Feuerfest

Just the private blog of a Linux sysadmin

Windows 10 and KB5034441: Trying to understand error code 0x80070643 and then it suddenly works?

Photo by Sora Shimazaki: https://www.pexels.com/photo/crop-unrecognizable-developer-using-laptop-and-smartphone-5926389/

My Windows 10 gaming PC showed the lovely error code 0x80070643 when I try to apply the "2024-01 Security Update for Windows 10 Version 22H2 for x64-based Systems (KB5034441)". And this update gained a somewhat notorious reputation.

What I do understand is, that KB5034441 fails to install if there isn't at least 250MB of free space on the so-called "Windows-RE" or recovery partition. Microsoft offers a PowerShell script to enlarge the recovery partition. But this only works in certain cases like the recovery partition is located after the Windows partition. Which wasn't the case on my PC. Additionally Windows wasn't able to shrink my C-Partition in order to create new, and greater, Windows RE partition behind the C-Partition.

First time I executed the script in April 2024, it told me that I have only 171.5 MB of free space then I will be under the MinSize of the C-Partition.

So yeah.. Time to dive a little bit deeper?

Turns out the MinSize and MaxSize are retrievable via the Get-PartitionSupportedSize function.

PS C:\WINDOWS\system32> Get-PartitionSupportedSize -DriveLetter C

     SizeMin      SizeMax
     -------      -------
245659398144 248628903936

A little bit of PowerShell internals

With (Get-Command Get-PartitionSupportedSize).CommandType I am able to get the CommandType, this tells me if I am working with a Function, an Cmdlet or an alias. Helpful if you explicitly need to know the details.

Via (Get-Command Get-PartitionSupportedSize).Definition we can retrieve the actual code behind that function. There we can see that a new CIMInstance connection to the MSFT_Partition class of the Windows Storage Management Provider API is made.

Ok, but does this help me? Not much, now I would need to dig into WMI, C/C++ and this would require more time than I am willing to invest.

Back to the problem

However I noted (or more like: felt) that the SizeMin number is different from what I got last time. Which would surprise me as the Partition Size was the same and I always had more than 20GB of free space on the C-Partition.

Fancy a try? Sure thing!

PS C:\Users\users\Downloads> .\resize_script.ps1

Cmdlet resize_script.ps1 an der Befehlspipelineposition 1
Geben Sie Werte für die folgenden Parameter an:
(Geben Sie !? ein, um Hilfe zu erhalten.)
BackupFolder: C:\winre-backup
Start time: 08/10/2024 18:08:39
Examining the system...
WinRE-Status:                          Enabled
WinRE-Ort:                             \\?\GLOBALROOT\device\harddisk0\partition1\Recovery\WindowsRE
System directory: C:\WINDOWS\system32
ReAgent xml: C:\WINDOWS\system32\Recovery\ReAgent.xml

Collecting OS and WinRE partition info...
OS Disk: 0
OS Partition: 4
WinRE Partition: 1
Disk PartitionStyle: GPT
WinRE partition size info
  Partition capacity: 523235328
  Partition free space: 55316480
WinRE Partition Offset: 1048576
WinRE Partition Type: Recovery
OS partition size: 249414287360
OS partition Offset: 644874240
OS partition ends at: 250059161600
WinRE partition starts at: 1048576

Backup Directory: [C:\winre-backup]

Verifying if the WinRE partition needs to be extended or not...
WinRE partition is not after OS partition, cannot perform extension
Need to create a new WinRE partition after OS partition

Summary of proposed changes
Note: WinRE partition is before OS partition, need to create a new WinRE partition after OS partition
Will shrink OS partition by 785383424
Current OS partition size: 249414287360
Target OS partition size after shrinking: 248628903936
New WinRE partition will be created with size:  785379328
Existing WinRE partition will be deleted
WinRE partition: Disk [0] Partition [1]
Current WinRE partition size: 523235328
The contents of the old WinRE partition will be backed up to [C:\winre-backup]                                                    
Please reboot the device before running this script to ensure any pending partition actions are finalized

Would you like to proceed? Y for Yes and N for No: y
Proceeding with changes...

Note: To prevent unexpected results, please do not interrupt the execution or restart your system

Loading [C:\WINDOWS\system32\Recovery\ReAgent.xml] ...
Stage location info is empty
Disabling WinRE...
REAGENTC.EXE: Vorgang erfolgreich.

Verifying that WinRE wim exists in downlevel at default location
Performing repartition to extend the WinRE partition ...
Shrinking the OS partition to create a larger WinRE partition
Resizing the OS partition to: [248628903936]...
Target partition size: 248628903936
Size of OS partition after shrinking: 248628903936

Copying content on WinRE partition from [\\?\Volume{daac35b3-1726-41c1-b290-1f73fd3f840a}\] to [C:\winre-backup]...
Copying [\\?\Volume{daac35b3-1726-41c1-b290-1f73fd3f840a}\Recovery] to [C:\winre-backup\Recovery]...
Backup completed

Deleting WinRE partition: Disk [0] Partition [1]...

