or May 2019:
jfw: back to priorities, I think WoT engagement should be seen as a business necessity on par with fiat incorporation
jfw: though it is also a personal priority
jfw: on my side that means: airgapping practice, MPWP setup or equivalent, then... using it

June 2019:
rmd: what's your priority after satisfied with ports?
jfw: maybe wordpress

jfw: sonnuvabitch... "This plugin was closed on June 29, 2019 and is no longer available for download."
jfw: tv raft I suppose. "Unmaintained -- doesn't work anymore (because we broke things)"
jfw: but still downloads, and looks like still in their svn.

jfw: []
jfw: allegedly mysql can use a different storage engine (MyISAM/InnoDB) per table, so the application has to specify, but wordpress doesn't, so the server default matters
jfw: or you get wonders like transaction that only transactionates halfway
jfw: though wp, natch, doesn't use transactions!
jfw: or presumably foreign key constraints...
jfw: this sqlite-integration 'plugin' seems pretty heavy-handed, 5600 lines of php at top level + 3300 in utilities/. Thinking I should stick to the beaten path of mysql for now; I'm still seeing wordpress as legacy code, on life support

2019-09-02 - My many priorities for the week included mysql port and mpwp.
jfw: well that's quite a pile huh.
rmd: yeah, just got to keep chewing.

2019-09-10 - Robinson working to apply the mp-wp guides on rockchip gentoo.
jfw: thinking apache and mysql version considerations would be a good starting question
jfw: existing guides I've seen are just 'emerge'
rmd: the flow of events that makes sense to me is: once key ready, transition signed, ask for up, register new key, link to transition note, share you have gcc4.7+busybox+musl that's e.g. running trb, but doesn't have ports for all mp-wp deps
rmd: canonical apache, mysql
rmd: could link to that and verify if that's what you ought to target.
rmd: communicate your deadline and get crackin.
rmd: << from today's log that has me more pushy than yest.
rmd: on my side, I have apache emerged and mysql through 6 out of 9 dependencies. lost over an hour because default mysql has perl USE and continually hung on calc dependencies step (longest I let it go for was ~28 mins (during our conversation above). once applied the -perl in package.use, calculated deps as ~normal.
rmd: not sure what that's all about.
jfw: "using portage" is what that's all about
jfw: but, good to have specific examples, unfortunately I haven't saved photographic examples of my frustrations over the years

rmd: <jfw> I guess the start times partially satisfy that << right, I was estimating with the start and end times of the block
jfw: ok so 1.5 hr for mp-wp install
jfw: obvs this discussion cut into that but imho my 7 hour estimate for that is moar realistic
rmd: it's both an estimate of how long it may take and how long I plan to spend on it during this block of time.

jfw: on mysql front, 5.5.x is oldest of the 5 branches still published by upstream, .62 is latest, .60 is what MP said 'known to work'; DC tried but it wouldn't build because portage (
jfw: I've grabbed .62 but .60 is gone from current mirrors

jfw: fuckers, 20MB tarball but changelog / release notes and docs not included
jfw: (working on mysql 5.5.62 for gport.)
jfw: (if someone coughs up a .60, would like to compare.)
jfw: so mysql is mix of C and C++, and appears to require cmake to build
jfw: uses yacc/bison, INPUT for which is 14302 lines
jfw: includes zlib and spencer regex, dunno if hacked up
jfw: big test suite, dunno if big == valuable tho
jfw: 9573 total files, buncha subdirs many with nested subdirs
jfw: boasts of being multi-threaded
jfw: jeez, bundles both gnu readline and libedit
jfw: 14MB of charset noise
jfw: and sure, what to me is noise to washitistani is ability to search / sort data in his local encoding. But even if you accepted this, a skim of the actual sources reveals much redundancy / auto-generated-and-threw-away-the-scaffolds
jfw: I suspect I will also need to port libxml2 and update php port to suck it in, given wordpress uses xmlrpc for pingback (iirc)
jfw: looks like mysql 5.5 came right after 5.1
jfw: (maybe there were dev branches)
jfw: 5.5.14 (grabbed from bbgentoo) did not yet have the docs unbundled but was already married to cmake; 5.1.70 still had an autoconf/make option
jfw: I dunno, could be just ignorance but I've really never liked cmake, even after trying to learn it for KDE development. I look at any cmake build system and all I see is BLAH BLAH (BLAHBLAH CMAKE_BLAH(BLAH) (BLAH)) BLAH BLAH
jfw: I suspect it's an attempt to "clean up autoconf" by hiding stuff, thus result is just as complex but harder to trace.
jfw: ./configure --help always works and is sometimes even helpful. CMake has no such thing but would you like a GUI??
jfw: top-level CMakeLists.txt line counts by version: 5.1.70: 315, 5.5.14: 389, 5.5.62: 569
jfw: I expect this somewhat estimates time required to replace with plain Makefile / config.h
jfw: one provisional takeaway from log digging was that needing both mysql and postgres is unfortunately the status quo and will remain for some time
jfw: so it seems to me this project is ballooning into a couple avenues of potential value: mysql port involving further archeology and build cleanup; postgres port, which itself may involve same; ironing out any MPWP/postgres interop problems that have crept in
jfw: but all this is more than I wanted to or can bite off Right Now, so contemplating more well-trodden routes...
jfw: hmm could revisit sqlite too, if in fact supported choice of mysql/pg, perhaps it's easier than they make you think.

I take Robinson up on his offer to share the Rockchip and work with whatever's found in Portage.

jfw: well I combed thewhet archive month-by-month and confirmed nothing new on mp-wp since March - the one linked from billymg.
jfw: Which appears to be the html comments fix.
jfw: Certainly underscores to *me* the crucial role of the blog as first-level index of useful information -- the dig woulda been orders of magnitute worse if it were 'search the log and wade through endless threads'

rmd: I'm thinking I should go for the multi website apache config from the start on this mp-wp setup. going to take more work, cause not documented, but should save you time.
jfw: what's "the multi website config" -- NameVirtualHost?
jfw: my approach to apache is to throw out whatever 'helpful' distro config and write httpd.conf from scratch
jfw: you don't need subdirs with included config snippets and all that jazz
rmd: yea, apache virtual host
jfw: prolly the way to go; I could make do with port-based virtual host for now as I'll be gatewaying it from existing nginx, but better for the long run
jfw: and no more difficult when SSL isn't involved
rmd: gatewaying from existing nginx ?
jfw: domain will stay where it is; that server will route a portion of its URL space to another server, aka acting as a reverse proxy or gateway.
jfw: unless I decide against the /fixpoint/ scheme, idk...
rmd: ok, not sure where to begin with that on my end since the examples I've seen thus far don't include that complexity.
rmd: I like the /fixpoint/ scheme fwiw
jfw: nothing special is needed on your end.
jfw: just assign me a portion of the virtual hostname / url space and I route to that.
rmd: ok, well I have enough learning to do to get my own blog standing in reasonable time. I think I'll continue following the various guides.
jfw: cool.
rmd: thanks.
jfw: , are canonical.
rmd: my instinct on the ssl side was to kill it, e.g. in the apache config. but then it occurred to me it might be "needed" for wp-admin...
jfw: can use ssh proxy for that :)
rmd: :) aite, so I'll remove from apache then.

