Unsorted Notes

Great Flamingo

GitHub

URLs:

  • Add ?w=1 in a pull request to ignore whitespace changes
  • Add .patch to a pull request to get the change as an unified diff
  • In a message, <details> ... </details> creates a drop-down

Git

Remove latest commit

git reset --hard HEAD~1

List tags containing a specific commit

nova$ git tag --contains 94a3b83f9f1fd52a78b9d49b32ddfae40182f852
12.0.0.0b1
12.0.0a0
2014.2
2014.2.1
2014.2.2
2014.2.3
2014.2.b1
2014.2.b2
2014.2.b3
2014.2.rc1
2014.2.rc2
2015.1.0
2015.1.0b1
2015.1.0b2
2015.1.0b3
2015.1.0rc1
2015.1.0rc2
2015.1.0rc3

Remote branches

  • List remote branches: git branch -r

  • Create a new branch fix_1369426_icehouse tracking the remote branch origin/stable/icehouse:

    git branch --track fix_1369426_icehouse origin/stable/icehouse

  • (Track and) Pull a remote branch:

    git branch --track NAME_REMOTE_BRANCH
git fetch --all   # or: git pull --all

Send email

First install git send-email. On Fedora:

yum install -y git-email

Generate a .patch file for a single commit:

git format-patch origin/master

Generate a patch serie for multiple commits:

git format-patch origin/master --cover-letter

Now modify 0000-cover-letter.patch: replace *** BLURB HERE ***. By default, patches create a thread on a mailing list: [PATCH 0/n] is the top message, [PATCH 1/n], [PATCH 2/n], etc. are replied to the top message. See Message-Id and In-Reply-To headers in emails.

To generate a version 2 of a patch (use [PATCH v2] subject prefix instead of [PATCH]):

git format-patch origin/master --subject-prefix 'PATCH v2'

Send patches:

git send-email --to=EMAIL --suppress-cc=all *.patch

For your first try, just send emails to yourself ;-)

Shell script

  • bash8: A pep8 equivalent for bash scripts
  • checkbashisms: static analysis tool for shell scripts. It looks for particular patterns which indicate a script might be relying on /bin/sh being bash.
  • shellcheck: static analysis and linting tool for sh/bash scripts
  • $'...' interprets escape sequences (like \n) in '...'

Example:

haypo@selma$ echo $'a\rb'|hexdump -C
00000000  61 0d 62 0a                                       |a.b.|
00000004

Mercurial

bisect with a command

Shell script cmd.sh:

set -e -x
make
./python script.py

where script.py is the script to reproduce the bug.

Cleanup everything:

hg bisect --reset
hg update -C

We know that the most recent version is bad (./cmd fails):

./cmd.sh
# cmd.sh failed
hg bisect -b

Find a good revision using a date:

hg up -r "branch(default) and date('May 2015')"
./cmd.sh
# it's still failing, take an older date
hg up -r "branch(default) and date('Jan 2015')"
./cmd.sh
# iterate until the test pass
(...)
hg bisect -g

Ok, we have a good and a bad revision, and a script to automate the bisection:

hg bisect --command ./cmd.sh
# enjoy watching your computer working for you

cannot edit immutable changeset: xxx

You can force the phase of a changeset back to draft like so:

hg phase -d -f <changeset_id>

Only do that for private changes!

Find tags containing a specific changeset

Let’s say that you want to check which versions contains the _FUTURE_CLASSES variable:

$ grep '_FUTURE_CLASSES =' trollius/*.py
trollius/futures.py:    _FUTURE_CLASSES = (Future, events.asyncio.Future)
trollius/futures.py:    _FUTURE_CLASSES = Future

$ hg blame trollius/futures.py|grep '_FUTURE_CLASSES ='
1712:     _FUTURE_CLASSES = (Future, events.asyncio.Future)
1688:     _FUTURE_CLASSES = Future

$ hg log -r 1688 --template '{date|isodate}\n'
2014-07-25 10:05 +0200

Ok, so the _FUTURE_CLASSES was added by the changeset 1688 which was made the 2014-07-25. We pick the oldest changeset, 1712 was probably a fix.

