triptico.com

Un naufragio personal

(Very) Basic Intro To Elliptic Curve Cryptography

Lane Wagner gives a brief description on how Elliptic Curve Cryptography (ECC) works:

https://qvault.io/2019/12/31/very-basic-intro-to-elliptic-curve-cryptography/

The radix 2^51 trick

Tim McLean on Faster addition and subtraction on modern CPUs:

https://www.chosenplaintext.ca/articles/radix-2-51-trick.html

Presenter mode in LibreOffice Impress without an external display

Elana Hashman explains how to create X11 virtual screens:

My GPU had this capability innately, it turns out, if I could just whisper the right incantations to unlock its secrets:

ehashman@red-dot:~$ cat /usr/share/X11/xorg.conf.d/20-intel.conf 
Section "Device"
    Identifier "intelgpu0"
    Driver "intel"
    Option "VirtualHeads" "1"
EndSection

After restarting X to allow this newly created config to take effect, I now could see two new virtual displays available for use:

ehashman@red-dot:~$ xrandr
Screen 0: minimum 8 x 8, current 3840 x 1080, maximum 32767 x 32767
eDP1 connected primary 1920x1080+0+0 (normal left inverted right x axis y axis) 310mm x 170mm
   1920x1080     60.01*+  59.93  
   ...
   640x360       59.84    59.32    60.00  
DP1 disconnected (normal left inverted right x axis y axis)
DP2 disconnected (normal left inverted right x axis y axis)
HDMI1 disconnected (normal left inverted right x axis y axis)
HDMI2 disconnected (normal left inverted right x axis y axis)
VIRTUAL1 disconnected (normal left inverted right x axis y axis)
VIRTUAL2 disconnected (normal left inverted right x axis y axis)

Nice. Now, to actually use it:

ehashman@red-dot:~$ xrandr --addmode VIRTUAL1 1920x1080
ehashman@red-dot:~$ xrandr --output VIRTUAL1 --mode 1920x1080 --right-of eDP1

And indeed, after running these commands, I found myself with a virtual display, very happy to black hole all my windows, available to the imaginary right of my laptop screen.

https://hashman.ca/libreoffice/

Implementing simple cooperative threads in C

Back in the nineties I created a collaborative multitasking library for MSDOS using the setjmp() / longjmp() functions: it had some minor restrictions that I couldn't find the time to fix so I finally got bored and abandoned it. This article describes the development of a very similar library in a very didactic way.

https://brennan.io/2020/05/24/userspace-cooperative-multitasking/

macOS 10.15: Slow by Design

I just can't believe this (Allan Odgaard):

Apple has introduced notarization, setting aside the inconvenience this brings to us developers, it also results in a degraded user experience, as the first time a user runs a new executable, Apple delays execution while waiting for a reply from their server. This check for me takes close to a second.

This is not just for files downloaded from the internet, nor is it only when you launch them via Finder, this is everything. So even if you write a one line shell script and run it in a terminal, you will get a delay!

[...]

Honestly, this is downright baffling. Are Apple sending the source of all my custom scripts to their server? With their stance on privacy, I wouldn’t think so, so they are likely just sending a checksum, but what are they doing with that checksum that the system couldn’t do locally?

If this is true it must be the biggest perverseness and assholery ever seen in the computing world (coming from Apple is not that all surprising, though).

https://sigpipe.macromates.com/2020/macos-catalina-slow-by-design/

Printing hard-to-print PDFs on Linux

François Marier talks about PDFs that trigger out-of-memory conditions in printers:

[The problem seems to be] transparent images, a PDF 1.4 feature which apparently requires a more recent version of PostScript than what my printer supports.

He dogged the bullet by converting some documents to DjVu:

pdf2djvu -d 1200 2002.04049.pdf > 2002.04049-1200dpi.djvu

And others to PDF 1.3:

ps2pdf13 -r1200x1200 dow-faq_v1.1.pdf dow-faq_v1.1-1200dpi.pdf

https://feeding.cloud.geek.nz/posts/printing-hard-to-print-pdfs-on-linux/

"OpenBSD in a laptop" series, mentioned in Lobsters

My "OpenBSD in a laptop" series have been mentioned in Lobsters (a link aggregation site similar to Hacker News) here and here.

Private Key Redaction: UR DOIN IT RONG

Matt Palmer said:

Because posting private keys on the Internet is a bad idea, some people like to “redact” their private keys, so that it looks kinda-sorta like a private key, but it isn’t actually giving away anything secret. Unfortunately, due to the way that private keys are represented, it is easy to “redact” a key in such a way that it doesn’t actually redact anything at all. RSA private keys are particularly bad at this[...]