rmd: so the mp-wp set up requires gnat on account of keccak, been working my way through the maze of guides
jfw: i dunno if this'd be a 'legal' shortcut but you could just apply the patches by hand... there's what, like 3 of them?
jfw: is there even a gnat on arm guide?
jfw: path as I understand it is Adacore 2016 (glibc x86_64) -> ave1 gnat (static musl x86_64) -> cross compile to whatever
jfw: and dunno if anyone's documented the third leg of that
jfw: aaaalso, original Stan doesn't verify hashes so won't care about hash algo
jfw: imho, 'eat the full tmsr stack before standing up blog' is false prerequisite for you here as 'build the perfect mysql' was for me
rmd: my 'shortcut' was install adacore x86_64 gnat on vm, use that to press the mp-wp tree. transfer the pressed tree to rk.
rmd: don't yet have adacore gnat installed there properly.
rmd: I have 4 patches on top of the genesis from billymg's guides.

rmd: for the ssh proxy to administer wordpress my thought is to run the proxy from the pizarro server. i.e. configure your host to proxy to the pizarro server, only permit the pizarro server's ip in the various .htaccess files.
jfw: [...] Little confused on the proxy point
jfw: idea is to only permit localhost
jfw: then ssh -D to piz host, configure browser with local SOCKS proxy, perhaps in a dedicated profile. Perhaps what you meant.
jfw: btw I don't know why they use .htaccess files, my understanding of their purpose is for poor man on shared web host to be able to override some aspects of apache config
rmd: thanks for clarifying, that's what I meant.
jfw: per-directory config can be done just fine in main httpd.conf, through stanzas
rmd: I bring up .htaccess because it was in the guides that I've been following.
jfw: understood that it's in the guides.
jfw: and if you do want to use htaccess you'll also need

jfw: oh we were discussing htaccess last night - that there was some wordpress-specific need for them. Does it write them dynamically or something??
jfw: 'pretty urls' are based on mod_rewrite afaik, which can be configured statically along with the rest of the apache stuff
jfw: though if "just following the guides exactly" actually works, I've no problem with it for now.
rmd: I'm not sure the details on htaccess. atm though I have my hands full following the guides since they're rather terse to begin with. I'm following them as close as possible, but I've not got it working yet.
jfw: any specific problem?
rmd: afaict i've followed the guides, but haven't got anything to load. after making request I went to look in the apache log, nothing there. ps reports apache isn't running so atm looking to see how to start it.
jfw: for gentoo, might need to futz with /etc/conf.d/apache2
jfw: and ofc, rc-update add apache2 default and start the init script
rmd: yeah, I never did that.
rmd: the rc-update part
jfw: hmm well that'd just affect boot-up. The apache error log is empty or just access?
rmd: yea, I never did rc-service apache start , did that now and have some progress.
rmd: let me investigate and report back. while I appreciate the support, I can learn and you can get back to your priorities.

rmd: got the wp installed and logged into the admin, w00t!
jfw: 'grats on wordpress, is mysql ready to go?
rmd: not sure if can correctly answer mysql ready to go, but "worx" so far. haven't exercised it much.
jfw: are you aware of mysql_secure_install and either done it or established not needed? what IP is it listening on? Is there user/password/grants for a user for use by wordpress? that'd be what I reckon as ready to go.
rmd: <jfw> are you aware of mysql_secure_install << wasn't aware.
rmd: what IP is it listening on? << bind_address to in /etc/mysql/my.conf
rmd: user/password/grants for a user for use by wordpress? << yeah set from mysql command line and then in wp-config.php
jfw: cool, and netstat -tnlp won't hurt to verify.
rmd: cool, netstat verifies, thanks for the link.

jfw: "<jfw> my approach to apache is to throw out whatever 'helpful' distro config and write httpd.conf from scratch" << I gather you didn't go that route, which means the apache config is spewed out across 21 files and 1330 lines
jfw: for what could probably be 20 lines.
jfw: (oh and 181 lines for the init script... solving all the hallucinated problems)
jfw: the stupid already shows in the very first non-comment config line, ServerRoot "/usr/lib64/apache2" -- redundant with daemon option hardcoded in init script
jfw: << the main config breakage I remembered about apache 2.4, but one can use mod_access_compat
jfw: ooh I see it in your package.use!
jfw: any particular reasoning behind APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D PHP -D LANGUAGE" (/etc/conf.d/apache2)?
jfw: these serve to enable various tentacles of the config
jfw: looking over php.ini too, one thing that might warrant enabling is session.cookie_httponly
jfw: not sure if the POST/upload size limits would affect e.g. wordpress image upload
jfw: and for disabling - expose_php (no reason to show "X-Powered-By: PHP/5.6.35-pl1-gentoo" to scanners)
jfw: "fopen wrappers" is also a retarded feature but not sure if wordpress requires, e.g. for trackbacks
jfw: to bed for now.
rmd: <jfw> for what could probably be 20 lines. << I don't doubt this may be the case, but as I stated earlier in the week, I decided to follow the various guides and had my hands/head full doing that.
rmd: what can be done in 20 lines requires not only substantial knowledge for running a webserver, but also skill in detangling gentoo's defaults.
rmd: <jfw> any particular reasoning behind APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D PHP -D LANGUAGE" (/etc/conf.d/apache2)? << I added -D PHP as directed by esthlos' guide. the others were there by default. I removed 2 ssl options from that line that were there by default.
jfw: Understood, and I don't mean to argue it was the wrong decision, but it does have its costs which I figure I ought to tally for future reference.
jfw: detangling gentooism is the skill that's now required to answer anything about the config
rmd: thanks, tally away and feel frree to exercise you wizardry in collapsing it down to 'fits in head'
rmd: would be yet another arrow in the fixedpoint quiver.

jfw: thinking I'll just do a daemontools-managed alt-Apache config on port 81, not interfere with the existing, and document in a recipe.
jfw: can then promote to port 80 if it works out.
rmd: sounds like a nice approach.
jfw: how do I go about adminning mysql -- is there a password for root?
rmd: there is.
jfw: my approach would be to put it in /root/.my.cnf
rmd: plain text ?
jfw: see start of /etc/mysql/my.cnf for reference
jfw: yes; since /root is mode 700, read access there == r/w access to mysql data anyway.
jfw: much like the bitcoind rpc password or ~/.Xauthority
rmd: ok, it's there.
jfw: fixed syntax, works now.
jfw: this also means mysqldump works without password, for cron job or whatev.
jfw: huh, there's no syslogd on here
jfw: and lotta noise in dmesg

jfw: fuckin' gentoo, editing manpath in /etc/man_db.conf doesn't work apparently because it's overridden by $MANPATH env var
jfw: terraforming proceeding well with daemontools and socklog. SSH auth logs now captured in /var/log/syslog/
jfw: and kernel in /var/log/klog/

jfw: Further example: the config line to load is indirected from httpd.conf to modules.d/70_mod_php.conf, and from there to /var/lib/eselect-php/mod_php.conf, and gated on that -DPHP setting in /etc/conf.d/apache2. Now: one line in main httpd.conf, delete or comment if you don't want.
jfw: One problem in current setup is there's neither vhost-specific access logs nor the vhost name included in the log format, so no way to distinguish which line is from which site
jfw: (I could override for mine, so not a real problem I guess, just pointing out)
jfw: ugh, stuck on "httpd (pid 6579) already running". Even explicitly using a different pid file.
jfw: I'm removing ACCEPT_KEYWORDS="**" from make.conf, was that there on purpose??
jfw: means for example it'll try to install un-keyworded dev versions of ebuilds, downloading from git etc
rmd: make.conf, was that there on purpose?? << not by me.
jfw: in further weird, that string "already running" is found nowhere in httpd source
jfw: got strace installed to check 'wtf', now wtf: it's loading /etc/apache2/httpd.conf rather than conf/httpd.conf relative to the given server root, contrary to docs
jfw: naturally a complete autoconf mess to see what or why.