Find the tags which contains the changeset 1688:

$ hg log -r "reverse(descendants(1688)) and tag()" --template "{tags}\t{rev}:{node|short}\n"
trollius-1.0.2  1767:41ac07cd2d03
trollius-1.0.1  1738:83e574a42e16

$ hg log -r trollius-1.0.1 --template '{date|isodate}\n'
2014-07-30 17:45 +0200
$ hg log -r trollius-1.0.2 --template '{date|isodate}\n'
2014-10-02 16:47 +0200

The _FUTURE_CLASSES was introduced in trollius-1.0.1 which was released the 2014-07-30. The following release trollius-1.0.2 (2014-10-02) also contains it, which is expected since trollius-1.0.2 is based on trollius-1.0.1.

Check versions:

$ hg up trollius-1.0.1
$ grep '_FUTURE_CLASSES =' trollius/*.py
trollius/futures.py:    _FUTURE_CLASSES = (Future, events.asyncio.Future)
trollius/futures.py:    _FUTURE_CLASSES = Future

$ hg up trollius-1.0
$ grep '_FUTURE_CLASSES =' trollius/*.py
trollius/tasks.py:    _FUTURE_CLASSES = (futures.Future, asyncio.Future)
trollius/tasks.py:    _FUTURE_CLASSES = futures.Future

Ok, so in fact the variable was moved from the Python module trollius.tasks to the modle trollius.futures between versions 1.0 and 1.0.1.

abort: can’t rebase public changeset fb6b735060b5

Error:

abort: can't rebase public changeset fb6b735060b5
(see "hg help phases" for details)

Share files files from Linux to OSX

I tried NFS: issues with non-ASCII characters, issue with Unicode NFC normalization on OS X. Since OS X 10.9, the only way is to use the command line to pass the option -o nfc to mount -t nfs ....

I tried Samba: well, it’s not easy. Let’s say that the directory to share is /data.

Prepare permissions, readable by everybody, UNIX and SELinux permissions:

sudo find  /data -type f -print0|xargs -0 chmod 644
sudo find -type d -print0|xargs -0 chmod 755
sudo semanage fcontext -a -t samba_share_t "/data(/.*)?"
sudo restorecon -R -v data/

Install Samba:

sudo yum install samba samba-common samba-client cups-lib system-config-samba

Use system-config-samba to share /data:

  • run sudo system-config-samba
  • add /data directory as public and make it readable for everybody
  • add a Windows user which is binded to your user (Preference, Samba users)

Start Samba server and run it at boot:

sudo systemctl start smb.service
sudo systemctl start nmb.service
sudo systemctl enable smb.service
sudo systemctl enable nmb.service

Mac OS X:

  • Finder, Go, Access server: use smb://192.168.0.1/data URL
  • Type the user and password
  • Enjoy!

Very good tutorial for Fedora 20: How to enable samba share for a specific directory - Fedora 20.

PostgreSQL

Install PostgreSQL server on Fedora 21. Type as root:

yum install postgresql-server
postgresql-setup initdb

Modify /var/lib/pgsql/data/postgresql.conf to accept connections from 192.168.0.0/24 network, replace:

#listen_addresses = 'localhost'         # what IP address(es) to listen on;
...
max_connections = 100                  # (change requires restart)

with:

listen_addresses = '*'
...
max_connections = 1000                  # (change requires restart)

Modify /var/lib/pgsql/data/pg_hba.conf to allow login using a password from 192.168.0.0/24 network, replace:

host    all             all             127.0.0.1/32            ident

with:

host    all             all             192.168.0.0/24          md5

Start PostgreSQL:

systemctl start postgresql

Switch to the postgres user (sudo -u postgres -H -s), open the psql client (psql) and type:

CREATE USER bigdata;
ALTER ROLE bigdata WITH CREATEDB;
ALTER USER bigdata WITH ENCRYPTED PASSWORD 'password';
CREATE DATABASE bigdata;

Operating systems

macOS (Mac OS X) versions:

macOS Name Darwin Version Release Year
macOS 10.13 High Sierra 17.x 2017 (June)
macOS 10.12 Sierra 16.x 2016
macOS 10.11 El Capitan 15.x 2015
macOS 10.10 Yosemite 14.x 2014
macOS 10.9 Mavericks 13.x 2013
macOS 10.8 Mountain Lion 12.x 2012
macOS 10.7 Lion 11.x 2010
macOS 10.6 Snow Leopard 10.x 2008
macOS 10.5 Leopard 9.x 2006
macOS 10.4 Tiger 8.x 2004

Use sw_vers in the command line to get macOS version.

