Re: [Toybox] Microsoft github took down the xz repo.
On Tue, Apr 16, 2024 at 07:53, Rob Landley wrote: >>> Going through the list of "minimal tools" on https://suckless.org/rocks/, > > Not really a fan of that site. I did a roadmap section on them long ago > (https://landley.net/toybox/roadmap.html#sbase), but I'm trying to implement > mostly compatible versions of things that already exist, and they're trying to > invent new things that didn't previously exist because https://xkcd.com/927/ > which I mostly consider fragmentation rather than helping, and I try not to > encourage them. sbase is dead, suckless spends most of their time Implementing X applications and other useful tools. I don’t like them due to their community being very insular, but that’s another problem. Funnily enough, sbase’s readme mentions toybox in “List of commands we implement”. But I don’t think pulls in toybox code. > You're once again telling me what I did was not good enough for you, and that > I am wrong, and must change to suit you Um… yes? That is a very dramatic way to describe the development process of every single piece of software. Isn’t any patch or feature request ever submitted “this is “not good enough” to fit my use case. Can we change it so it does?” Your project is really cool; that is why I am here. Compacting over 200 command line tools into under 500k of executable space is a amazing feat. That being said, does that make it perfect? If it was perfect, what reason would I need to be here? Lashing out at me for being abrasive (a model I largely picked up from you and how you interact with projects like Linux-kernel, by the way) is one thing. Lashing out at me Because “you are admitting that my work isn’t absolutely flawless and trying to get work done to remedy it” is… >>> But to have a solution, you must have a problem. The 2 main issues I have >>> with the current git management >>> are the fact > > I'm very tired. There is nothing stopping you from taking a break. I submit most of my emails to you with the assumption that you’ll get it to eventually, This being one of them. > I do not have source tree snapshots up. Kinda hard to do in a static manner > without uploading rather a LOT of files The full tree only contains a few hundred files, the table of commits has 11000 I think counting the symlinks > https://en.wikipedia.org/wiki/Teaching_grandmother_to_suck_eggs I’ve personally never seen “Don’t do research and post the products of it showing what you know which helps understand why I think something is a good solution because someone else has already done that and Thought of absolutely everything 100% guaranteed” A productive development model, but you’ve probably Already thought of it, so I shouldn’t do any research on it… - Oliver Webb P.S. I personally don’t mind and can deal with the model of “Ruthless Pragmatism”. But when the complainants are “you are saying my code isn’t perfect and suggesting changes” and “you are doing research I already did years ago (sorry for not magically knowing that or even (*dramatic gasp*) peer reviewing it) and mentioning it to form a coherent model to base your suggestions on.”, I fail to see what “pragmatism” has to do with any of it…___ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
Re: [Toybox] Microsoft github took down the xz repo.
On 4/15/24 03:53, Jarno Mäkipää wrote: > On Sun, Apr 14, 2024 at 9:14 AM Oliver Webb via Toybox > wrote: >> >> To revive a old thread with new technical info I stumbled upon: >> >> On Saturday, March 30th, 2024 at 15:58, Rob Landley wrote: >> >> > I set up gitea for Jeff on a j-core internal server, and it was fine >> > except it >> > used a BUNCH of memory and cpu for very vew users. Running cgi on >> > dreamhost's >> > servers is a bother at the best of times (I don't want to worry about >> > exploits), >> > and the available memory/CPU there is wind-up toy levels. >> > >> > My website is a bunch of static pages rsynced into place, some of which use >> > xbithack to enable a crude #include syntax, and that's about what the >> > server can >> > handle. >> >> Going through the list of "minimal tools" on https://suckless.org/rocks/, Not really a fan of that site. I did a roadmap section on them long ago (https://landley.net/toybox/roadmap.html#sbase), but I'm trying to implement mostly compatible versions of things that already exist, and they're trying to invent new things that didn't previously exist because https://xkcd.com/927/ which I mostly consider fragmentation rather than helping, and I try not to encourage them. >> I stumbled >> upon a git frontend called stagit >> (https://git.codemadness.org/stagit/file/README.html) >> which the suckless project uses as it's git frontend. When microsoft bought github I mirrored my repo on my website so you could pull it from there, but doing that doesn't have any web interface so I did a quick and dirty bash script to upload the "git format-patch" of each commit, with symlinks from the 12 character hash to the full hash (because doing _each_ one was an insanely slow exercise in inode exhaustion). You're once again telling me what I did was not good enough for you, and that I am wrong, and must change to suit you. >> But to have a