Quantum Furballhttps://quantumfurball.net/2022-03-20T00:00:00-04:00Now in convenient blog form!Published in Review of Scientific Instruments: Robotized polarization characterization platform for free-space quantum communication optics2022-03-20T00:00:00-04:002022-03-20T00:00:00-04:00Brendon L. Higginstag:quantumfurball.net,2022-03-20:/published-in-review-of-scientific-instruments-robotized-polarization-characterization-platform-for-free-space-quantum-communication-optics.html<p>When constructing an optical system for communicating using polarized photons, it's critical that components and subsystems be accurately and comprehensively characterized. Especially so if that system is designed to be sent into space, where any corrections after the fact are, at best, extremely difficult (just ask Hubble). With this in mind, we developed a polarization characterization platform for optical devices based on an imaging polarimeter attached to a six-axis robot arm. In this paper, we describe the device and its performance for characterizing some sample test devices, including a large lens designed for a quantum optical transmitter to a receiver satellite.</p>
<div class="line-block">
<div class="line">Y. S. Lee, K. Mohammadi, L. Babcock, B. L. Higgins, H. Podmore, and T. Jennewein</div>
<div class="line"><a class="reference external" href="https://doi.org/10.1063/5.0070176">Robotized polarization characterization platform for free-space quantum communication optics</a></div>
<div class="line"><strong>Review of Scientific Instruments</strong> <em>93</em>, 033101 (2022)</div>
</div>
How to VNC into a running Plasma session2021-06-17T00:00:00-04:002021-06-17T00:00:00-04:00Brendon L. Higginstag:quantumfurball.net,2021-06-17:/how-to-vnc-into-a-running-plasma-session.html<p>The easy answer is “have the user run <tt class="docutils literal">krfb</tt> inside the session first”. But what if you <em>are</em> the user, and you're already remote from the host by the time you remember you needed to do that?</p>
<p>You need to have configured <tt class="docutils literal">krfb</tt> with a remote control password and any other relevant settings, first. See below, but typically you've already done this at some point, so you can move straight to the important part:</p>
<div class="highlight"><pre><span></span>ssh<span class="w"> </span>you@yourserver
<span class="nv">DISPLAY</span><span class="o">=</span>:0.0<span class="w"> </span>krfb<span class="w"> </span>--nodialog
</pre></div>
<p>Then try to connect using <tt class="docutils literal">krdc</tt>, or your VNC viewer of choice.</p>
<p>What if you don't have the password, etc., configured? Then:</p>
<div class="highlight"><pre><span></span>ssh<span class="w"> </span>-X<span class="w"> </span>you@yourserver
krfb
</pre></div>
<p>This will display the window locally. Configure and close. This mode of operation doesn't work for actually showing the remote session, evidently because the X session forwarded though SSH is somehow a new/separate session. The key to showing the remote session is passing that <tt class="docutils literal">DISPLAY</tt> environment variable.</p>
<p>Other thoughts: Have a slow network? Disable key repeat, or it might stutter. Also, <tt class="docutils literal">sshuttle</tt> is very handy if you have limited port forwarding (but it won't help the network speed situation).</p>
Published in EPJ Quantum Technology: Repeated radiation damage and thermal annealing of avalanche photodiodes2021-05-23T00:00:00-04:002021-05-23T00:00:00-04:00Brendon L. Higginstag:quantumfurball.net,2021-05-23:/published-in-epj-quantum-technology-repeated-radiation-damage-and-thermal-annealing-of-avalanche-photodiodes.html<p>A big difficulty preventing single-photon communications to a satellite is the detector noise caused by radiation in orbit. In a <a class="reference external" href="https://quantumfurball.net/published-in-epj-quantum-technology-mitigating-radiation-damage-of-single-photon-detectors-for-space-applications.html">previous study</a>, we showed that with a combination of sufficient cooling during operation and thermal annealing during maintenance, it should possible to keep this noise low enough to do quantum key distribution. What we could not capture at that time, though, was whether the cycling of cold and hot over the lifetime of a satellite would have any effect, and in particular how the choice of when to anneal would impact this.</p>