jfw: Whew, basic apache finally up.
rmd: nice !
jfw: btw, tightening ownership of /www which was wpuser:wpuser
jfw: is wpuser even used for anything actually?
rmd: in wp-config.php
jfw: looks like just a mysql user, I mean the unix user
rmd: not sure, residual from following the guides. what'd you propose as alternative ?
jfw: well that depends on the purpose, which apparently we don't know
rmd: a non-privileged user that owns the wp install.
jfw: so far as I can tell the only thing that runs as that user is your shell when tweaking the php
jfw: I guess it's a marginal improvement over having them root-owned, less chance of accident while editing or whatever
jfw: will probably skip for mine tho

jfw: found another apache2.4ism: using VirtualHost where previously NameVirtualHost was required
jfw: "Apache was one of the first servers to support IP-based virtual hosts right out of the box." << BS... zero special support is required to do this, just run different processes bound to different IPs/ports (as I'm doing right now!)
jfw: "what do you have remaining in blog set up?" << vhost config, mp-wp press, whatever mod_php / mod_rewrite setup it needs, wp config

jfw: since I'm "enumerating goodness" on apache modules to load, I'm finding the dependencies between them are not well handled.
jfw: (or documented.)
jfw: e.g., so far had to add mod_dir, mod_authn_core and mod_authz_core, based on errors that don't at all point to the real problem
jfw: ok, got php handling, directory autoindex, and recognition of index.php as a dir index; set expose_php = Off and session.cookie_httponly = On in php.ini as mentioned.
jfw: (apparently that's a newer security feature, firefox 3 / ie7 era)
jfw: saw mysql still had the anonymous user and test database so I ran mysql_secure_installation.
jfw: at the stage of tryna grok what's in the sample .htaccess.
jfw: did you fill the AUTH_KEY stuff ('fill your own's in wp-config.php, not mentioned by esthlos?)
jfw: well the 'famous five minute wordpress installation process' is totally broken, unsurprise
jfw: didn't work with no wp-config.php; didn't work with the pressed wp-config.php (invalid table_prefix), but hey good thing we know how to unix; readme.html link broken; it didn't ask any useful questions really but demanded an email for unspecified reasons; magically generated an admin password (I wonder if it even used urandom or just did some awful self-delusion...); then on the login page, made
jfw: blog title a link to, and automagically decided its base URL is [...] (which is how the gateway is referring to it based on its own hosts file); and top-level now just redirects to "Already installed".
jfw: so good thing we know how to SQL too. update options set option_value='http://actual-url/' where option_name in ('siteurl', 'home'); clears up the url problem
jfw: rmd: I have ssh-based wp-admin working, using -L (local port forwarding) though rather than -D because in theory it requires less browser futzing
jfw: grr, the mp-wp genesis includes a mp-wp/wp-comments-post.php.orig, here I was thinking I'd screwed up the press by invoking patch wrong or something
jfw: [...] Doesn't look to me like it leaks anything sensitive, but this sorta thing easily can if you're not careful.
jfw: I did however screw up the press by omitting -E from patch options (and looks like omits this too), so the 'weight loss' patch results in a bunch of zero-length files rather than deleting.
jfw: easy fix without re-pressing: find . -size 0 -exec rm {} +
jfw: heard any gossip on the 'post revisions' feature? apparently it's enabled by default but disabled in the genesis wp-config.php

rmd: <jfw> did you fill the AUTH_KEY stuff ('fill your own's in wp-config.php, << i didn't. did you find out what it was about ?
jfw: not really, though maybe it generates one in the database if you don't specify, and there's indeed a retarded RNG in wp-includes/pluggable.php but also something with urandom in wp-includes/pluggable.php
rmd: <jfw> so good thing we know how to SQL too. update options set option_value='http://actual-url/' where option_name in ('siteurl', 'home'); clears up the url problem << my inference is I'll need to do this as well.
jfw: the automagic probably worked for you if you didn't go off the beaten path, e.g. did the install using url
jfw: pretty obvious when it's wrong, admin login is broken
rmd: ok, I stayed on the beaten path with the install.php
jfw: ugh, use_smilies option defaults to 1, "Convert emoticons like :-) and :P to graphics when displayed"
jfw: I think we'll need local DNS after all for pingbacks

jfw: djbdns deployed.
rmd: nice.
rmd: mind sharing the ssh syntax you're using for the ssh-based wp-admin with -L ?
rmd: my reading comprehension of the man page has been insufficient
rmd: making progress.
rmd: I have : ssh -L *:1080: [piz login]
jfw: yep, shouldn't need the * if ssh client is on same box as browser tho
rmd: running ssh in -vvv shows the requests are being sent. by browser says the proxy server is refusing connections.
jfw: (I have a feeling this method will run afoul of the site url issue from a different angle though, will soon see)
jfw: you don't use a proxy this way but connect to localhost:1080

jfw: sigh, indeed does not work (leaks password even) because the login POSTs to absolute URL based on the configuration.
jfw: guess I'll try the -D (socks proxy).
jfw: ...which won't work for me because is not the local server.
jfw: well, I guess I gotta tell it that it is.
rmd: I got the login page to load, without css apparently. but the username/password that were issued aren't working.
rmd: so I should also go for the -D ?
jfw: yes that's the symptom, css link and form action point to normal url
jfw: I would think -D should work for you

rmd: ok, I got the -D working and connected, and see in the apache access_log it's trying to connect from [piz ip] rather than local host.
rmd: so going to change .htaccess to piz ip rather than
jfw: works
rmd: now in!
jfw: seems like firefox is resolving dns locally, so hosts-file on remote end does me no good :(
jfw: really what I seem to need is a different base URL for wp-admin
jfw: but I'm so over time budget here :(
jfw: one cut would be to drop the gateway and make it as piz ip
jfw: seems like a 'run moar usg.dns' tho
jfw: Ha! Using a plain HTTP (not SOCKS) proxy with ssh -L does the trick
jfw: and that's because from client's POV an HTTP proxy ain't any different from a normal server - just that it sends all requests there instead of to the dns-resolved hosts.
jfw: i.e. lets the remote host resolve the url as it sees fit, so for example external sites won't work in this config because the remote apache doesn't serve them -- an actual proxy server (such as the ssh socks) required for that
rmd: so you're into your admin ?
jfw: yep. Gonna make a browser profile to use the proxy / allow js

jfw: I'm now banging head on why it's STILL trying to redirect based on the host given by the gateway, not on the admin but on the main blog
jfw: fixed on the nginx side.
jfw: (i.e. configured it to use as the host header despite a different server name in the target url, pretty cool.)
rmd: hey hey, nice !
rmd: I think I got the permalinks working, needed to enable js for wp-admin in browser
jfw: yes it did look pretty js-heavy
jfw: there's a whole minified jquery open sore in the genesis
jfw: re WP writing .htaccess dynamically, indeed it does try, but if it can't (as in our setup, since the apache user can't write to the php code, as it should be) then it'll show sample lines to paste.
jfw: Which can be inserted, THINKINGLY, into a <Directory> stanza in httpd.conf.

