hallettj

Some app launchers these days run each app in a new systemd scope, which puts the app process and any child processes into their own cgroup. For example I use rofi which does this, and I noticed that fuzzel does also. That is handy for tracking and cleaning up child processes!

You can see how processes are organized by running,

$ systemctl --user status

I think that's a quite useful way to see processes organized. Looking at it I noticed a couple of scopes that shouldn't still be running.

Just for fun I wanted to use this to try to script a better killall. For example if I run $ killscope slack I want the script to:

1. find processes with the name "slack"
2. find the names of the systemd scopes that own those processes (for example, app-niri-rofi-2594858.scope)
3. kill processes in each scope with a command like, systemctl --user stop app-niri-rofi-2594858.scope

Step 2 turned out to be harder than I liked. Does anyone know of an easy way to do this? Ideally I'd like a list of all scopes with information for all child processes in JSON or another machine-readable format.

systemctl --user status gives me all of the information I want, listing each scope with the command for each process under it. But it is not structured in an easily machine-readable format. Adding --output json does nothing.

systemd-cgls shows the same cgroup information that is shown in systemctl --user status. But again, I don't see an option for machine-readable output.

systemd-cgtop is interesting, bot not relevant.

Anyway, I got something working by falling back on the classic commands. ps can show the cgroup for each process:

$  ps x --format comm=,cgroup= | grep '^slack\b'
slack           0::/user.slice/user-1000.slice/user@1000.service/app.slice/app-niri-rofi-2594858.scope
slack           0::/user.slice/user-1000.slice/user@1000.service/app.slice/app-niri-rofi-2594858.scope
slack           0::/user.slice/user-1000.slice/user@1000.service/app.slice/app-niri-rofi-2594858.scope
...

The last path element of the cgroup happens to be the scope name. That can be extracted with awk -F/ '{print $NF}' Then unique scope names can be fed to xargs. Here is a shell function that puts everything together:

function killscope() {
    local name="$1"
    ps x --format comm=,cgroup= \
        | grep "^$name\b" \
        | awk -F/ '{print $NF}' \
        | sort | uniq \
        | xargs -r systemctl --user stop
}

It could be better, and it might be a little dangerous. But it works!

A short post on how variable names can leak out of macros if there is a name collision with a constant. I thought this was a delightful read!

Difftastic is a diff tool that uses treesitter parsing to compare code AST nodes instead of comparing lines. After following the instructions for use with git I'm seeing some very nice diffs when I run git diff or run git show --ext-diff. I thought it would be nice to get the same output for hunk diffs in the fugitive status window, and in fugitive buffers in general (which use the git filetype). But I haven't seen any easy way to do it. Has anyone got a setup like this?

I can run a command in neovim like :Git show --ext-diff to get difftastic output in a buffer. I'm thinking maybe I can set up fugitive to use the --ext-diff flag by default, or set up some aliases. But there is no syntax highlighting for the difftastic outputs since the ANSI color codes that difftastic uses in interactive terminal output don't work in neovim, and the syntax highlighting for the git filetype assumes standard diff output which is not compatible with difftastic output. For me losing colors is not a worthwhile trade for the otherwise more readable diff output.

My best idea right now is to set up a new filetype called difftastic, and write a new treesitter grammar or syntax plugin for it. Then set up some kind of neovim configuration to feed output from difftastic into buffers with the new filetype.

There is an open neovim issue discussing adding syntax-aware diffs directly to neovim, but that doesn't seem to have gone anywhere.

I installed StarCraft: Mass Recall which is an impressive project that recreates the original StarCraft and Brood War campaigns in StarCraft 2. Everything works except that the cinematics and some of the game assets are flat, blank red. For example some of the video portraits in the briefing rooms display correctly, but Mengsk is a solid red square. In the first mission Raynor's vulture is flat red while everything else looks correct. Sound works correctly including in cinematics.

The game assets aren't a huge deal, but the cinematics are a big part of the reason for playing these campaigns IMO.

I've tried everything I can think of. I tried some different Wine runners. I tried disabling DXVK. I installed a number of dependencies that look like they provide video codecs:

• amstream
• devenum
• quartz
• xvid
• ffdshow

Does anyone have ideas about what else I might try?

