Debian shall soon have a Conkeror package, thanks to Axel Beckert who takes a minute to break down the current keymap. Naturally, you have to poke fun at vi users here. But wait! I am a vi user!

What can I say, except maybe

1. Emacs (the rudiments, anyway) is like riding a bicycle
2. When I say vi, i mean vile, not vim. vim gives me hives. vile is teh awesome.

I am working on a set of vile-ish bindings, and I can't say I feel any pressing need to stick hjkl in. You could start from there, but that's missing the point, I think.

(You know what's also awesome? My email is still down, so I won't even have to delete flames from people who take their choice of editor/browser Very Seriously until sometime tomorrow.)

I spent some time banging my head against SSL certificate stuff this weekend in the hopes of implementing a Really Awesome Solution to this awful Firefox security theater thing everyone was complaining about, but I didn't get anywhere. However, I noticed something interesting: Mozilla does not trust the CAcert root certificate. A number of useful sites, like Freedesktop.org's bug tracker, use a CAcert-signed certificate rather than a self-signed one.

I really know nothing about this organization, but they seem to have their stuff together, and if you run a largish free software project, you could potentially save a lot of people the trouble of checking yet another self-signing CA. Around the lab, or in one of my tiny projects, I don't think I'd bother, but it is free.

Anyway, we ship their root CA thing in Debian, and OpenSSL stuff picks it up fine. Mozilla's process is somewhat more mysterious. There's an apparently hardcoded list of the usual thugs from the Verisign/Thawte/etc protection racket, and then there's a database in each user profile for whack-a-mole stuff. There is not, shockingly enough, somewhere for an operating system to set system certificate policy. (I guess there is not much room for an operating system in the Mozilla world-view at all). So you have to shove it in there once for every user times every single profile.

Here is the command to do it.

1. apt-get install libnss3-tools
2. certutil -d $HOME/.mozilla/firefox/$HLAGHLLAGHGAAHLGALHHGHLAGH.default -A -n 'CA Cert Signing Authority - Root CA' -t CT,C,C -i /etc/ssl/certs/root.pem

It's only slight pain relief, but it's something. You can also not install certutil, and click through ten million dialog boxes to import it, but screw that.

UPDATE: A commenter points me to StartSSL, another service that may deserve a look here, and is on Mozilla's good side. It appears to be an unholy mix of things that sound awesome (client-side certs for OpenID, web-of-trust identification) and things that seriously skeeve me out (trademark symbols everywhere, Aladdin dongles). They, uh, also have a Linux distribution. No, really.

UPDATE 2: James Andrewartha points out that we should eventually see Mozilla move this stuff out of libnssckbi.so and into SQLite, which sounds like a big win for us. Hopefully before that time I will figure out how to get sqlite(1) to work on my cookies.

This is mostly for my own reference, because the thing in the manual didn't work for me and it took too much googling. I just wanted these steps listed in order.

1. debootstrap --variant=buildd --arch i386 --foreign sid base-i386
2. chroot base-i386 /debootstrap/debootstrap --second-stage
3. vi base-i386/etc/apt/sources.list (there must be some way to do this exactly like pbuilder --create?)
4. (cd base-i386 && tar vczf /var/cache/pbuilder/base-i386.tgz .)
5. pbuilder --update --basetgz /var/cache/pbuilder/base-i386.tgz

I'm not sure if this is quite right, as I did end up tidying up both amd64 and i386 by hand at some point. But it's functional.

Brown paper bag bugs cause you to scramble to get a fixed version out as soon as possible, which causes more bugs and that causes more grief, which causes you to screw up the upload. I suck. Maybe we should discourage being your own upstream.

I have a line in my ~/devel/TODO under aewm that says “UPDATE THE FUCKING VERSION NUMBER IN aewm.h YOU DOLT”. Will I remember to read it? Who knows?

I just installed Bitlbee and added 14 lines to said file for that, but the one line for ghosd has priority.

<decklin> but that will actually be FUN unlike hacking gaim which is AWFUL

Yeah, that’s why, mainly. I think I just need to be more professional.

Snakes on a Plan9!

I still have the port of rc, but it is pretty much “done” these days as far as fixing bugs and I don’t think I’ve uploaded the Debian package in a year or so. I may get back into it and add some improved readlineiness someday.

Someone on -private (I think) posted a link to the Debian Community Guidelines. Worth reading.