<p>In this study, we address this question by applying multiple rounds of radiation to a flight-like apparatus, and quantifying its performance between each round, over a two-year-equivalent accelerated irradiation campaign. We used two devices, one of which was annealed at regular intervals, the other conditional on the noise counts exceeding a predefined threshold. In the end we found a very slight benefit to the conditional strategy for maintaining good performance through the entire satellite nominal lifetime, and significantly beyond.</p>
<div class="line-block">
<div class="line">I. DSouza, J.-P. Bourgoin, B. L. Higgins, J. G. Lim, R. Tannous, S. Agne, B. Moffat, V. Makarov, and T. Jennewein</div>
<div class="line"><a class="reference external" href="https://doi.org/10.1140/epjqt/s40507-021-00103-0">Repeated radiation damage and thermal annealing of [...]</a></div></div><p>A big difficulty preventing single-photon communications to a satellite is the detector noise caused by radiation in orbit. In a <a class="reference external" href="https://quantumfurball.net/published-in-epj-quantum-technology-mitigating-radiation-damage-of-single-photon-detectors-for-space-applications.html">previous study</a>, we showed that with a combination of sufficient cooling during operation and thermal annealing during maintenance, it should possible to keep this noise low enough to do quantum key distribution. What we could not capture at that time, though, was whether the cycling of cold and hot over the lifetime of a satellite would have any effect, and in particular how the choice of when to anneal would impact this.</p>
<p>In this study, we address this question by applying multiple rounds of radiation to a flight-like apparatus, and quantifying its performance between each round, over a two-year-equivalent accelerated irradiation campaign. We used two devices, one of which was annealed at regular intervals, the other conditional on the noise counts exceeding a predefined threshold. In the end we found a very slight benefit to the conditional strategy for maintaining good performance through the entire satellite nominal lifetime, and significantly beyond.</p>
<div class="line-block">
<div class="line">I. DSouza, J.-P. Bourgoin, B. L. Higgins, J. G. Lim, R. Tannous, S. Agne, B. Moffat, V. Makarov, and T. Jennewein</div>
<div class="line"><a class="reference external" href="https://doi.org/10.1140/epjqt/s40507-021-00103-0">Repeated radiation damage and thermal annealing of avalanche photodiodes</a></div>
<div class="line"><strong>EPJ Quantum Technology</strong> <em>8</em>, 13 (2021)</div>
</div>
Published in Advanced Optical Technologies—A double feature2021-01-23T00:00:00-05:002021-01-23T00:00:00-05:00Brendon L. Higginstag:quantumfurball.net,2021-01-23:/published-in-advanced-optical-technologies-a-double-feature.html<p>Two of my papers were published in Advanced Optical Technologies, recently, as part of a topical issue on applied quantum technologies.</p>
<p>The first paper deals with encoding the polarization of light signals for quantum key distribution (QKD). In principle, light is very good at maintaining its polarization, but in practice things like thermal effects in optical fibers and physical orientations causes polarizations to get rotated in sometimes unpredictable ways. There are various techniques to control and correct for these effects. This paper proposes an approach based on sampling the QKD signals themselves, and analyzes the performance in terms of how much light needs to be sampled. It turns out you can do very well to preserve the polarization with a relatively few signals.</p>
<p>The second paper looks at whether ‘adaptive optics’ techniques can be used to help transmit QKD signals from ground to an orbiting satellite. Adaptive optics uses fast sensors and deformable elements (e.g., mirrors, phase plates) to correct turbulence-induced variations, enhancing pointing precision and, thus, the total signal collected at the receiver. It turns out to be tricky to use this effectively when they satellite is in low-Earth orbit due its fast motion over the ground station [...]</p><p>Two of my papers were published in Advanced Optical Technologies, recently, as part of a topical issue on applied quantum technologies.</p>
