For several years I’ve recommended people use KeePassXC as a cross-platform password storage system. I’ve used it on FreeBSD, Linux, and macOS, and its vault files have been used on iOS. I’ve donated financially to the project, and it’s been a regular feature on recommended tool lists and my Omake.
Last November the project announced its use of gen-“AI”. A long post clarifying their position did little to assuage concerns. I could explain how deeply irresponsible this is for a security tool, and refute each of the misdirections, non sequiturs, and inaccuracies line by line, but I doubt this would be productive.
Thank you to everyone on the KeePassXC team for your work in keeping our credentials safe over the years, and proving that you can do it without the need for a centralised cloud, server component, or desktop Electron. KeePassXC was some of the best software I’d used in years.
☕︎ ☕︎ ☕︎
Reading between the lines of their quality control post, it’s hard not to see it as another example of an open source project not getting the support and resources they need. There’s something wrong with the world when trillion dollar companies continue to extract rent, when people behind important and useful software like this feel they need to employ functionally deficient, plagiarising vulnerability generators (that will be rug-pulled when the bubble bursts) just to stay on top of bug reports.
There are two groups who use these tools: those without scruples, and those who feel compelled to. For the brave face they put on for that post justifying it, I fear the KeePassXC maintainers fall in the latter.
The world depends on open source software. It should damn well start acting like it. And yes, I’m putting myself on notice here too.
I think it’s important to share one’s mistakes, as I’ve talked about here before. They demonstrate we’re all human, and that we can learn from each other’s foibles. Or I dunno, maybe you can have some Ruben Schade(nfreude) over your coffee in the morning :).
Yesterday I was deploying a new Postgres 18 jail target as part of a migration from an old version. I do this instead of “upgrading” servers; maybe that’s not best practice, but I prefer doing this for major Postgres version jumps.
In short (or tall, I’m not normative) I’d:
Set up the new FreeBSD jail by creating a new ZFS dataset, and extracting base.txz into it.
Defined the new jail in jail.conf with the requisite allow.sysvipc=1; option Postgres requires.
Enabled the postgresql service, initialised the database, and started the service.
Logged in, set a password for postgres, and added a new user.
Added the required hosts to pg_hba.conf, and updated the listening address in postgresql.conf.
I also took the opportunity to refresh my ancient Ansible scripts, which for some reason I’d only ever written to deploy Postgres on Debian. I followed the same steps, added a few more checks, and did a dry run on a test jail to confirm I ended up with the same config. Everything looked great. I really should publish these at some point, but then I’d have to concede that I still use svn for it (cough). But I digress.
Then the weirdness started. I was able to connect locally within the jail to the new database with psql, but not remotely on the other site over the VPN. I temporarily installed postgres18-client on the jail host and suppled the IP of the jail, and still couldn’t connect.
The first step was to see if I’d borked my jail networking, but I was able to access other jails on the same subnet without issue, and I clearly was able to run pkg(8) within the jail or Postgres wouldn’t have installed. I started a local SSH server within the jail and could connect to that, so no problems with routing. I also confirmed my pf.conf on the jail host was forwarding the correct ports.
Next, I suspected I might have borked my pg_hba.conf file, which is used to define permissions for connections. Sure enough, I saw a slew of these:
## /jail/postgres/var/log/messages
failed: FATAL: no pg_hba.conf entry for host \
"$IP", user "postgres", database "postgres"
This came as news to me, because I had most definitely defined the host in my pg_hba.conf!
It’s best practice to lock things down as far as reasonable even if you’re behind a VPN, but to troubleshoot I temporarily opened the flood gates. I added the following to postgresql.conf:
listen_addresses = '*'
Then added these two lines to db_hba.conf to allow all connections from any user to any database over any IP with a password. It should go without saying that you must not do this in prod:
## TODO: REPLACE THESE ONCE CONFIRMED WORKING
host all all 0.0.0.0/0 scram-sha-256
host all all ::0/0 scram-sha-256
I restarted the postgresql server, and… the exact same issue persisted:
## /jail/postgres/var/log/messages
failed: FATAL: no pg_hba.conf entry for host \
"$IP", user "postgres", database "postgres"
WHY!? Why I was being told that host wasn’t defined, when literally every conceiveable host should be caught by this file?! Networking is admittedly not my strong suit, but this was silly.
I checked the Postgres documentation for client auth issues, and was at least encouraged that the server was accepting requests, even if I wasn’t able to auth. This was consistent with the errors I was seeing in the logs. I also double-checked I had the correct config for pg_hba.conf.