Creating new WinRE partition...
Target size: 785379328
Formating the partition...
New Partition index: 1
Re-enabling WinRE...
REAGENTC.EXE: Vorgang erfolgreich.


WinRE Information:
WinRE-Status:                          Enabled
WinRE-Ort:                             \\?\GLOBALROOT\device\harddisk0\partition1\Recovery\WindowsRE
WinRE Partition Index: 1
  Partition capacity: 785379328
  Partition free space: 317145088

OS Information:
OS partition size: 248628903936
OS partition Offset: 644874240
End time: 08/10/2024 18:09:29

The contents of the old WinRE partition has been backed up to [C:\winre-backup]

Successfully completed the operation
PS C:\Users\users\Downloads>

And after a reboot everything was fine. The update is now installed and my recovery partition is now located after my Windows C-Partition. My C-Partition is now 231GB, 1GB less.

Don't ask me what changed between April 2024 and August 2024. I have absolutely no idea. When I executed the script in April 2024 I had ~22GB of free space. Cleared all temp files from Windows you can clear. Defragmented the drive. Even moved some games to other partitions/hard-disks to free up even more space. Nothing worked.

The resize_script.ps1 is also still the same as the one I downloaded in April 2024.

Anyway, no annoying pending update anymore. And given that we are talking about my gaming PC I can live with that. ☺️

Comments

Ripping my 4k UHD BluRay discs with the Verbatim 43888

Photo by cottonbro studio: https://www.pexels.com/photo/a-person-in-black-sweater-holding-compact-disc-5473402/

Update, March 2025: It seems that Verbatim switched the chipset in the drives without changing the model number. (Yeah.. Don't we all just love it when corporate does stupid stuff like that..). As according to the thread Verbatim 43888 with LG drive? in the MakeMKV-Forum the first Verbatim 43888 drives with a BU40NBD-RW surfaced and these are NOT LibreDrive compatible. I strongly advise you to read the thread and get the newest information. The good working devices can currently be identified via the "Model code" and a subtle change in the layout of the packaging. However this might change at any time without notice.
Good news is there seems to be an Autoflasher tool available. Visit the forum to get all details.
Update end.

I own some 4k UHD BluRay discs and like all my DVDs I wanted to have them as plain files on my NAS. Enabling me to watch them anytime via my TV/Laptop/PC/Smartphone. After a bit of googling I found out that the Verbatim 43888 external DVD/BluRay drive (Amazon) is compatible to LibreDrive off the shelf and hence able to rip UHD BluRays.

What LibreDrive is, is described in the MakeMKV forum, but the important part is:

A LibreDrive is a mode of operation of an optical disc drive (DVD, Blu-ray or UHD) when the data on the disc are accessed directly, without any restrictions or transformations enforced by drive firmware. A LibreDrive would never refuse to read the data from the disc or declare itself “revoked”. LibreDrive compatible drive is required to read UHD discs.

For many drives this requires a flashing of the firmware in order to work with LibreDrive. The Verbatim 43888 does not. It works out of the box. However you have to pay attention on where to buy the drive. Turns out there are three caveats when buying this drive.

  1. The 43888 drives sold in EU and US are different. The US version uses a chipset which is NOT LibreDrive compatible. And as Verbatim solely uses Amazon to sell it's drives you have to explicitly switch to Amazon Germany to buy the drive. This, of course, makes it more expensive and people not living in Gemany/EU should consider other alternatives.
    If you are in doubt, this is the link I used to buy the Verbatim 43888 https://www.amazon.de/dp/B07MTP9VKX/ and the model number is listed down below in the technical details.
  2. Do NOT update the firmware of the Verbatim 43888. It uses a Pioneer chipset and in 2022 Pioneer released new firmwares for lots of drives which sole intention was to cripple LibreDrive support. While I do not know for sure that the new firmware for the 43888 would remove the LibreDrive support I also wasn't keen on spending 100€ and updating the firmware just to have a drive which can't do what I bought it for..
    The MakeMKV forum has a long thread on the topic where the MakeMKV developers write a little bit about the challenges and current status to get those drives working again: Pioneer firmware update February 2023
  3. When buying from Amazon: Pay attention you actually buy new and not used hardware. Turns out Amazon tries to sell you their so-called "Amazon Warehouse deals" first. These are often products who were returned to Amazon for various reasons.
    The first drive I bought was an Amazon Warehouse deal and the drive wouldn't even be recognized by neither Windows nor Linux. The LED didn't even turn green. So yeah, looks like Amazon doesn't do a good job in ensuring their Warehouse deals are actually in working condition..

Apart from that I often read that external drives in general tend to be more frail then internal drives. And my experience supports this.

  • The first drive I bought was defect, wouldn't even turn own.
  • The second drive I bought from Amazon was new hardware, not an Amazon Warehouse deal, but made loud clicking noises and wouldn't read BluRays. DVDs worked somewhat with lots of Read Errors. Even called the Verbatim support and they just said I should return it. And that is, what I did.
  • Drive 3 was damaged while being delivered to me. 😆
  • The fourth drive finally arrived in working condition and does what it should.

