It turns out you can use openssh keys to sign and verify files and documents.

The sender needs to do this:

• Create a file /tmp/whatever with the text to verify, then sign it with:

openssl dgst -sha512 -sign ~/.ssh/id_rsa /tmp/whatever > /tmp/whatever.sig

• Then base64-encode the sig and the whatever file:

base64 /tmp/whatever >/tmp/whatever.b64
base64 /tmp/whatever.sig >/tmp/whatever.sig.b64

generate checksums: sha512sum whatever* > checksums

And send the whatever.b64, whatever.sig.b64, and checksums files.

The checksum files allow verification that the content didn’t get mangled, because it’s easy for it to get borked in transit and this technique doesn’t provide a lot of integrity validation like e.g. GPG would.

Then the verifier does:

• Obtain the ssh key in question. I use this technique with Launchpad public keys, so this works:

curl https://launchpad.net/~whoever/+sshkeys | grep "blah@42.us.org" > /tmp/who.pub

• Convert the key to an openssl-compatible key:

ssh-keygen -e -f /tmp/who.pub -m pkcs8 > /tmp/who.openssl.pub

• Finally verify the documents (which you previously integrity-checked using sha512sum and the checksums file you received):

openssl dgst -sha512 -verify /tmp/who.openssl.pub -signature /tmp/whatever.sig
/tmp/whatever

A single script to demo the technique against my public Launchpad key:

#!/bin/bash
KEY_ON_DISK=~/.ssh/id_rsa
LAUNCHPAD_USER=roadmr
KEY_IDENTIFIER="name of the key"
KEY_EXCLUDER="something-you-dont-want"

mkdir ssh-attestation
pushd ssh-attestation

# Signing procedure
echo "This is me" > attest
openssl dgst -sha512 -sign $KEY_ON_DISK attest > attest.sig
base64 attest > attest.b64
base64 attest.sig > attest.sig.b64
sha512sum attest* > shasums

# Verification procedure
echo "Verifying"
sha512sum -c shasums
# Brittle - maybe select by line number instead?
curl "https://launchpad.net/~$LAUNCHPAD_USER/+sshkeys" | grep "$KEY_IDENTIFIER" | grep -v "$KEY_EXCLUDER" > lp-key.pub
ssh-keygen -e -f lp-key.pub -m pkcs8 > lp-key.openssl.pub
openssl dgst -sha512 -verify lp-key.openssl.pub -signature attest.sig attest
popd

In an email thread with some colleagues, one of them mentioned that they had to force their laptop to use “deep” sleep instead of “s2idle”. This got me thinking - I’ve had the impression that my XPS13 sometimes doesn’t really suspend, and/or wakes up in the middle of the night, because the battery capacity sometimes is lower than it should be after being suspended overnight (going to sleep with 100% battery and having about 70% the morning afeter).

So I quickly looked up “s2idle” and landed here.

From here it looks like indeed s2idle is not really suspend-suspend and the system can wake up of its own accord according to unclear rules (or maybe they are clear, but I don’t care, I want the system to go to full sleep and only wake up when I open the lid or something similar). And it seems the way to get it to real deep-sleep is to write “deep” into /sys/power/mem_sleep. It further mentions that indeed s2idle is the default (which I confirmed by checking the above file), but it can be overridden by setting mem_sleep_default in the kernel command line.

It’s been a while since I last had to muck with GRUB configuration…

Just for kicks I also looked up mem_sleep_default and lo and behold, came upon a thread for the XPS 13 9310 (exactly the one I have).

Inspired by some article on the Internet, I set out to modernize the way I take daily notes. Up until now I had simply been dumping date-named files in a single directory. This allows me to use standard tools such as grep for finding stuff in my notes, also referencing them by date when appropriate, preparing notes in advance by creating the file for a date in the future, and have comfortable aliases/commands to do things.

For example, mn (make note) creates or opens the notes file for the current day, while wmatrix creates or opens a weekly file with progress updates from the team, which I use to keep track of daily standup items and follow up if necessary.

The random article in question talks about Obsidian and how it provides nice rendered Markdown notes with collapsible GUI controls, a ton of keyboard shortcuts, a modern and friendly graphical display, and it can render link relations in the notes to display a “knowledge graph”. It does all this on top of a local folder containing .md files, so it’s quite future-proof and portable, and provides mobile apps and some synchronization (which I haven’t explored) to keep notes updated.