jfw: yay permalinks workin'.
jfw: tons of php warning spam (mktime) in error log
jfw: also hitting the issue that the sidebar, once configured, only shows on homepage, not article. Forget where I saw it mentioned, iirc MP said 'yeah you gotta do some css hacking'
rmd: has a php warning silencer
jfw: well, error_reporting is already at the suggested 'production' value which ought to supress E_STRICT (coding standard warnings)
jfw: the most verbose date ones were an easy fix, just date.timezone = UTC in php.ini
jfw: ffs, wordpress itself overrides the error_reporting setting in various places...
jfw: tried her settings for the sake of trying, doesn't help with the 'strict standards' warnings
jfw: Your RSS feeds still throwing XML errors, mine seem to work, didn't have to do anything special
jfw: Yuck, it seems to have gone and imported the contents of some rando RSS feed... into the *options* table
jfw: next, I gotta wonder whether it's trying to connect to '' for this 'Post via e-mail' feature that doesn't have a disable switch
rmd: first hint on the rss error is rogue whitespace, haven't tracked down yet
jfw: ah possibly one of yer php files got extra emacstastic newlines after the ?> close tag ?
jfw: one hitch with the ssh -L as http proxy setup, the pages outside of admin don't work, all 404 (but through the php!!)
jfw: dumb, but can view stuff from other browser.
jfw: gah, completely breaks previewing though.
rmd: I've not turned one up and didn't use emacs at all. I pressed from a different dir then copied to install and diff -ur a b | cat -A didn't turn up the rogue whitespace.
jfw: heh, didn't know about cat -A
jfw: I'll take a peek at your code...
jfw: error_reporting(E_ALL & ~E_NOTICE & ~E_USER_NOTICE & ~E_STRICT); << where'dya get that? (in wp-config.php) It's exactly what I derived for error suppression but didn't see in known guides
jfw: oh hey and you apparently figured out the mysql unix socket syntax too
rmd: I took a peek at yours...
jfw: oh, hehe.
jfw: not seeing anything obvious with the feeds -- pretty sure it's that leading newline but dunno where coming from. And tracing the code is total spaghetti
rmd: thanks for looking
jfw: huh, comments feed looks OK but not posts -- I swear it was also broken before
rmd: clear your browser cache.
rmd: and the entries rss works
jfw: huh, I had tried a reload, shift-ctrl-r did it, wtf.
jfw: it's probably using http cache headers to complicate browser behavior.
jfw: what was the trick?
rmd: i'm not exactly sure because i tried various changes without clearing the cache, but I did remove a trailing whitespace in wp-config.php as a first step..
jfw: ah that's it then.
rmd: 'it always takes longer than you think'

rmd: what's the status on your side ? looks like it's coming along.
jfw: drinking from firehose, but starting to know my way around
jfw: one new worry re the gateway, is for comment antispam - wordpress shows the poster IP in the dashboard, but they'll all show the same, that is, the gateway IP rather than the originator
jfw: the gateway can add some kinda header like X-Forwarded-For: ip, then there's an apache module that can make it interpret this as the 'real' remote IP for a given trusted proxy IP, but I dunno, lot of stuff to go wrong
jfw: really making me lean toward It's a 'heavy' app, really wants to own the domain
jfw: is 'parked' sadly
jfw: "next, I gotta wonder whether it's trying to connect to '' for this 'Post via e-mail' feature" << looks like not normally but will if you load wp-mail.php which is completely exposed
jfw: Deleting that and wp-includes/class-pop3.php, stolen from squirrelmail and only used by wp-mail
jfw: i bet there's more suprises lurking in that vein

jfw: I've tweaked the PHP to make sidebar show on post pages and maybe a couple other trivia
jfw: discovered why the admin options for the footnotes plugin are broken: the orig plugin had an 'options.php' alongside the 'footnotes.php' that hanbot didn't capture
jfw: possibly deliberate, based on commented-out POST handling code in footnotes.php
jfw: (which appears not to check admin privileges!)
jfw: (a casualty of the phpist conflation of coadlibs with directly loadable pages, it would seem.)

2019-10-05 - I compared the footnotes plugin code with subsequent upstream changes, which turned up a mistake in entity escaping, which MP-WP fixed and upstream later maybe-fixed in a more convoluted and fragile way. In exploring the problem I wasn't initially convinced that the MP-WP fix was sufficient, and was attempting to simplify the upstream one.

jfw: gah, the footnote entity escaping simplification doesn't work on web as it did on php CLI, fucking pile of swamp chairs.
jfw: specifically see what happened to the & in the footnote tooltip on my current Hello World. But at least the quote escaping is OK so I'll live with it for now.
jfw: oh I see what's happening.
jfw: [...] the original footnotes.php was correct. I'll just change mine to use &quot; instead of ` for "
jfw: and by "original was correct" I mean the version from hanbot, not the original author whose broken version is seen in the comment.
jfw: &quot; instead of ` for " << worx!
jfw: yet another worry about footnotes is the simple (( )) parsing is gonna wreak havoc on Lisp code.
jfw: now tried changing the open/close markers to <fn> and </fn>, as would be logical given that tags are THE means of out-of-band signalling in html, but dun work :(
jfw: omfg, the post editor doesn't encode entities in the underlying text!
jfw: e.g. use the editor to put &lt;/textarea&gt; in the post; save/publish; this then becomes </textarea> in the source and anything after 'leaks'
jfw: er, missed a step there - it becomes </textarea> in the browser display, which if saved again, goes into the source.
jfw: possible this is fallout of the weightloss patch since it ripped out the wysiwyg editor
jfw: Whew, cracked all of the above, I think. The problem with <fn> stems from the spurious complexity of 'Perl Compatible Regex' -- it demands 'delimiter' character like / even though it's already taking php's quote-delimited strings, but its preg_quote function doesn't quote the delimiter. Ripped out the whole spurious layer of indirection of the WP_FOOTNOTES_OPEN/CLOSE variables.

jfw: Note that my patch above kills the JS selectatron, on the theory that it's better to get some flak up front for 'no selection' with a reasonable path to adding it, than accumulate backlinks with JS-based selection and be painted into a corner of either breaking them or maintaining the feature.
jfw: 'it never pays to play along with empire' as MP lamented, of being in the latter situation

(Not being at all comfortable with this theory, I worked out the server-side selection soon after.)

jfw: fyi, I'm rebuilding apache2 with apache2_modules_remoteip enabled, for getting client IPs from the gateway.
jfw: client IP passthrough now working.
jfw: :D :D
rmd: hey hey lbj !! reading now.
jfw: idk if pingbacks are working, probably not because basically nothing on this blog worked until vigorous prodding.
rmd: [...] As you said in the piece, "ice is broken" and situation as is is accepted, time to move forward. on the ping back front, have you considered ?
jfw: ah fuck, "the blog's own IP" is a thing? I was afraid of something like that but unsure exactly why.

jfw: "bash one-liner" to back up all of blog, besides server config:
jfw: ssh [host] 'printf "dumping... " >&2; mysqldump fixpoint | gzip' >$HOME/backup/fixpoint-`date +%Y%m%d`.sql.gz
jfw: echo done
jfw: rsync -av --delete-after [host]:fixpoint/ $HOME/backup/fixpoint/
jfw: (the echoism is cuz ssh handshake is so slow, but the actual transfer could also get slow, I like to see what stage it's at)
jfw: reason for rsync is the blog directory could get Big, with photo uploads and such

jfw: well, on the pingbacks, maybe means it's time I moved all my cloudstuff to the RK already. 'But muh VPS is reliable!' - only so long as I don't do anything sufficiently interesting with it
jfw: another idea was hooking up business fiber here and running a home server.
jfw: with 'interfast', $90/mo gets you 10mbit or some shit; residential class way higher capacity but I dun wanna know how they hobble it
jfw: one worry is if I travel, something's gonna fall over guaranteed, UPS or no...
jfw: but maybe that's neurotic of me - building has backup generator and all, power or net have never had extended failure yet in my tenure
jfw: re "you're supposed to see and know why it is your pingbacks don't make it", I haven't found anything in the UI about pingback status
jfw: for all I'd know it hasn't even tried

jfw: We should coordinate on the system-level backups of the rockchip. I propose integrating it into my weekly tar backups, but with exclusions for /home, /www and /var/lib/mysql which are to be individual responsibility. But for example config files, built packages and apache logs would be captured hereby.
jfw: mysql I believe is not safe for file-level hot backup; need to use mysqldump on each desired database. Ideally I'd like to set up some kinda live replication; I can run my backup script after posting but there'd still be a window for loss of comments.