<p>The first paper deals with encoding the polarization of light signals for quantum key distribution (QKD). In principle, light is very good at maintaining its polarization, but in practice things like thermal effects in optical fibers and physical orientations causes polarizations to get rotated in sometimes unpredictable ways. There are various techniques to control and correct for these effects. This paper proposes an approach based on sampling the QKD signals themselves, and analyzes the performance in terms of how much light needs to be sampled. It turns out you can do very well to preserve the polarization with a relatively few signals.</p>
<p>The second paper looks at whether ‘adaptive optics’ techniques can be used to help transmit QKD signals from ground to an orbiting satellite. Adaptive optics uses fast sensors and deformable elements (e.g., mirrors, phase plates) to correct turbulence-induced variations, enhancing pointing precision and, thus, the total signal collected at the receiver. It turns out to be tricky to use this effectively when they satellite is in low-Earth orbit due its fast motion over the ground station—by the time the reference signal has been measured and a correction applied, the satellite has moved so far that the signal beam won't pass through the same bit of atmosphere. (This ‘anisoplanatism’ effect can be bypassed somewhat with a leading ‘laser guide star’, although that's a more complex system.) We also looked at the geostationary orbit case—with no apparent motion, the benefit of adaptive optics is clearer.</p>
<p>Both of these papers are rooted in work that began way back at the beginning of 2011! So I'm very glad the material is finally seeing the light of day, a mere nine and a half years later.</p>
<div class="line-block">
<div class="line">B. L. Higgins, J.-P. Bourgoin, and T. Jennewein</div>
<div class="line"><a class="reference external" href="https://doi.org/10.1515/aot-2020-0016">Numeric estimation of resource requirements for a practical polarization-frame alignment scheme for quantum key distribution</a></div>
<div class="line"><strong>Advanced Optical Technologies</strong> <em>9</em>, 253–61 (2020)</div>
</div>
<div class="line-block">
<div class="line">C. J. Pugh, J.-F. Lavigne, J.-P. Bourgoin, B. L. Higgins, and T. Jennewein</div>
<div class="line"><a class="reference external" href="https://doi.org/10.1515/aot-2020-0017">Adaptive optics benefit for quantum key distribution uplink from ground to a satellite</a></div>
<div class="line"><strong>Advanced Optical Technologies</strong> <em>9</em>, 263–73 (2020)</div>
</div>
Introducing UWU, the Uncomplicated Web Uploader2020-09-20T00:00:00-04:002020-09-20T00:00:00-04:00Brendon L. Higginstag:quantumfurball.net,2020-09-20:/introducing-uwu-the-uncomplicated-web-uploader.html<p>On occasion it's been useful to transfer files to/from colleagues at different organizations. But when they want to send me something, doing so securely (i.e., not via email) can be a bit of a chore. I've found solutions tend to require too much technical setup for the sender (e.g., key-based SFTP), need too much on-going management at the server (e.g., user-based SFTP), or are part of a much heavier integrated solution (e.g., a fully-fledged personal cloud suite). I just wanted a minimal CGI script that I can run on something as basic as my Raspberry PI. So I made UWU.</p>
<p>UWU, the Uncomplicated Web Uploader, is a simple portal for uploading files to a server through a web browser. It's loosely inspired by <a class="reference external" href="http://www.home.unix-ag.org/simon/woof.html">woof</a>, and while that tool does have an upload mode, it can't be set up to run on an HTTPS-secured server. UWU can. In addition, a standalone server for private/trusted networks can be run, without any prerequisites other than Python 3.</p>
<p>UWU provides separate “spaces” which a user can upload to, each with enforced file size and count quotas. By design, UWU does not support viewing the existing contents of spaces [...]</p><p>On occasion it's been useful to transfer files to/from colleagues at different organizations. But when they want to send me something, doing so securely (i.e., not via email) can be a bit of a chore. I've found solutions tend to require too much technical setup for the sender (e.g., key-based SFTP), need too much on-going management at the server (e.g., user-based SFTP), or are part of a much heavier integrated solution (e.g., a fully-fledged personal cloud suite). I just wanted a minimal CGI script that I can run on something as basic as my Raspberry PI. So I made UWU.</p>