What I did figure out is a working command to run the mod, which took me a while. I used Bottles, installed Battle.net through the Bottles program installer, installed StarCraft 2 via Battle.net, and finally installed Mass Recall by unzipping and copying its files to the StarCraft Maps/ and Mods/ directories. Then I was able to run Mass Recall with this command:

$ bottles-cli shell -b "<bottle name>" -i '"C:\Program Files (x86)\StarCraft II\Support64\SC2Switcher_x64.exe" "C:\Program Files (x86)\StarCraft II\Maps\Starcraft Mass Recall\SCMR Campaign Launcher.SC2Map"'

Passkeys seem like a great idea, and we are at a point where, although things are still very much in flux, software passkeys managed by password managers are starting to be usable. I thought I'd share the workflow that's working for me on Linux with some sites, and ask the community for more tips & tricks.

A passkey is a client certificate - which is an old idea, but now there are some new standards in place*. When you log into a website, instead of sending a password you send a message signed using the private key on your hardware security device, or stored in your password manager. If you use a password manager the flow is about the same as with passwords: your password manager pops up and asks if you want to log in to the given website. But instead of sending a password to the browser, message signing takes place in the password manager. Unlike passwords those signed messages can't be replayed. Arguably you can skip sending MFA codes and get about the same (or maybe better) security with passkeys than you were getting with passwords + MFA.

Complications come up because support for passkey APIs is still patchy. On Linux I think there is system-level support for hardware keys, but not for passkey managers (password managers that can do passkey signing). But you can close that gap using browser extensions! I'm using Enpass with it's Firefox extension. Signing into websites in Firefox using passkeys works quite well in some of the sites I've tried. (I've also tested with Bitwarden's browser extension, and it works just as well.**) Although creating passkeys doesn't work on all of those sites.

• I was able to create a passkey on Github, and sign in with it.
• I was able to create a passkey for the demo at https://www.passkeys.io/, and sign in with it.
• I couldn't create passkeys for Google, but I could log in with passkeys created on another device, and synced by Enpass to my Linux machine.
• I can use a passkey for MFA on Discord, but they don't seem to be using them for logins yet.
• I'm not getting options to use my passkeys on Amazon or Paypal, but I was able to create passkeys for these sites on Android.

Without using a browser extension Chrome on Linux does have a feature to sign in with passkeys on mobile devices. I don't think this works with third-party passskey managers. On some sites Chrome gave me the option to log in using the automatically-generated, Google-managed passkey on my phone. It didn't actually worked for me - my phone showed a message saying "connecting to device" but never actually connected.

That brings me to the Android side. Since some sites will let me log in with passkeys but not create them it's helpful to have another option for creating passkeys. Android is further along in implementing system level passkey support (only in Android 14 or later). But it's not perfect yet. Firefox for Android is not working with passkey managers yet, but there is a ticket to track this. Third-party passkey managers work in Chrome for Android, but only if you enable an experimental flag:

• open chrome://flags/
• find the setting "Android Credential Management for passkeys"
• set the value to "Enabled for Google Password Manager and 3rd party passkeys"

* "Passkey" seems to be an umbrella term for WebAuthn or FIDO U2F. It looks like WebAuthn is a part of FIDO2.

** From a cursory look at the two I feel more comfortable with Enpass' browser extension than with Bitwarden's. I'm not positive, but it looks like Bitwarden loads credentials in the extension itself which puts all of your secrets in the browser process. OTOH the Enpass extension uses IPC to send requests to the Enpass desktop app. But as many will point out, Bitwarden's clients are open-source and audited while Enpass' software is closed-source.

cross-posted from: https://leminal.space/post/4750886

It took me some time to work out how to get my ssh agent set up in Niri so I though I would share what I did. I'm using NixOS and Home Manager. I put this in my Home Manager config:

services.gnome-keyring = {
  enable = true;
  components = [ "pkcs11" "secrets" "ssh" ];
};
home.sessionVariables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/keyring/ssh";

I'm using GDM according to NixOS' default configuration which I think runs gnome-keyring (I thought I saw it in the process list before I set up the user unit), and I think that configuration is automatically unlocking gnome-keyring when I log in via PAM integration. But apparently I need to run gnome-keyring again in my window manager session. Home Manager's services.gnome-keyring adds a systemd user unit that does that.