All in all: This is what MakeMKV should display when you have a Verbatim 43888 with working firmware:

Drive Information
OS device name: \Device\CdRom0
Current profile: BD-ROM
Manufacturer: PIONEER
Product: BD-RW BDR-UD04
Revision: 1.14
Serial number: REMOVED
Firmware date: 2020-06-15
Bus encryption flags: 1B
Highest AACS version: 78

LibreDrive Information
Status: Enabled
Drive platform: RS8A10
Firmware name: PIONEER BDR-US04
Firmware type: Original (unpatched)
Firmware version: 1.14
DVD all regions: Yes
BD raw data read: Yes
BD raw metadata read: Yes
Unrestricted read speed: Yes
Comments

Personal thoughts on AI helper tools for job interviews

Photo by Sora Shimazaki: https://www.pexels.com/photo/professional-man-interviewing-an-applicant-5668863/

I recently read a comment on the /r/linuxadmin subreddit from someone who has developed and commercially runs a tool that helps job applicants in real-time, parallel to their interview. This tool doesn't just transcribe spoken words, which is fine by me. It can also solve coding problems and actively suggest what a candidate should say next to "ace the interview". It can even analyse the video feed to solve coding problems written down on a whiteboard.

This is precisely why I value meeting an applicant in person. Inviting them for a trial day of typical problems and conversations with potential future colleagues. It gives them a clear idea of what it's like to work for the company.

I understand that people can be in dire situations where they really need a job. Still, I do tend to have more sympathy for a person who is open and honest about their knowledge gaps.
However, I also disagree with seeing them as negative per se. Instead, it's a huge bonus when someone is able to say, "I don't know." Especially in such a delicate situation like a job interview.

If a candidate says, "I don't know." I will reply, "Perfect! Then let's iterate together on how you would proceed. Like you've just encountered a new problem at work without further knowledge."
I gain a great deal of insight into a person from their answers to such questions.

At a previous employer, I was interviewing a candidate. This applicant regularly said, "I don't know." This was to be expected. My colleague and I intentionally asked follow-up questions on the answered questions, constantly diving deeper into technical details. We didn't just want to check on the basics. We wanted to know if he understood the concepts and how he plans his work. Company-specific and technical knowledge is something we can teach. Changing how an adult person thinks and approaches problems? This is something we cannot do.

After working in our team for two years, he told us the following: "Right after the interview, I'd called my wife. I told her, "Well, it looks I'm not going to get the job. It feels like I couldn't answer anything." can you imagine how surprised I was when I was invited for a trial day?"

We then explained to him why we interview the way we do, and he added, "In most companies, I was only asked basic questions. And more often than not, there was not one person from the technical department. Not even from the team they were hiring for."

The upshot is that companies need to get their recruitment processes right and not just tick boxes.
If you do the latter, you'll get solutions like those described above.

And I don't think that's a good development for anybody.

I have also learnt to redesign my interviews. I don't want candidates to leave the interview feeling devastated or like they're not good enough. They may not be a good fit for the company and we may have to turn them down for various reasons, but that doesn't mean they're bad at what they do. There are just too many variables that need to come together in order to hire someone.

Comments

Integrating Isso into Bludit via Apache2 and WSGI

Photo by Sébastien BONNEVAL: https://www.pexels.com/photo/women-posting-notes-on-brown-board-7393948/

Isso is a comment system designed to be included in static sites. As Bludit is a static site generator and has no comment system on its own this is a perfect fit. 😀 Also the comments are stored in a local SQLite DB which means all data stays locally on this server and no external account registration is required.

Comment moderation is of course possible via a small admin backend.

Introduction

I actually tried to separate methods of setting up and integrating Isso in my Bludit instance.

The start was always a Python virtualenv as I didn't want to install all packages and libraries system-wide. After that, I tried two approaches as I wasn't sure which one I liked better.

First approach:

  • Python virtualenv
  • Isso started via Systemd Unit on localhost:8080
  • ProxyPass & ProxyPassReverse directives in the Apache vHost configuration forwarding the relevant URIs to Isso on http://localhost:8080

Second approach:

  • Python virtualenv
  • Isso integrated via mod_wsgi into Apache

In the end, I went with the second approach as it spared me a Systemd Unit and activating the mod_proxy & mod_proxy_http in Apache. Also the whole integration was done with one WSGI file and 8 lines in the vHost.

But as I got both to a working condition I document them here nonetheless.

Creating the Python virtualenv

Creating the virtualenv is a necessary step for both paths. Generally, you can omit it if you want to install the Python packages system-wide, but as I'm still testing the software I didn't want this.

Here I followed the Install from PyPi documentation from Isso.

root@admin ~# mkdir /opt/isso
root@admin ~# apt-get install python3-dev python3-virtualenv sqlite3 build-essential
# Switching back to our non-root user
root@admin ~# exit
user@admin:~$ cd /opt/isso
user@admin:/opt/isso$ virtualenv --download /opt/isso
user@admin:/opt/isso$ source /opt/isso/bin/activate
(isso) user@admin:/opt/isso$ pip install isso

# After that I ran an upgrade for isso to get the latest package
(isso) user@admin:/opt/isso$ pip install --upgrade isso

# Also we can already create an directory for the SQLite DB where the comments get stored
# Note: This MUST be writeable by the user running isso. So either the user the Systemd unit runs under, or, in my case: the Apache2 user
(isso) user@admin:/opt/isso$ mkdir /opt/isso/db

# To change the ownership I need to become root again
# I choose www-data:adm to allow myself write-access as the used non-root user is part of that group
root@admin ~# chown www-data:adm/opt/isso/db
root@admin ~# chmod 775 /opt/isso/db

With pip list we can get an overview of all installed packages and their versions.

