Yuvi Panda

JupyterHub | MyBinder | Kubernetes | Open Culture

systemd gui applications

Update: There’s a follow-up post with a simpler solution now.

Ever since I read Jessie Frazelle’s amazing setup (1, 2, 3) for running GUI applications in docker containers, I’ve wanted to do something similar. However, I want to install things on my computer - not in docker images. So what I wanted was just isolation (no more Chrome / Firefox freezing my laptop), not images. I’m also not as awesome (or knowledgeable!) as Jess, so will have to naturally settle for less…

So I am doing it in systemd!

Before proceeding, I want to warn y’all that I don’t entirely know what I am doing. Don’t take any of this as security advice, since I don’t entirely understand X’s security model. Works fine for me though!

GUI applications

I started out using a simple systemd templated service to launch GUI applications, but soon realized that systemd-run is probably the better way. So I’ve a simple script, /usr/local/bin/safeapp:

#!/bin/bash
exec sudo systemd-run  \
    -p CPUQuota=100% \
    -p MemoryMax=70% \
    -p WorkingDirectory=$(pwd) \
    -p PrivateTmp=yes \
    -p NoNewPrivileges=yes \
    --setenv DISPLAY=${DISPLAY} \
    --setenv DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS} \
    --uid ${USER} \
    --gid ${USER} \
    --quiet \
    "$1"

I can run safeapp /opt/firefox/firefox now and it’ll start firefox inside a nice systemd unit with a 70% Memory usage cap and CPU usage of at most 1 CPU. There’s also other minimal security stuff applied - NoNewPrivileges being the most important one. I want to get ProtectSystem + ReadWriteDirectories going too, but there seems to be a bug in systemd-run that doesn’t let it parse ProtectSystem properly…

Also, there’s an annoying bug in systemd v231 (which is what my current system has) - you can’t set CPUQuotas over 100% (aka > 1 CPU core). This is annoying if you want to give each application 3 of your 4 cores (which is what I want). Next version of Ubuntu has v232, so my GUI applications will just have to do with an aggregate of 1 full core until then.

The two environment variables seem to be all that’s necessary for X applications to work.

And yes, this might ask you for your password. I’ll clean this up into a nice non-bash script hopefully soon, and make all of these better.

Anyway, it works! I can now open sketchy websites with scroll hijacking without fear it’ll kill my machine!

CLI

I wanted each tab in my terminal to be its own systemd service, so they all get equitable amount of CPU time & can’t crash machine by themselves with OOM.

So I’ve this script as /usr/local/bin/safeshell

`#!/bin/bash
exec sudo systemd-run \
    -p CPUQuota=100% \
    -p MemoryMax=70% \
    -p WorkingDirectory=$(pwd) \
    --uid yuvipanda \
    --gid yuvipanda \
    --quiet \
    --tty \
    /bin/bash -i

The --tty is magic here, and does the right things wrt passing the tty that GNOME terminal is passing in all the way to the shell. Now, my login command (set under profile preferences > command in gnome-terminal) is sudo /usr/local/bin/safeshell. In addition, I add the following line to /etc/sudoers:

%sudo ALL = (root) NOPASSWD:SETENV: /usr/local/bin/safeshell

This + just specifying the username directly in safeshell are both hacks that make me cringe a little. I need to either fully understand how sudo’s -E works, or use this as an opportunity to learn more Go and make a setuid binary.

To do

[ ] Generalize this to not need hacks (either with better sudo usage or a setuid binary) [ ] Investigate adding more security related options. [ ] Make these work with desktop / dock icons.

I’d normally have just never written this post, on account of ‘oh no, it is imperfect’ or something like that. However, that also seems to have come in the way of ability to find joy in learning simple things :D So I shall follow b0rk’s lead in spending time learning for fun again :)

things to learn

Keeping a running list of things I want to learn!

There’s also a list of things I want to build.

