tag:blogger.com,1999:blog-68556032024-03-13T06:08:33.256-07:00Weblog for Costin ManolacheTechnical stuffCostinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.comBlogger111125tag:blogger.com,1999:blog-6855603.post-15218974482535356302024-03-01T18:54:00.000-08:002024-03-01T18:54:33.572-08:00http://neverssl.com<p> Just discovered the super useful site - for hotels and other hotspots that require a Wifi signup page. Most sites auto-upgrade to TLS. </p><p>Cool domain name too - hope they'll hold it. </p>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-24221614772510206952023-09-29T08:12:00.000-07:002023-09-29T08:12:07.912-07:00Same-node communication<p>For containers/VMs running on the same physical machine - including containers in the same Pod or in different Pods scheduled using affinity - it would be highly useful to use modern inter-process communication based on shared memory, DMA or virtio instead of keep copying bytes from buffer to kernel buffer to yet another buffer ( 3 copy is the best case - usually far more).</p><p>We have the tools - Istio CNI (and others) can inject abstract unix sockets, there are CSI providers that can inject real unix sockets. </p><p>Unix sockets - just like Android Binder - can pass file descriptors and shared memory blocks to a trusted per node component - which can further pass it to the destination after applying security policies. </p><p>I was looking into this for some time - I worked for many years in Android so I started in the wrong direction attempting to use binder ( which is now included in many kernels ). But I realized Wayland is already there, and it's not a bad generic protocol if you ignore the display parts and the XML. </p><p>Both X11 and Wayland use shared buffers on the local machine - but X11 is a monster with an antiquated protocol focused on rendering on the client - and browsers are doing this far better. Wayland was designed for local display and security - but underneath there is a very clean IPC protocol based on buffer passing. </p><p>How would it look like in Istio or other cloud meshes ? Ztunnel (or another per-node daemon ) would act as a CSI or as a CNI injecting an unix socket in each Pod. It could use the Wayland binary protocol - but not implement any of the display protocols, just act as a proxy. If it receives a TCP connection - it can just pass the file descriptor after reading the header, but it would mainly act as a proxy for messages containing file/buffer descriptors. Like Android, it can also pass open UDS file descriptors from a container to another, after checking permissions - allowing direct communication. </p><p>The nice thing is that even when using VMs instead of containers - there is now support for virtwl in kernel and sommelier - and this would also work for adding stronger policies on a desktop or when communicating with a GPU. </p><p>Modern computers have a lot of cores and memory - running K8S clusters with fewer but larger nodes and taking advantage of affinity can allow co-location of the entire stack, avoiding slower network and slower TCP traffic for most communications - while keeping the 'least privilege' and isolation. Of course, a monolith can be slightly faster - but shared memory is far closer in speed compared with TCP.</p><p>I've been looking at this for few years in my spare time - most of the code and experiments is obsolete now, but I think using Wayland as a base ( with a clean, display independent proxy) is the right pragmatic solution. And simpler is better - I still like Binder and Android model - wish clouds would add it to their kernels...</p>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-84278812340167432982023-09-26T11:01:00.002-07:002023-09-26T11:01:46.981-07:00Chrome and secrets on linux<p> Wasted few good hours on this: if you want to move from gnome (and variants like cinnamon) to something else, like sway, and not have to re-enter all the passwords - ignore the man page and all the search results that suggest `--password-store=gnome`.</p><p>It is `--password-store=gnome-libsecret` instead.</p><p>The rest - installing/starting gnome keyring is still valid, validate with seahorse (i.e. gnome password manager) it is working. </p><p>And add a desktop entry with the right flag. "--enable-logging=stderr --v" help to debug, look for key_storage_linux.cc</p>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-47259030128377630442023-09-23T14:41:00.003-07:002023-09-23T14:41:56.504-07:00Changing settings for Crostini in ChromeOS<p>Found: <a href="https://shibumi.dev/posts/mount-block-devices-in-chromeos/ ">Mount Block Devices in ChromeOS</a></p><p>Apparently it is possible to change the LXC config and get access to the real VM, which appears to be read-only. Combined with moving devices to the VM there is more control - but still limited by the small number of kernel modules in the VM.