<p>UWU, the Uncomplicated Web Uploader, is a simple portal for uploading files to a server through a web browser. It's loosely inspired by <a class="reference external" href="http://www.home.unix-ag.org/simon/woof.html">woof</a>, and while that tool does have an upload mode, it can't be set up to run on an HTTPS-secured server. UWU can. In addition, a standalone server for private/trusted networks can be run, without any prerequisites other than Python 3.</p>
<p>UWU provides separate “spaces” which a user can upload to, each with enforced file size and count quotas. By design, UWU does not support viewing the existing contents of spaces (neither the list of files nor their respective contents). In a sense, a transfer is “one way only”.</p>
<p>If you have a secured web site and you need a way for someone to send you a file, more secure than email and with minimal requirements on both sides, this might be useful to you.</p>
<p>This post marks the v1.0 and first public release. Hooray! More documentation can be found along with the source, which you can download <a class="reference external" href="https://quantumfurball.net/files/uwu-1.0.tar.gz">here</a>, or you can clone the git repository for the latest development version <a class="reference external" href="git://quantumfurball.net/git/uwu">here</a>.</p>
Preserving merge trees when using git-svn2020-09-18T00:00:00-04:002020-09-18T00:00:00-04:00Brendon L. Higginstag:quantumfurball.net,2020-09-18:/preserving-merge-trees-when-using-git-svn.html<p>If you're like me, you might be using git-svn to connect to centralized SVN repositories (e.g., at the workplace) while keeping many of the powerful features of git. Sometimes you might be working in a local feature branch that is linked to a remote branch, and do a <tt class="docutils literal">git svn rebase</tt> to grab updates from the SVN server. This command only fetches from the corresponding server branch. But, if an SVN merge, say from trunk, had happened on that branch at the server, then git-svn needs the corresponding local master branch to be up-to-date to notice that it was the parent of that merge. If you hadn't fetched from master recently, you lose the merge tree. Oops.</p>
<p>Before the rebase it would've been better to use <tt class="docutils literal">git svn fetch <span class="pre">--all</span></tt> (or it ought to have been, assuming git-svn fetches revisions in order once for all branches). But you might forget to do that. If that's where you find yourself, it is possible to recover. In the feature branch, use <tt class="docutils literal">git svn reset <span class="pre">-r{REV}</span> <span class="pre">-p</span></tt>, replacing <tt class="docutils literal">{REV}</tt> with the revision number of the SVN merge which git-svn failed to assign a parent. Then do <tt class="docutils literal">git svn fetch <span class="pre">--all</span></tt> before [...]</p><p>If you're like me, you might be using git-svn to connect to centralized SVN repositories (e.g., at the workplace) while keeping many of the powerful features of git. Sometimes you might be working in a local feature branch that is linked to a remote branch, and do a <tt class="docutils literal">git svn rebase</tt> to grab updates from the SVN server. This command only fetches from the corresponding server branch. But, if an SVN merge, say from trunk, had happened on that branch at the server, then git-svn needs the corresponding local master branch to be up-to-date to notice that it was the parent of that merge. If you hadn't fetched from master recently, you lose the merge tree. Oops.</p>
<p>Before the rebase it would've been better to use <tt class="docutils literal">git svn fetch <span class="pre">--all</span></tt> (or it ought to have been, assuming git-svn fetches revisions in order once for all branches). But you might forget to do that. If that's where you find yourself, it is possible to recover. In the feature branch, use <tt class="docutils literal">git svn reset <span class="pre">-r{REV}</span> <span class="pre">-p</span></tt>, replacing <tt class="docutils literal">{REV}</tt> with the revision number of the SVN merge which git-svn failed to assign a parent. Then do <tt class="docutils literal">git svn fetch <span class="pre">--all</span></tt> before trying the rebase again.</p>
<p>Note that if there were commits waiting to be dcommitted to the server, you'll have to cherry-pick those back onto the rebased branch.</p>
