Ubuntu 14.04 Trusty Tahr packages for Qtile

Just posting to let everyone know that I've published packages for the latest Qtile release on Ubuntu 14.10. See the mailing list announcement for more details. Additionally, we will be doing a 0.7 release shortly, so please let me know if there are any release blocking bugs!

Ubuntu 13.10 Saucy Salamander packages for Qtile

Just posting to let everyone know that I've published packages for the latest Qtile release on Ubuntu 13.10. See the mailing list announcement for more details.

Manage passwords without state

A few years ago I had a problem: I had a bunch of accounts that I accessed once a year when tax time came around, and I kept forgetting the passwords. Often I'd try a few before locking myself out, and then I'd have to spend an hour on the phone with customer service getting my account unlocked, which meant if I was doing my taxes on the last weekend possible, I wouldn't be able to complete them until the next business day. The obvious solution to this problem is to store the passwords in some kind of password manager -- lots of them exist for all kinds of platforms: phone, computer, browser, etc.

The problem with password manager is that they typically require some kind of state file. They store the mapping between site and cleartext password in some file, and then they decrypt it with some secret from you when you want to access it. Thus, you have to 1. trust the person who is doing the encrypting and decrypting that they are doing it correctly so that when your laptop gets stolen your passwords aren't leaked, and 2. you have to have access to the machine that the passwords are stored on when you want to use them. If you've left your laptop at home or you forgot to back up your password file when you got a new computer, you're SOL.

What's the solution? A password manager without state, of course! Since we're assuming the user can remember at least one pretty good password, we can use that as our "state", so we end up with the algorithm as follows:

hash = sha512(user_secret + "example.org")
base64encode(hash)[:10]

Here, we're using the domain to salt the user secret so the generated passwords are different for each site. sha512 provides randomness, although we are only using the first 60 bits of the output here (10 base64 characters, each character encodes six bits of entropy), there are significantly more bits of entropy here than in your typical English character, making it a much stronger password. Further, the algorithm is very simple, and you could re-implement it on any computer that has your favorite programming language environment available. Thus, you can use it in a pinch, since all you need to remember are the algorithm and your user_secret. I've published a python script that implements this mechanism, so you don't even have to remember the algorithm

Weechat with an alternative timezone

A common usecase (and one I was interested in) for weechat is to run it on a VPS in screen, so that you don't lose your IRC session when you turn off your computer. This all works well and good, except that all the timestamps for the messages will be in the server's local time, instead of your time. If you dig through the code, though, you find that weechat uses the strftime() call, which respects the TZ environment variable. So, if your server is in a different time zone than you are, you can start weechat by:

TZ='US/Central' weechat-curses

and all the timestamps it displays will be in US/Central time.

Qtile 0.6 released!

I have just tagged and released qtile 0.6! This release comes exactly 6 months after our last release (not intentionally, it just happened to work out that way). You can check out the full release notes for a list of most of the changes.

I thought I'd discuss a bit about the breaking config changes we made. A few of them were long standing TODOs in the code, but the major one (and the one that motivated cleaning up all the rest) was creating a new config module where all of the objects used in configuration live. The primary motivation for this change was to remove a lot of crazy hacks we had in the test system to get around circular imports, since the configuration objects and main manager were all in the same file. However, it also makes sense from a code organization standpoint, because manager.py was getting huge. I think user impact will be minimal, because configs can be updated with a simple regex. That said, I will only be updating the Ubuntu 13.04 packages, so as not to break configs for existing users on older packages with a simple dselect-upgrade.

As always, questions or comments are welcome on qtile-dev!

Haggis, a static site generator

Woah! tycho.ws looks totally different. Recently, I switched from using my old custom blogging framework to a new static site generator that I wrote called haggis. Both haggis and the source code for this blog are available, so you can check them out and perhaps build your own haggis-based blog if you want.

I did haggis as a static site generator mostly because I could. There's no inherent reason for blogs to re-compute their pages on every request, especially when there are very few comments on the blog (I think I've got around 70 comments right now across all my posts). The comments support I wrote for this blog is in fact totally separate from haggis -- the templates have a form which does an AJAX post to a small script which basically dumps the result in a database (after sanatizing it, of course :-). Haggis needs to know nothing about the "dynamic" nature of the site. Then, the script simply re-invokes haggis, which regenerates the whole blog.

