Recently I was planning to make a small contribution to project DefinitelyTyped/DefinitelyTyped. It is a huge repository that hosts and provides the type declaration files for thousands of packages on npm, with a structure like the following

types/├── 11ty__eleventy-img├── 1line-aa├── 3box├── ...and more of them...

Each sub-folder under the types/ directory corresponds to a specific npm package.

The package I am interested in is marked, whose type declaration files reside in types/marked/ directory. Towards this end, cloning the whole repository and doing a full checkout is considered worthless, since my disk space and network traffic would be eaten up by a bunch of irrelevant files.

Both Dart and Go support decentralized package distribution. One is able to directly adopt an existing git repository as dependency, easing the effort of distributing packages.

Sometimes we might expect more fine-grained control on what to pull from a git repository. For example, to lock a package’s version, we would specify a particular tag, commit or branch name to pull from. Or if it’s a mono-repo, we would choose a sub-directory from the repository root. This post summarizes how to achieve these purposes in both languages.

I came across a piece of interesting vulnerable script from a post on V2EX ¹) on V2EX. A bash function named __curl inside the file retrieves contents over HTTP as a simple alternative for command curl or wget, in scenarios where no such utilities available.

#!/bin/bashfunction __curl() {  read proto server path <<<$(echo ${1//// })  DOC=/${path// //}  HOST=${server//:*}  PORT=${server//*:}  [[ x"${HOST}" == x"${PORT}" ]] && PORT=80  exec 3<>/dev/tcp/${HOST}/$PORT  echo -en "GET ${DOC} HTTP/1.0\r\nHost: ${HOST}\r\n\r\n" >&3  (while read line; do   [[ "$line" == $'\r' ]] && break  done && cat) <&3  exec 3>&-}

The function makes use of certain less known features of Linux and the Bash language.

The first one is communicating over TCP through files. Linux employs a design philosophy of “everything are files”. One could find some special device files in directory /dev, through which we can manipulate the underlying devices. Specifically, manipulating a TCP socket connecting ${HOST}:${PORT} could be achieved by accessing device file /dev/tcp/${HOST}/${PORT}. Since HTTP is a text-based protocol over TCP, working with it is no more difficult than reading / writing a text file. Line exec 3<>$FILENAME opens file $FILENAME under read-write mode and binds it to descriptor 3. The next line then manually composes an HTTP payload and writes out to &3, which is in fact requesting the URL http ://${HOST}:${PORT}. By reading the same file descriptor, we retrieve the response content from the service. The trick serves as a primitive workaround for retrieving contents from web.

Another one is parameter substitution in Bash. The expression ${var//PATTERN/REPL} substitutes all occurrences of PATTERN in var into REPL. If REPL omitted, the matched substrings will be deleted. For example, in this script, ${1//// } would replace all slashes / into white spaces in variable $1.

References

1. Parameter Substitution

apt-get 是 Ubuntu 下管理软件包的一个工具，实用简单，功能强大。平时若要安装或卸载软件包，只需轻敲一条指令即可。每一台 Ubuntu 上，都安装着数以千百计的软件包——或是内核模块，或是工作、娱乐所需的软件，在它们的支持下，工作着这个开放的操作系统。

但，如果有一天，系统需要被重装——或是无可救药了，抑或是购置了新的设备，问题来了：

如何将现有电脑上的软件包迁移至新的系统呢？

很简单。首先，将原有的软件列表导出：

sudo dpkg --get-selections  > app-backup-list.lst

最好是设置一个定时任务，每隔一段时间就保存一次列表，并且要保存到一个独立的分区。以免某天系统真的坏了。

接下来便是导入了：

sudo dpkg --set-selections < app-backup-list.lstsudo apt-get -y updatesudo apt-get dselect-upgrade

至于软件源的备份，只需将 /etc/apt/sources.list 文件复制过去即可。

从昨天到现在一直都有这个问题，刚刚突然就解决了，至今不明白原理，在此记录一下：

在网络设置中取消「需要 IPv6 完成这个链接」的选项