I wanted to try building purgatorio (inferno) on a Windows system, and with some effort I got it compile using Visual Studio. Even more than that, I was able to set up Visual Studio in a way that I can use IntelliSense and the debugger.

Here are a few notes:

• make sure that git doesn't change line endings to CRLF! This is important!
  • to "fix" files later, change the file and use git restore to restore it after setting git config core.autocrlf false
• it's easiest to open folder in VS, then open the programmer command line. This sets up %PATH% etc.
  • Tools → Command Line → Developer Command Prompt
• Do not try to run makemk.sh etc. Just use the NT binaries that are shipped with the repo (Nt/386/bin).
• adjust mkconfig
• set %PATH% to include Nt/386/bin: set PATH=%PATH%;...
• mkfiles: cl/link/lib args replace - with / — mostly optional
  • the tools sometimes print warnings that the dash options will be deprecated. I think for the future we should change the mkfiles for Nt. / is the windows way for options.
• libinterp: first manually mk *.h (individual headers)
• utils/mkfile: windows can't build mk properly:
  • multiple arguments are bundled to a single argument, which can't be understood by cl
  • mk is already built and likely won't change, so you can just comment out mk in the mkfile (NOTPLAN9)
  • I assume the issue is this line: CFLAGS=$CFLAGS -I../include -DROOT'="'$ROOT'"', and $CFLAGS is included as a single option, not a list of options.

		{
		  "version": "0.2.1",
		  "configurations": [
		    {
		      "name": "emu",
		      "project": "emu\\Nt\\iemu.exe",
		      "args": [ "-r", "${workspaceRoot}", "/dis/wm/wm.dis" ]
		    }
		  ]
		}
		

		{
		  "configurations": [
		    {
		      "inheritEnvironments": [
		        "msvc_x86"
		      ],
		      "name": "x86-Debug",
		      "includePath": [
		        "${env.INCLUDE}",
		        "${workspaceRoot}\\**"
		      ],
		      "defines": [
		        "WIN32",
		        "_DEBUG",
		        "UNICODE",
		        "_UNICODE"
		      ],
		      "intelliSenseMode": "windows-msvc-x86"
		    }
		  ]
		}
		

		{
		  "version": "0.2.1",
		  "tasks": [
		    {
		      "taskLabel": "runmk",
		      "appliesTo": "mkfile",
		      "contextType": "build",
		      "type": "launch",
		      "command": "mk",
		      "args": [ "install" ],
		      "envVars": {
		        "PATH": "${workspaceRoot}\\Nt\\386\\bin;${env.PATH}"
		      }
		    }
		  ]
		}
		

Sometimes you just need a little writable filesystem that is encrypted and stored in a single file. Turns out there are multiple ways to do that, besides the obvious ones.

This post describes a simple way to do that using cryptsetup and gefs. It is worth noting that I won't go into details about configuring gefs to do exactly what you want. Also, gefs is still considered experimental and should be used with care. Especially if you store sensitive data in that file, you should have a proper backup.

		

	

		
set up file for encryption. Set password.

		disk/cryptsetup -f mydisk
		

	

	

		
make file available as /dev/fs/mydisk

		disk/cryptsetup -i mydisk
		

		mount -c /srv/mydisk /n/mydisk
		

	

Disclaimers: Right now, there's only the demo freely available, so the review is about that only. Furthermore, since ChromaGun is about colors, it has a specific colorblind mode, which I didn't test, and I'm also not the right person to test this.

ChromaGun 2 (Demo!) is a puzzle platformer which surprised me with a good story and challenging puzzles, especially for a demo. Often enough, the story and the complexity of the puzzles in a demo are reduced to a bare minimum, not showing too much to make people buy the game. In this case however, the demo is perfect for exploring what the game is about. It even has enough replay value due to achievements and collectibles.

The demo teases a great and deep story which can't hide behind other great puzzle platformers, most notably Portal. While the story shares some similarities with Portal (“Testing”), it is clearly not a clone. In the story, the player is guided through different dimensions with very distinct styles. Each dimension has its own sections with puzzles to solve, and a different narrator. Judging from the demo, it seems like there's not much choice the player has about the story; there are no branches, no different endings. It would be easy to spoil more parts of the story, but it's even easier to say: Just play it—it's worth it!

Gameplay-wise, it looks very similar to the first part ChromaGun, though I can't really tell as I haven't played it. The player has the ability to color specific plates and objects in the level using the Chroma Gun. These colored plates will behave like magnets for various gameplay objects with the same color. The challenge is to color the correct plates in the correct order to manipulate the level so we can finish this section and continue.

The colors themselves are oriented around three primary colors (red, yellow, blue) and their secondary colors (orange, green, magenta). Those secondary colors can be achieved by mixing the primary colors accordingly.

