Today marks the 231st anniversary of the start of the Haitian Revolution, among other things, history’s largest and most effective slave revolt. While generally considered one of the most important parts of the Atlantic Revolutions, many at the time and since have dismissed its importance, given attitudes in the Western world’s elite about slavery.

The Battle of Crête-à-Pierrot

My tinkering pales in comparison—and I could honestly go on endlessly about the importance of slave revolutions to social progress—but regardless, I have a post to get to.

Upgrade Pains

I lost a shocking amount of time, this week, to an Ubuntu upgrade.

The actual upgrade got in and out like a dream, in all fairness, to the point that I barely noticed it working before it completed and politely asked for a reboot. I don’t even mean “politely” in some sarcastic way. It didn’t try to interrupt my work to get an immediate answer.

However, Ubuntu will now only ship Firefox as a Snap. Now, don’t get me wrong, here. I don’t have a problem with Snaps, or Ubuntu “forcing” users to use them, as if they haven’t “forced” me to use the deb format. It frustrates me that I need to search five different places (plus hunt for source code) for applications, these days, instead of just installing things, but security requires some trade-offs, and those tradeoffs can get pretty weird. This package has caused me two critical kinds of grief, however.

Everything but the Firefox Sync

First and immediately clear, this new build of Firefox had no intentions of helping me pick up where I left off. I can kinda-sorta access the list of tabs synchronized through Firefox Sync, but it has somehow opted not to automatically carry over my configuration and session cookies, though it somehow cleanly installed all my plugins in the proper states. In some cases, it doesn’t seem capable of retaining sessions that I know worked fine days before.

It annoys me, but I can cope with it. I grew up at a time when you upgraded things—if you could upgrade them at all—by copying data files onto floppy disks, performing the upgrade, and then copying everything back. I can handle logging into occasional websites.

Solitary Confinement

More subtle and more irritating, though, the Snap developers have seen fit to assume that security means not allowing applications to share files. Or rather, applications can share files, but only through hard-coded paths, which I thought we all agreed to stop doing in the 1970s, for portability and security reasons, if nothing else. If you search for this issue, the official response whines about people who love customizing their systems instead of getting work done—which, sure, I dislike those Linux users, too—but not a single mention of the /tmp folder, which has served for decades as a de facto (even if not outright official) “town square,” a neutral space that users and applications use equally and secured as they desired, knowing full well that someone else could potentially gain access.

When confronted about this tradition—which has happened, because this design has affected Snaps for several years—they hand-wave about each user creating their own temporary space and connecting it to whatever arbitrary spaces that each application has permission to access. That makes no sense to me, considering that it requires a user to perform one of the most insecure tasks in computing (duplicating operating system functionality) and hoping that all the applications can understand the same common destination.

In my case, this hits hard for me, because my note-taking application Miniboost generates its previews in /tmp for the default browser—Firefox, in my case—to pick up. I don’t feel like rewriting it for the specific purpose of working around Snap behavior.

Smuggling

I found a temporary, if extraordinarily offensive, solution for that specific purpose, though. It turns out that, while Firefox can’t possibly use /tmp, it can use the user’s Downloads folder…because that makes everything better? Anyway, the library that Miniboost uses respects the $TMPDIR environment variable, so I stash the previews in a sub-folder there by running export TMPDIR=~/Downloads/.miniboost before opening the application, and then schedule a cron job or two, to periodically clear out that folder. 🤮

Please Shout the Password, for Clarity

By the way, do you remember a few paragraphs back, when I mentioned that I don’t have any trouble with re-logging into websites? Because of this fancy security policy, I can’t use my password manager from the web browser, because it needs access to the folder with the encrypted passwords. Instead, I need to use it from the command-line and copy-and-paste everything…which leaves the password in plain-text on the system clipboard, 🤦 rather than injecting it onto the page, reducing security in the name of protecting security.

On the bright side, at least they can’t call me a person who customizes my file-system instead of doing real work, right? I only needed to waste several hours finding out that I needed to create a custom folder and redirect things there to get routine work to happen. I don’t know how that differs, but it must, or they wouldn’t make me do it…

Library Updates

Other than the fiasco above, I cleaned up most of the backlog of automated pull requests, bumping library versions for Generic Board Game, Miniboost, Renew DB, Bicker, Fýlakas Onomáton, and Uxuyu.

Next

As mentioned last week, I’d like to use this week to turn the CPREP background generator into a standalone, hostable application, using what I’ve learned from G.L.O.B.E. and Iungimoji.


Credits: The header image is Combat et prise de la Crête-à-Pierrot by Auguste Raffet, long in the public domain.