  • Linux kernel versions:
    • 4.0: 2015 (under development)
    • 3.0: 2011
    • 2.6: 2003
    • 2.4: 2001
  • Ubuntu releases:
    • 16.10: Yakkety Yak (not released yet, scheduled for 2016-10-20)
    • 16.04 LTS: Xenial Xerus, 2016-04-21
    • 15.10: Wily Werewolf, 2015-10-22
    • 15.04: Vivid, 2015-04
    • 14.10: Utopic, 2014-10
    • 14.04 LTS: Trusty, 2014-04
    • 12.04 LTS: Precise, 2012-04
  • Fedora releases:
    • Fedora 24: 2016-06-21
    • Fedora 23: 2015-11-03
    • Fedora 22: 2015-05-26
    • Fedora 21: 2014-12
    • Fedora 20: 2013-12, Heisenbug
    • Fedora 19: 2013-07, Schrödinger’s Cat
  • Debian releases:
    • Debian 9 “Stretch”: June 17th, 2017
    • Debian 8 “Jessie”: April 26th, 2015

FreeBSD releases, and Unsupported FreeBSD Releases:

FreeBSD Release End of life
FreeBSD 11.0 2016-10 2021-09-30
FreeBSD 10.0 2014-01 2018-10-31
FreeBSD 9.0 2012-01 2016-12
FreeBSD 8.1 2010-07 2012-07
FreeBSD 7.0 2008-02 2009-04
FreeBSD 6.2 2007-01 2008-05

Microsoft Windows versions (version numbers):

Windows Version Release End of mainstream support Extended support
Windows 10 10.0 2015-07 2020-10 2025-10
Windows 8.1 6.3 2013-10 2018-01 2023-01
Windows 8 6.2 2012-10 2016-01 2016-01
Windows 7 6.1 2009-10 2015-01 2020-01
Windows Vista 6.0 2007-01 2012-04 2017-04
Windows XP Professional x64 5.2 2005-04 2009-04 2014-04
Windows XP 5.1 2001-10 2009-04 2014-04

Note

For applications that have been manifested for Windows 8.1 or Windows 10. Applications not manifested for Windows 8.1 or Windows 10 will return the Windows 8 OS version value (6.2). To manifest your applications for Windows 8.1 or Windows 10, refer to Targeting your application for Windows.

Linux kernel:

Linux kernel Released Projected EOL
4.14 2017-11-12 2020-01
4.9 2016-12-11 2019-01
4.4 2016-01-10 2022-02
4.1 2015-06-21 2018-05
3.16 2014-08-03 2020-04
3.2 2012-01-04 2018-05
2.6 2003-12-17 2011-08

Programming advices

  • Coding style: 80 columns, PEP 7 for C, PEP 8 for Python
  • Avoid variable globals
  • Signal handlers: only use signal-safe functions

rsync

Local copy with progress bar and handle sparse files:

rsync -Sav --progress /mnt/vm/images/ /var/lib/libvirt/images/

Thunderbird

Checking for new messages in other folders - Thunderbird.

Set mail.server.default.check_all_folders_for_new=true in advanced settings (Edit > Preference > Advanced > General tab > Config editor).