jfw: holy shit 71.9h week, 27h of blog setup tarpit, no wonder I'm struggling for air

The Pizmess happens.

jfw: One thought re blog was to use the VPSjacking recipe to do a Cuntoo install
jfw: but this means waiting on trinque to get his stuff back up, unless you have the 800MB tarball.
jfw: so I found where mysql well-hid their historical archives,

At this point I'm willing to eat just about anything in terms of infrastructure to get back online without excessive fuss. Unfortunately the Rockchip Gentoo setup would be hard to reproduce: Gentoo installations done by different people never come out quite the same, especially if done at different times; we didn't manage to get that system-level backup done; and even if we had, where to find an aarch64 machine ready to receive it? Happily I find my existing VPS provider has a CentOS 6 image available, which I know well enough as the last stable version predating the "systemd" heresy. I return Robinson's hosting favor by folding his as-yet virgin blog into my efforts.

jfw: oh, I made your account on the new blog VPS: [...]@[...] /, port [...], fingerprint SHA256:[...]. Should have your authorized key all set.
jfw: no database, apache or wordpress futzing done yet though.
jfw: Learned from my last mistake and got backups of root FS and my whole homedir (not just live blog) squared away. You'll need to take care of your own homedir and db dumps.
rmd: thank you.

jfw: I set up your db, my.cnf, wordpress vpress, and wp-config.php
jfw: so you should be able now to update local /etc/hosts, ssh -D / socks proxy, and get to the installer.
jfw: From there you'll want to at least: set admin fullname and password; activate wp-footnotes plugin; don't convert emoticons (under Writing); don't break comments into pages / don't email me (under Discussion)
jfw: Since I'm not using suphp or whatever shared hosting isolation, the wp-config.php's need to be readable by both our users and apache, which practically means others-readable, thus db passwords are visible to local users. Needless to say, one shouldn't touch others' databases without asking.

jfw: (you'd instead restore db via 'mysql dorionmode < dump.sql' if you had dump)
rmd: ok thanks.

jfw: In the firefox network settings check that "Proxy DNS when using SOCKS v5" is not checked
jfw: I could add to server hosts file, but better not to rely on that right?
jfw: also good to update your DNS sooner rather than later as it usually takes time to propagate.
rmd: mind trying adding dorion-mode to /etc/hosts
rmd: yeah, yeah I shoulda done that a while ago.
jfw: but also good now to make sure hosts files are working.
rmd: "Remote DNS" is unchecked in the Network -> Settings
rmd: "Proxy DNS when using SOCKS v5" << I don't see that verbatim
rmd: Advanced -> Network -> Settings
jfw: probably just diff ffx version wank there
rmd: sure, but rather be explicit
jfw: yeah and good to point out, possibly they changed the functioning too
jfw: added to hosts file
rmd: ta-da !
rmd: so that ff option didn't work
rmd: unchecked, but was still using remote
jfw: at least not as expected yeah, possibly mine only worked via dns
rmd: heh.
rmd: thank you!
jfw: yw and plz speak up if further trouble.
rmd: will do.
jfw: I wonder how that 'remote DNS' works, sshd includes dns resolver?!
jfw: apparently so, well presumably the libc resolver; documented in sshd(8) for other purposes but not the proxy

rmd: [...] you know how to make a new line in a footnote ?
jfw: should be able to <br /> or <p> like anywhere I'd assume

rmd: did you modify your sidebar via the admin -> appearance -> editor -> sidebar.php ?
jfw: re sidebar: it's actually widgetized; there's a whole schmancy Appearance -> Widgets.

A sidetrack, recorded in my notes to self, as mentioned.

  • One thing that's tossing me around here is the number of old, possibly foolish decisions this story seems to import.
  • Why did I need x, y and z ported? Because I wanted to strengthen my distro.
  • Why my own distro? Wanted to be rid of headaches of others configuring my system with stuff I don't need, plus bootstrapping "problem of trust".
  • Why needing Apache/mysql ported? Because I chose nginx/sqlite on first pass.
  • sqlite at least made sense, for python module, as I was using it myself.
  • nginx - initially for the sake of trying new things, since I considered Apache 2.4 a "new thing" anyway; missed that "apache is a selected, not designed, item"
  • Why needing php port fixed? Because I built php a while back without a specific necessity to guide it, that I can recall.
  • So, the explosion of priors. The would-be rabbit-hole of links among the articles I haven't been writing all this time.

Initial outline, constructed from memory prior to log dig.

- Feasible to run on my own distro?
  - httpd
    - nginx/php - done, but not mainstream mp-wp
    - apache - no port or recipe
  - db
    - checked sqlite-integration plugin - abandoned but found in trac; way too invasive
    - found that it might work with postgres; no port, but recipe, and personal preference
    - perhaps could work fine with sqlite too
    - mysql - the mainstream option but no port or recipe handy. Decided to make one.
      - so which version? latest - ugh, prominently featured bloat
      - found DC's post; didn't find the tarballs in question from upstream or gentoo mirrors
        - later found upstream's archive
  - php - had port (hm, why'd I originally port this?), probably missing at least xml and fopenwrappers crap
- Robinson offered Rockchip gentoo
  - sounded perfect
    - actually-private infra
    - could defer ideal builds for now
    - could just gateway from existing frontend
  - Robinson already had basic blog setup from following guides (esthlos, ?)
    - missed mysql_secure_installation, .my.cnf password, backup strategy
    - hadn't figured out restricting admin access
  - I tended toward writing fresh Apache config, reinforced upon beholding the rat's nest of gentooism "making it easy"
    - especially because apache 2.4
      - found mod_access_compat - cool so I don't have to use the new style stuff and can have a backward-compat config, right??
  - to avoid stepping on toes, I'd write new config, with Apache standard paths, on alternate port taking advantage of gateway, as daemontools service
    - man page lied about httpd.conf default path
    - needs SIGUSR1 rather than SIGHUP for graceful restart
    - 'enumerating goodness' on DSOs gave some rather strange errors
  - gateway woes
    - WP stupid assumptions: put SITEURL in config
    - source IP for logs/spam checks: found mod_remoteip
    - admin proxy woes
    - admin previews broken
- pizmess: fuck it, centos6 VPS
  - purging cloud crud, installing essentials
    - static yum mirror
  - apache 2.2 goodness
    - ugh, the 'compat' module reversed default allow/deny order, my config is all backwards nao.
    - DSO list changed, but to be expected
    - no mod_remoteip! some 'backports' on shithub; one - dysfunctional; both - lengthy
  - fuck it, no gateway
    - socks5 proxy works - but 'remote dns' checkbox defective in ffx, always remote?


Planned articles as of October 2019

Filed under: Ego, Software — Jacob Welsh @ 00:00

Now that I'm finally off the fence about applying (and yes, that's a relief), my work remains cut out for me in communicating who I am, which means, in large part, what I've done with myself. Having established what I stupidly chose not to do,(i) it's time to have a look at the other side of this coin. I'd better plan it, or it won't happen.