solution, you must have a problem. The 2 main issues I have >> with the current git management >> are the fact I'm very tired. >> there doesn't seem to be a way to clone the current repo directly from >> landley.net (Making Microsoft >> GitHub the middleman). $ git annotate www/header.html | grep -w git fb47b0120 (Rob Landley2021-09-12 14:33:36 -0500 30) https://landley.net/toybox/git>local $ git show fb47b0120 commit fb47b0120f7aa73c0821a8c55e15540d83baed01 Author: Rob Landley Date: Sun Sep 12 14:33:36 2021 -0500 Add a local git mirror (todo item since github was acquired)... diff --git a/www/git/index.html b/www/git/index.html new file mode 100644 index ..bade8d1b --- /dev/null +++ b/www/git/index.html @@ -0,0 +1 @@ +Not browseable: git clone https://landley.net/toybox/git $ git log scripts/git-static-index.sh commit 990e0e7a40e4509c7987a190febe5d867f412af6 Author: Rob Landley Date: Sat Dec 24 06:34:11 2022 -0600 Script to put something browseable in https://landley.net/toybox/git https://landley.net/notes-2022.html#22-12-2022 >> And the fact I can't browse the source code without github or android code >> search acting as >> the middleman I do not have source tree snapshots up. Kinda hard to do in a static manner without uploading rather a LOT of files (and even if you upload each version of "git log" for each file and create an index file for each commit with the ls -lR of the whole tree linking to the relevant version, the URLs to the files are ugly. I can do it, but don't really want to? Linking to individual lines of the file while also having the raw text kinda implies uploading two versions and I just dowanna. Oh, and dreamhost's server config doesn't have sane file associations for all the types so if I put up a .c file it wants to DOWNLOAD it instead of displaying it as text and trying to .htaccess that more of a pain than I'm up for, so I would wind up having blah.c.txt and blah.c.html files and that's just ugly...) Plus, syntax highlighting: you'd THINK there would be some nice linux syntax highlighting packages out there but not counting "use vi" (which doesn't work for me anyway, :syntax = "E319: Sorry, the command is not available in this version")... Searching around I found https://github.com/alecthomas/chroma which is very proud that it's written in "pure go"... except it's a wrapper for a python library, and python's runtime is written in C, so DEFINE PURE... Digging into the aforementioned python (don't get me started) library, the "python-pigmentize" package installs the man page for a command "pygmentize", and the bash completion for the command pygmentize, but does not install the actual command in the $PATH (or anywhere, according to dpkg-query -L python-pygments). That's the point at which I gave up and decided to give my talk using the github page to highlight the code, which txlf projected onto a screen with the room lights on and everything was so washed out you couldn't see any colors anyway. *shrug* Yes, I've thought about it.
Re: [Toybox] Microsoft github took down the xz repo.
On Sun, Apr 14, 2024 at 9:14 AM Oliver Webb via Toybox wrote: > > To revive a old thread with new technical info I stumbled upon: > > On Saturday, March 30th, 2024 at 15:58, Rob Landley wrote: > > > I set up gitea for Jeff on a j-core internal server, and it was fine except > > it > > used a BUNCH of memory and cpu for very vew users. Running cgi on > > dreamhost's > > servers is a bother at the best of times (I don't want to worry about > > exploits), > > and the available memory/CPU there is wind-up toy levels. > > > > My website is a bunch of static pages rsynced into place, some of which use > > xbithack to enable a crude #include syntax, and that's about what the > > server can > > handle. > > Going through the list of "minimal tools" on https://suckless.org/rocks/, I > stumbled > upon a git frontend called stagit > (https://git.codemadness.org/stagit/file/README.html) > which the suckless project uses as it's git frontend. And from looking at it, > works purely > via static pages and is fairly minimal (2000 LOC in pure C with only non-libc > dependency being > libgit2. One of it's "cons" is that it's "slow on repo's with 2000+ commits > due to diff > generation", And then says that it takes 3s to run on a repo with 1500 > commits). Have you considered it? > > The main downside of it is that it's MIT Licensed, which means if you wanted > to bundle it > in with the main repo there could be be licensing kerfuffles to deal with. > > But to have a solution, you must have a problem. The 2 main issues I have > with the current git management > are the fact there doesn't seem to be a way to clone the current repo > directly from landley.net (Making Microsoft > GitHub the middleman). And the fact I can't browse the source code without > github or android code search acting as > the middleman (This is a problem I've actually ran into on networks where > github is blocked for some utterly insane > reason, meaning I have to go to android code search to read through the code > occasionally). have you tried cloning the repo? seems to work fine to me. $> git clone https://landley.net/toybox/git/ toybox > > The first of these seems near impossible to solve