Gnome-Terminal

Configure Gnome-Terminal to select a full URL double-click:

dconf write /org/gnome/terminal/legacy/profiles:/:${Profile_ID}/word-char-exceptions '@ms "-,.;/?%&#_=+@~·:"'

Replace ${Profile_ID} with the profile identifier. To get it:

$ gsettings get org.gnome.Terminal.ProfilesList list
['b1dcc9dd-5262-4d8d-a863-c897e6d979b9']

Example:

dconf write /org/gnome/terminal/legacy/profiles:/:b1dcc9dd-5262-4d8d-a863-c897e6d979b9/word-char-exceptions '@ms "-,.;/?%&#_=+@~·:"'

It looks like you don’t have to restart Gnome-Terminal.

http://fedora.12.x6.nabble.com/gnome-terminal-amp-select-by-word-characters-td5043736.html

To see notifications on irssi, use XTerm color theme, rather than the default “Tango” theme: XTerm theme has a better contrast.

Android

Samsung S2, delete logs on internal storage:

  • dial *#9900#
  • click on: “Delete dumpstate/logcat”

Free space on the 16 GB SD card:

  • install CCleaner
  • Free space using CCleaner

Avoid music applications (Spotify, radio) to stop when idle (phone locked):

  • Parameters > Network > Save data > select application: allow your music applications
  • Parameters > Batterie > Applications: allow your music applications

IRC

List operators of channel:

/msg ChanServ access #python-fr list

Give operator permission to someone:

/msg ChanServ flags #python-fr skyice +Aeiortv

#python-dev flags to prevent people who are not logged in to an account from talking:

/mode #python-dev -q $~a

SSH keygen

Create an SSH key:

ssh-keygen -t ed25519 -o -a 100 -C "haypo2017" -f ssh_key
  • -t: key type, http://ed25519.cr.yp.to/
  • -a 100: use 100 rounds of the key derivation function for the passphrase, increase resistance to brute-force password cracking
  • -C: comment
  • -f: filename
  • -o: save private keys using the new OpenSSH format, increased resistance to brute-force password cracking (in fact, -t ed25519 already enables this option)

Issues with ed25519:

Links:

SSH agent:

  • Modify /etc/pam.d/* to lines containing “pam_gnome_keyring.so”
  • Make sure that login still works after the change!!!

Gnome and SSH passphrase:

sudo dnf install -y openssh-askpass

Replace gnome-keyring with ssh-agent to support elliptic curves:

Fedora process:

/usr/bin/gnome-keyring-daemon --daemonize --login

Disable gnome-keyring:

mkdir -p ~/.config/autostart/
cp /etc/xdg/autostart/gnome-keyring-ssh.desktop ~/.config/autostart/
echo "X-GNOME-Autostart-enabled=false" >>~/.config/autostart/gnome-keyring-ssh.desktop

See also https://wiki.archlinux.org/index.php/GNOME/Keyring#Disable_keyring_daemon_components

Enable pam_ssh in PAM config:

(FR) Transport aérien

Gnome

My CSS theme for window colored borders: https://github.com/vstinner/misc/blob/master/conf/gtk.css

https://wiki.gnome.org/Projects/GnomeShell/CheatSheet

gsettings set org.gnome.desktop.wm.preferences focus-new-windows ‘strict’

Yubikey

tmux

  • tmux attach
  • tmux ls
  • CTRL+b …
    • [: navigation (scroll), ‘q’ to quit navigation mode
    • d: detach
    • c: new window
    • n / p: next/previous window
    • :: open the command line (“prompt”)
    • ,: name the window
    • w: window list
    • &: kill the window
  • Command line or “prompt” (opened by CTRL+b :):
    • list-sessions
  • tmux shortcuts & cheatsheet

Debug Python

  • Add printf(…) of fprintf(stderr, …)
  • Comment, remove code, add #if 0 … #endif
  • Run git bisect
  • Use my new script to bisect test methods
  • gdb
  • pdb, pudb

NFS

Server side

  • /etc/exports: list of shared directories
  • sudo exportfs -af: reload NFS configuration (like /etc/exports)

Client side

  • Mount: sudo mount -t nfs -o soft smithers:/server/shared/directory /local/mount/point. The soft option allows NFS to make syscalls failing if the server is no more reachable.
  • Unmount: sudo umount -f /local/mount/point, -f allows to unmount even if the server is unreachable.

Release a Python software

  • pip install check-manifest
  • pip install prospector[pyroma]; prospector
  • zest.releaser

macOS

Malware

Firefox malware: “Websecure WTC”, system load near 10, CPU usage higher than 99%. Remove manually in Firefox extensions.