Upcasting through covariant interfaces in a constrained generic C# method2020-02-28T00:00:00-05:002020-02-28T00:00:00-05:00Brendon L. Higginstag:quantumfurball.net,2020-02-28:/upcasting-through-covariant-interfaces-in-a-constrained-generic-c-method.html<p>Here's a subtle one. Assume you have the appropriate “<tt class="docutils literal">using System.Collections.Generic;</tt>” clause included somewhere up above. Can you spot what's wrong with this code?</p>
<div class="highlight"><pre><span></span><span class="k">interface</span><span class="w"> </span><span class="n">ITestInterface</span>
<span class="p">{</span>
<span class="p">}</span>
<span class="k">class</span><span class="w"> </span><span class="nc">TestClass</span><span class="o"><</span><span class="n">T</span><span class="o">></span>
<span class="w"> </span><span class="k">where</span><span class="w"> </span><span class="n">T</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">ITestInterface</span>
<span class="p">{</span>
<span class="w"> </span><span class="k">public</span><span class="w"> </span><span class="k">void</span><span class="w"> </span><span class="nf">TestMethod</span><span class="p">()</span>
<span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">IReadOnlyList</span><span class="o"><</span><span class="n">T</span><span class="o">></span><span class="w"> </span><span class="n">x</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">null</span><span class="p">;</span>
<span class="w"> </span><span class="n">IReadOnlyList</span><span class="o"><</span><span class="n">ITestInterface</span><span class="o">></span><span class="w"> </span><span class="n">y</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">x</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div>
<p>Seems reasonable, right? An <tt class="docutils literal">IReadOnlyList</tt> is covariant in its stored type, so given that <tt class="docutils literal">T</tt> is constrained to be an <tt class="docutils literal">ITestInterface</tt>, assigning such a list of <tt class="docutils literal">T</tt> to a list of <tt class="docutils literal">ITestInterface</tt> should be fine. And yet, compiling this code will fail at “<tt class="docutils literal">y = x</tt>”, being unable to implicitly convert the types.</p>
<p>After some hair-pulling, I eventually worked out that the solution is to add “<tt class="docutils literal">class</tt>” to the constraints on <tt class="docutils literal">T</tt>. It would seem that, otherwise, the compiler will assume that the generic type <tt class="docutils literal">T</tt> will not have any kind of inheritance for which covariance will be relevant. So it doesn't consider that, and the cast fails.</p>
Prevent .xsession-errors growing forever on Debian2020-01-21T00:00:00-05:002020-01-21T00:00:00-05:00Brendon L. Higginstag:quantumfurball.net,2020-01-21:/prevent-xsession-errors-growing-forever-on-debian.html<p>The default configuration of the X server in Debian keeps a log of all the console output of the programs a user runs from their X session. It also keeps this log indefinitely. This is quite clearly a design mistake, because even ignoring badly behaved programs (those which are needlessly noisy are indisputably buggy), enough legitimate errors will eventually eat your disk. Plus the unjustifiable assumption that all programs out in the wild will be well-behaved, which is a nice hope but contrary to reality.</p>
<p>Sadly, this behaviour is also <a class="reference external" href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=276545">an ancient bug</a> that has been, it would seem, forgotten about.</p>
<p>Anyway, here's a relatively simple method to fix that. As root, edit <tt class="docutils literal">/etc/X11/Xsession</tt>. Just below the <tt class="docutils literal"><span class="pre">ERRFILE=$HOME/.xsession-errors</span></tt> line, add this:</p>
<div class="highlight"><pre><span></span><span class="nv">ERRFILEOLD</span><span class="o">=</span><span class="s2">"</span><span class="nv">$ERRFILE</span><span class="s2">"</span>.old
<span class="k">if</span><span class="w"> </span><span class="o">[</span><span class="w"> </span>-f<span class="w"> </span><span class="s2">"</span><span class="nv">$ERRFILE</span><span class="s2">"</span><span class="w"> </span><span class="o">]</span><span class="p">;</span><span class="w"> </span><span class="k">then</span>
<span class="nb">set</span><span class="w"> </span>+e