  • How to use org mode properly? Should I use it for notes over markdown?
  • Develop a deep understanding of how networks work.
  • How do linux network namespaces work?
  • How to run GUI apps with systemd?
  • What exactly is a ‘tty’?
  • How does HTTP2 actually work?
  • How do X509 / TLS certificates work?
  • How to use cgroups directly?
  • Can I just use emacs terminals for all my terminal needs?
  • How does NFS work, and why is it so crappy?
  • How does ssh work?
  • How does mosh work?
  • How do contact lenses work? HOW DO LENSES WORK?
  • Can I simply run a local DNS recursor on my laptop for performance & blocking me from visiting the orange website?
  • What is SELinux? Why and how would I use it?
  • What is AppArmor? Why and how would I use it, over SELinux?
  • What is seccomp, and when/why/how would I use it?

If you know of resources that’ll help me learn these things, do let me know!

moving to hugo

I’m attempting to now blog at http://words.yuvi.in, using hugo rather than wordpress.

Over the last few years, IRC, Twitter & WhatsApp have ruined my public writing. I shall now slowly attempt to bring that back :)

liberal software

I ran into this thought provoking though when randomly attempting to relax this weekend. There’s a summary at LWN if you do not want to watch the talk - but as the lwn summarizer admits, the video definitely conveys things that are hard to capture on text.

The core takeaway for me is to think about:

what is the future of free and open-source software? The answer was: it has no future.

This seems somehow connected to ‘democratizing programming’, which I had earlier given a talk about. Somehow, it feels like there needs to be an update / rebirth of the GNU Freedoms for the world we live in.

my first protest

I went to the protests at SFO last weekend. It was the first real set of protests I’ve been to. I write this to attempt to capture a sliver of what I felt that day.

I was there for about 10h on day 1, and came home exhausted. I went back on Day 2, and this time stayed for much shorter period of time (~4h?) before heading back home.

To everyone who was at the protest even if it does not directly affect you yet - thank you!

To the wonderful amazing women of color who were leading the protest - thank you. You are an inspiration.

To the brass band and the troupe of drummers who showed up - thank you!

To the people I already know from other contexts who I ran into at the protest - thank you!

To those who were protesting for the first time in their lives (as I was) - thank you!

To the fucking ACLU - thank you! I’ll send you all the money I can :)

To the people who provided infrastructure (food, water, snacks, first aid, printers, internet, etc) - thank you!

To the journalists who covered this - thank you.

I woke up that saturday feeling very depressed, angry, and helpless. By sunday night, I was only depressed and angry - but not helpless. The number and variety of people at the protests was very heartwarming, and made me feel distinctly not alone. Before going I was not sure what going to a protest accomplishes. I still do not know - but I know it gave me hope and restored my sense of agency.

I promise I’ll continue doing all I can, even and especially when it is about things that do not affect me yet. I hope you do too.

What hurts the victim most is not the cruelty of the oppressor but the silence of the bystander

- from a sign at the protest

making twitter useful again

I’ve unfollowed everyone I follow on Twitter, and am slowly starting back up from scratch. I’m only going to follow people who are:

  1. Underrepresented people in Tech (as broadly construed)
  2. Journalists

And that’s it. I’ll follow back friends I’m not otherwise in contact with as well, but might take a while.

I’ve had this for a few days and am already enjoying using it far more than I did before. A lot of the people I’m following now I did not know before, and the vibe is totally different. I’m able to understand and appreciate things I was not able to before. I know this is a bubble, but it is certainly a different bubble than the one I was in before. Bubbles also intersect - I’ve interactions with other types of people elsewhere, just not on Twitter.

If I unfollowed you, don’t take it personally! DM me for a phone number you can use for Signal / WhatsApp / Telegram - that’s how 90% of my social activities seem to happen these days anyway.

h/t to Jorm for the idea of targetted following!

Update: I’ve also setup LeechBlock to only allow me 5mins of Twitter every 2h, and I don’t have the twitter app on my phone. I wish there was a leechblock type thing for my Phone tho.

UCI Conflicts Class: Notes from Week 1 – Part I

I’ve started taking a Coursera class on Conflicts from UCI.

Just dumping notes from me going through the video lectures here. I’ve a bunch more videos to go through for Week 1, but dumping what I have for now.