</p><p>I love the security model - the 'host' just handles display and a number of jailed services, all the apps in the VM with LXC on top. The problem is that it's too restrictive - and the linux apps are still all in the same sandbox with access to each other. Flatpak at least tries to isolate each app - but falls to the same trap that Java and early android did - the apps ask for too many permissions. </p><p>I'm sticking with my less efficient setup - docker and pods with explicit mounted volumes, syncthing and remote desktop, with one container per app or dev project - but I've been looking to move from ChromeOS to normal linux set in a similar way. </p><p><br /></p>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-27519675193983860152023-07-09T09:26:00.000-07:002023-07-09T09:26:38.323-07:00Installing and running linux using docker images<p>Found <a href="https://github.com/drakkar-lig/debootstick/wiki/Design-Notes">Debootstick</a> - previously used <a href="https://vmdb2.liw.fi/">vmdb</a> for same purpose.</p><p>Mainstream linux install is stuck in 1992, with a CD-compatible image running an 'installer' that asks 10 questions and installs old games and office applications in case you may need them. And assuming you are lucky to have one computer - which you may want to dual boot with Windows - and will spend quality time manually configuring and and taking care of it.</p><p>Raspberri Pi, ChromeOS, Android, OpenWRT use 'image' install, where an image is just copied to disk. The booting 'glue' code can be simple ( EFI, kernel, firmware images ) or fancy - encrypted disk, A/B kernel, verified R/O rootfs. But after boot - you still have about the same rootfs you would run in docker or in a VM. </p><p>That's what debootstick and vmdb can automate - a USB stick running a customized image with my SSH authorized keys and minimal set of apps to boot and 'dd' or flash on the few servers/laptops/routers I use. </p><p>I use Debian and OpenWRT - the real value of distributions is still patching/building/testing the core libraries and kernels. </p><p>OCI images are ubiquitous - there are plenty of automation tools and infra, can be tested, customized - and runs more securely on both home machines in docker and in K8S. </p><p>Another recent find is <a href="https://kasmweb.com/kasmvnc">KasmVMC</a> - viewer/client is any browser, more optimized wire protocol ( but I don't think it's real WebRTC - and seems to be X11 only, no wayland yet). But most important the maintain nightly builds of common applications as docker images - install on any server or in K8S and use on any laptop. The tricky part remains getting some ACME certificates - if only it had an Istio gateway in front... Very curious how it'll impact performance - but still looking for an equivalent using real WebRTC/Wayland and with same docker-image set.</p><p><br /></p><p><br /></p><p><br /></p><p><br /></p>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-12364355993272655842023-01-23T09:25:00.003-08:002023-01-23T09:25:50.075-08:00Import k8s resources into Helm<p>Good doc - useful for example if you migrate an 'istioctl install' into helm, in particular Service resources which can't be deleted without losing the external IP.</p><p> https://jacky-jiang.medium.com/import-existing-resources-in-helm-3-e27db11fd467</p><p><br /></p>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-91249737197163444132023-01-10T09:39:00.000-08:002023-01-10T09:39:00.040-08:00USB charging<p><a href="https://lygte-info.dk/info/USBinfo%20UK.html">USB charging info</a> - going all the way back to LPT/COM ports, and lots of details on the protocols.</p>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-88487072681161861582022-12-29T18:10:00.002-08:002022-12-29T18:10:23.236-08:00Idea: XDS to K8S API bridge<p>XDS is a gRPC-based protocol for pushing configs and updates. The data is represented by 'resource type' and 'resource names', and values are typically protocol buffers, but can be JSON or any other format.</p><p>K8S defines a similar API - based on Json, also defined as protocol buffers or OpenAPI schema. </p><p>XDS and K8S APIs are quite similar - and serve a similar purpose, to allow controllers and other apps to get real-time notifications when anything changes in the config database. K8S also supports 'update/delete' - which are not present in 'official' XDS, but relatively easy to extend or support as a separate gRPC method.</p><p>It is possible to write a one or 2 way bridge between the two protocols: it would allow a simpler model for watching K8S resources compared to 'list and watch', and likely provide better performance. On the opposite side, it would allow kubectl to be used to debug and interact with XDS servers.</p><p>In general, there are many similar protocols using GET/LIST and with some form of 'watch' or events - creating bridges to allow users to pick one client library and interact with different protocols seems better than current model of having one heavy client library for each protocol.