Anti-malware: don’t trust the internet, full of crap. Search in AppStore.

Untested yet: free Bitdefender.

xcode

“missing xcrun” error when running “make”, install Xcode:

xcode-select --install

Rounding

Wikipedia: https://en.wikipedia.org/wiki/Rounding

Rounding modes for floating point numbers:

  • ROUND_FLOOR: Round towards minus infinity (-inf).
    • C: floor()
    • Python: math.floor(float)
    • Python: math.floor(-0.1) == -1
    • Python: math.floor(0.9) == 0
    • For example, used to read a clock.
  • ROUND_CEILING: Round towards infinity (+inf).
    • Python: math.ceil(float)
    • Python: math.ceil(0.1) == 1
    • Python: math.ceil(-0.1) == 0
  • ROUND_HALF_EVEN: Round to nearest with ties going to nearest even integer.
    • For example, used to round from a Python float.
    • Python: round(float)
    • Python: round(0.5) == 0
    • Python: round(1.5) == 2
    • Python: round(2.5) == 2
    • This is the default rounding mode used in IEEE 754 floating-point operations.
  • ROUND_UP: Round away from zero.
    • For example, used for timeout. ROUND_CEILING rounds -1e-9 to 0 milliseconds which causes bpo-31786 issue. ROUND_UP rounds -1e-9 to -1 millisecond which keeps the timeout sign as expected. select.poll(timeout) must block for negative values.
  • ROUND_DOWN: Round towards zero.
    • C: (int)double, ex: (int)0.9 == 0
    • Python: int(float)
    • Python: int(0.9) == 0
    • Python: int(-0.9) == 0
    • Python: float.__trunc__()

Other rounding modes (ex: Python decimal module):

  • ROUND_HALF_DOWN: Round to nearest with ties going towards zero.
  • ROUND_HALF_UP: Round to nearest with ties going away from zero.
  • ROUND_05UP: Round away from zero if last digit after rounding towards zero would have been 0 or 5; otherwise round towards zero.

IEEE 754 defines 4 modes:

  • ROUND_HALF_EVEN: default mode
  • ROUND_FLOOR
  • ROUND_CEILING
  • ROUND_DOWN

Links:

Linux: follow process execution

wget mirror

Download a “Index of” Apache listing and subdirectories, but not parents.

wget –mirror –no-parent -e robots=off URL

robots=off is needed to downloda OpenStack CI logs, since the robots.txt disallow everything.

dd

Write a raw image to a USB key:

lsblk # check if the USB key is connected
sudo dd if=bios.img of=/dev/disk/by-id/usb-LEXAR_JUMPDRIVE_0A4F1007191812160305-0\:0 status=progress oflag=direct

ssh-agent

List keys of ssh-agent:

ssh-add -l

Add a key:

ssh-add ~/.ssh/id_rsa

Remove all keys:

ssh-add -D

stdin, stdout, stderr buffering

Unbuffered standard streams with the stdbuf tool:

stdbuf -i0 -o0 -e0 producer | consumer

Line buffering:

stdbuf -oL -eL command

See also unbuffer.

Copy for backup using rsnyc

Commands:

$ sudo mount -o uid=haypo,gid=haypo,utf8 /dev/disk/by-label/DataSeagate /mnt/usb/
$ rsync --archive --verbose --progress -r /btrfs/data/videos/  /mnt/usb/videos/

virt-manager: virtual network

Enable Router Advertissement on your phyiscal devices.

  • Create file /etc/sysctl.d/60-victor-network.conf:

    net.ipv6.conf.enp0s31f6.accept_ra = 2
net.ipv6.conf.wlp4s0.accept_ra = 2

    where enp0s31f6 and wlp4s0 are my physical NICs.