A lunch intermission
Those of you familiar with Postgres on FreeBSD may know the issue, but it came to me over some Mexican food for lunch. I came back home and checked where my scripts had put pg_hba.conf:
/jail/postgres/usr/local/share/pg_hba.conf
Oh for Pete’s sake! I copied the file to where it was supposed to be:
Wait, dual is Oracle, nevermind. Old habits die hard. For a doofus.
I like to end these sorts of posts by telling myself what lesson I learned. This one was simple: check where your config files are. I know right, what a shocking concept. Next I’ll tell myself that I should make sure I’m writing config files in the first place.
I use a laptop as my work computer. As such, I need a place to dock it when at my desk. Nobody will sell me a proper laptop dock like the chonky ones my dad used to use in the 1990s, so instead I have to stand it on a table and plug in a few cables for the monitor, keyboard, and USB coffee warmer (wait, what?).
For years I used the Twelve South BookArc, as seen in this press image below. I haven’t owned this device for a few weeks now, for reasons that will soon become apparent:
Looks sleek, right? I remember seeing it in an Apple authorised retail store in the 2010s and thinking wow, that’s sleek. It’s as though my initial impression there informed my first sentence of this paragraph, or something.
There’s just one problem: it sucked. It sucked for so many reasons, but they could be broadly distilled into two key points:
It only fit a small range of laptops
It was as unstable as Windows 98 loading your SCSI TWAIN drivers at a press event while your boss Bill Gates looks on
The stand is a rigid, fixed piece of aluminium, into which you place your laptop to save desk space. It’s a great idea in theory, but aren’t all laptops different shapes and sizes? Fear not, because the BookArc shipped with three rubber inserts that you install into the stand to accommodate most MacBooks in use at the time.
Except, it didn’t. See, many (if not most) Apple people use their laptops in cases. I know, it’s weird, I don’t even quite understand it myself either, and I do it too. Maybe we don’t want to scratch the metal, which is funny given how much softer the plastic and lid is on my ThinkPads. Point is, a Mac in a case has a different size profile to one that doesn’t (shocking, I know), so the supplied insert for my fruit model was too small. The only way around this was to use one of the larger inserts. Unsurprisingly, this didn’t fit well. Like the SS Imperator of yore, both my work MacBook Airs had a tendency to list to port or starboard by merely glancing upon it. If you got that reference, you’re my kind of people. And what if you also had a non-Mac laptop you’d need or want to use sometimes? Tough!
This give and play of the laptop in the stand was an annoyance in operation, and robbed the stand of that sleek factor entirely. It also made putting the computer in the stand, and taking it out again, frustrating. I call these Papercut Problems for the phrase “death by a thousand papercuts”. In isolation you can’t be justified fixing them, but they have a habit of wearing you down over time. But I lived with it.
☕︎ ☕︎ ☕︎
But okay, I hear you all say. I was using the stand in an unsupported configuration, with the wrong provided piece of rubber, so of course my experience would be suboptimal. The packaging for the case said it supported a specific range of Mac laptops, not Mac laptops in cases. Caveat emptor, and all that!
True. But that gets me to the stand’s worst design feature of all, and the one I assert tips this from being middling to flawed. I’m going to share the same press image again, because I want you to pay close attention to the feet; a phrase that would mean something entirely different depending on the person saying it:
Spot the issue? The entire stand rests on four tiny rubber feet mounted to the aluminium frame and… that’s it. The whole feet design is weird; most of the rubber doesn’t interface the table at all, meaning you’ve got about a millimetre-wide contact surface at it narrowest point. That’s not much resistance between you and accidentally moving or bumping the stand. Which, given the high centre of gravity and the fact the laptop is a massive sail made of metal and silicon, happened constantly.
There were other issues with the rubber feet too, such as they were. They had a habit of falling off, meaning the sharp aluminium edges of the stand proceeded to dig into and scratch whatever table upon which it was perched. This was fine(ish) for some disposable IKEA veneer, but not the table our inlaws gifted us. A few drops of superglue would reattach them, but then another would fall off without me noticing and I was left scrambling to patch up scratches again before family noticed.
(This isn’t the fault of the stand specifically, but one time I was gluing a foot back on, then reached for a tissue into which I sneezed. Except, I had a bit of superglue on my finger, which had transferred both to the tissue and my olfactory centre. Getting that off was a painful, and dare I say undignified, experience).
With hindsight I should have returned it. I should have also said something wittier to the troll, eaten a salad for dinner instead of a chicken pie, and exercised instead of watching another Mend it Mark video repairing a piece of electronic gear I’d have no hope of even understanding, let alone tackling a repair of myself. Life is full of regrets, and of decisions not made. That’s why we remember, learn, and grow as individuals, so we’re not scarring our leg with a flimsy, overpriced laptop stand as I bump the contraption to the ground and one of the edges with a missing foot cuts my skin.