</p>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-13762814712376461962022-11-19T11:12:00.002-08:002022-11-27T06:48:02.261-08:00K8S Events<p>A few notes on K8S Events. </p><p>K8S at its core is a database of configs - with a stable and well defined schema. Different applications (controllers) use the database to perform actions - run workloads, setup networking and storage. The interface to the database is nosql - with a 'watch' interface similar to pubsub/mqtt that allow controllers to operate with very low latency, on every change.</p><p>Most features are defined in terms of CRDs - the database object, with metadata (name, namespace, labels, version ), data and status. The status is used by controllers to write info about how the object was actuated, and by users to find out. For example a Pod represents a workload - the controllers will write the IP of the pod and 'running' in status. Other controllers will use this information to update other object - like EndpointSlice. </p><p>K8S also has a less used and more generic pubsub mechanism - the Event, for 'general purpose' events.</p><p>Events, logs and traces are similar in structure and use - but different in persistence and on how the user interacts with them. While 'debugging' is the most obvious use case, analyzing and using them in code, to extract information and trigger actions is where the real power lies. </p><p>The CRD 'status' is persistent and treated as a write to the object - all watchers will be notified, the writing is quite expensive. Logs are batched and generally written to specialized storage, and deleted after some time - far cheaper but harder to use programmatically, since each log system has a different query API. </p><p>In K8S events have 1h default storage - far less than logs, which are typically stored for weeks, or Status - which is stored as long as the object lives. K8S implementation may also optimize the storage - keep them in RAM longer or using optimized storage mechanisms. In GKE (and likely others) they are also logged to stackdriver - and may have longer persistence. </p><p>Events are associated with other objects using 'involvedObject' field, which links the event to an object, and is used in 'kubectl describe'. This pattern is similar to the new Gateway 'policy attachment' - where config, overrides or defaults can be are attached to other resources. </p><p></p><pre style="background-color: #f8f8f8; box-sizing: border-box; color: #222222; font-family: SFMono-Regular, Menlo, Monaco, Consolas, "liberation mono", "courier new", monospace; font-size: 14px; margin-bottom: 0px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0px; tab-size: 4;"><span style="background-color: transparent;">```</span></pre><pre style="background-color: #f8f8f8; box-sizing: border-box; color: #222222; font-family: SFMono-Regular, Menlo, Monaco, Consolas, "liberation mono", "courier new", monospace; font-size: 14px; margin-bottom: 0px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0px; tab-size: 4;"><span style="background-color: transparent;"># Selectors filter on server side.</span></pre><pre style="background-color: #f8f8f8; box-sizing: border-box; color: #222222; font-family: SFMono-Regular, Menlo, Monaco, Consolas, "liberation mono", "courier new", monospace; font-size: 14px; margin-bottom: 0px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0px; tab-size: 4;"><span style="background-color: transparent;">kubectl get events -A --field-selector involvedObject.kind!=Pod</span></pre><pre style="box-sizing: border-box; margin-bottom: 0px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0px; tab-size: 4;"><br /><span face="SFMono-Regular, Menlo, Monaco, Consolas, "liberation mono", "courier new", monospace" style="background-color: transparent; color: #222222; font-size: 14px;">kubect get events -A --watch</span></pre><pre style="box-sizing: border-box; margin-bottom: 0px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0px; tab-size: 4;"><span face="SFMono-Regular, Menlo, Monaco, Consolas, "liberation mono", "courier new", monospace" style="background-color: transparent; color: #222222; font-size: 14px;">```</span></pre><pre style="box-sizing: border-box; margin-bottom: 0px; margin-top: 0px; overflow-wrap: normal; overflow: auto; padding: 0px; tab-size: 4;"><span face="SFMono-Regular, Menlo, Monaco, Consolas, "liberation mono", "courier new", monospace" style="background-color: transparent; color: #222222; font-size: 14px;"><br /></span></pre>Watching the events can be extremely instructive and reveal a lot of internal problems - Status also includes errors, but you need to know to watch a particular object. <br /><br />As a 'pubsub' system the Events are far from ideal - both as storage, API and feature set - but they are close in semantics and easy to bridge to a real pubsub, and for