A very clear explanation follows about the only really meaningful parts of a private RSA key in base64 DER format and how to rebuild a full key using only these parts, even if the rest have been redacted out, garbled or obfuscated.

https://www.hezmatt.org/~mpalmer/blog/2020/05/17/private-key-redaction-ur-doin-it-rong.html

One impact of the dropping of Python 2 from Linux distributions

Chris Siebenmann said:

"Everyone's insistence on getting rid of Python 2 is magically transforming all of this perfectly functional and useful Python 2 code we have from an asset to a liability."

[...]

"Functioning code that you don't have to maintain and that just works is an asset; it sits there, doing a valuable job, and requires no work. Code that you have to do significant work on just so that it doesn't break (not to add any features) is a liability; you have to do work and inject risk and you get nothing for it."

https://utcc.utoronto.ca/~cks/space/blog/python/Python2DroppingImpact

SSL Server Online Test

This site provides a free online test of SSL/TLS connections:

https://www.ssllabs.com/ssltest/

I was reprimanded because I had support for TLS 1.0 and TLS 1.1 still enabled for this site, so I changed the configuration lines in /etc/nginx.conf and /etc/nginx/conf.d/samael.conf to support only version 1.2:

ssl_protocols TLSv1.2;

Three wrappers to run commands without impacting the rest of the system

François Marier names 3 tools to execute other commands with lower priorities on a Linux system:

nice
Runs at a "nicer" (i.e. lower) CPU priority (a UNIX classic that everybody knows).
ionice
Sets the I/O priority. Interesting options are -c3 (needs root) or -n7. Only useful if you are using the CFQ scheduler.
nocache
Avoids storing files into the file cache, leaving it ready for other running processes.

Example in a crontab:

0 0 * * * nocache ionice nice /path/to/backup.sh

https://feeding.cloud.geek.nz/posts/three-wrappers-to-run-commands-without-impacting-the-rest-of-the-system/

Sending data in a signal

Craig said on sending additional data or context in a UNIX signal:

"[...] One thing that isn’t as well known is besides sending a signal to a process, you can send some data to it. This can either be an integer or a pointer and uses similar semantics to the known kill and signal handler. [...]"

The key is using sigqueue() instead of signal() and a signal handler like:

void signal_handler(int signum, siginfo_t *siginfo, void *ucontext)
{
    if (signum != SIGUSR1) return;
    if (siginfo->si_code != SI_QUEUE) return;
 
    printf("receiver: Got value %d\n", siginfo->si_int);
}

https://dropbear.xyz/2020/04/29/sending-data-in-a-signal/

Using GnuPG for SSH authentication

The GnuPG agent can be used as an SSH agent:

https://incenp.org/notes/2015/gnupg-for-ssh-authentication.html

Gimme gimme gimme

If you execute the Linux man command without arguments, it returns:

What manual page do you want?

But, if you do the same exactly at 00:30, the returned message is:

gimme gimme gimme

Of course, this is after ABBA's song Gimme Gimme Gimme A Man After Midnight.

In defence of swap: common misconceptions

Chris Down says (on anonymous, i.e. allocated memory pages):

"[...] Swap is a storage area for these seemingly "unreclaimable" pages that allows us to page them out to a storage device on demand. This means that they can now be considered as equally eligible for reclaim as their more trivially reclaimable friends, like clean file pages, allowing more efficient use of available physical memory.

Swap is primarily a mechanism for equality of reclamation, not for emergency "extra memory". Swap is not what makes your application slow – entering overall memory contention is what makes your application slow."

https://chrisdown.name/2018/01/02/in-defence-of-swap.html

Remarkable StackExchange subdomains

The ReiserFS filesystem

"This document describes the ReiserFS filesystem structures on disk. It was created while writing a ReiserFS reader for Windows NT. I was unsatisfied with the documentation available over at the official URL, www.namesys.com, so I wrote my own. But, since this is my first contact with ReiserFS, it does contain errors, so if in doubt, please consult the original spec first."

"This document is copyrighted by Gerson Kurz and licensed by the GPL."

http://p-nand-q.com/download/rfstool/reiserfs_docs.html

Convert your ASCII diagram scribbles into happy little SVG

"Svgbob Editor - Convert your ASCII diagram scribbles into happy little SVG"

Not really limited to ASCII; Unicode is also supported (including special support for line drawing characters).

https://ivanceras.github.io/svgbob-editor/

An implementation of the ChaCha20 algorithm in Bash

This is an implementation of DJB's ChaCha20 algorithm in Bash script.

"chacha20.sh
by zx2c4
You probably shouldn't use this for anything."

https://git.zx2c4.com/chacha20.sh/tree/chacha20.sh

Old Book Illustrations

"Old Book Illustrations was born of the desire to share illustrations from a modest collection of books, which we set out to scan and publish."

https://www.oldbookillustrations.com/