☕︎ ☕︎ ☕︎
But fear not, we have good news! Introducing the Alogic Bolt Adjustable Laptop Stand. What it lacks in the aforementioned sleekness, it more than makes up for in an oddly charming industrial sense:
Here it is effortlessly holding up my MacBook Air:
Great, right? It’s so good, it can even hold my current NetBSD ThinkPad vertically to permit the power cable connecting to the side. I was so excited I didn’t even get the correct item in focus!
It’s so flexible, it can even hold a 1987 Macintosh SE FDHD!
I… hmm. Was that gag worth taking an extra photo, scaling it, uploading it, and writing this extra sentence? That’s an excellent question.
☕︎ ☕︎ ☕︎
The Alogic Bolt is a vastly better device. I picked it up on sale at our local hi-fi electronics store, and I’ve been so impressed I’m tempted to get a second one for the study.
It improves upon the BookArc in several key ways:
The entire structure slides in and out, and locks into place with recessed thumb screws in the base. This means its adjustable not just for my Macs, but my Macs in cases! Indeed, almost any modern laptop.
The entire base of the stand makes contact with the table, and is lined with thick rubber. It isn’t going anywhere on this desk, not even if I inadvertently bump it. It’s solid, robust, and dependable.
The sides of the… jaws (?) are also lined with rubber, which helps to keep the laptop fixed in place without wobbling or scratching. I don’t have to fear the Imperator listing again when I move my chair, or sneeze, or use an ocean liner analogy.
It hasn’t made me glue a tissue or my finger to my nose. Yet.
You know when you’ve been living your whole life doing something a certain way, or using a specific device, and you finally replace it with something infinitely better?
Alogic, you hit this out for six. That’s a phrase Australians use, right?
tl;dr: it hasn’t hung, the list of packages might just be long.
We’ll soon be moving on from Colin Percival’s freebsd-update(8) mechanism. It’s served us well ever since those 7.x days, and I’m thankful for all the time savings. As its swan song here, I’m using git to upgrade the last of my personal fleet that runs RELEASE to version 15. I’ve done this dozens of times before, and all has gone smoothly.
That is, until I upgraded a specific jail one one of my older hosts:
pkg: Warning: Major OS version upgrade detected. Running "pkg bootstrap -f" recommended
The following modules have been installed from packages.
As a consequence they might not work when performing a major or minor upgrade.
It is advised to rebuild these ports:
And then it… hung? I waited for what seemed like an age, but there was nothing else showing on the screen. I thought it might have hit a weird edge case with the name of a package, or maybe my local self-built packages had messed up something.
I hit RETURN a couple of times, the letter Y followed by RETURN just in case nothing was getting to TTY, nothing.
I went to make a coffee, like a gentleman, then came back a few minutes later to more than eight hundred lines of boot modules:
I’d seen this on many other jails, but I suppose this slower machine with its spinning rust and SATA SSDs took longer to formulate the list. I am so spoiled by modern M.2 drives on my FreeBSD bhyve box for boot volumes and jails!
Lesson learned: if you’re upgrading a host or jail to 15.0-RELEASE and it seems to hang at that specific line, just give it some time.
I was talking to my sister over the Xmas break, and she was recalling something she’d been told by a friend about the process of learning. They said their friends’ shrink had pointed out that learning is supposed to be uncomfortable. Most of us spend our adult lives working to avoid discomfort, but it’s almost a pre-condition to breaking into something new. If you’re never uncomfortable, you never grow.
This hit me like a truckload of brick-shaped projectiles. Which was uncomfortable! AAAAAAAAAAAAAAAAAAA!
The mental health professional said (a) we have to accept a certain degree of discomfort, and (2) that if we’re able to plow through that at the start, we’re rewarded with something new we can be comfortable with.
We got to talking about school, and how we’re largely forced to learn something and push through the discomfort. But in adult life, we often have to impose that feeling on ourselves. Which means we often don’t. So we should try!
I don’t have much more to say, I just thought that was a useful observation.
Was this post written just so I could make a bad joke about bricks? I mean, no. But also possibly yes. Maybe. Writing this paragraph is making me uncomfortable, but I don’t feel like I’m learning anything. Learning to frustrate my readers?
I have not been shy talking about my love of Xfce over the years here. The desktop environment has been a trusted friend ever since I first loved it on the late Cobind Desktop (still the high water mark of desktop Linux, as far as I’m concerned).
The question with minimal desktops is the fine line between as simple as possible and just a bit too simple. How much basic stuff do you have to add back? 4.8 took it slightly far, 4.10 is almost Just Right. XFCE is so far a case study in Not Fucking It Up; I hope they never go to version 5, and just update 4 forever.
