Weekly report 20-42

Weekly report 20-42

I’ve skipped a week. I was in a ditch and I didn’t want to force it, though that just means I have more to write about now. And I’ve been quite busy gardening my projects. Again.

Drugs

This report is sponsored by modafinil and piracetam. Laser-sharp focus for everyone.

My evaluation is: the former is life-changing and gives me a will to do things, which I otherwise almost lack or need a lengthy process to obtain, and the latter is just fun because it gives me sharp and in general more vivid vision, so I enjoy being outside more. Somewhat sadly, modafinil makes me so focused that I disregard basic bodily needs and forget things as soon as I get distracted, making it mostly a good tool for days when I want to be active, yet days off are also welcome. I might want to toy around with dosage.

Gitea

Thinking it looked rather empty, I decided to create a few issues for my projects. Interestingly enough, that has made me think deeper about the tasks and provide proper analysis. More detailed than anything I write in my private notes, comments or commit messages.

The software is by no means perfect but given that it has an API (and that it’s privately hosted and I control the database), it will be possible to integrate it as a data source into my personal information system in the future. Therefore I have quite few reasons not to keep on using the issue tracker and other features that are external to repository data.

The title page might say it’s ‘the next best thing to cgit and mailing lists’ but there’s one thing e-mails would deny me: to edit the fuck out of everything as my thoughts crystallise.

degesch

So I’ve created yet another TODO list. But it’s a pretty one, with good descriptions. I can go through it and pick things that look the easiest at the moment. Which was exactly what brought me to fix an old issue with UTF-8 messages that got cut off in the middle of a character--my IRC client decided to reinterpret it as Windows-1252 just for this little detail, turning Russian into gibberish. Turning other people’s problems into my problem.

I’ve also been lucky enough to catch the last remaining UI-related bug and figure out the cause by thinking about it for a moment: I forgot to stop calling into Readline when something solicited a change in the prompt while it was suspended, for example a user joining the channel. Or rather tried to but somehow completely failed at it.

Some new features have been added, too: now there is a plugin to highlight prime numbers in incoming messages (motivated by Necyklopedie), more colours are supported as well as strike-through text, and the client has finally started tracking users that are away from the keyboard. I’ll admit it, none of this is very useful.

I’ve stopped at trying to add support for monitoring users for when they come back online. It turned out to be unexpectedly complex. What’s really missing now is documentation and then the project can be put back in maintenance mode.

sdn

Someone made me look at the Elvish shell again and I had the perverse idea to integrate it with a second file manager. That of mine. Eventually I succeeded, even if it was at the cost of considerable cursing about the syntax and multiple fucking return values, an anti-social feature in dynamic languages.

Then there were some bugfixes: the integrated help wasn’t showing up correctly, I somehow forgot to treat DEL as a control character (in many of my projects), and since the dash shell doesn’t bother to replace itself with executed helper commands, I had to make sure to resume its entire process group when our dear user tries to suspend it with C-z.

The hidden ext-helpers option should probably be made the default and inverted: launching editors from within the parent shell seems like a saner behaviour than denying job control to users, even if it may unintentionally change the current directory--I’m not even sure if it makes sense for sdn to remember where it was launched from.

nncmpp and bbc-on-ice

Nothing big here. I just had to fix yet another problem with cURL in that it stopped accepting the SHOUTcast response produced by my BBC Radio bridge. I no longer get any metadata for the streams but at least they play. I’ll have to update to the newest API.

The only missing feature in nncmpp (apart from, as usual, a manual) is polling the MPD daemon to track the elapsed time instead of using an internal ticker, so that frozen audio playback can be detected. I’ve had a half-arsed jab at it that I’m not particularly happy with but a better solution has been devised. This was a bitch to reason about.

Fuzzing experiments

I had never done this before, as far as I remember. The first test subject was my library of common C code. I’ve used libFuzzer for it and even though I wasn’t particularly dazzled by what I could get from it and remain puzzled as to how to include this tool in my workflow, I found two bugs in the configuration parser and a leak in the MPD client sublibrary, so the effort was clearly justified.

This wasn’t the case with AFL, which I tried on uirc3’s IRC daemon and degesch’s mIRC formatter mode. I am completely appalled by how utterly dumb it is, which you can observe in real time. I can think of roughly one thing it is good at: glitching pictures, since it so depends on you providing some input as a seed.

Apparently what it lacks is called DFT-based fuzzing and it is already included in libFuzzer in some form. It really shouldn’t be that hard to figure out what kind of grammar the program expects by analysis, as opposed to blindly mutating the input.

json-rpc-{shell,test-server}

Initially I just brought in bugfixes I had made in other projects and bound Alt-Enter to insert a newline in the shell’s command line. Then, in search of a Swagger for JSON-RPC 2.0 because of my job, I found out about OpenRPC and decided to add method name autocompletion if the server provides the necessary interface description data or the user passes it in a file. And I got momentum. I thought of all the things the project could be missing and started filing lots of issues, most of them heavily interlinked.

So now the shell can even run language servers, by pretending that what they send is a real HTTP/1.1 stream and force-feeding it to http-parser. And I’m trying to turn the included test server into a real HTTP server. Implementing CGI. Planning to lose the cURL dependency and publish a statically linked binary. Many things to do and learn.

I used to think that writing a web server from scratch, correctly, is an unattainable goal and that it’s a wild west out there where it would be too easy to accidentally break some clients. But it turned out the library I had already included in order to parse HTTP headers for the WebSocket handshake already does about half of what I need, while looking very reasonable and understandable, and that my CGI handlers were all sorts of wrong anyway. (The situation is even worse with our application at work, with some completely insane parsing, yet everything seems to work, for a very wide range of users.)

Afterthoughts

This is a trap. I’m in a trap. I don’t even need to start new projects. Just bringing all the old ones to completion is something I could spend a lifetime on. I really hope to ditch all projects that are written in C soon, at least, and focus on Go.