(isso) user@admin:/opt/isso$ pip list
Package       Version
------------- -------
bleach        6.1.0
cffi          1.16.0
html5lib      1.1
isso          0.13.0
itsdangerous  2.2.0
jinja2        3.1.4
MarkupSafe    2.1.5
misaka        2.1.1
pip           20.3.4
pkg-resources 0.0.0
pycparser     2.22
setuptools    44.1.1
six           1.16.0
webencodings  0.5.1
werkzeug      3.0.3
wheel         0.34.2

Isso configuration file

My isso.cfg looked like the following. The documentation is here: https://isso-comments.de/docs/reference/server-config/

(isso) user@admin:/opt/isso$ cat isso.cfg
[general]
dbpath = /opt/isso/db/comments.db
host = https://admin.brennt.net/
max-age = 15m
log-file = /var/log/isso/isso.log
[moderation]
enabled = true
approve-if-email-previously-approved = false
purge-after = 30d
[server]
listen = http://localhost:8080/
public-endpoint = https://admin.brennt.net/isso
[guard]
enabled = true
ratelimit = 2
direct-reply = 3
reply-to-self = false
require-author = true
require-email = false
[markup]
options = strikethrough, superscript, autolink, fenced-code
[hash]
salt = Eech7co8Ohloopo9Ol6baimi
algorithm = pbkdf2
[admin]
enabled = true
password = YOUR-PASSWORD-HERE

This meant I needed to create the /var/log/isso directory and set the appropriate rights.

But I want to raise your attention towards the following line public-endpoint = https://admin.brennt.net/isso here I added /isso to the host as else we will run in problems as both Isso and Bludit are using the /admin URI for backend access.

While this can be changed in Isso when you hack the code and, as far as it could tell, also in Bludit. I didn't want to do this, as these are modifications which will always cause additional work when an update of either Isso or Bludit is done. Therefore I added the /isso URI and adapted the ReverseProxy/WSGI configuration accordingly. Then everything works out of the box.

Decide how to proceed

Now you need to decide if you want to go with the first or second approach. Depending on this either start with point 1a) Creating the Systemd unit file or 2) Apache2 + WSGI configuration

1a) Creating the Systemd unit file

The following unit file will start Isso. Store it under /etc/systemd/system/isso.service.

[Unit]
Description=Isso Comment Server

[Service]
Type=simple
User=user
WorkingDirectory=/opt/isso
ExecStart=/opt/isso/bin/isso -c /opt/isso/isso.cfg
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

Then activate it and start the service.

root@admin /opt/isso # vi /etc/systemd/system/isso.service
root@admin /opt/isso # systemctl daemon-reload
root@admin /opt/isso # systemctl start isso.service
root@admin /opt/isso # systemctl status isso.service
● isso.service - Isso Comment Server
     Loaded: loaded (/etc/systemd/system/isso.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2024-07-24 23:19:48 CEST; 1s ago
   Main PID: 1272753 (isso)
      Tasks: 2 (limit: 9489)
     Memory: 24.1M
        CPU: 191ms
     CGroup: /system.slice/isso.service
             └─1272753 /opt/isso/bin/python /opt/isso/bin/isso -c /opt/isso/isso.cfg

Jul 24 23:19:48 admin systemd[1]: Started Isso Comment Server.
Jul 24 23:19:48 admin isso[1272753]: 2024-07-24 23:19:48,475 INFO: Using configuration file '/opt/isso/isso.cfg'

The logfile should now also have an entry that the service is started:

root@admin /opt/isso # cat /var/log/isso/isso.log
Using database at '/opt/isso/db/comments.db'
connected to https://admin.brennt.net/

1b) Writing the Apache2 ReverseProxy configuration

This is the relevant part of the Apache ReverseProxy configuration.

Note: I used the ReverseProxy configuration before adding the /isso URI to the public-endpoint parameter in the isso.cfg. I adapted the ProxyPass and ProxyPassReverse rules accordingly, but these may not worked as displayed here and you have to troubleshoot it a bit yourself.

# Isso comments directory
<Directory /opt/isso/>
        Options -Indexes +FollowSymLinks -MultiViews
        Require all granted
</Directory>

<Proxy *>
        Require all granted
</Proxy>

ProxyPass "/isso/" "http://localhost:8080/isso/"
ProxyPassReverse "/isso/" "http://localhost:8080/isso/"
ProxyPass "/isso/isso-admin/" "http://localhost:8080/isso/admin/"
ProxyPassReverse "/isso/isso-admin/" "http://localhost:8080/isso/admin/"
ProxyPass "/isso/login" "http://localhost:8080/isso/login"
ProxyPassReverse "/isso/login" "http://localhost:8080/isso/login"

After a configtest we restart apache2.

root@admin ~# apache2ctl configtest
Syntax OK
root@admin ~# systemctl restart apache2.service

Now that this part is complete, continue with point 3) Integrating Isso into Bludit.