This (a) longevity and (2) getting the balance right cannot be overstated. Here’s my current Xfce desktop, for example:
Except, no it isn’t. That’s a screenshot of my FreeBSD desktop from 2008, with the bright and clear Tango Iconset (speaking of high-water marks). Remember when iconography was discernable at a glance? Aka, functional as icons? But I digress.
Xfce in 2025 (no, 2026, damn it!) is just as easy to understand, light, and fast as it first was booting Cobind on my HP Brio when I was in school, or when building it from source in FreeBSD ports. Though unlike a barebones window manager or other “light” DEs, Xfce feels usable, feature complete, and designed by someone who understands why people use desktop computers (cough GNOME).
I do use KDE on my primary desktop. Version 4 was a mess, but they’ve made massive improvements, especially within the last year. I’m not sure how much this had to do with the Steam Deck, and a new generation of people realising that… wait… I can run stuff on this box other than games? There’s a desktop here!? But my laptops all run Xfce, and I’m half-tempted to move back to it on the desktop.
I’m with David here. I hope they never feel the need to “innovate” with “disruption” for “UX”. The switch to the Thunar file manager was the last major user-facing change I can remember, and it was great.
I’m not suggesting we reached peak UI with Xfce, but no desktop since has made a compelling case (for me) for its replacement. I love, love, love that Xfce is maintained this way in spite of all the industry pressures to turn it into something else.
Disclaimer
I stopped writing posts like this for years, out of fear of how people from specific desktop environments would respond. If you’re about to write me an angry screed, know that I will immediately delete it and block you, just as I did last time. Both yours and my time are better spent.
I also know (sigh) this disclaimer will be ignored, so I’m questioning why I’m even bothering. Maybe I’m a sucker for punishment.
It’s Music Monday time! Each and every Monday without fail, except when I fail, I talk about a particular piece of music, on a Monday. It’s almost as though I named the series Music Monday for that specific reason. Reason almost sounds like raisin.
Today’s song needs no introduction for anyone who heard it in 2024.
Clara shared it with me over the weekend, and it’s amazing. Watch it.
I let the cat out of the proverbial bag on Mastodon after another impromptu break today, but I thought it was worth sharing here despite not having much to say about it yet.
Clara’s dad delivered another batch of old computer hardware today, some of which will be getting their own posts. But the star of the show, presented in classic one more thing style after he gave me the floppy disks and SDRAM, was a 1989 Macintosh SE FDHD!
I’m still in a bit of a state of shock, to be honest. It’s fully functional, save for missing the requisite ADB peripherals which I’ll have to source. But it turns on, boots, and makes all the sounds.
The old computer shelf was reaching criticality, but at this stage I might have to start culling other things to fit. Which I suppose if I’m now the owner of a Macintosh SE… wait, hold that thought:
AAAAAAAAAAH
… then I’d say it’s worth it :’).
The Retro Corner has a rough page up now, with more details pending.
I heard the same advice growing up you likely did:
Don’t try, do!
Trying is meek, you see. It’s half-arsed. You’ll never succeed if you don’t commit to it 100%. You should want to dive into something completely, presumably with your entire arse.
I get where the logic comes from, simplistic as it sounds. Saying you’ll try to exercise regularly doesn’t instill the same sense of motivation and gusto as saying you do regular exercise. Try sounds wishy-washy and vague. Do sounds determined and positive. It’s a mission statement. It says who you are as a person. I am someone who exercises regularly.
But here’s what the self-help gurus and philosophers miss: trying is also valuable. Trying means to give it a go, even if we’re not ready to claim we’re something yet. And here’s the thing: we should be encouraging people who want to try things, not tut tut them.
Trying lowers the barrier to entry. It smashes down gatekeepers. It makes a new endeavour approachable, meaning you’re more likely to attempt it. I can’t tell you the number of times someone has asked me whether they should “try” running BSD. My answer is always the same: yes!
To tackle a cliché with another:
There’s no harm in trying.
If you’ve tried something and it was to your taste, or it helped you in some way, or it’s something to which you want to commit, then by all means upgrade to doing. Otherwise, don’t let anyone guilt you into black and white thinking. What is it we say about letting perfect be the enemy of good?
Remember, the opposite of doing isn’t trying, it’s not doing at all.
I was standing in a northern suburb of Sydney, pulling a tube of lip balm from my pocket, when the majority of it fell out of the tube in liquid form. It was hot. Though not as hot as down south in Victoria where bushfires continue to rage out of control.
We luckily weren’t affected, and could spend the day in the air conditioned apartment, shopping centre, and trains. Though even those were running at “a reduced speed” owing to the heat.
Thankfully today has gone from 42° back down to 21°, which is a huge relief.