Now, if all of the sudden I write a super popular post, my blog (probably?) won't go down: the page is statically generated, so all the web server has to do is read it off the disk and dump it on to the wire. No sessions, no computation, no nothing. I'm using apache because I'm lazy and it's what I know how to set up, but if I really wanted to, I could use some other more performant web server for static files, thus increasing my capacity even more.

What happens, though, if lots of people start commenting all the time? Then I spawn off N processes, which could confuse the web server if they're all over-writing the files all the time. So, instead I check whether to re-generate the blog once a minute, and only do it if necessary (i.e. if there is a new comment). With this setup, hopefully I can handle a reasonably large load with very few resources. And, of course, I can edit my posts in vim using markdown, and manage the blog in git which were all requirements as well.

So, haggis probably performs much better than a GTFO-based (or any other dynamic framework based) blog does, but why not just turn GTFO into a static site generator? Well, the other reason for haggis is that I've been interested in learning haskell for a while, and this was a perfect first project. Anyway, haggis should be reasonably stable at this point, although there's still lots of work left. Please report any bugs on the github page!

Hquery, an HTML5 tree rewriting tool

Recently I began rewriting the framework that powers this blog (gtfo) in haskell. Among other things, I needed a good tree rewriting utility for processing templates and generating content. I've been using Lift at work for a while now, so I built hquery, which is basically an implementation of Lift's CSS Selectors over xmlhtml trees. You can see some examples of the kind of transformations it allows in hquery's readme. Additionally, it is available from hackage via cabal install hquery.

Feedback is welcome, as this is my first haskell API. Bug reports and patches are of course welcome too :-)

Qtile 0.5 packages for 12.10

Ahoy! I've updated the packages in my Ubuntu 12.10 PPA to be version 0.5. Please let qtile-dev know if you have any problems!

Qtile 0.5 released!

Hello! Today, I'm proud to announce the release of Qtile 0.5. A wildly incomplete changelog is available here. Qtile 0.5 comes more than two years after the release of 0.4. There have been many major improvements and bugfixes by nearly 50 contributors. Many thanks to everyone who was involved, and long live tiling window managers!

Qtile packages for Ubuntu 12.10 (Quantal Quetzal)

Ahoy! I have put up new packages for qtile for 12.10, so I thought I'd write a bit about what's actually in the packages. First, they're available via the standard:

sudo apt-add-repository ppa:tycho-s/ppa
sudo apt-get update
sudo apt-get install qtile

A few things to note about these packages. First: they now install a qtile.desktop file, so any compliant freedesktop.org login manager should see qtile as a login option. Note that this just invokes qtile directly with no arguments, so you'll have to put your configs in the standard location. If you want to run a custom .xsession, you'll still need to set that up yourself.

Second, these packages no longer depend on xpyb-ng, but depend on xpyb (1.3.1) directly. I did this for a few reasons. I've had several users report that 1.3.1 works directly for them (i.e. xpyb-ng is not actually required to run qtile). If there is no problem with using the stock implementation, I felt like we should switch to that. Naturally, if problems come up and we need to move back to our fork, I'm happy to rebuild, however, I think that's unlikely.

Third, which hash are these packages based on? They're based on 87dc6924cb, which is on the development branch. I've been running this code both at home and at work for several months now, as well as several other people. While there are still several bugs (patches welcome!), I feel that it's much more stable and user friendly than the master branch.

Fourth, based on some statistics that Launchpad provides, it looks like there were about 100 installs of the Ubuntu PPA. One or two of those were probably my test VMs, but that means there were a fair number of other people who checked qtile out. Very cool!

Feel free to e-mail me or qtile-dev with any feedback! (Unfortunately, I've been inadvertently banned from qtile-dev somehow. Still waiting on a resolution to that, so if you find a bug with the packages, go ahead and just file it on the github tracker and I'll fix it ASAP.)