with _only_ static > webpages, since a git server is not > a static thing. I don't know yet tho. Git repo with read-only access over http(s) is a static thing. you dont need dedicated git spesific server software in order to give simple pull access. Just host your git folder with any generic http/https server that can host folder of files and knows atleast simple GET request. https://dev.to/chr15m/git-hacks-self-host-a-minimal-git-repo-over-ssh-388h so you can just serve your git folder with any http server (example with bloated python3. httpd should work fine but needs more setup) $>python -m http.server --directory whereever/mybare_repo.git then clone $>git clone http://localhost:8000/ test > The second one seems easier though, copying or maybe symlinking stuff from > the source directory with "find" > in a pipeline with bash to make a simple, browse-able tree would take > probably take a few dozen lines of > at most, It could also probably just be an rsync command if you don't want to > worry about listing out directory > contents. > > Both of these problems are remediable now, but in a year they might not be > (ProtonMail just said "If you > don't sign in for a long enough time we will delete all your data" like > Google drive is doing, it's not > hard to imagine Microsoft GitHub doing a similar thing with accounts they > locked out by their 2FA crusade) > Rob, Are you interested in future-proofing the codebase from whatever GitHub > and AOSP decide to do? This is a situation > where I'd normally create a patch and let Rob decide whether to apply it or > not. But since I probably shouldn't > put the source tree inside the commit/ folder, and this operation can be done > with a fancy rsync invocation > I'm not sure if writing any code is the correct solution. > > Thanks, > > - Oliver Webb > > > ___ > Toybox mailing list > Toybox@lists.landley.net > http://lists.landley.net/listinfo.cgi/toybox-landley.net Jarno ___ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
Re: [Toybox] Microsoft github took down the xz repo.
To revive a old thread with new technical info I stumbled upon: On Saturday, March 30th, 2024 at 15:58, Rob Landley wrote: > I set up gitea for Jeff on a j-core internal server, and it was fine except it > used a BUNCH of memory and cpu for very vew users. Running cgi on dreamhost's > servers is a bother at the best of times (I don't want to worry about > exploits), > and the available memory/CPU there is wind-up toy levels. > > My website is a bunch of static pages rsynced into place, some of which use > xbithack to enable a crude #include syntax, and that's about what the server > can > handle. Going through the list of "minimal tools" on https://suckless.org/rocks/, I stumbled upon a git frontend called stagit (https://git.codemadness.org/stagit/file/README.html) which the suckless project uses as it's git frontend. And from looking at it, works purely via static pages and is fairly minimal (2000 LOC in pure C with only non-libc dependency being libgit2. One of it's "cons" is that it's "slow on repo's with 2000+ commits due to diff generation", And then says that it takes 3s to run on a repo with 1500 commits). Have you considered it? The main downside of it is that it's MIT Licensed, which means if you wanted to bundle it in with the main repo there could be be licensing kerfuffles to deal with. But to have a solution, you must have a problem. The 2 main issues I have with the current git management are the fact there doesn't seem to be a way to clone the current repo directly from landley.net (Making Microsoft GitHub the middleman). And the fact I can't browse the source code without github or android code search acting as the middleman (This is a problem I've actually ran into on networks where github is blocked for some utterly insane reason, meaning I have to go to android code search to read through the code occasionally). The first of these seems near impossible to solve with _only_ static webpages, since a git server is not a static thing. I don't know yet tho. The second one seems easier though, copying or maybe symlinking stuff from the source directory with "find" in a pipeline with bash to make a simple, browse-able tree would take probably take a few dozen lines of at most, It could also probably just be an rsync command if you don't want to worry about listing out directory contents. Both of these problems are remediable now, but in a year they might not be (ProtonMail just said "If you don't sign in for a long enough time we will delete all your data" like Google drive is doing, it's not hard to imagine Microsoft GitHub doing a similar thing with accounts they locked out by their 2FA crusade) Rob, Are you interested in future-proofing the codebase from whatever GitHub and AOSP decide to do? This is a situation where I'd normally create a patch and let Rob decide whether to apply it or not. But since I probably shouldn't put the source tree inside the commit/ folder, and this operation can be done with a fancy rsync invocation I'm not sure if writing any code is the correct solution. Thanks, - Oliver Webb ___ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
Re: [Toybox] Microsoft github took down the xz repo.