mv<span class="w"> </span>-f<span class="w"> </span><span class="s2">"</span><span class="nv">$ERRFILE</span><span class="s2">"</span><span class="w"> </span><span class="s2">"</span><span class="nv">$ERRFILEOLD</span><span class="s2">"</span><span class="w"> </span><span class="m">2</span>><span class="w"> </span>/dev/null
<span class="nb">set</span><span class="w"> </span>-e
<span class="k">fi</span>
</pre></div>
<p>Each time the user logs in, the old <tt class="docutils literal"><span class="pre">.xsession-errors</span></tt> log file will be moved to <tt class="docutils literal"><span class="pre">.xsession-errors.old</span></tt> (overwriting anything already with that name), and a new one created. Thus it ensures that the file doesn't grow indefinitely, so long as the user logs out and back in at some point.</p>
Published in Optics Express: Genuine time-bin-encoded quantum key distribution over a turbulent depolarizing free-space channel2019-12-14T00:00:00-05:002019-12-14T00:00:00-05:00Brendon L. Higginstag:quantumfurball.net,2019-12-14:/published-in-optics-express-genuine-time-bin-encoded-quantum-key-distribution-over-a-turbulent-depolarizing-free-space-channel.html<p>Light can be used to encode information in a variety of ways. Polarization, for example: a ‘0’ bit could be represented by a pulse of horizontally polarized light, and a ‘1’ bit could be vertically polarized. This generally works well for transmissions over free-space. Also, by allowing superposition states and reducing the intensity to single-photon levels, one can start to access interesting quantum protocols such as quantum key distribution (QKD). You can do this with other encodings, too—“time bin”, for example, where you encode information in the arrival time, early or late, relative to a reference. But because of the way the superposition state (that is, the early “and” late state) is measured, it doesn't generally work well over air because of turbulence.</p>
<p>A recently discovered enhancement of the measurement device by my colleagues intrinsically bypasses the turbulence problem, and in this paper, we couple this improved apparatus with a QKD system to demonstrate a real quantum protocol with time-bin encoded light transmitted over long-distance (1.2 km) free space. The approach we take here could in future be used as a bridge between optic fiber (where turbulence isn't an issue) and free-space for quantum protocols.</p>
<div class="line-block">
<div class="line">J. Jin, J [...]</div></div><p>Light can be used to encode information in a variety of ways. Polarization, for example: a ‘0’ bit could be represented by a pulse of horizontally polarized light, and a ‘1’ bit could be vertically polarized. This generally works well for transmissions over free-space. Also, by allowing superposition states and reducing the intensity to single-photon levels, one can start to access interesting quantum protocols such as quantum key distribution (QKD). You can do this with other encodings, too—“time bin”, for example, where you encode information in the arrival time, early or late, relative to a reference. But because of the way the superposition state (that is, the early “and” late state) is measured, it doesn't generally work well over air because of turbulence.</p>
<p>A recently discovered enhancement of the measurement device by my colleagues intrinsically bypasses the turbulence problem, and in this paper, we couple this improved apparatus with a QKD system to demonstrate a real quantum protocol with time-bin encoded light transmitted over long-distance (1.2 km) free space. The approach we take here could in future be used as a bridge between optic fiber (where turbulence isn't an issue) and free-space for quantum protocols.</p>
<div class="line-block">
<div class="line">J. Jin, J.-P. Bourgoin, R. Tannous, S. Agne, C. J. Pugh, K. B. Kuntz, B. L. Higgins, and T. Jennewein</div>
<div class="line"><a class="reference external" href="https://doi.org/10.1364/OE.27.037214">Genuine time-bin-encoded quantum key distribution over a turbulent depolarizing free-space channel</a></div>
<div class="line"><strong>Optics Express</strong> <em>27</em>, 37214 (2019)</div>
</div>
