XAR self contained executables via squashfs

From the world of interesting and cool approaches to solving software deployment issues:


Statically linked binaries that minimize dependency management difficulties work well for C++ executables, but languages like Python, JavaScript, and even Lua present a different challenge: How do you place source code and data (such as SSL certificates or shared libraries) inside a single executable? What do you do about the dependencies the tool might have on modules installed on the host operating system?

XARs are slightly modified squashfs files… that mount themselves when executed and unmount after an idle timeout. They could almost be thought of as a self-executing container without the virtualization. By using the squashfs format, we not only distribute data in a … compressed format…, but we also decompress on demand only the portions we need. Thanks to this architecture, XARs have nearly zero overhead in production and can be used just as native scripts or executables would be.

Ubuntu 18.04 & Gnome 3

I’ve upgraded three computers to Ubuntu 18.04. Although I appreciate the modern software (including LibreOffice), each upgrade has had different issues.

Lenovo Server: upgrade was rocky because the root partition ran out of space part way through the upgrade. I hand-recovered and managed to get it to finish. Later, the journal (systemd journal) went nuts and filled up my root partition (which is shared with /var) with log messages — causing so much I/O that it was quite slow to log in to my computer. Once I figured out how to vacuum the journal, I recovered space, and set the journal size smaller. Now it seems to be working well.

System76 Galego Ultrapro: upgraded without a hitch. However, power management is less-than stellar. It won’t go to sleep when I want it to, and it comes out of sleep when I don’t want it to. Update: Later updates fixed the problem.

Lenovo P50 with NVidia graphics card: It worked better at driving two external monitors with Ubuntu 16.04. It mostly works with 18.04, but it’s more temperamental. The upgrade didn’t go smoothly, aborted early, and I had to hand-recover, which, fortunately, worked out. I needed a new version of VMWare Workstation. The screen brightness buttons don’t work, even after trying various proposed solutions.

Later, I found out that I was missing a package that allowed me to mount external encrypted drives. This post had a solution: https://github.com/pop-os/pop/issues/163

sudo apt install libblockdev-crypto2
systemctl restart udisks2.service

Things I appreciate about Gnome 3 (Ubuntu 18.04):

  • Keyboard shortcuts, including WINDOWS + left-click-window + drag
  • Window snapping: WINDOWS-LEFT, WINDOWS-RIGHT, etc. Very similar to Windows
  • High-DPI support works well, which is excellent for my Lenovo P50 with a 4K display (4K is too much resolution for a laptop screen, but it was the only option with the Xeon processors).
  • Looks great

Things I dislike about Gnome 3 (Ubuntu 18.04):

  • Clock doesn’t include day of month by default. Requires gnome-tweak tool to enable. Sloppy and difficult.
  • Too many clicks to get to network settings, including VPN. It used to be easier.
  • Can’t share my connection with wired-via-USB-cable computers anymore. Th reported workaround, which doesn’t work at all for me: launch nm-connection-editor.
  • Login screen shows a background instead of a list of users, until I press a button or swipe. Please don’t follow Windows here. It’s dumb.
  • When I zoom in on a folder in Nautilus, it zooms all other folders, including my desktop icons.

Other things I dislike with Gnome — longstanding issues that existed before Gnome 3:

  • Nautilus uses too much white space between images when zooming in on icon view. It should be proportional — like windows Explorer does. I.e. when the images are 0.5×0.5 inches, it’s fine to have 0.5 inches between icons. But when the icons are 3″x3″, I don’t want or need 3″ of white space between icons! (This isn’t an issue with Gnome 3 — it’s a long-standing issue with Nautilus)
  • Nautilus doesn’t show image meta-data such as camera model for images — I like to sort by camera model.
  • Lack of a photo screensaver. I live without it, but it still frustrates me that Gnome is the only desktop, which, by default, doesn’t include one. Windows, Mac and KDE are much better in this regard.

I love using Linux, but Windows is squarely better at some things.