K8S they are very useful. <div><br /></div><div>In the past I tried to add more Events to Istio - there was some interest but never got to finish the PR, maybe with Ambient we can try again. The real power of Events is not for debugging, but in synchronizing between applications in real time, for example propagate the IP address and info about a node as soon as it connects to the control plane. </div><div><br /></div><div>CNCF <a href="https://cloudevents.io/">CloudEvents</a> provides an API and integrations with various messaging and pubsub systems - it is a bit over-designed and more complex then it needs to be, but the integrations make it useful and it provides a basic HTTP based interface that is easy to work with. </div><div><br /></div><div>Istio also provides some events over XDS - and can also act as a bridge, to allow components using a control plane to get both configs and events. <br /><p>Links:</p><p></p><ul style="text-align: left;"><li>https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#event-v1-core</li><li>https://www.bluematador.com/blog/kubernetes-events-explained - how to watch and filter</li><li>https://www.cncf.io/blog/2021/12/21/extracting-value-from-the-kubernetes-events-feed/</li></ul><div>TODO:</div><div><ul style="text-align: left;"><li>Evaluate CloudEvents integrations with K8S Events and 'real' pubsub</li><li>Extend Istio XDS 'debug' bridge to Events, evaluate use for sync and ambient info if Events are as reliable as pubsub.</li><li>Generate events from Istiod - connect/disconnect are clear. Warnings about bad configs are unlikely to be good unless frequency can be controlled.</li></ul></div><div><br /></div><p></p></div>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-76833855052658091362022-11-19T11:07:00.003-08:002022-11-19T11:07:41.900-08:00Posts and comments<p>Publishing content is very easy - github, blogger, personal pages, countless social sites and fancy P2P networks. </p><p>Reading content is harder - Reddit, Twitter, Feedly and few others are attempting to identify 'interesting' content and organize it. There is too much content published, and too little diversity if you stick with a list of subscriptions (old style blog readers) and too much garbage and propaganda if you want broader sources. </p><p>Comments are the third problem - they usually are more interesting than the original post, and are valuable both to the reader and to the original poster. Just posting some content on a page with no way to get any feedback is a waste of time.</p><p>I've started to look for an alternative to Twitter for reading - and while doing so I also started for a place to start posting/blogging/ranting. I rarely post on Twitter - but I keep a lot of notes on various projects and experiments - just too lazy to publish them except in comments and 'readme' in git repos I work on.</p><p>The options so far:</p><p></p><ul style="text-align: left;"><li>blogger - I've been using it for a very long time, easy - but very unfriendly to code and markdown.</li><li>reddit - for posting in specific topics. Great comments and community associated with the topic. I've seen many posting a 'blog' or page on github and linking it to reddit for discussions/comments.</li><li>https://github.com/utterance/utterances - comments become github issues. Interesting idea - using search in the issue tracker to hold the post comments. Best associated with blogs hosted on github.</li><li>disqus - adds on the free edition, $11 for add free. Work to set it up.</li><li><a href="https://github.com/djyde/cusdis">cusdis</a> - open source, selfhosted option - supports sqlite.</li><li>...</li></ul><div>For now I'm (re)starting to use blogger - it is by far the least effort, since my goal is to publish my tech notes and rants and maybe get a bit of feedback if anyone stumbles on them - but also checking Reddit. I wouldn't spam Reddit with my rants - but most communities seem high quality and the moderation on each community seems like a far better way to keep the noise out than even old Twitter (very low bar, but that's what I used to use to read, when I somehow trusted they have a team fighting against garbage content and disinformation). </div><div><br /></div><div>If I get bored - I would try 'utterances' with github and cusdis.</div><p></p>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-82459328049123755602022-11-16T07:53:00.001-08:002022-11-16T07:53:32.981-08:00Egress capture using TPROXYVery low level notes on intercepting traffic for Istio and similar apps. IPtables provide 2 mechanisms to capture,
REDIRECT and TPROXY. The first is <a href="https://github.com/istio/istio/issues/38982">buggy</a> and not recommended by the kernel
docs. TPROXY unfortunately requires NET_ADMIN (or root) and is only available in the `PREROUTING` chain, i.e. can only
be used for packets received on an interface - not on packets sent by local apps ( OUTPUT ).