2) Apache2 + WSGI configuration

WSGI has the benefit that we can offer our Python application via Apache with no changes to the application and have it easily accessible via HTTP(S). As this is the first WSGI application on this server I need to install and activate mod_wsgi for Apache2 and create the isso.wsgi file which is used by mod_wsgi to load the application.

This is my changed /opt/isso/isso.wsgi file.

import os
import site
import sys

# Remember original sys.path.
prev_sys_path = list(sys.path)

# Add the new site-packages directory.
site.addsitedir("/opt/isso/lib/python3.9/site-packages")

# Reorder sys.path so new directories at the front.
new_sys_path = []
for item in list(sys.path):
    if item not in prev_sys_path:
        new_sys_path.append(item)
        sys.path.remove(item)
sys.path[:0] = new_sys_path

from isso import make_app
from isso import dist, config

application = make_app(
config.load(
    config.default_file(),
    "/opt/isso/isso.cfg"))

Installing mod_wsgi, as there is an apache2_invoke in Debian I don't need to activate the module via a2enmod wsgi.

root@admin ~# apt-get install libapache2-mod-wsgi-py3
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  libapache2-mod-wsgi-py3
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 99.5 kB of archives.
After this operation, 292 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bullseye/main amd64 libapache2-mod-wsgi-py3 amd64 4.7.1-3+deb11u1 [99.5 kB]                                                                                                       Fetched 99.5 kB in 0s (3,761 kB/s)
Selecting previously unselected package libapache2-mod-wsgi-py3.                                                                                                                                                     (Reading database ... 57542 files and directories currently installed.)
Preparing to unpack .../libapache2-mod-wsgi-py3_4.7.1-3+deb11u1_amd64.deb ...
Unpacking libapache2-mod-wsgi-py3 (4.7.1-3+deb11u1) ...
Setting up libapache2-mod-wsgi-py3 (4.7.1-3+deb11u1) ...
apache2_invoke: Enable module wsgi

Then we add the necessary Directory & WSGI directives to the vHost:

# Isso comments directory
<Directory /opt/isso/>
        Options -Indexes +FollowSymLinks -MultiViews
        Require all granted
</Directory>

# For isso comments
WSGIDaemonProcess isso user=www-data group=www-data threads=5
WSGIScriptAlias /isso /opt/isso/isso.wsgi

After an configtest we restart apache2.

root@admin ~# apache2ctl configtest
Syntax OK
root@admin ~# systemctl restart apache2.service

Now that this part is complete, continue with point 3) Integrating Isso into Bludit.

3) Integrating Isso into Bludit

Now we need to integrate Isso into Bludit in two places:

  1. The <script>-Tag containing the configuration and necessary Javascript code
  2. The <section>-Tag which will actually display the comments and comment form.

For 1. we need to find a place which is always loaded. No matter if we are on the main side or view a single article. For point 2 we must identify the part which renders single page articles and add it after the article.

These places are of course depending on the theme you use. As I use the Solen-Theme for Bludit I can use the following places:

  1. File bl-themes/solen-1.2/php/header-library.php, after line 28 add the <script>-Tag.
    • [...]
      <link rel="preload" href="https://fonts.googleapis.com/css2?family=Quicksand:wght@300;400;500;600;700&display=swap" as="style" onload="this.onload=null;this.rel='stylesheet'"><noscript><link href="https://fonts.googleapis.com/css2?family=Quicksand:wght@300;400;500;600;700&display=swap" rel="stylesheet"></noscript>
      
      <script data-isso="/isso/"
              data-isso-css="true"
              data-isso-css-url="null"
              data-isso-lang="en"
              data-isso-max-comments-top="10"
              data-isso-max-comments-nested="5"
              data-isso-reveal-on-click="5"
              data-isso-sorting="newest"
              data-isso-avatar="true"
              data-isso-avatar-bg="#f0f0f0"
              data-isso-avatar-fg="#9abf88 #5698c4 #e279a3 #9163b6 ..."
              data-isso-vote="true"
              data-isso-vote-levels=""
              data-isso-page-author-hashes="f124cf6b2f01,7831fe17a8cd"
              data-isso-reply-notifications-default-enabled="false"
              src="/isso/js/embed.min.js"></script>
      
      <!-- Load Bludit Plugins: Site head -->
      <?php Theme::plugins('siteHead'); ?>
  2. File bl-themes/solen-1.2/php/page.php, line 12. This file takes care of displaying the content for single page articles. To add the comments and comment form, we need to place the <section>-Tag after the <div class="article_spacer"></div>-Tag. By doing that we have a the Tag-List and a small horizontal line as optical separator between content and comments.
    • Change:

                      </article>
                      <div class="article_spacer"></div>
                  </div>
                  <div class="section_wrapper">
    • To:
                      </article>
                      <div class="article_spacer"></div>
                      <section id="isso-thread">
                          <noscript>Javascript needs to be activated to view comments.</noscript>
                      </section>
                  </div>
                  <div class="section_wrapper">

After a reload you should see the comment form below your article content, but above the article tags.