Show which git branches have been merged and can be deleted

At work, we generate quite a few feature branches, which get tested, and then merge into “develop”. The feature branches don’t get cleaned up frequently. Here’s a series of shell commands I cobbled together to show the most recent person to commit to the branch, and which branches have been merged into develop.

git checkout develop
git pull -r
(for branch in $(git branch -r --merged | grep -vP "release|develop|master") ; do git log -1 --pretty=format:'%an' $branch | cat ; echo " $branch" ; done) | sort | sed -e 's#origin/##'

The output looks something like this:

Jane Doe feature/something
Jane Doe feature/another-thing
Jane Doe feature/yet-another-something
Zane Ears feature/howdy

And they can be deleted as follows:

git push origin --delete feature/something

Add a camera via WPS to a LEDE/OpenWRT router

I have some WiFi cameras that can be added to a router via WPS. Here’s how I got it to work with one of my LEDE routers. On the other one, somehow, I broke its ability to do WiFi completely, so this can be dangerous — I had to re-install LEDE. YMMV.

OpenWRT/LEDE Instructions:

First, backup the router config — always a good idea!


opkg update
opkg remove wpad-mini
opkg install wpad hostapd-utils
opkg upgrade dnsmasq
cp /etc/config/wireless /etc/config/wireless.orig
vi /etc/config/wireless and change wps_pushbutton to '1' -- but only for one interface.

Check to see if WiFi is working. If not, use the ethernet port connected to a laptop to log back in, and update the firmware that isn’t broken. There may be a better way, but that’s worked for me.

Put the router into WPS mode (note: this times out after a while):

hostapd_cli wps_pbc

Other instructions say to run this (YMMV):

hostapd_cli -i wlan1 wps_pbc

Within a minute or so, push the WPS mode button on the camera.

Notes about OKRs, goals and pitfalls

At work, I’ve been asked to know our team OKRs and set some of my own. I’m new to this, and so I decide to google for information about them. OKR stands for Objectives and Key Results, and the idea is to:

  • make aspirational, easy-to-remember goals (objectives) that stretch the company, the team, and optionally, the individual, then write them down.
    • I.e. we’re trying to answer the question, “what strategic (big) things should we do next?”
  • determine key results — notice the plural — a set of actions and measurements that will indicate how close we came to meeting the big goal
    • indicated in numeric form. This is said to be the “secret sauce” that makes OKRs better than other forms of strategic goal setting. We aren’t aiming for a perfect score. In fact, a perfect score is indicative of problems.
  • share the goals and key results widely within a company and team because it helps get people aligned (unified) and makes them accountable.

OKRs are a tool meant to help us, and as with any process, we aren’t meant to become a slave of the tool. Adapt it to make it work, or find a better tool when it doesn’t work.

Setting objectives and defining key results takes time and thought. Otherwise, it may not yield value.

OKRs remind me of S.M.A.R.T. goal setting. So why do we need OKRs? Again, I googled for an answer, and it’s approximately this: With SMART goal setting, organizations and teams tend to forget to…

  • stretch — make aspirational, strategic goals
  • act and pursue their goal — accountability is important
  • align teams and individuals with the aspirational goals

Among the many helpful things I read, I found this from perdoo.com:

Why should I split my goals into Objectives and Key Results?

…it helps to increase company-wide transparency as everyone should be able to understand the Objective. Key Results are often more technical and don’t appeal to, or aren’t understood by, everyone.

Objectives also represent key focus points for an organization or team. They should, therefore, be inspiring and easy to remember.

The same article linked to a Harvard Business School article titled “Goals Gone Wild”, which warn of the dangers of goal setting. OKRs are supposed to have safeguards against these pitfalls. Standard pitfalls of goals include:

  • focusing too narrowly or specifically — lose sight of other valuable things such as emergent opportunities and ethical behavior
  • not enough time given to achieve the goal, or a reporting period that is too long
    • yearly measuring is too long, that’s why the key results in OKRs are measured quarterly or more frequently.
  • overly challenging goals may encourage
    • lying about performance
    • cheating to attain the goal
    • taking unacceptable risks
  • creating a culture of competition rather than cooperation
  • the goals themselves killing motivation
    • I.e. a goal (a key result) for a CEO doesn’t necessarily make sense for an engineer

Ten years ago, my wife and I bought a Hyundai Sonata. Upon completing the purchase, the salesman asked us to give him a perfect score on Hyundai’s evaluation of the sales experience. He said anything besides a perfect score was unacceptable. My wife and I raised our eyebrows, knowing that he was gaming the system. I went along with it, knowing that Hyundai wasn’t getting an accurate measurement. I regret my decision, and I hope that Hyundai realized that perfect scores were indicative of problems in their measuring.