<p>I've been playing with this for some time, and this is what I've found:
</p><p></p><ol style="text-align: left;"><li>Use an OUTPUT chain to mark packets - just like we do for REDIRECT interception</li><li>Use a routing table with 'dev lo' to route all marked packets to loopback. </li><li>Apply TPROXY capture on the loopback PREROUTING - if the dest IP is not 127.0.0.0/8</li></ol>It looks like this: <p></p>
<pre> # Anything with the mark 15001 will be sent to loopback
ip -4 rule add fwmark 15001 lookup 15001
ip -4 route add local default dev lo table 15001
<br /></pre><pre> # Calling this chain will set the mark resulting in route to lo
iptables -t mangle -N ZT_CAPTURE_EGRESS
iptables -t mangle -A ZT_CAPTURE_EGRESS -j MARK --set-mark 15001
# PREROUTING on loopback - anything routed by the route table 15001, based on OUTPUT mark
# Ignore local source or dst - it's not egress
iptables -t mangle -N ZT_TPROXY
iptables -t mangle -A ZT_TPROXY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A ZT_TPROXY -d 127.0.0.0/8 -j RETURN
iptables -t mangle -A ZT_TPROXY --match mark --mark 15001 -p tcp -j TPROXY --tproxy-mark 15001/0xffffffff --on-port 15001
iptables -t mangle -A PREROUTING -i lo -j ZT_TPROXY
# Table that determines who gets redirected
iptables -t mangle -N ZT_EGRESS
iptables -t mangle -A OUTPUT -j ZT_EGRESS
</pre>
<p>The OUTPUT table is similar to regular Istio:</p>
<pre> # Exclude few ports that should not be captured
iptables -t mangle -A ZT_EGRESS -p tcp --dport 15001 -j RETURN
iptables -t mangle -A ZT_EGRESS -p tcp --dport 15009 -j RETURN
iptables -t mangle -A ZT_EGRESS -p tcp --dport 15008 -j RETURN
# UID or GID of the app capturing - so it can originate egress without
# getting captured again.
# Best is to use GID - so root user is also captured. However when debuggin
# in an IDE like CLion/Golang it is very easy to set 'run as root' but not
# 'using group id' - so using uid-owner.
iptables -t mangle -A ZT_EGRESS -m owner --uid-owner 0 -j RETURN
# For now capture only 10.0.0.0, private range, can be changed to 0.0.0.0/0
# to capture everything.
iptables -t mangle -A ZT_EGRESS -d 10.0.0.0/8 -j ZT_CAPTURE_EGRESS
</pre>
<p>
This works for sidecars - and avoids the problems with REDIRECT, however it does require the sidecar to run with NET_ADMIN cap, which
is not always possible. For Ambient Istio (ZTunnel) it may not be needed since eBPF or veth can be used instead.
</p>
<p>
The other major benefit of TPproxy is that it also allows UDP capture - REDIRECT 'original DST' does not work for UDP. I did
a bit of testing with UDP and IPv6 - all seems to be working.