Like in this example screenshot:

Admin backend

A picture says more than a dozen sentences, so here is a screenshot of the Admin backend with a comment awaiting moderation. Using my configuration you can access it via http://host.domain.tld/isso/admin/.

Screenshot from the Isso Admin backend

Changing the /admin URI for Isso

Issos admin backend is reachable via /admin per-default. If, for whatever reason, you can't set public-endpoint = https://host.domain.tld/prefix with a prefix of your choice, but have to use host.domain.tld, this can still be changed in the source code.

Note: The following line numbers are for version 0.13.0 and change can at anytime. Also I haven't tested this thoroughly, so go with this at your own risk.

Grep'ing for /admin we learn that this is defined in the site-packages/isso/views/comments.py (NOT site-packages/isso/db/comments.py) file.

# Finding the right comments.py
(isso) user@admin:/opt/isso$ find . -type f -wholename *views/comments.py
./lib/python3.9/site-packages/isso/views/comments.py

Now open ./lib/python3.9/site-packages/isso/views/comments.py with your texteditor of choice and navigate to line 113 and 1344.

Line 113:
Change: ('admin', ('GET', '/admin/'))
    To: ('admin', ('GET', '/isso-admin/'))
Line 1344:
Change: '/admin/',
    To: '/isso-admin/',

Of course you can change /isso-admin/ to anything you like. But keep in mind this will be overwritten once you update Isso.

Troubleshooting

AH01630: client denied by server configuration

[authz_core:error] [pid 1257781:tid 1257781] AH01630: client denied by server configuration: /opt/isso/isso.wsgi

This error was easy to fix. I simply forgot the needed Directory directive in my Apaches vHost configuration.

Adding the following block to the vHost fixed that:

# Isso comments directory
<Directory /opt/isso/>
        Options -Indexes +FollowSymLinks -MultiViews
        Require all granted
</Directory>

ModuleNotFoundError: No module named 'isso'

This one is easy to fix and was just an oversight on my end. I forgot to change the example path to the site-packages directory from my virtualenv. Hence the install isso package couldn't be located.

[wsgi:error] [pid 1258908:tid 1258908] mod_wsgi (pid=1258908): Failed to exec Python script file '/opt/isso/isso.wsgi'.
[wsgi:error] [pid 1258908:tid 1258908] mod_wsgi (pid=1258908): Exception occurred processing WSGI script '/opt/isso/isso.wsgi'.
[wsgi:error] [pid 1258908:tid 1258908] Traceback (most recent call last):
[wsgi:error] [pid 1258908:tid 1258908]   File "/opt/isso/isso.wsgi", line 3, in <module>
[wsgi:error] [pid 1258908:tid 1258908]     from isso import make_app
[wsgi:error] [pid 1258908:tid 1258908] ModuleNotFoundError: No module named 'isso'

I changed the following:

# Add the new site-packages directory.
site.addsitedir("/path/to/isso_virtualenv")

To the correct path:

# Add the new site-packages directory.
site.addsitedir("/opt/isso/lib/python3.9/site-packages")

Your path can of course be different. Just execute an find . -type d -name site-packages inside your virtualenv and you should get the correct path as result.

SyntaxError: unexpected EOF while parsing

On https://isso-comments.de/docs/reference/deployment/#mod-wsgi Isso lists some WSGI example config files to work with. However all but one have a crucial syntax error: A missing closing bracket at the end.

If you get an error like this:

[wsgi:error] [pid 1259079:tid 1259079] mod_wsgi (pid=1259079, process='', application='admin.brennt.net|/isso'): Failed to parse Python script file '/opt/isso/isso.wsgi'.
[wsgi:error] [pid 1259079:tid 1259079] mod_wsgi (pid=1259079): Exception occurred processing WSGI script '/opt/isso/isso.wsgi'.
[wsgi:error] [pid 1259079:tid 1259079]    File "/opt/isso/isso.wsgi", line 14
[wsgi:error] [pid 1259079:tid 1259079] 
[wsgi:error] [pid 1259079:tid 1259079]     ^
[wsgi:error] [pid 1259079:tid 1259079] SyntaxError: unexpected EOF while parsing

Be sure to check if every opening bracket has a closing one. Usually you just need to add one ) at the end of the last line and that's it.

SystemError: ffi_prep_closure(): bad user_data (it seems that the version of the libffi library seen at runtime is different from the 'ffi.h' file seen at compile-time)

This one baffled me at first and I had to search for an answer. Luckily StackOverflow came to the rescue: https://stackoverflow.com/a/70694565

The solution was rather easy. First install the libffi-dev package, than recompile the cffi with the command in the answer inside the virtualenv. After that the error was gone.

root@admin /opt/isso # apt-get install libffi-dev
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  libffi-dev
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 56.5 kB of archives.
After this operation, 308 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bullseye/main amd64 libffi-dev amd64 3.3-6 [56.5 kB]
Fetched 56.5 kB in 0s (2,086 kB/s)
Selecting previously unselected package libffi-dev:amd64.
(Reading database ... 57679 files and directories currently installed.)
Preparing to unpack .../libffi-dev_3.3-6_amd64.deb ...
Unpacking libffi-dev:amd64 (3.3-6) ...
Setting up libffi-dev:amd64 (3.3-6) ...
Processing triggers for man-db (2.9.4-2) ...