It's worth noting that at some point the plates and objects are “overcolored” and just turn black, deactivating any magnetic behavior. This, and the fact that some objects can't change their color, is used as an additional puzzle challenge.

Throughout the demo there are challenges of varying degrees. While some challenges can be solved very easily by just looking around and coloring two objects, others require careful thinking and also thinking outside the box. One challenge even let me pause playing to continue at a later point. Yes, the demo is not just made for a single testing session—you can enjoy it multiple times!

The graphics of the game are kept simple, there's no over-realism or hyper-realism. The image is clear to read, there are no strange lighting artifacts or blurring happening. Various effects and animated objects fill the otherwise almost sterile levels with life. And did I notice some very well known Niagara effect somewhere?

Other than that, it's hard to judge the game graphics based on the demo and in total. Each dimension has its own art and graphical style, one going into a more organic direction and the other looks like a comic. Each style however looks very well thought out and matches the dimension.

As a game developer, it would be quite interesting to take a look behind the scenes and see how they achieved those different styles. And of course, I noticed a few things that I'd have done differently.

In total, the ChromaGun 2: Dye Hard demo is a wonderful demo that showcases what a demo in 2025 can be. It gives a good taste of the story, and has a lot of replay value for a demo by making use of achievements and collectibles. The gameplay covers a nice range of easy and complex puzzles, I sure hope they can find the right balance in the final game. Pixel Maniacs, good job!

• ChromaGun 2: Dye Hard on Steam

Comment: Fediverse Post

Some mail providers want it, others demand it: DKIM.

Upas is quite an old mail system, but it has dkim support. However, documentation for upas in general is rare, so I'll try to note down how to sign your outgoing mail in a 9front mail system. This post ist not only for you, but also for me in five years.

		auth/rsagen -b 2048 -t 'service=dkim role=sign hash=sha256 domain=example.com'
		  > dkimprivatekey
		auth/rsa2asn1 -f spki dkimprivatekey | auth/pemencode DKIM >dkimpubkey
		

		/bin/upas/smtp -f -C -s -h $fd $addr $sender $*
		   | /bin/upas/dkim -s SELECTOR -d example.com
		   | /bin/upas/smtp -C -s -h $fd $addr $sender $*
		

I was able to switch my website hosting to 9front completely! This is thanks to ori's aclient (acme client which works with letsencrypt). This change makes my website deployment much easier since I'm fully writing on 9front and also deploying to 9front. The only thing missing is that the source repository is on github, but that's fine since we also have git9.

I'm writing this short blog post on my smartphone via drawterm for android, and I'm sure we'll get a proper documentation for how aclient works (btw the man page is very well documented), so I'll just add some short note about how to use the certificate with tcp80 and tlssrv.

/rc/bin/service/tcp443:

		#!/bin/rc
		/bin/tlssrv -c/sys/lib/tls/acmed/mydomain.tls.crt /bin/tcp80
		

Since it is what many mail clients do it might be helpful for other people to have this. As for me, I like to have all my outgoing mails automatically saved in a Sent directory, so that's what I want to do.

There are multiple ways to do this. I want to present a very simple way without sending your mail to yourself or something like that.

Outgoing mail is processed via upas/send or /mail/box/$user/pipefrom, if that exists. We use this feature to build or own little filter script for outgoing mails.

The script itself is very simple. We just need a temporary place to store the mail message, then save it in the Sent directory and forward it to the normal send routines:

		#!/bin/rc
		
rfork en
		
	

		
see /sys/src/cmd/upas/filterkit/pipefrom.sample .

		bind -c /mail/tmp /tmp
		TMP=/mail/tmp/mine.$pid
		

		
cat > $TMP
		
		
/bin/upas/mbappend /mail/box/<yourusername>/Sent < $TMP
		/bin/upas/send $* < $TMP
		

Of course you need to create the directory /mail/box//Sent and exchange with your $user and make this script executable.

The Sent directory needs read and write access for your own user, which should be fine with the defaults.

If you want unauthenticated users to send mails to that directory you need to make this directory world-writable.

With these adjustments you can send mails with acme/marshal and they are automatically saved in your Sent mailbox.

A few weeks ago I removed archlinux from my remaining machine. I noticed how the new lenovo keyboards aren't good and the trackpoint is crap. That's why I still prefer the Thinkpad T61, even without battery.

Anyways, I'll try to describe the process of the installation. The installation itself went according to the FQA, I'll just add some notes.