</p> Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-57751492188370963952020-08-15T08:43:00.002-07:002020-08-15T10:57:48.056-07:00K8S TokenRequest and TokenReview<p>Links to various docs on using K8S as an identity provider for JWT tokens - TokenReview and TokenRequest APIs.</p><p><br /></p><p>https://jpweber.io/blog/a-look-at-tokenrequest-api/</p><p>https://github.com/mikedanese/community/blob/2bf41bd80a9a50b544731c74c7d956c041ec71eb/contributors/design-proposals/storage/svcacct-token-volume-source.md</p><p>https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#tokenreview-v1-authentication-k8s-io </p><p>https://github.com/kubernetes/community/blob/master/contributors/design-proposals/auth/bound-service-account-tokens.md</p>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-86727014970258251052020-07-14T10:59:00.002-07:002020-07-14T10:59:51.832-07:00Istiod CRDs in IntelliJQuick post to remember the link:<br />
<br />
<a href="https://raw.githubusercontent.com/istio/api/master/kubernetes/customresourcedefinitions.gen.yaml">https://raw.githubusercontent.com/istio/api/master/kubernetes/customresourcedefinitions.gen.yaml</a><br />
<br />
This needs to be added to Languages&Frameworks / Kubernetes, and refresh when the API changes.Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-50735094562029451552020-05-28T18:32:00.001-07:002020-05-28T18:32:53.791-07:00Istio injection<a href="https://jimmysong.io/en/blog/sidecar-injection-iptables-and-traffic-routing/">https://jimmysong.io/en/blog/sidecar-injection-iptables-and-traffic-routing/</a>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-31867476086263691392019-12-14T18:20:00.001-08:002019-12-14T18:20:15.860-08:00Recovering .ecryptfs filesI have some old backups, including the .ecryptfs directories.<br />
<br />
After several searches, what worked is:<br />
<br />
<ol>
<li> Check the key signatures: cat .ecryptfs/Private.sig </li>
<li>Try to remember the password, and <pre>ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase</pre>
</li>
<li>With the result, do <pre>echo $UNWRAPPED |ecryptfs-add-passphrase --fnek - </pre>
</li>
</ol>
<div>
If the result of ecryptfs-add matches the Private.sig, mount the disk with the magic command:</div>
<div>
<br /></div>
<pre>mount -i -t ecryptfs -o ecryptfs_sig=$FIRST_ID,ecryptfs_fnek_sig=$SECOND_ID,ecryptfs_cipher=aes,ecryptfs_key_bytes=16 .Private/ $DEST</pre>
<pre></pre>
Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-88717009681652240972017-10-22T10:42:00.001-07:002017-10-22T10:42:48.452-07:00Read: low level kernel networkingIn particular the UDP sections are very useful.<br />
<br />
<a href="https://chrome.google.com/webstore/detail/pengoopmcjnbflcjbmoeodbmoflcgjlk" style="font-size: 13px;">'via Blog this'</a>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-55837375001371954362017-10-22T10:35:00.003-07:002017-10-22T10:35:58.295-07:00docs/manifest-format.txt - git-repo - Git at GoogleReference for Android repo format.<br />
<br />
<br />
<a href="https://gerrit.googlesource.com/git-repo/+/master/docs/manifest-format.txt">docs/manifest-format.txt - git-repo - Git at Google</a>: <br />
<br />
<a href="https://chrome.google.com/webstore/detail/pengoopmcjnbflcjbmoeodbmoflcgjlk" style="font-size: 13px;">'via Blog this'</a>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-67631454494191442952017-10-22T10:35:00.001-07:002017-10-22T10:35:08.648-07:00KSubedi/gomove: gomove is a utility to help you move golang packages by automatically changing the import paths from the old one to new one.<a href="https://github.com/KSubedi/gomove">KSubedi/gomove: gomove is a utility to help you move golang packages by automatically changing the import paths from the old one to new one.</a>: <br />
<br />
<a href="https://chrome.google.com/webstore/detail/pengoopmcjnbflcjbmoeodbmoflcgjlk" style="font-size: 13px;">'via Blog this'</a>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-20086020753371972762017-07-11T07:31:00.001-07:002017-07-11T07:31:39.486-07:00Golang Concurrency Tricks<a href="http://udhos.github.io/golang-concurrency-tricks/?utm_source=golangweekly">Golang Concurrency Tricks</a>: <br />
<br />
<a href="https://chrome.google.com/webstore/detail/pengoopmcjnbflcjbmoeodbmoflcgjlk" style="font-size: 13px;">'via Blog this'</a>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-20154075331851539162017-05-31T22:13:00.001-07:002017-05-31T22:13:29.849-07:00Debugging Go core dumps · Go, the unwritten parts<a href="https://rakyll.org/coredumps/?utm_source=golangweekly&utm_medium=email">Debugging Go core dumps · Go, the unwritten parts</a>: <br />