Then switch back to the non-root user for the virtualenv and recompile the package.

(isso) user@admin:/opt/isso$ pip install --force-reinstall --no-binary :all: cffi
Collecting cffi
  Using cached cffi-1.16.0.tar.gz (512 kB)
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
    Preparing wheel metadata ... done
Collecting pycparser
  Using cached pycparser-2.22.tar.gz (172 kB)
Skipping wheel build for pycparser, due to binaries being disabled for it.
Building wheels for collected packages: cffi
Building wheel for cffi (PEP 517) ... done
  Created wheel for cffi: filename=cffi-1.16.0-cp39-cp39-linux_x86_64.whl size=379496 sha256=cd91c1e57d0f3b6e5d23393c0aa436da657cd738262ab29d13ab665b2ad2a66c
Stored in directory: /home/clauf/.cache/pip/wheels/49/dd/bc/ce13506ca37e8052ad8f14cdfc175db1b3943e5d7bce7718e3
Successfully built cffi
Installing collected packages: pycparser, cffi
  Attempting uninstall: pycparser
    Found existing installation: pycparser 2.22
    Uninstalling pycparser-2.22:
      Successfully uninstalled pycparser-2.22
    Running setup.py install for pycparser ... done
  Attempting uninstall: cffi
    Found existing installation: cffi 1.16.0
    Uninstalling cffi-1.16.0:
      Successfully uninstalled cffi-1.16.0
Successfully installed cffi-1.16.0 pycparser-2.22

TypeError: load() got an unexpected keyword argument 'multiprocessing'

On https://isso-comments.de/docs/reference/deployment/#mod-wsgi Isso lists some WSGI example config files to work with. Using them brought up this error message.

To my shame I couldn't fix this one. From my understanding the syntax, etc. was correct but I couldn't find any really helpful answer. Therefore I remove that from the provided WSGI files and the error vanished.

Note: The missing closing bracket at the end has already been added here.

import os
import site
import sys

# Remember original sys.path.
prev_sys_path = list(sys.path)

# Add the new site-packages directory.
site.addsitedir("/path/to/isso_virtualenv")

# Reorder sys.path so new directories at the front.
new_sys_path = []
for item in list(sys.path):
    if item not in prev_sys_path:
        new_sys_path.append(item)
        sys.path.remove(item)
sys.path[:0] = new_sys_path

from isso import make_app
from isso import dist, config

application = make_app(
config.load(
    config.default_file(),
    "/path/to/isso.cfg"))

Other articles

Alternatives

I also found Remark42 (Official Website, GitHub) and might try that at a later time. So if Isso isn't after your liking, maybe have a look at that one.

Comments

This blog now has comments! Yai!

Photo by Teddy Yang: https://www.pexels.com/photo/people-inside-stadium-2263410/

I used Isso (Official Website, GitHub) to integrate comments into this block. This was a feature which I missed dearly as I value the input from others, but wouldn't go all the way in using a Wordpress installation or similar blogging software.

Isso integrates nicely, just two small changes to my blogs templates and done. All comments are stored in a SQLite DB on this host. This means no data sharing with services like Discourse, Google or the like. Additionally this has the benefit that no registration is required. As I hate it when I have to create yet another account to just write one or two sentences of feedback. More often than not I refrained from commenting because of this.

Comments have to pass a moderation for spam reasons though.

Comments

Linkdump July 2024

Photo by Element5 Digital: https://www.pexels.com/photo/person-holding-book-from-shelf-1370298/

The last Linkdump was in January 2024? How time flies..

https://www.simplermachines.com/why-you-need-a-wtf-notebook/: A nice method to collect things were you think "WTF?" when being in a new team/at a new customer. Just collect first, learn, list, take notes. Then after sometime start crossing points off the list for various reasons and work on the "real WTF ones".

https://www.spacebar.news/stop-using-brave-browser/: A text about what is wrong about everything around the Brave Browser.

https://privacytests.org/: A side run by a Brave employee listing/comparing the various browser privacy features.

https://github.com/fork-maintainers/iceraven-browser: A fork of Firefox for Android giving you more options. Most notably: about:config support!

https://developer.chrome.com/blog/resuming-the-transition-to-mv3: Yep, google really pushes on with it's Manifest v3 which will considerably limit the technical capabilities of AdBlocking addons in Chrome. The main reason why I switched back to Firefox.

https://github.com/ratatui-org/ratatui: "Ratatui is a crate for cooking up terminal user interfaces in Rust. It is a lightweight library that provides a set of widgets and utilities to build complex Rust TUIs. Ratatui was forked from the tui-rs crate in 2023 in order to continue its development." Just bookmarked that one in case I need it in the future.