  • Run:

    sudo systemctl restart systemd-sysctl

Virt-manager, create a network:

  • Right click on a domain, Detail: Network, Add a network
  • IPv4 Network: 192.168.100.0/24 ; enable DHCP
  • IPv6 Network: fd00:e81d:a6d7:5ab8::/64 ; enable DHCPv6
  • Give access to any physical NIC

KDE Connect on Fedora

Commands:

sudo dnf install kde-connect-nautilus
sudo firewall-cmd --zone=public --permanent --add-port=1714-1764/tcp
sudo firewall-cmd --zone=public --permanent --add-port=1714-1764/udp
sudo systemctl restart firewalld.service

See also https://community.kde.org/KDEConnect

docker

sudo docker pull ubuntu:trusty sudo docker run -ti ubuntu:trusty /bin/bash root@xxx# exit sudo docker commit xxx pet sudo docker run -ti pet /bin/bash sudo docker container ps sudo docker container ps -a

SELinux

Display SELinux alerts in Gnome: sealert.

Dummy command to restore SELinux labels on the whole operating system:

restorecon -Rv /

Config file:

[vstinner@fedora27 ~]$ cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Check current SELinux config:

[vstinner@fedora27 ~]$ getenforce
Enforcing

Shell

  • sh is supposed to be the minimalist shell (faster, but less feature)
  • bash has more feature and is quite common, but not available by default on FreeBSD for example.
  • dash is a minimalist shell used as ‘sh’ on Debian

Test:

  • [ is a program: /usr/bin/[ on Linux
  • man test
  • man [ # sometimes display bash manual page
  • [[ … ]] is a bash built-in, so specific to bash

Misc:

Debug TLS issue

Use OpenSSL client:

openssl s_client -connect bugs.python.org -port 443

See https://github.com/python/psf-infra-meta/issues/4

Dump Python SSLContext configuration:

def dump_context(context):
     print("ciphers:", ":".join([cipher['name'] for cipher in context.get_ciphers()]))
     print("proto", context.protocol)
     print("opts", context.options)
     print("opts", context.verify_mode, context.verify_flags)
     print("min/max ver", context.minimum_version, context.maximum_version)
     print("cert stats", context.cert_store_stats())

On Fedora 29, Python is compiled with ./configure --with-ssl-default-suites=openssl: ssl.SSLContext constructor doesn’t call SSL_CTX_set_cipher_list() and so uses OpenSSL default cipher list.

See also Python SSL and TLS security.

test_asyncio fails on RHEL8, or on Fedora using NEXT security policy. Fedora and RHEL have a update-crypto-policies system command to change the crypto policy

Python can now use OpenSSL default cipher list: TLS cipher suite compile time option for downstream, creation of ./configure --with-ssl-default-suites=openssl option (enabled on Fedora).

Use nmap to scan for ciphers: https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

By default, OpenSSL reads configuration files for TLS:

$ ls -l /etc/crypto-policies/back-ends/openssl*.config
/etc/crypto-policies/back-ends/opensslcnf.config -> /usr/share/crypto-policies/DEFAULT/opensslcnf.txt
/etc/crypto-policies/back-ends/openssl.config -> /usr/share/crypto-policies/DEFAULT/openssl.txt

$ cat /etc/crypto-policies/back-ends/openssl.config
@SECLEVEL=1:kEECDH:-kRSA:kEDH:-AES-128-GCM:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-SHA1:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8

$ cat /etc/crypto-policies/back-ends/opensslcnf.config
CipherString = @SECLEVEL=1:kEECDH:-kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-SHA1:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
MinProtocol = TLSv1

Matrix

git

Error:

$ git gc
fatal: impossible de lire
378a172cc98d7bc8dc5b6a304ec47cf4f24276ca
fatal: failed to run repack

$ git fsck --connectivity-only
broken link from    tree     30d4ac5eb9e7bbc9104e0b8117c7eccf0ca7d68c
              to    blob     378a172cc98d7bc8dc5b6a304ec47cf4f24276ca
...