		#!/bin/rc
		

		
echo -n 'connect to server: '
		server=`{read}
		
		
if(~ $#server 0){
			echo not connecting to services >[1=2]
			exit
		}
		
		
if(! test -e /net/dns)
			ndb/dns -r
		
		
auth/factotum
		for(i in $server){
			rimport -Cc $i /n/$i
		}
		bind -c '/n/'^$server(1)^'/usr/'^$user /usr/$user
		

This is how to restrict user access to groups. You can use this to enable rcpu access for all users of a specific group. All other groups will not be allowed.

		#!/bin/rc
		userfile=/adm/users
		fn useringroup{
			grep $1 $userfile | {
				found=0
				while(~ $found 0 && line=`:{read}){
					if(~ $line(2) $2){
						found=1
					}
				}
				if(~ $found 1)
					status=''
				if not
					status='not found'
			}
		}
		if(~ $#* 3){
			netdir=$3
			remote=$2!`{cat $3/remote}
		}
		fn server {
			~ $#remote 0 || echo -n $netdir $remote >/proc/$pid/args
			rm -f /env/'fn#server'
			. <{n=`{read} && ! ~ $#n 0 && read -c $n} >[2=1]
		}
		exec tlssrv -a /bin/rc -c 'useringroup $user sys && server'
		

This is especially useful if you want a CPU server to expose filesystems and have cpu access for administrators only.

Some smaller change that can change your life.

There are reasons why you not run rio in your lib/profile. For me the main reason would be: You can no longer use rcpu -c commands in your shell. Rio opens and there you are, stuck in front of a gray background.

My solution:

		case cpu
	

		
… lots of stuff …

		   rcpucmd=`{cat /mnt/term/env/cmd >[2]/dev/null}
		   if(~ $#rcpucmd 0)
		      rio
	

	

		
… lots of stuff …

		

Recently I installed my mail server on 9front. Most of the time I followed the guide in the FQA, but still there are things to explain. In this document I'll go through the section of the FQA and annotate things.

Right at the beginning the FQA mentions how the executing user needs write permissions for the mailboxes. This is very important! If upas can't write the mailboxes the mail server will not accept incoming mail!

In my setup I can skip all DNS stuff, because I have my DNS hosted somewhere else. Make sure to add proper MX records as well as (at least) an SPF record.

		defaultdomain    sirjofri.de
		norelay          on
		verifysenderdom  on
		saveblockedmsg   off
		ourdomains       sirjofri.de
		

		pOsTmAsTeR    alias postmaster
		aBuSe         alias abuse
		wEbMaStEr     alias webmaster
		

		\\l!(.*)                alias \\1
		\\l\\.sirjofri\.de!(.*)   alias \\1
		sirjofri.de!(.*)       alias \\1
		

		\\"(.+)\\+(.*)\\"  translate "echo `{/bin/upas/aliasmail '\\1'}^'+\\2'"
		

	

		
The other translate rules are default

		

		local!(.+)\\+(.+)  |  "/bin/test -d /mail/box/\\1/\\2 \\&\\& /bin/upas/mbappend /mail/box/\\1/\\2 || /bin/upas/mbappend /mail/box/\\1/mbox"
		local!"(.+)\+(.+)  |  "/bin/test -d /mail/box/\\1/\\2 \\&\\& /bin/upas/mbappend /mail/box/\\1/\\2 || /bin/upas/mbappend /mail/box/\\1/mbox"
		

	

		postmaster  sirjofri
		webmaster   sirjofri
		abuse       sirjofri
		

		#!/bin/rc
		user=`{cat /dev/user}
		exec /bin/upas/smtpd -f -E -r -c /sys/lib/tls/cert -n $3
		

Today I installed replica(1) on my VPS. I noticed that I can write some helper scripts around it and here they are.

You can download them from https://sirjofri.de/files/guidedreplica.

You can install it like that:

	

		
bind your client $home to /n/rclient

	

	

		
bind your server $home to /n/rserver

		hget https://sirjofri.de/files/guidedreplica/guidedreplica.rc | rc
	

	

		
follow the prompts

		

This will also install two helper scripts to $home/bin/rc/replica/. Reproto copies one proto over the other. You can choose which one you want to keep. Reupdate is helpful if there are update-update errors. It should automatically solve them (untested, but should work).

Update: replica(1) has issues. Often it does a bad job tracking changes, leaving removed files there and vice versa. I never encountered data loss, only inconsistencies in the copies.

Many people use mkfs(8), which does not overwrite changed files. At some point I will build some scripts around it and use that instead of replica(1).

(Files: https://sirjofri.de/files/guidedreplica/README, https://sirjofri.de/files/guidedreplica/guidedreplica.rc)

Today I installed 9front on a Netcup VPS. Here are some notes if you want to do it yourself.

I used the smallest VPS option. Currently, that's “VPS 200 G8”. It costs like 2.69 Euro, but you might be able to find some way to make it cheaper.

