Thread-safe Environment Variable Mutation: Working Draft 2022-15

This is a draft proposal for changes to the POSIX specification for environment variables (including both the various C library functions for access to environment variables, and the underlying data structure). The goal is to make it possible for multithreaded programs to modify the environment (the set of environment variables, with their values) safely.


Corrected UTF-8

UTF-8 is decent and all but it contains some design errors, partly because its original designers just messed up, and partly because of ISO and Unicode Consortium internal politics. We’re probably going to be using it forever so it would be good to correct these design errors before they get any more entrenched than they already have.

Corrected UTF-8 is almost the same as UTF-8. We make only three changes: overlength encodings become impossible instead of just forbidden; the C1 controls and the Unicode surrogate characters are not encoded; and the artifical upper limit on the code space is removed.


I Didn’t Learn Unix By Reading All The Manpages

Originally drafted as a thread on, after Abbie Normal asked me to expand on a side comment in a discussion of documentation.

There’s a story old Unix beards tell about how they learned Unix. We just read all the manpages, they say, that’s how well written they are, you don’t need to read anything else or take any classes. Maybe also pick up a copy of K&R if you’re a little iffy on C.

I consider myself an old Unix beard, even though I don’t have a beard and I only got into the game in the days of SunOS 4.1, and until quite recently I thought this was how I learned Unix. I did read all the manpages, without any formal coursework, and trained myself up as a programmer to the point where I could get a job in the industry. It took three years of self-study and experimentation, consuming nearly all my free time, and in retrospect I wouldn’t recommend the experience, but, y’know, it worked out, right?

But the thing is, this story completely neglects all the things I’d already learned about computers and programming before I got to college.


Strengths, weaknesses, opportunities, and threats facing the GNU Autotools

I’ve been a contributor to GNU projects for many years, notably both GCC and GNU libc, and recently I led the effort to make the first release of Autoconf since 2012 (release announcement for Autoconf 2.70). For background and context, see the LWN article my colleague Sumana Harihareswara of Changeset Consulting wrote.

Autoconf not having made a release in eight years is a symptom of a deeper problem. Many GNU projects, including all of the other components of the Autotools (Automake, Libtool, Gnulib, etc.) and the software they depend upon (GNU M4, GNU Make, etc.) have seen a steady decline in both contributor enthusiasm and user base over the past decade. I include myself in the group of declining enthusiasts; I would not have done the work leading up to the Autoconf 2.70 release if I had not been paid to do it. (I would like to say thank you to the project funders: Bloomberg, Keith Bostic, and the GNU Toolchain Fund of the FSF.)

The Autotools are in particularly bad shape due to the decline in contributor enthusiasm. Preparation for the Autoconf 2.70 release took almost twice as long as anticipated; I made five beta releases between July and December 2020, and merged 157 patches, most of them bugfixes. On more than one occasion I was asked why I was going to the trouble—isn’t Autoconf (and the rest of the tools by implication) thoroughly obsolete? Why doesn’t everyone switch to something newer, like CMake or Meson? (See the comments on Sumana’s LWN article for examples.)

I personally don’t think that the Autotools are obsolete, or even all that much more difficult to work with than some of the alternatives, but it is a fair question. Should development of the Autotools continue? If they are to continue, we need to find people who have the time and the inclination (and perhaps also the funding) to maintain them steadily, rather than in six-month release sprints every eight years. We also need a proper roadmap for where further development should take these projects. As a starting point for the conversation about whether the projects should continue, and what the roadmap should be, I was inspired by Sumana’s book in progress on open source project management (sample chapters are available from her website) to write up a strengths, weaknesses, opportunities, and threats analysis of Autotools.

This inventory can help us figure out how to build on new opportunities, using the Autotools’ substantial strengths, and where to invest to guard against threats and shore up current weaknesses.

Followup discussion should go to the Autoconf mailing list.


Open beta for ICLab TagTeam

I’m pleased to announce the open beta test of ICLab’s clearinghouse for data about censored websites. This site will aggregate manual and automated test reports, facilitate more efficient use of automated test resources, and help policy analysts draw conclusions about what gets censored in particular countries.

[EDIT 19 Jan 2021: The clearinghouse had to be taken down almost immediately because no one had time to maintain it. Someday the project it is part of may be continued. Read on for details on what we had and what we aspired to.]


A simple ritual for laying to rest domestic ghosts

In honor of the feast of All Souls, I thought I might put on a costume, as it were, and write a blog post as if I were an old English cunning man and you, my readers, came to me for advice on supernatural problems, rather than computational ones.

So your house is haunted. You don’t know who the ghosts were in life, and you’re maybe a bit scared to find out, but you would like to gently encourage them to let go of their troubles and move on. I have for you a simple ritual involving a little of the old rune-magic.


Call for Volunteers: Active Geolocation

For the past few months I’ve been working on a research study of active geolocation algorithms. These attempt to determine where in the world a computer is, by measuring how long it takes network messages from that computer to reach other computers in known locations.

In order to test some of these algorithms thoroughly, I need volunteers who are willing to run my measurement software on their computers, and tell me where they are. I’m especially interested in data reported from computers that are not in Europe nor North America, but data from anywhere is useful. Currently, running the software takes a fair bit of technical skill—if you’re not comfortable with the Unix command line, please wait for the friendlier web-based version which is in development.

If you’re interested, please go to for further instructions.

(For legal reasons, you must be at least 18 years old to volunteer.)

(Reproduction and dissemination of this call for volunteers is encouraged.)

Using GPG2 with a read-only .gnupg directory

Another bulletin funded by the I Just Blew An Entire Morning On This Foundation:

Suppose you want to encrypt and sign files using gpg, but without giving it ownership or write access to its own keystore. For instance, this might be necessary if the gpg process is going to be run from a low-privilege CGI user and you don’t have root privileges on the webserver. This is relatively straightforward with the classic version 1, although there’s an error message that’s harmless but impossible to suppress, but version 2 made some architectural changes that make it harder, and does not document the necessary tricks. Below the fold, how you do it.


2016 Hugo Award nominations

Let’s talk about something more fun, shall we? These were my nominations for the 2016 Hugo Awards. The final ballot will be announced on April 26. Hugo nominations, unlike final ballots, are not ranked. I’d be happy to see any of these things win their categories.

I read a lot of good stuff at novel-length this year, but not enough shorter fiction to fill all five nomination slots per category. Something to work harder on next year, I suppose. (It didn’t help that I spent most of January and February in paper crunch mode.) I don’t even try to nominate outside the fiction categories.


Do not do business with Northwest Talent Search

A depressing number of computer industry recruiters cannot be bothered to read the very first paragraph of the contact information page of this very website, or else they think they are ~special snowflakes~ and it does not apply to them. For reference, this paragraph reads


I get unwanted solicitations about once a month, and I reply with a polite but acerbic note about how they should’ve noticed the paragraph in ALL CAPS that says don’t contact me, and usually that’s the end of it. Not this time.