guest - flak

samsung chromebook plus

Apple announced a new iPad today, so I bought a chromebook. Actually, I bought it a few days ago; it just happened to arrive today. It’s a 2 in 1 flip around touchscreen tablet laptop all in wonder. I’ve been doing a lot of reading recently on my other chromebook, but sometimes I wish the keyboard would just go away. And when I’m reading on an iPad, I wish I had a keyboard. Technology is all about convergence, right? Bring on the singularity.

As a laptop, it’s not too bad. The keyboard is a little thin, and some keys are quite small. I wouldn’t write a novel with it, but it’s good enough to leave scathing comments on internet forums. The hinges are solid. It’s definitely more useful than a tablet with a keyboard. I have a special soft spot for laptops that can unfold 180 degrees (hello thinkpads!), so this machine earns a bonus star for that, too.

Continue reading samsung chromebook plus...

Posted 2017-03-21 20:46:37 by tedu Updated: 2017-03-26 05:44:55
Tagged: computers review

lighter laptop games

Sometimes I want to play a game. On Windows. On a laptop. That weighs three pounds. This kind of limits my options, but here’s a few games that worked out decently enough. Of course, some obvious choices like old school point and click games will run fine, but what I found is that even a number of retro pixel style games can be graphically intensive. It’s hard work looking easy.

My chosen laptop for this endeavor is a ZenBook UX305, which has a Core M CPU and no fan. From everything I’ve read, the Intel line of GPUs has held pretty steady ever since about Ivy Bridge. So this is a fairly capable processor if it weren’t thermally limited. Previously, I’ve used a ThinkPad T430s, which performs much better due to the presence of a fan. Similar processing circuitry, just the difference between 5W and 35W TDP.

Continue reading lighter laptop games...

Posted 2017-03-16 04:07:04 by tedu Updated: 2017-03-16 04:07:04
Tagged: games roundup

openbsd changes of note 7

The OpenBSD 61. It comes at night.

Enable the short slot time feature in 802.11n mode.

Update to terminfo-20170128.

Reduce per packet allocations for crypto.9 (IPsec) from three to one.

Introduce Xen interrupt barriers. Xen interrupt handlers run in thread context, so the usual intr_barrier() function doesn’t work.

In tmux, collect sequences of printable ASCII characters and process them together instead of handling them one by one. This is significantly faster.

Delete the obsolete fork/exec/exit emulation hooks. Last remnant of compat for other systems dies, after removal of linux compat.

Tweak the scheduler to move threads around a little less.

Add percpu counters for TCP stats. And ipv6, icmp6, divert. And carp and pfsync.

Continue reading openbsd changes of note 7...

Posted 2017-03-14 18:31:02 by tedu Updated: 2017-03-14 18:31:02
Tagged: openbsd

time scrolling

The hovertext for Friday’s xkcd Borrow Your Laptop asks for scrolling mapped to undo and redo. How hard can it be? There’s more than one way to do this, but the other ways are boring. What if we’re using a program that doesn’t allow rebinding keys or buttons?

First we need to grab the scroll events. To avoid too much mischief, we’ll only bind to scroll events with the control key down. XGrabButton sure does take a lot of arguments, but only the first few are interesting.

Continue reading time scrolling...

Posted 2017-03-05 07:51:26 by tedu Updated: 2017-03-05 07:51:26
Tagged: c programming x11

missing features as features

Whenever I plug an external monitor into my laptop, nothing happens. Then I run xrandr, and gears turn, and displays appear. Not too surprising. Whenever I unplug an external monitor, nothing happens. Then I run xrandr, gears turn, and all those hidden offscreen windows come screaming back. This is absurd, right? Shouldn’t my desktop software be, I don’t know, desktopping?

I actually like it, and I wouldn’t want it any other way. Like many people, I have a particular desktop setup I like. An arrangement of xterms for this, an arrangement of xterms for that, an email client here, a browser there. Some of it is big time serious business and goes on the big monitor. Other stuff lives on the small screen.

Continue reading missing features as features...

Posted 2017-03-03 19:04:28 by tedu Updated: 2017-03-03 19:04:28
Tagged: software thoughts

meaningful short names

Why don’t unix commands have any vowels in the name? cp and mv are obviously devoweled standins for copy and move. But they’re less intuitive for new users. The user wants to copy a file. Why shouldn’t the name of the command be exactly the operation the user wants to perform?