Types of Conflict:

  1. Constructive
  2. Destructive
    1. Caused by lack of flexibility, getting interpersonal things get in the way and the sureness that ones way is the right way
    2. Leads to stiffling of anything new, resulting in ‘this is the way things have always been’ being used as an actual legitimate reason for things

Sources of Conflict

  1. Economic Conflict. Resources are scarce, people tend to hoard them. Individuals stand by and watch as other members look for resources and can not find them, without helping. Dysfunctional.
  2. Value Conflict. Ideals / Principles / Preferences. Very difficult to sort out. Some values you hold very dear might be opposite to what the environment supports. You bring your own definition of values, and expect others to be compatible with it, conflict ensues. Individuals expect everyone to behave / believe / follow same philosophy they do.
  3. Power & Control. Power some people decide who they are. Titles are important. Individual takes power in always being first to speak, forcing their decision on rest of their team. Nobody’s appointed someone to a position, and they decide they are the one who takes the lead role, even though they have not that much support from elsewhere.
  4. Interpersonal conflict. Just between two individuals who can just not get along or not have civil interactions. They might’ve been friends at some point even, but something happens and splits them off. This can also be very dysfunctional for the team they work in.

Levels of Conflict 5. Role conflict – without clear definition who plays what roles (leader, decision maker, etc). Defining a team requires outlining responsibilities and what role they play. (This can probably lead to 3, 2, 1, 4, if not handled properly) 6. Intergroup. Inter group can be same as 1-5 but as groups, but can also be about respect. Example: Sales and Marketing fighting over who is the reason their product sucks. Groups can be silo’d can can think they are only responsible for their own success / failure, without thinking of cross-team stuff. 7. Multiparty. In M&A, the ‘surrendering party’ will have individuals who will be emotional and not like that this is happening. This is a lot of (5, 3, 2, 1) – freefall for everyone! 8. International. Diverse work force, cross cultural. Far more complex

Case study: Overtime

Manager asks you to work overtime, not get paid, cites projects being overtime etc.

Multiple options – such as: 1. suck up to him. 2. ask him to fuck off. 3. report him to his own boss. 4. Say you understand his perspective, but do not want to go against company policy.

Now, the course suggests you pick (4), which is an interesting choice – I would’ve picked (2), but that is not going to decrease teh amount of conflict, only increase it. (4) is bullshyt (in the anathema sense of vague euphemism that doesn’t actually say what the person means), but is something that leads to the least amount of conflict. However, I don’t know if that really is the best way to handle this shitty situation – since that’s just going to lead to bullshit all around. It does, though, AGF on part of the manager – which depending on what you think, might or might not be a good idea. Hmmm..

Bullshit vs Conflict? Maybe you have to have one or the other. OSS projects that consider (4) to be just bullshit do indeed have more amounts of conflict.

Of course, the real solution is to be not in such a place at all, and make the environment be that way through some form or way. So maybe (4) is an acceptable answer…

Very fascinating!

Case study: Dominant team member

Putting down everyone else, making everything not go well.

  1. Why is this individual behaving this way?
  2. What do you need to do to bring the team back together in one cohesive unit?

Has even more what-I-would-call-bullshit suggestions. “Setup roles for meetings, have a discussion about norms”, etc. However, they all could possibly work, which isn’t true for what I would’ve done – which is to PM the person and talk to them.

I guess there is a difference between ‘doing the right thing as you think it is’ vs ‘doing the thing that has highest probability of getting you to objective’. Now, with corporations said objective is easy to define – make more money, I guess – while for movements it it is much harder…

Case study: Convo with coworker

You had a conversation with coworker, and didn’t feel it went well. What do you do?

  1. Explore what your feelings are, and what it is that you specifically feel didn’t go right. When you do this, you clear away emotions that could possibly be clouding ways for solutions. Focus only on the facts.
  2. Go to actual peer, be open to receiving their position / feedback. LISTEN TO UNDERSTAND BEFORE BEING UNDERSTOOD.

Interview: Brent Rasmussen

Everyone assumed they were responsible for some part of the website, and everyone had different ideas for what it is. Need to explicitly figure out who is responsible for what and who is in a ‘consultive’ role.

Positive conflict can raise the bar, for things that other people did not think are possible.