It took me some time to work out how to get my ssh agent set up in Niri so I though I would share what I did. I'm using NixOS and Home Manager. I put this in my Home Manager config:

services.gnome-keyring = {
  enable = true;
  components = [ "pkcs11" "secrets" "ssh" ];
};
home.sessionVariables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/keyring/ssh";

I'm using GDM according to NixOS' default configuration which I think runs gnome-keyring (I thought I saw it in the process list before I set up the user unit), and I think that configuration is automatically unlocking gnome-keyring when I log in via PAM integration. But apparently I need to run gnome-keyring again in my window manager session. Home Manager's services.gnome-keyring adds a systemd user unit that does that.

I'd like a treesitter query that matches a Rust struct together with all of its attributes. For example,

#[derive(Debug)]
#[serde(rename_all = "camel_case")]
pub struct MyType {
    pub foo: i32,
}

The lines beginning with # are attributes that are logically connected to the struct declaration. But the treesitter grammar for Rust parses attributes as adjacent nodes, not as children of the struct declaration:

  (attribute_item ; [27, 0] - [27, 16]
    (attribute ; [27, 2] - [27, 15]
      (identifier) ; [27, 2] - [27, 8]
      arguments: (token_tree ; [27, 8] - [27, 15]
        (identifier)))) ; [27, 9] - [27, 14]
  (attribute_item ; [28, 0] - [28, 35]
    (attribute ; [28, 2] - [28, 34]
      (identifier) ; [28, 2] - [28, 7]
      arguments: (token_tree ; [28, 7] - [28, 34]
        (identifier) ; [28, 8] - [28, 18]
        (string_literal)))) ; [28, 21] - [28, 33]
  (struct_item ; [29, 0] - [31, 1]
    (visibility_modifier) ; [29, 0] - [29, 3]
    name: (type_identifier) ; [29, 11] - [29, 17]
    body: (field_declaration_list ; [29, 18] - [31, 1]
      (field_declaration ; [30, 4] - [30, 16]
        (visibility_modifier) ; [30, 4] - [30, 7]
        name: (field_identifier) ; [30, 8] - [30, 11]
        type: (primitive_type)))) ; [30, 13] - [30, 16]

How can I get produce a query that I can use in mini.ai that matches the struct, and all attributes?

I've tried this query using Neovim's new built-in :EditQuery command:

((attribute_item)* . (struct_item)) @custom_capture.outer

It looks like it does what I want. But when I try using @custom_capture.outer in mini.ai it matches the struct declaration, but not the attributes.

I tried using #make-range! like this,

((attribute_item)* @_start . (struct_item) @_end
  (#make-range! "custom_capture.outer" @_start @_end))

That matches the struct and the second attribute, but does not get the first attribute. I'm guessing that's because the . specifies that nodes must be adjacent, and the second attribute is the only one that is adjacent to a struct_item. Following that thinking I tried this,

((attribute_item)? @_start . (attribute_item)* . (struct_item) @_end
  (#make-range! "custom_capture.outer" @_start @_end))

That gets the struct and all the attributes, but only if my cursor is on the first attribute line when I use the textobject. If my cursor is on any subsequent line then I get the second attribute and the struct, but the first attribute is missed.

One problem is I'm not clear whether ((attribute_item) . (struct_item)) matches an attribute_item and a struct_item that are adjacent, or matches an attribute_item that precedes a struct_item, but does not also match the struct_item. I tried experimenting with the second interpretation and used this query,

(((attribute_item) 
  . [(attribute_item) (struct_item)])* @_start
  (struct_item) @_end
  (#make-range! "custom_capture.outer" @_start @_end))

That captures what I want, but in some cases if I have two struct declarations and I try to match only the second one the query selects both structs instead.

Is that the way to do a lookahead? Or is there another way?

I've kinda hit a wall looking at documentation, other examples, and running my own experiments. Does anyone have any pointers to help understand these queries on a deeper level?

Edit: It looks like this stuff is in flux, so I should mention that I'm using the latest nightly as of March 2 2024, and I made sure that all of my plugins are up-to-date.