Exact publication sequence and schedule remain to be determined: not that I think this is unimportant, but further work is required in order to make promises I can keep here.

The technical

This is not intended to include every scribbling of code found on my shelves, nor items I haven't yet decided to release for public consumption.

The initial articles in this series will aim to present high-level summaries of the items as they exist currently, with draft sources attached lest I be hit by the proverbial falling piano. In time I certainly wish to move toward full source annotation and signed vpatches.

  • MP-WP patches: some smallish cleanups, fixes and additions currently running on this blog. (For a sneak preview, see the live V manifest).
  • MP-WP Q&A: lessons learned from my deployment efforts.
  • keksum: the Keccak hash function implemented in C as a standalone Unix utility.
  • Gales Linux: a cross-bootstrapped, do-it-yourself, fully-static, discriminatory Linux/musl/BusyBox distribution. Includes base configuration files and scripts, a documented build process, and a simple package system with small but practical ports collection.
    • Gales Linux patches: I produced a number of patches to both base components and ports; many are self-explanatory but some will warrant discussion.
    • gksh, the Gales Public Domain Korn Shell. After trying a number of "easier" options, I identified OpenBSD's pdksh fork as the most promising target for terraforming, read a portion of the code, ported it back to Linux, and made a series of cleanups and fixes they'd been neglecting.
    • musl libc research: a summary of mailing list activity from March - May 2016, then zooming out to a list of major changes in subsequent releases, 1.1.15 - 1.1.21.
  • The Real Bitcoin patches: a getrawtransaction implementation, and a much-simplified rewrite of the Makefiles for building on Gales.
  • TRB Q&A: data collected and lessons learned from my efforts in TRB building, configuration, sync, tuning and operation.
  • Gales Scheme: an anti-Thompsonistic, almost-R5RS-plus-extensions Scheme system for Unix, striving for simplicity, soundness, minimal artificial restrictions, and strict error checking.
  • Scheme library: R5RS is a famously lightweight language spec, which is partly why I like it but has the downside that various modern-day essentials need to be reinvented in order to get anything practical done.
    • pkg.scm, a basic package import/export mechanism.
    • critbit.scm, an implementation of djb's "crit-bit tree" data structure.
    • hashes.scm, an (IMHO) elegant albeit slow implementation of RIPEMD160, SHA1, SHA256, SHA512 and HMAC algorithms.
    • bit-ops.scm, the rather less elegant support code for bitwise operations in a specified width.
    • http.scm, an HTTP/1.0 client.
    • json.scm: JSON encoding, decoding and traversal.
  • Scheme integration: in order to ensure correctness, memory safety and some degree of portability in the core interpreter (which is currently written in C but wants to grow up into self-generated assembly, or possibly Ada, or silicon), inter-process communication via piped subprocess or socket has been my strategy for foreign codebase interfacing.
    • rsqlite, an RPC server interface for SQLite.
    • tlsproxy, an OpenSSL-based TLS client bridge, authenticating the server by explicit RSA public key.
    • wsproxy, a WebSocket client bridge, implementing the protocol's requisite bit-fiddling in C to provide a simplified protocol for high-level language clients.
  • Gales Bitcoin Wallet, an as-yet incomplete attempt at the old wallet air-gapping problem. Progress to date and remaining challenges will be addressed. I'm presently on the hook for getting this to some degree of usefulness by close of 2019.
  • yrc, a VT100 IRC client in Python 2.
  • StatMaps, a no-JS OpenStreetMap tile browser, partly as an exercise in server-side web programming in Scheme.

The not-strictly-technical(ii)

  • How I spend my time these days.
  • History. I'm not sure what I'll write here, but something to do with my value structure, where I came from and how I got to where I am would seem to be in order.

And that should about cover it for now!

  1. As the song goes, "If you choose not to decide, you still have made a choice." [^]
  2. I was going to write "the personal", but it's not like the tech isn't a part of me too. [^]


On Submission, Guiding Perceptions, Vulnerability, Liberty, Socialism and Emacs

Filed under: Ego, Philosophia, Politikos, Software — Jacob Welsh @ 05:14

No, I'm afraid it's not a grand thesis uniting all of the above. Wouldn't that be something, though!

2019-10-10 14:38 UTC

shrysr: Hey there! Wanted to connect and say hi... your website looks cool :)
jfw: Hey, thanks. Some homespun html/css. The content is certainly aging though, I've got my blogging work cut out for me!

jfw: Your struggle is an inspiration. To think, just 3 months ago you had minimal idea about WoT and thought Cloudflare and HTTPS were things...
jfw: I do hope you'll make the time and commitment to keep at it; with diana_coman's guidance I expect you can go far.
jfw: Feel free to ask me questions on -- though surely there are others better qualified, still I've studied and hacked on it a bit.

jfw: For my part, I think I'm still hung up on the 'full submission to master' thing, even as I'm increasingly seeing the value/need - like, I'm necessarily blind to or unable to fix my own stupidities, otherwise I'd have fixed 'em already
jfw: If you have links from the July-September log on the topic, I'd appreciate.

shrysr: glad to hear from you. hmm.. tbh - i think the key is simply reducing friction. Emacs and org mode did that for me some years ago. i've essentially been writing easily 1000+ words a day but publishing almost nothing. even now - tbh - i think publishing intimate details for the wide world to know is a risk... particularly in an age where employers and etc look you up online. It's true to say non-tmsr perception is
shrysr: their problem and the truth is important - absolutely... but the fact is also that unless you are being paid by tmsr - its important to guide the perceptions of the outside world abt you for your own purpose. fwiw : i think if you observe very closely - this is practised by the so called lords themselves in #t. You can diss the non-tmsr world till you choke... but cannot live aloof from it.. nations trade with
shrysr: each other and make compromises every day... its really a dynamic balance imho.

shrysr: re: submission - What I would profer as advice is that...... it is totally worth taking your time and assessing very deeply. I will be honest in stating that I joined #o - to do projects... under guidance. I had no idea abt tmsr/diana etc at all. i.e I kindda went there to submit, without thinking much at all... i'm naive that way and instead put in safe guards in the background to protect maself. It's not
shrysr: efficient... but it helps me.. not become terribly biased and blind. imho ---- the logs provide explicit evidence of both good, bad, inconsistent things from everybody, lord /master /page-boi. Lets say you are blind to your stupidity - how will I (external person) know? --- when you communicate. As you continue to communicate - you'll see it takes time and energy, and beyond this... no amount of words... fully
shrysr: describe anything! it takes even more to find the right words. Lets say you pour out words that dont indicate your stupidity - then I being.. master or whatever crap am still inclined to say something.. being human - i'm not immune to My Own ego, faults and world view.... i gotta guide you ...somehow or what guide am i? But that guidance is based the words that come out from you +++ my understanding of
shrysr: those words. Now it gets murky if I have an underlying.. somewhat hidden motive of 'making you better, but also useful to me/the cause/ w/e', and if I am employed by somebody whose wordz I gotta listen to. .............>>>> what I'm trying to say is that.... guidance is there, but imho - many other things too, and you gotta be..clear abt what You want... and what you Don't want.
shrysr: sorry if i overstepped... it was with the intention to help. You prolly kno a lot more than me abt all this. I'm not bereft of stupidity myself - but I guess the above is not irrational. and they are based on... the logs. I guess i'm just saying that...stupidity set aside, not knowing your goals and needs... and submitting can easily mean you are catering to goals and needs enforced by another who does not truly
shrysr: know you.