  • https://medium.com/startup-tools/okrs-5afdc298bc28
  • https://www.wrike.com/blog/okrs-quarterly-planning/
  • https://www.betterworks.com/articles/the-value-of-shifting-from-s-m-a-r-t-goals-to-okrs/
  • https://www.linkedin.com/pulse/goal-setting-grow-smart-okr-diana-horn
  • https://www.atiim.com/blog/2-reasons-why-okr-goal-setting-is-better-than-any-other-approach/
  • https://www.perdoo.com/blog/goals-vs-okrs/

Windows: The OS you can’t rely on when you need to get important things done

It’s Christmas day, and we have my wife’s siblings and their children at our house. We’re doing a Google Hangouts call with their parents, who are on an LDS mission in Vanuatu.

Microsoft Windows asks when to schedule an update. I try to select 2 am, but whoever designed the software decided, in their wisdom, that I shouldn’t have that kind of control. Let’s see what else I can do.

It’s 1 pm, so I select 4 pm, and Windows seems to accept that choice. I go back to the Google Hangouts conversation.

And then Windows decides to update immediately, against my wishes. It’d be fine if it only took 5 minutes, but it goes on for hours. I am angry. I feel like purging Windows from our lives.

Microsoft, I hate the poor timing that you force on me. I hate not being in control of updates. This sucks. It stinks. You should do better.

So I grab our older, slower Windows computer, and power it up. Guess what? It’s completing an update as well. Inconvenient!

Fortunately, I have a Ubuntu Linux laptop that I use for work. I load Google Chrome, and thanks to WebRTC standards and Google Hangouts, I am able to get the video chat going again.

Ubuntu Linux and web standards save the day.

Windows: The OS you can’t rely on when you need to get important things done.

Linux: The OS that I can rely on when I need to get important things done.

Disclaimer: Your mileage may vary. I write software, with Linux as my desktop environment. I’m used to it, and it doesn’t do stupid things to me like Microsoft does… it just does different stupid things.

Thanks: I wish to express thanks to those individuals and organizations who gave us open standards including WebRTC, and those who gave us cross platform software, especially browsers like Chrome and Firefox.

Coming changes in Internet Protocols

Here’s what I think is a fascinating read. I’m excited about QUIC, and less excited that well-intentioned (sometimes draconian) protocol enforcement encourages software engineers to move nearly all protocols to run on top of HTTP or HTTPS — as a way to bypass the enforcement.

Internet protocols are changing

When a protocol can’t evolve because deployments ‘freeze’ its extensibility points, we say it has ossified. TCP itself is a severe example of ossification; so many middleboxes do so many things to TCP — whether it’s blocking packets with TCP options that aren’t recognized, or ‘optimizing’ congestion control.

It’s necessary to prevent ossification, to ensure that protocols can evolve to meet the needs of the Internet in the future; otherwise, it would be a ‘tragedy of the commons’ where the actions of some individual networks — although well-intended — would affect the health of the Internet overall.

Yubikey 4 GPG key generation (Ubuntu)

Install supporting software

sudo apt-add-repository ppa:yubico/stable
sudo apt-get update
sudo apt-get install scdaemon -y
sudo apt-get install python-setuptools python-crypto python-pyscard python-pyside pyside-tools libykpers-1-1 pcscd -y
sudo apt-get install yubioath-desktop yubikey-personalization yubikey-personalization-gui yubikey-manager  -y

Insert Yubikey and Generate key

gpg --card-edit
gpg/card> admin
gpg/card> generate
gpg/card> quit

export and backup the public keys, because the Yubikey only stores the private portion of the key

gpg --armor --export $KEYID > mykey.pub

Require touching the Yubikey button to authenticate, sign, or encrypt:

ykman openpgp touch aut on 
ykman openpgp touch sig on 
ykman openpgp touch enc on 

Change the pin

gpg --card-edit
gpg/card> admin
gpg/card> passwd
gpg/card> quit

Change yubikey information

gpg --card-edit
gpg/card> name
gpg/card> lang
gpg/card> quit