https://anytype.io/: The Everything App. Haven't used it, but someone said he is looking forward to replacing Microsoft Teams with that App in his company.

https://jamesg.blog/advent-of-technical-writing/: Lots and lots of articles from a technical writer who shares what he has learned of the years.
From the same author there is also a book "Software Technical Writing: A Guidebook" available as PDF from his site: https://jamesg.blog/book.pdf

https://www.netways.de/blog/2024/01/19/check-system-basics/: One Icinga CheckPlugin to rule them all! This plugin bundles the checks for Memory, Filesystem, PSI, Load, Sensors, Netdev

https://www.kernel.org/doc/html/latest/accounting/psi.html: Documentation for the Pressure Stall Information (PSI) interface. If enabled in your kernel, reachable via /proc/pressure/. Apparently I didn't know about this and just learned of this throught the Netways check_system_basics plugin.

https://docs.cwtch.im/docs/intro/: "Cwtch (/kʊtʃ/ - a Welsh word roughly translating to “a hug that creates a safe place”) is a decentralized, privacy-preserving, metadata resistant messaging app." I don't use it yet, but bookmarked it to see how the project develops. I would really love to uninstall Whatsapp and Telegram from my mobile...

https://bios-pw.org/: Forget your BIOS password? This generator will tell you the Master password of your BIOS if your provide the manufacturer and shown hash.

https://archief.ntr.nl/tuinderlusten/en.html: Ever wanted to explore Jheronimus Bosch's painting "The Garden of Earthly Delights"? Now you can in detail with audio explanations. Really impressive.

https://www.wheresyoured.at/the-men-who-killed-google/: An article about Googles shift from better search results to more revenue and user engagement and how that came to be.

https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1: Imagine your S3 bucket gets hit with 100.000 of requests each hour, as your bucket name is listed as default config in some OpenSource tool. Imagine then that the tool actually makes requests to your S3 bucket.
Now imagine the surprised face of the person from that text, when he found out he has to pay for all the denied traffic which resulted in HTTP-4xx errors.
Hot takeaway from this: 1. Include some random chars into your bucket name. 2. If your are evil, you can increase the bill for every S3 bucket..

https://www.youtube.com/watch?v=OQoqlBog7UI: Cooking content! I'd searched for a new anti-sticking cooking pan and came around Hexclad. However as they claim to have develop a new anti-sticking material - not using polytetrafluoroethylene (PTFE) or in short: Teflon - I was sceptical. After all there is a reason why Teflon is used since decades. Turns out:The pans work, but only for 2 years. Heavily depending on usage. After 2 years you will have to send your pan in and get a free replacement because of the lifetime guarantee. Ok, good customerservice on one hand, but terrible for the environment on the other hand. Also.. I don't consider pans with a lifespan of just 2 years just to be of high quality.. And I found many Youtubers who made videos such as this one. Therefore this isn't a single incident, no, it's a flow in the material/product itself. There is also a nice text from someone (which I forgot to bookmark..) who wrote about how these pans were used in a series of Gordon Ramsay's "Hells Kitchen" and there the pans really showed that the new material is not that durable after all. There was a nice scene were one could see how Gordon Ramsay quarrels with himself as a dish couldn't be prepared properly because evidently the pan lost its anti-sticking capability in some region of the surface. Yep.. I bought a Teflon pan. 😅

https://jan.wildeboer.net/2023/02/Jekyll-Mastodon-Comments/: "Client-side comments with Mastodon on a static Jekyll website" Jan Wildeboer did that and I found the implementation interesting.

https://slate.com/technology/2024/05/deviantart-what-happened-ai-decline-lawsuit-stability.html: DeviantArt was one of the many sites of the relatively early Internet which got a lot of attention. Providing a community for artists to share their pictures. Over the years DeviantArt took a big hit. Instagram, Facebook.. Many sites gnawed at their userbase. In the last years they made a small revival. Adding long sought-after features, etc.
And now they throw everything in the trash bin by jumping right onto the AI hypetrain and not doing much to combat the growing army of bots using the original art of it's users to create hundreds of fake profiles with AI generated art, then circle-boosting themself - all to make the original artist vanish in the search results.
Seems like that was it for DeviantArt if they don't do anything against it. After all.. Which artist would join such a site?
(But to be fair: That problem exists everywhere, Youtube, Tiktok, etc.)

https://mpv.io/: An OpenSource video player for the command-line.

https://www.udm14.com/: You want a Google search result free of AI generated content? Add the search parameter "&udm=14". Which is now lovingly called "the disenshittification Konami code".

https://tedium.co/2024/05/17/google-web-search-make-default/: A text about the "disenshittification Konami code".

https://endoflife.date/: A nice website listing all of those EOL dates for software. Handy!

https://12factor.net/: This one was listed in a job-ad as a "nice to have/know" point. As "The Twelve-Factor App" didn't rign a bell, I searched for it and found the website. Basically 12 design principles about how to structure your build environment, design your software architecture and other processes.
And yes, I know some projects who would be benefit from following these.

Comments