On 3/30/24 15:16, Oliver Webb wrote: > On Saturday, March 30th, 2024 at 15:06, Rob Landley wrote: >> FYI, Microsoft Github disabled the xz repository because it became >> "controversial" (I.E. there was an exploit in the news). >> >> https://social.coop/@eb/112182149429056593 >> >> https://github.com/tukaani-project/xz > > They couldn't have removed commit access for the trojan horse and got on with > their lives? Mastodon's been talking about this at length all day: https://mstdn.social/@rysiek/112184610302366603 https://hachyderm.io/@dalias/112182128889536710 https://cyberplace.social/@GossiTheDog/112184645230558304 https://social.secret-wg.org/@julf/112184194797977290 https://mastodon.social/@richlv/112180479433832095 And a lot of things the discussion was linking to went away. Oh well... >> I'm assuming if toybox ever has a significant bug, microsoft would respond by >> deleting the toybox repository. There's a reason that I have >> https://landley.net/toybox/git on my website, and my send.sh script pushes to >> that before pushing to microsoft github. > > As much as it doesn't matter, I've wondered what git web frontend you use, > The html source for > the massive table of commits doesn't give a copyright notice. https://github.com/landley/toybox/blob/master/scripts/git-static-index.sh https://landley.net/notes-2022.html#22-12-2022 > Do you just have a script make > a table out of "git log"? Furthermore, have you considered using cgit or > gitea or another > fancier git frontend for your own site? I engaged with cgit at one point and found it overcomplicated and unpleasant. I set up gitea for Jeff on a j-core internal server, and it was fine except it used a BUNCH of memory and cpu for very vew users. Running cgi on dreamhost's servers is a bother at the best of times (I don't want to worry about exploits), and the available memory/CPU there is wind-up toy levels. My website is a bunch of static pages rsynced into place, some of which use xbithack to enable a crude #include syntax, and that's about what the server can handle. > There is also the issue of you not being able to push commits to the github > repo because > github is forcing everyone to use 2FA. I haven't been hit by that yet for some reason. I push from the command line anyway (which is basically ssh), so if I lost website access I could presumably still update the README to let people know where to go. Rob ___ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
Re: [Toybox] Microsoft github took down the xz repo.
On 3/30/24 15:11, Rob Landley wrote: > upstream of the xz-embedded repo with the public domain code I cloned is: > > https://git.tukaani.org/xz-embedded.git > > Which is still available. Although now that I look at it, a5390fd368f8 in september is the last commit that wasn't from the backdoor guy anyway, so nothing new of interest. Rob ___ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
Re: [Toybox] Microsoft github took down the xz repo.
On Saturday, March 30th, 2024 at 15:06, Rob Landley wrote: > FYI, Microsoft Github disabled the xz repository because it became > "controversial" (I.E. there was an exploit in the news). > > https://social.coop/@eb/112182149429056593 > > https://github.com/tukaani-project/xz They couldn't have removed commit access for the trojan horse and got on with their lives? > I'm assuming if toybox ever has a significant bug, microsoft would respond by > deleting the toybox repository. There's a reason that I have > https://landley.net/toybox/git on my website, and my send.sh script pushes to > that before pushing to microsoft github. As much as it doesn't matter, I've wondered what git web frontend you use, The html source for the massive table of commits doesn't give a copyright notice. Do you just have a script make a table out of "git log"? Furthermore, have you considered using cgit or gitea or another fancier git frontend for your own site? There is also the issue of you not being able to push commits to the github repo because github is forcing everyone to use 2FA. > Luckily the xz guys don't seem to trust microsoft github either, because the > upstream of the xz-embedded repo with the public domain code I cloned is: > > https://git.tukaani.org/xz-embedded.git > > Which is still available. - Oliver Webb ___ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
[Toybox] Microsoft github took down the xz repo.
FYI, Microsoft Github disabled the xz repository because it became "controversial" (I.E. there was an exploit in the news). https://social.coop/@eb/112182149429056593 https://github.com/tukaani-project/xz I'm assuming if toybox ever has a significant bug, microsoft would respond by deleting the toybox repository. There's a reason that I have https://landley.net/toybox/git on my website, and my send.sh script pushes to that _before_ pushing to microsoft github. Luckily the xz guys don't seem to trust microsoft github either, because the upstream of the xz-embedded repo with the public domain code I cloned is: https://git.tukaani.org/xz-embedded.git Which is still available. Rob ___ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