What exactly does the user want to do? Instead of copying files, maybe I want to link two files. What does that mean? In unix, we have hard links and symbolic links. If I replace the “original” file, do I want the link to refer to the original file or the replacement? Or maybe what I mean by link two files is to combine two object files into an executable. Do we call that loading instead? ln is the name of a command, but link is the name of a concept.

grep is a remarkably useful tool, but with most unintuitive name. Why not call it find like Windows does? I want to find some text, I run find. So obvious. But some users may want to find files in the filesystem, not strings in a file. What command do they run? Probably locate.

There may be a great deal of historical accident in the names of commands (what if the inventors of awk had different initials?), but that doesn’t mean we can’t recognize the value of unique and precise identifiers.

Posted 2017-03-03 02:31:53 by tedu Updated: 2017-03-03 02:31:53
Tagged: rants software

cloudbleed hero graphics

Who wore it worst?

The Post is pretty bad. Beware the scary glow in the dark hacker.

The Journal is less alarming, but rather useless. Hey, look at the tubes.

Motherboard skipped the tech and went with the meteorological imagery.

Ars Technica decided to forego their usual backlit keyboard gallery for some generic secret art. Inoffensive, but irrelevant.

And finally, The Verge comes through with a completely relevant image. An actual screenshot from the bug report.

Nicely done. That’s what real cyberjournalism looks like.

Posted 2017-03-01 04:14:10 by tedu Updated: 2017-03-01 04:14:10
Tagged: magreview

colliding, fast and slow

I found it hard to locate a good reference explaining how various hash attacks apply to password hashing. Somebody might reasonably ask how the SHA1 collision, or an extension thereof, would apply to bcrypt. Can bcrypt have collisions? It’s a strange question if you know the answer, but knowing that much requires synthesizing a fair bit of knowledge that’s not all in one place.

Start with the usual crypto hashes. Classics like MD5, current standards like SHA2, new hotness like BLAKE2. All of them are supposed to be collision resistant, and it’s bad news when somebody finds that they’re not. A collision attack is pretty simple to understand. Two inputs have the same hash.

An example attack is Mallory generates two messages with identical hashes, “IOU $10” and “IOU $1000”, and borrows $1000 from Alice, who accepts SHA1(“IOU $1000”) = 0x65de12 as a contract. (Digital signatures usually involve signing a hash of the document.) Later, Mallory pays Alice $10 and produces SHA1(“IOU $10”) = 0x65de12 to prove the debt has been paid. Alice is out $990. This is a collision attack. The adversary has control over both messages and the hash.

Continue reading colliding, fast and slow...

Posted 2017-02-28 22:38:41 by tedu Updated: 2017-03-05 19:12:50
Tagged: security software thoughts

1000 links later

Some reflections on life, the universe, and everything after posting 1000 links to inks. I started inks on a lark because one day I was annoyed with HN or Lobsters or something and it seemed easy enough to make my own cooler version, but there wasn’t much of a mission statement. Maybe Daring Fireball but without the fucking Yankees. It’s been a few months and 1000 links is enough to notice some trends and evaluate results.

The site was setup expecting fewer than 20 links per day. Visit once in the afternoon and scroll down and eventually come across a link from yesterday, knowing you’d seen it all. Twenty good links per day is plenty, right? Not always. Some days I’d end up posting considerably more than that without really trying. At a minimum of five minutes per link, that’s easily two hours of reading. Who has time to read all that? Wait, how do I have time to read all that? Not to mention all the links I read and didn’t post, although it’s easier to bail early on a bad article. I never really reflected on how much time I spent just treading information water until there was a timestamped record. Of course, the time wasn’t all exclusively spent on links. I could multitask leisure time watching a season of The X-Files and reading simultaneously.

Continue reading 1000 links later...

Posted 2017-02-26 17:45:28 by tedu Updated: 2017-02-26 17:45:28
Tagged: thoughts web

comment free codex

Another little adventure in web page rewriting. I wanted to use a few more go features, and make something that would work on at least a few different sites via the Host header.

Consider you want to read the Considerations On Cost Disease that was making all the rounds recently. Like a lot of Slate Star Codex posts, it’s pretty long. In fact, you might read it for several minutes and glance at the scrollbar to discover you haven’t made any progress. You could be reading this post for weeks. But the situation isn’t really that bad, because like every Slate Star Codex post, it has a shitton of comments. More than 1000 in fact. This is not to say that the comments are bad (or good), but there certainly are a lot of them.

Continue reading comment free codex...

Posted 2017-02-24 21:59:30 by tedu Updated: 2017-02-24 22:03:29
Tagged: go programming web