shrysr: Re: V >> sure. as of now, i will be coming back to V and etc in christmas... I gotta learn some stuff to bridge the gap in my skills... for next job :) so sure.. will bombard you with questions then, dont worry :)

jfw: hmm, this strikes me as something of a jumble of halfway-developed thoughts; kind of a conversation with yourself rather than an attempt to communicate clearly with me. Not overstepping so much as stepping every which way, if that makes sense. I'd guess it comes from all that practice with writing kilowordz into journal and minimal outside feedback. Or perhaps feedback from people who are more
jfw: concerned about guiding your perception of them than about honesty!

jfw: I don't know that you need to be hard on yourself for not deciding things clearly upfront - what basis would you have had to decide?
jfw: For me and others who already had some clue of what's what, she put it more bluntly, e.g. with the Pageboy's Pledge.

jfw: One problem with trying to hide things about yourself, is that you end up surrounded by people who you need to hide things about yourself around.
jfw: As far as worrying about what employers think, on the one hand, you might be overestimating how much 'outsiders' will actually read. (asciilifeform said something to this effect, I couldn't find it just now.) If they have 'allergic reactions' to some bad words they stumbled on, there's usually a ready counterpoint. E.g., "these people call themselves terrorists!" - well there's a qntra where
jfw: terrorist action by the USG is documented in gorey detail.
jfw: And if they don't see reason... where exactly is the loss in not being allowed to submit to an unreasonable boss?
jfw: And on the other hand, the strategy is to become skilled / valuable enough that they're just not gonna care. Businesses really can't afford not to hire good people, just as you can't live without engaging them.(i)

jfw: As far as catering to goals/needs of others, I tend to believe that diana_coman really does mean "what you need, whether you see it or not". Sure, she's taking on noobs because she needs help in the long run, but the thing about TMSR is that - if you can bring yourself up to be good enough here, odds are you won't want to do anything else, any more than strictly necessary

shrysr: You can be surrounded by anything and still be whatever you wanna be if you know what that is. You can be 200% honest in a public chan while saying its important to choose who you are vulnerable to. Not all external feedback is worth listening to or even relevant. You identify your Own stupidity and while 'guidance' is great - its not an infallible 'god' who is providing the guidance. Re: overestimating - thats
shrysr: strange. How exactly can you predict somebody stumbling onto something or not? Why do people and businesses have to 'market' things, why is one tennet of the defunct pizarro 'social engineering'? It is to Guide perception. You can see evidence of that in the way the ISP negotiation is going on. THe point the matter is - one has to submit to a boss by definition and if you want to have your own way - you
shrysr: manipulate the situation/boss/whatever. Its not just 'technical skill', tis also about navigating the politics of a workplace.

jfw: "important to choose who you are vulnerable to. Not all external feedback is worth listening to" - certainly.
jfw: "How exactly can you predict somebody stumbling onto something or not?" - you cannot, nor what their reaction will be; kinda why "acting towards purposes" is a problem in general, as I understand it. (, which I'm due for a reread)(ii)
jfw: re 'social engineering', you could read about MPOE-PR for the canonical example.
jfw: e.g.

jfw: (mind if I publish the conversation at some point, btw?)
shrysr: nope i consider this convo personal. i liked your website and wanted to talk to you and know your thinking, and fwiw: all of this will anyway come out as long as I am in #o... as i have said - there are good points and bad, and I won't be leaving good things when i find em :)

shrysr: causes and purposes! nice point to bring up my man. the point is simple - if there is nothing for unwanted dicks to read about me - there is nothing to worry about.. there is No purpose. ... i'ma read the strategic superiority thing later - but you seem to not see - social engg by definition is dress up marketing. Ask any company - they will tell you they are being absolutely honest. You can even read abt this in
shrysr: the logs. You can call my thoughts half baked and stepping everywhere... but you can't evaluate anything without stepping everywhere and in fact you will see the same kind of thinking in the logs as well! Those are the 'good points' i was talking about.

jfw: re the first - cool, and perhaps in time we discover merit in the "bad points" too. To be clear, that's a "nope I don't mind" right? (Keeping things private is something of a cost, thus one isn't really entitled to expect it from others without cause; I just figure it's best to be explicit.)
shrysr: what exactly is that cost?
jfw: well for example, IRC is unencrypted, and let's say my client logs to an unencrypted disk. Am I now responsible for properly incinerating the disk before disposal? And what if it's in The Cloud? I gotta run a separate client now? Keep backups in a vault instead of on the desk? And on the other side there's a loss of benefit: it takes me however long it takes me to write here, on topics that will
jfw: surely come up again in some other context. I then have to repeat myself rather than just linking. Some stuff I said here would certainly be of interest to others interested in what I'm thinking - so now I gotta write a separate article to fill them in? And fwiw, I don't see anything "incriminating" that you've said here - as you say, it'll come up eventually
jfw: (and as usual, it's on trilema: )
shrysr: lol. No - i do not mind actually. ima already writing abt it maself anyway. and no therez nothing incriminating at all. and rofl : in case you Have read the logs - i've already admitted to a lotta things.
jfw: cool.

shrysr: btw: if its important to choose who you are vulnerable to - how does a public chan apply ?
shrysr: I can read MPOE-PR and all that - but i would rather observe at exactly whats actually happening.
jfw: It's more a matter of who you listen to & spend time on than who can read about it from the sidelines, I reckon. Like a blog: anyone can read, but only the owner can write.
jfw: And if any random passerby can write - that's a "vulnerability"!

shrysr: who you listen to and spend time on is certainly important. However, i think it is also ignorant to think that that public perception can have no detrimental impact whatsoever, or that it cannot be used against you if somebody wants to.
shrysr: btw the clock app on your site is nice. but org mode + ledger is prolly better :P
shrysr: okz. i better get to bed. ttyl. been wanting to connect since awhile.. nice talking to ya.
jfw: lolz, I don't believe I said "no detrimental impact whatsoever". There's costs and benefits; all I mean is you may be overestimating the costs, or underestimating the benefits, and sure, what the hell would I know. The fact that you need to breathe can be used against you too.
jfw: alright, later, and thanks for the chat.
jfw: I've improved the clock program btw, been stagnating on my todo list to clean up & publish. And yeah, I'm sure emacs is fine, I'm just not into the lifestyle.
jfw: heh, and it occurs to me I'm also arguing with my own reclusive/secretive tendencies here, and will likely have to continue doing so for a while.

shrysr: i'm curious to kno - how long you been following trilema, and whether you read books or w/e outside the logs?
shrysr: n whaddya mean by emacs lifestyle ?
jfw: Been lurking off and on since maybe 2015. In hindsight, I had the notion that I could apply the parts I liked or were convenient to me and ignore the rest -- this dissonance that TMSR was a buncha madmen that just magically happened to be saying smarter things about Bitcoin and computing than anyone else I'd come across. I wouldn't recommend this!
jfw: Not to say you can't take your time and think things through / ask questions.
jfw: Paper books I haven't been reading much these days; in theory I'm working on Don Quijote for learning Spanish, The Black Swan by Taleb, John Hull on options / derivatives, and Peter Drucker on management.(iii) In practice I haven't been putting in much time.

jfw: Emacs - it's a large program with 'ecosystem' of packages, wants you to make a large investment on learning and tweaking to your tastes and then use it for everything, as opposed to 'doing one thing well' 'Unix way'. It really wants to be its own operating system, indeed it was born as a component of Lisp environments as I understand.
jfw: I've used it at various points but it didn't stick, and I find the 'vim' commands more efficient and easier on the fingers once you've learned them.
jfw: I've even tried vim modes for emacs, lol, just not the same though.
jfw: I might be more interested in Emacs if it were based on a good Lisp like Scheme or CL and maintained by sane people rather than fungi. Maybe some day.
jfw: Do you read books?