Fix:

git -c gc.reflogExpire=0 -c gc.reflogExpireUnreachable=0 -c gc.rerereresolved=0 -c gc.rerereunresolved=0 -c gc.pruneExpire=now gc

Try also:

git reflog expire --expire-unreachable=now --all
git gc --prune=now

Check:

git fsck --connectivity-only

Thunderbird

Use multiple profiles:

thunderbird -ProfileManager

Debug network issue to a website

If https://github.com looks down:

  • Test network connectivity using ICMP:
    • ping github.com
    • traceroute github.com
    • mtr github.com
  • Test HTTPS:
    • time curl --verbose https://github.com/
    • time wget -O- https://github.com/
    • TLS v1.0: time curl --tlsv1.0 --verbose https://github.com/
    • HTTP2: time curl --http2 --verbose https://github.com/
  • Test SSL/TLS handshake:
    • time openssl s_client -connect github.com:443
    • SSLv3: time openssl s_client -connect github.com:443 -ssl3
    • TLS v1.0: time openssl s_client -connect github.com:443 -tls1_0
    • TLS v1.1: time openssl s_client -connect github.com:443 -tls1_1
    • TLS v1.2: time openssl s_client -connect github.com:443 -tls1_2

Valgrind

Search for memory leak: malloc() not followed by free(), limit the call stack to 20 frames:

PYTHONMALLOC=malloc valgrind --leak-check=full  --num-callers=20 ./python x.py

Valgrind with gdb server to inspect a bug in gdb:

# First terminal
valgrind --vgdb=yes --vgdb-error=0 program [arg1 arg2 ...]

# Second terminal
gdb
# then type in gdb:
# (gdb) target remote | vgdb

Generate a suppression for a false alarm:

--gen-suppressions=yes

Python issues related to Valgrind:

Bash

Replace name.py string with name, remove .py suffix:

script="name.py"
# display "name"
echo ${script:0:-3}

<<< injects a string as a stdin pipe, it adds a newline character:

$ echo hello | wc -c 6 $ wc -c <<<’hello’ 6

Floating point number

Binary IEEE 754:

Other:

  • GMP: free library for arbitrary precision arithmetic, operating on signed integers, rational numbers, and floating-point numbers.
  • MPFR: multiple-precision floating-point computations with correct rounding. MPFR is based on the GMP multiple-precision library.
  • MPFI: multiple precision interval arithmetic library based on MPFR

Mount a filesystem from a disk

Create a 100 MB XFS filesystem in a file:

dd if=/dev/zero of=xfs_disk bs=1M count=100
mkfs.xfs xfs_disk

Mount it (need root):

sudo losetup /dev/loop0 xfs_disk
mkdir mnt
sudo mount -o loop xfs_disk mnt/
cd mnt
# allow my user to write in /
sudo chown $USER: .

Umount it:

sudo umount mnt/
rmdir mnt/

Mplayer

Increase maxiumum volume:

mplayer -softvol -softvol-max 300 video.avi

Virtualization: run an AArch64 VM on x86-64

Before starting virt-manager, install (edk2-aarch64 is for UEFI):

sudo dnf install qemu-system-aarch64 edk2-aarch64

In virt-manager, pick “arch: AArch64” in the first dialog of the wizard.

Debug or analyze glibc malloc()

https://pagure.io/glibc-malloc-trace-utils/

Coredump Linux

Default configuration:

$ cat /proc/sys/kernel/core_pattern
|/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h

Create coredump file in the current directory:

sudo bash -c 'echo "%e.%p.core" > /proc/sys/kernel/core_pattern'

Create coredump filename like python-123.core.

Maximum core dump size:

$ ulimit -c
unlimited

Test:

$ ./python -c 'import ctypes; ctypes.string_at(0)'
Segmentation fault (core dumped)
$ ls *.core
python.347656.core

See also man core.

Enter namespace filesystem of a Flatpak application or container

If a Flatpak application is the pid 76688, inspect the process with:

  • /proc/76688/root/ : Filesystem of the process.
  • /proc/76688/mountinfo : Mount informations
  • /proc/76688/ns/mnt : points to “mnt:[4026533594]”

For example, in a Flatpak application, the first line of mountinfo is something like “(…) /newroot / rw,nosuid,nodev,relatime - tmpfs tmpfs (…)” which means that the whole operating system is in memory, not on disk. Only following mounts can map to directories on the machine disk.

See also the nsenter command, and ip netns help for network namespaces.