After ordering it might take some time until the server is up and ready. By default debian was installed in a GPT, we can ignore that.

Meanwhile you can delete the virtual disk and create a new one. You need your SCP password for this. This step is necessary to remove the GPT. Of course you could manually reformat the disk, but deleting the disk will save time.

In the settings you can virtually insert the iso as a DVD and verify the boot order (DVD first). Start up the machine and switch to the web VNC display.

At this point you can proceed with the default 9front installation described in the fqa. Don't forget to install the MBR and activate the partition. Otherwise there are no additional special steps besides manually configuring the /lib/ndb/local after installation. In my case I made an auth server.

Currently it seems to work fine. I installed the machine today, so there might be some issues I didn't find yet.

RSS is still a thing.

Yes, there are more modern alternatives, like Atom or fancy json feeds. What I want to say is, feeds are still a thing.

That's why you are now able to read my changeblog as an Atom feed.

Now I just need to find enough time to write my posts.

Today I want to share with you, that I use the plan9 distribution “9front” as my main computer.

Of course there are things that are almost impossible to do there, for example: all gamedev related stuff. This is of course an issue, because I am a game developer. I still have my windows machine with relevant tools, so I can still fiddle around with those complex things.

For gaming I also use my windows machine or some game console. Yes, there are a few games on plan9 systems.

Also most online services use javascript and heavy styling of webpages, so I also use a modern computer with a modern browser. Mothra is fine for doing basic research stuff, but in 2020 it's almost impossible to actually do things on the web.

Anyways, let me tell you that I don't really miss anything on plan9. I can write documents, check my email stuff, chat with people, and step by step it becomes more usable. The community is helpful and provides more applications. The system runs stable, the user interface is consistent and good to look at. Colors don't jump in your eye and want to kill you and there's catclock(1), our friendly companion.

I updated my website to Uberspace 7, but not only this: I changed the whole webpage to make it more nine-friendly.

My whole webpage management system is completely 9 based. I use oridb's git9 implementation and plan9 tools, mk, sed, cat, …

I also decided to change the main language of the website to English.

Hacknet ist ein storylastiger Hacking-Simulator. Obwohl das „Hacking“ doch recht weit von der Realität entfernt ist, kommen manche Prozesse dem „echten“ Hacken doch sehr nahe. So muss der Spieler manche Dinge lernen (oder bereits im Vorfeld wissen), sich die Verwendung neuer Tools anlernen und diese Tools geschickt kombinieren, um an sein Ziel zu kommen. Manchmal reicht selbst das nicht aus, es gibt immer einen Hacker, der besser ist als man selbst. Dies ist vom Spiel aber gewollt und dient dem Fortschritt der Story.

Überhaupt ist das „Hacking“ recht einfach – es soll ja auch Spaß machen; der Schwierigkeitsgrad ändert sich Abschnittsweise und dient dem Spielerlebnis. An manchen Passagen gibt es auch ein gewisses Frustpotenzial, was jedoch der Realität noch näher rückt und das Spielvergnügen nicht mildert. Das stetige Befehle-eingeben und Systeme analysieren behindert das Erleben der Story im Übrigen überhaupt nicht, eher im Gegenteil: Die Tätigkeit lässt einen noch viel mehr in die Rolle des Protagonisten schlüpfen. Der Protagonist ist übrigens ein namenloser Hacker, der mit keiner Persönlichkeit ausgestattet ist. Für manche Spiele mag das ein Nachteil sein, da man nicht in die Rolle des Helden schlüpfen kann, in Hacknet jedoch lädt es den Spieler dazu ein, sich selbst in das Spiel hineinzusetzen. Selber zu hacken, statt den Helden hacken zu lassen.

Die Story von Hacknet hat auch vieles zu bieten: Fortschritt, Rivalität und die mysteriösen Handlungen eines großen Technik-Konzerns bieten dem Spieler Herausforderung und den Wunsch, mit seinem neu erlangten Können die Spielwelt zu verändern. Mehrere Nebenquests dienen dazu, sich in die Spielwelt einzufinden und die Arbeitsweise der Hackergruppen kennenzulernen.

Während des Spielens fiel mir auf, dass das Spiel durchaus an der vierten Wand gekratzt hat. Manchmal verschwamm die Grenze zwischen Spiel und Realität. Dafür ist die Länge des Spiel jedoch sehr hilfreich: Es ist trotz seiner Tiefe nicht sehr lange. Und der Preis scheint angemessen. Insgesamt ein sehr schönes Spiel, das den Spieler in ein technisches Abenteuer lockt und mit seinem Immersionspotenzial überrascht.

(Ursprünglich gepostet auf Steam.)