How to make Debian rescue and emergency runlevels work again2019-09-29T00:00:00-04:002019-09-29T00:00:00-04:00Brendon L. Higginstag:quantumfurball.net,2019-09-29:/how-to-make-debian-rescue-and-emergency-runlevels-work-again.html<p>At some point along Debian's journey, rescue and emergency runlevels broke for anyone who has a locked root account and, say, uses <tt class="docutils literal">sudo</tt> exclusively to run administrative commands. See <a class="reference external" href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211">the bug report</a> and <a class="reference external" href="https://salsa.debian.org/ah/user-setup/commit/bc5ca2de85ec27845d0b46059cb7cc02bae7b44d">a proposed installer patch</a>. This is not an atypical setup—it's a standard option of the Debian installer, and happens to be one I typically use.</p>
<p>To summarise what's going on, the system now prevents root from logging in due to it being a locked account (having no password, it cannot be authenticated), which means that the rescue and emergency runlevels always error and fail to bring up a shell. What bloody good are they, then, right?</p>
<p>Not too long ago things got to the point where the system can be configured to work as expected, again, but certain settings need to be enabled beforehand. This is described below. Note that doing so arguably introduces a security issue, but if you're happy to run Grub with editable boot entries (so that any user could, say, set <tt class="docutils literal"><span class="pre">init=/bin/bash</span></tt> on the kernel command line), then you're unlikely to have any reason to care.</p>
<p>First switch to root using “<tt class="docutils literal">sudo su -</tt>”. Then:</p>
<div class="highlight"><pre><span></span><span class="k">for</span><span class="w"> </span>x<span class="w"> </span><span class="k">in</span><span class="w"> </span>/etc/systemd/system [...]</pre></div><p>At some point along Debian's journey, rescue and emergency runlevels broke for anyone who has a locked root account and, say, uses <tt class="docutils literal">sudo</tt> exclusively to run administrative commands. See <a class="reference external" href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211">the bug report</a> and <a class="reference external" href="https://salsa.debian.org/ah/user-setup/commit/bc5ca2de85ec27845d0b46059cb7cc02bae7b44d">a proposed installer patch</a>. This is not an atypical setup—it's a standard option of the Debian installer, and happens to be one I typically use.</p>
<p>To summarise what's going on, the system now prevents root from logging in due to it being a locked account (having no password, it cannot be authenticated), which means that the rescue and emergency runlevels always error and fail to bring up a shell. What bloody good are they, then, right?</p>
<p>Not too long ago things got to the point where the system can be configured to work as expected, again, but certain settings need to be enabled beforehand. This is described below. Note that doing so arguably introduces a security issue, but if you're happy to run Grub with editable boot entries (so that any user could, say, set <tt class="docutils literal"><span class="pre">init=/bin/bash</span></tt> on the kernel command line), then you're unlikely to have any reason to care.</p>
<p>First switch to root using “<tt class="docutils literal">sudo su -</tt>”. Then:</p>
<div class="highlight"><pre><span></span><span class="k">for</span><span class="w"> </span>x<span class="w"> </span><span class="k">in</span><span class="w"> </span>/etc/systemd/system/rescue.service.d/override.conf<span class="w"> </span>/etc/systemd/system/emergency.service.d/override.conf
<span class="k">do</span>
mkdir<span class="w"> </span>-p<span class="w"> </span><span class="s2">"</span><span class="k">$(</span>dirname<span class="w"> </span><span class="nv">$x</span><span class="k">)</span><span class="s2">"</span>
cat<span class="w"> </span>><span class="w"> </span><span class="s2">"</span><span class="nv">$x</span><span class="s2">"</span><span class="w"> </span><span class="s"><<EOF</span>
<span class="s">[Service]</span>
<span class="s">Environment=SYSTEMD_SULOGIN_FORCE=1</span>
<span class="s">EOF</span>
<span class="k">done</span>
</pre></div>
<p>After that, you can <tt class="docutils literal">exit</tt> back out of the root account. (If the runlevels still don't work, maybe you gave root a password at some point? Double-check <tt class="docutils literal">/etc/shadow</tt>.)</p>
<p>In the future, the Debian installer may do this automatically. (You might want to check that the files mentioned in the code snippet above don't already exist.) But for the time-being, it has to be done manually.</p>