For destructive conflict, figure out when is the right time to discuss it.

Side Project: UA Emoji Firefox Extension

Note: I’m trying to spend time explicitly writing random side projects that are not related to what I’m actively working on as my main project in some form.

A random thread started by Ironholds on a random mailing list I was wearily catching up on contained a joke from bearloga about malformed User Agents. This prompted me to write UAuliver (source), a Firefox extension that randomizes your user agent to be a random string of emoji. This breaks a surprisingly large number of software, I’m told! (GMail & Gerrit being the ones I explicitly remember)

Things I learnt from writing this:

  1. Writing Addons for Firefox is far easier to get started with than they were the last time I looked. Despite the confusing naming (Jetpack API == SDK != WordPress’ Jetpack API != Addons != Plugins != WebExtension), the documentation and tooling were nice enough that I could finish all of this in a few hours!
  2. I can still write syntactically correct Javascript! \o/
  3. Generating a ‘string of emoji’ is easier/harder than you would think, depending on how you would like to define ’emoji’. The fact that Unicode deals in blocks that at least in this case aren’t too split up made this quite easy (I used the list on Wikipedia to generate them). JS’s String.fromCodePoint can also be used to detect if the codepoint you just generated randomly is actually allocated.
  4. I don’t actually know how HTTP headers deal with encoding and unicode. This is something I need to actually look up. Perhaps a re-read of the HTTP RfC is in order!

It was a fun exercise, and I might write more Firefox extensions in the future!

Paper notes: ‘The impact of syntax colouring on program comprehension’

I’ve recently started reading more academic papers, and thought it’d be useful to write notes about them and publish them as I go along! This one is for The impact of syntax colouring on program comprehension

  • I was amazed at the amount of prior research it is citing. Why have I not been reading these for the last 10 years of my life?
  • Apparently it is ok to report findings with a sample size of 10 people. I do not know how I feel about this.
  • The fact that there’s a large amount of thought put into the design of the experiment is quite nice, and surprisingly different from environments I’ve worked in the past where product managers designed ‘experiments’
  • To avoid datatype-related confusion, a uniform variable naming scheme was adopted in the tasks. For example, integers were named x, y, etc. and lists were named list1, list2, etc.. As someone pretty used to Python, I would have found this annoying – but I’m curious what the effect of identifier names is in program comprehension. It also reminded me I haven’t written any code in a stronger typed language in a while (I don’t think Java counts)
  • They used Solarized Color Scheme, which has a lot of fans although I’ve never been one.
  • Lots of self-reporting for ‘programming proficiency’. This is the ‘we give up!’ answer to measuring programming proficiency, I guess :)
  • We gathered data from 10 graduate computer science students at the University of Cambridge. This too seems fairly common, but I’ve no idea if such an un-diverse group of student group being studied affects the results at all?
  • They also discarded data from 3 of the students because they wore glasses and their eye-tracking hardware could not really deal with that. So this entire paper is from data from 7 students doing one particular course from one particular university.
  • We use the Shapiro-Wilk test to establish normality. We use the Wilcoxon signed rank test (WSRT) for paired nonparametric comparisons. I know some of these words!
  • As the data was not normally distributed, a 2-way ANNOVA could not be used to investigate the interaction of experience with highlighting on task times I know most of the words, but still can not make sense of this sentence.
  • Currently feeling very illiterate, but am sure this is just a feeling that will pass.
  • . The median difference in task completion time was 8.4s in favour of highlighting. To my untrained brain, that does not seem that much to me.
  • The presence of syntax highlighting significantly reduces task completion time, but the magnitude of this effect decreases as programming experience increase – this is their primary conclusion, which I can totally believe. But would I have believed it if they had come to a different conclusion? Would they have published it if it had? Would they have if there was more data? I don’t fully understand / know Academia enough to know.
  • I wonder if there has been research into richer forms of syntax highlighting – not just keyword based ones, but more contextual. Perhaps based on types (autodetected?), or scope, or usage frequency, or source, or whatever.

Overall, I enjoyed reading it – good paper! Thought provoking in some forms, but could’ve aimed higher, I suppose. I hope they continue doing good work!