jfw: Hmm, to be more precise, it wasn't so much that I thought them 'madmen'; more like ideological misalignment. In the early 2010's I became a pretty staunch libertarian, meaning I saw socialism as an evil on the basis that it was predicated on aggression - taking from productive people by force to feed the leeches. TMSR otoh is about elitism; it has no categorical ban on aggression but holds
jfw: socialism as an evil because it's predicated on the tempting but poisonous falsehood that people can be in any way equal.
jfw: I'd gotten stuck halfway out of the "Our Democracy USA #1 Land of the Free" indoctrination -- even to the point of fleeing the Zone -- but its last tendrils have been painful to cut.

shrysr: hmm. yea emacs has its deficiencies, as does any tool i guess. I got into emacs primarily for Org mode. [...] Finger pain some yes.. but it was okay when i switched ctrl <-> capslock and got a large ass thumb trackball mouse.

shrysr: Re: trilema /mad men / convenience: hmm... well in general - I would not discard anything out of inconvenience or because i dont understand, or even something I don't particularly give a shit about without a cursory consideration atleast. I don't view trilema et all as mad men; some initial cultural shock in a few places, which evaporated quickly, but myeah general ideological rigidity,(iv) narcissism,(v) elitism are my
shrysr: thoughts so far. Things I don't understand usually intrigue me. I reckon I tend to chew on 'troubling concepts' for a longggg time before concluding (if I have to conclude at all, which is an important consideration). imo every pov has pros and cons, and so I find it inefficient to conform to any contrived/historical pov/demarcation and rigidly subscribe to any 'ism' unless I reach the point where I see no holes
shrysr: in it (which I think atm is highly unlikely).(vi) I think combining different philosophies (and intelligence) are needed to extract what you want/need from the world and your particular situation. I'd rather be flexible in my evolution while striving to identify and hold on to values that matter (to me, and ones that reasonably dont harm, or preferably help society/environment etc(vii))... and also try to consciously and
shrysr: continuously re-evaluate whether such values.. are not illusions/non-sense (all of which ofc is not easy at all, but still imo the repeated empirical and somewhat painful approach has yielded some results over time). At any rate, I reckon policy making /thinking at the state or nation level cannot be deemed universally applicable at the individual level or atleast it cannot reliably hope to solve unique problems
shrysr: (as each individual is unique, and is dealing with different flavors of constraints in the least - if not quite different problems).

shrysr: Re: books, well I used to be what ppl call a bookworm, and still enjoy reading. Pretty much used to read anything I got my hands on, but curiously, would always forget the title and author even before finishing the book. Thankfully my observation is that the message is not lost and it seems what I manage to absorb meld together somehow churning away in the mess of my brain over time.(viii) [...] hohum one thing i like abt canada are the
shrysr: cool public libraries! but fuck me - i finally found work in a town with no working library lol; hopefully that will change in some months. Black swan I've read bits, and fooled by randomness a little more. Haven't read any finance book properly, though i have on my list intelligent investor by ben graham. Can rem reading - thinking fast and slow, blink, outliers.. finished 'kings of cocaine' nice i
shrysr: rem some names.. but yea - I guess i do read.

jfw: Emacs does have its champions in the forum, e.g. asciilifeform. I gather it benefits from deep study, not assuming the defaults are sane and working to make it your own
shrysr: oh yeah - emacs defaults are lol... the main strength is in the ability to customise. There are starter kits like emacs prelude which cut the learning curve significantly. I settled on the starter kit scimax ... the guy behind scimax is or was a prof at carnegie and quite responsive on github issues.. i enjoy corresponding with him.
shrysr: there are different philosophies really... some say its better to start with vanilla emacs and add customisations. thats actually what i did before choosing scimax... but i think its debatable. plenty you can get done with a starter kit faster.

  1. By "them" I meant outside-world businesses, or "heathens" as would be the term of art. [^]
  2. After the "reread" I'm pretty sure I hadn't in fact read it before. No wonder I was a bit fuzzy; I'd been second-handing it! [^]
  3. He wrote a whole bookshelf on the subject apparently; the one in question is Management: Tasks, Responsibilities, Practices. [^]
  4. I don't know that this is a bad thing. Would you fault the man who says "one plus one is two, always and unconditionally" for "mathematical rigidity"? Now, if he clings to a belief even in the face of clear disproof, that'd be stubbornness. [^]
  5. I don't think myself knowledgeable on this topic, but like "arrogance" it seems to hinge on whether the subject really is as great as he makes himself out to be. Which, yes, can be tough to decide if you aren't that great yourself. [^]
  6. Tempting perhaps, but eventually if you want to get anywhere you have to pick your team (and yes, you might pick wrong). [^]
  7. One problem here is that society/environment is not a singular interest: what's good for the fox is bad for the rabbit, except that no foxes at all is bad for the rabbits as a whole when they overgraze and so on. (Wait... do rabbits "graze" ?!) [^]
  8. This would be something to work on, because who wrote something is an important piece of metadata. Because, well, see above re: inequality. And vulnerability. And second-handing. [^]


Hello World

Filed under: Ego — Jacob Welsh @ 03:15

In the autumn of 2016,(i) just over three years ago, I made the strategic decision to see to it that my computers were to either work for me or else not work at all -- and preferably the first, seeing as how I'm rather fond of them. Knowing that this would be a long road, I further hoped to gain recognition, trust and perhaps even a livelihood for myself and associates on the basis of the knowledge and tools I would have to build on the quest.

I fear I have blundered in keeping too private, not working the blogging muscle or engaging with those I see as the leaders in the field, and other fields for that matter; namely, Bitcoin, The Most Serene Republic of ~. Even as I've sprinted and pulled well ahead of the crowd in matters of digital hygiene, this has come to some degree at the cost of not building the kind of relationships that could make the work sustainable, meaningful and useful beyond the walls of my own household. The causes of my complacency are a topic for another time, but for now I will curse my own stupidity and humbly ask for help to expose and correct my mistakes. If I have missed the steamboat, whether by youth, insufficiently exceptional intelligence, or accursed stupidity, then I will sail, or row, or swim if I have to.

On the business front, it's been a three-year income drought featuring multiple instances of hopes(ii) being raised then dashed to bits against the rocks. It was about the last chance I was willing to extend the project before depletion of reserves would force my hand entirely, but I can cautiously report that things are looking up as we(iii) have refined our offering into something we can realistically deliver now, identified potential clients who recognize they need it through the personal network, and closed deals. The upcoming months will be critical.

I recognize this is all a bit vague so far. I had in mind to illustrate my approach to computing by way of recounting my adventures in getting this blog online; or introduce some of the tech I've been working on; or discuss my status in considering submission to Diana Coman's mentorship if I can get it.(iv) I will still do these, but it's getting late and the muse has left my fingertips for now, so rather than agonizing (as has often been my experience with writing) or pursuing a false god of perfection that only serves to keep me useless, I will err on the side of publishing something rather than nothing and let the blog unfurl in time.

  1. I still try to think in terms of the Northern temperate seasons I grew up with, though here on the Pacific coast of Panama there's just the December through April of hot-and-mostly-sunny known as "verano" and the rest hot, humid and sometimes rainy. [^]
  2. Fortunately not skulls. [^]
  3. Robinson Dorion and I [^]
  4. Going on three weeks now, yikes. [^]

Powered by MP-WP. Copyright Jacob Welsh.