<br />
<a href="https://chrome.google.com/webstore/detail/pengoopmcjnbflcjbmoeodbmoflcgjlk" style="font-size: 13px;">'via Blog this'</a>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-36841629105715374552016-12-15T11:17:00.001-08:002016-12-15T11:17:14.638-08:00How Do They Do It: Timers in Go<a href="https://blog.gopheracademy.com/advent-2016/go-timers/?utm_source=golangweekly&utm_medium=email">How Do They Do It: Timers in Go</a>: <br><br><a style="font-size:13px" href="https://chrome.google.com/webstore/detail/pengoopmcjnbflcjbmoeodbmoflcgjlk">'via Blog this'</a>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-32822105260926977092016-11-26T20:09:00.001-08:002016-11-26T20:50:09.120-08:00Test stackedit<h1 id="evaluating-stackedit">Evaluating <a href="stackedit.io">Stackedit</a></h1>
<p>I am looking for an open source a markdown editor running in a browser, for chrome/android.</p>
<p>Stackedit use nodejs at least for some features, but appears it can work offline. It can sync the local browser storage with Google Drive or a private CouchDB or Dropbox. It can publish to Blogger and github among other things - but no Gogs. Blogger support is interesting - I stopped using blogger in large part because of the editor, I write most of my notes in markdown in a private git repository, didn’t bother with setting up a convert/publish system - having it integrated may motivate me to cleanup and publish other random notes.</p>
<p>A docker image is provided that can run on a private domain, nodejs based. Seems to have some collaborative editing if using a CouchDB, including support for private CouchDB when using stackedit.io. </p>
<p>Seems to support frontmatter and a comments system - the comments get saved in a HTML comment, at the end of the document as “se_discussion_list:JSON”, containing ‘selectionStart/selectionEnd/comment[]’. Presumably this is integrated in the couch DB support and synced, but didn’t test it yet. </p>
<p>On google drive: the permissions allow it to add new documents to drive, create or open documents explicitly from drive - but it can’t see or access any other file. I assume dropbox is similar. Also seems to have a way to publish via ssh - so some random hosting site like dreamhost.</p>
<hr>
<p>It can import/export local disk - but one file a time. Shouldn’t be a problem if files are saved to Drive, but still need to be opened in Stackedit one by one. </p>
<table>
<thead>
<tr>
<th>Table</th>
<th>Supported</th>
</tr>
</thead>
<tbody><tr>
<td>No</td>
<td>auto-indent</td>
</tr>
</tbody></table>
<p>So far I haven’t found a good markdown editor except Emacs orgmode that is good with tables.</p>
<p>For editing-in-chrome I also found <a href="https://github.com/drivenotepad/app">Drive Notepad</a>. Both Drive Notepad and Stackedit are based on ace.js - but Stackedit has more integrations with external storage, while Notepad only support Drive, and is much simpler/cleaner as a result. On the other side, Notepad supports most programming languages - as long as the source is stored in google drive.</p>
<p>`</p>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-69802682493577825172014-08-27T09:02:00.001-07:002014-08-27T09:02:07.630-07:00JVM Heap dumping with GDB<a href="http://blogs.atlassian.com/2013/03/so-you-want-your-jvms-heap/">JVM Heap dumping with GDB</a>: <br />
<br />
<a href="https://chrome.google.com/webstore/detail/pengoopmcjnbflcjbmoeodbmoflcgjlk" style="font-size: 13px;">'via Blog this'</a>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-49404349225709339532014-04-18T13:21:00.001-07:002014-04-18T13:21:10.147-07:00Go (“golang”) and Android ← Dennis Forbes...Professional<a href="http://dennisforbes.ca/index.php/2014/03/19/go-golang-and-android/">Go (“golang”) and Android ← Dennis Forbes...Professional</a>: <br />
<br />
<a href="https://chrome.google.com/webstore/detail/pengoopmcjnbflcjbmoeodbmoflcgjlk" style="font-size: 13px;">'via Blog this'</a>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0tag:blogger.com,1999:blog-6855603.post-8543302279495224022014-04-02T20:55:00.001-07:002014-04-02T20:55:11.640-07:00Chromium Blog: Simplifying Cloud Messaging for app developers<a href="http://blog.chromium.org/2014/04/simplifying-cloud-messaging-for-app.html">Chromium Blog: Simplifying Cloud Messaging for app developers</a>: <br />
<br />
<a href="https://chrome.google.com/webstore/detail/pengoopmcjnbflcjbmoeodbmoflcgjlk" style="font-size: 13px;">'via Blog this'</a>Costinhttp://www.blogger.com/profile/03190426801284601248noreply@blogger.com0