I tried it and it felt quite heavyweight for a glorified note taker. I found the controls distracting, the general application not providing a ton of value over a single directory of files, and most importantly, the extensive keyboard navigability requires me learning another set of keybindings which at this point I’d really rather avoid.

The same random article, however, also pointed me in the direction of vimwiki. In essence, Obsidian’s knowledge base is a local wiki, and this is exactly what vimwiki provides - indeed, in the article they are identified as complementary to each other, with vimwiki providing editability and access via the command line, and Obsidian allowing remote access and a graphical view, when needed.

I configured vimwiki to use Markdown and store files next to my old notes folder:

let g:vimwiki_list = [{'path': '~/Documents/w/vimwiki',
                      \ 'syntax': 'markdown', 'ext': '.md'}]

The experience from vim is fantastic; \ww opens a wiki index, and from there any single word can become a link by hitting ENTER in command mode on top of it. Vimwiki automatically creates the target and you can start writing Markdown in it, which is nicely syntax-colored. Vimwiki automatically handles indenting and formatting of lists, tables and markdown headings, and nicely collapses and linkifies URLs. It can even manage to-do lists in brackets [ ] and indent/dedent hierarchical table entries.

Vimwiki also has the concept of “diary” entries which are automatically created under the current date’s name, as well as useful shortcuts for “yesterday” and “tomorrow” pages, and can auto-generate an index for all diary/dated entries.

Vimwiki has wiki-wide search functionality via :VWS, though of course one can still shell out and use grep in a directory of raw .md files for ultimate portability.

I updated my mn and wmatrix aliases to integrate with vimwiki and have been happily using it for the past few days. The experience is pretty close to what I had with my old raw notes folder with some niceties added on top; I’ll probably start leveraging them more as I get more familiar with the setup.

This is a poor man’s “watch a file for changes and when it does, run a command”.

while true; do inotifywait --event modify a-document.tex ; pdflatex a-document.tex ; done

This gist explains and has code for how to use the brother ptouch cube bluetooth printer with Linux.

https://gist.github.com/stecman/ee1fd9a8b1b6f0fdd170ee87ba2ddafd

The Keychron K2 and K3 have dual-purpose media/function keys. The accompanying card says to use fn+x+l to change modes, but I tried it and it didn’t work. I need my function keys, I’m already used to pressing fn when I do need to access multimedia functionality.

I found this repo which explains how to set up a systemd service to configure the keys by writing a value to a driver configuration file. This works, but I was also able to get this changed immediately (though not persistently) by doing:

# Set the keys to operate in Fx mode
echo 0 | sudo tee /sys/module/hid_apple/parameters/fnmode

# Set the keys to operate in multimedia mode

echo 1 | sudo tee /sys/module/hid_apple/parameters/fnmode

Esta es una historia de fantasmas. Los nombres han sido cambiados para proteger identidades.

Hola que tal mi nombre es L. B. C. vivo en el estado de mexico ( municipio de chimalhuacan ) en mi casa abitan no se si talvez sean niños pero el asunto es de que hay alguien mas en nuestra casa en ocaciones mis hermanos pequeños ven un niño de color oscuro en mi cuarto y disen que se pone a brincar en mi cama.

Una ocacion mi hermana estaba en el baño y dejo la puerta abierta y entonses le empeso a gritar a mi mama pero no le hiso caso entonses mi hermana empeso a llorar talves de temor por que como enfrente del baño esta su cuerto de mi hermana, dise que vio a un niño que se asomo y se metio rapido a su cuarto entonses ya cuando llego mi mama a ver por que estaba llorando estaba bien espantada.

Antes de que esto susediera a nadien de nosostros nos abian espantado al unico que le pasaba era a mi hermano el tambien beia niños en el baña y en la sala, eso lla tiene tienpo y desde aquel entonses ya no habiamos hescuchado ni bisto nada, hasta que una noche llo me dormi un poca tarde, y entonses desde el momento que me fui a costar senti miedo y en eso que bolteo a la puerta pribnsipal de los dos cuartos y bi una sirueta que esta en la puerta el tamaño era de una persona adulta, pero como a mi me dio mucho miedo me tape toda la cara, pero enseguida de que me tape la cara senti que algo le levantaba todo el coberto y la colcha que tenia con eso senti en miedo increible.

En este tiempo que mis hermanos an estado biendo los niños a mi me esta pasando que lla cuando me voy a dormir siento como una presensia o alguien que se hacerca a mi asta siento como se me va hacercando cada vez mas pero volteo y no veo nada.

Bueno talvez no se si estar seguro de saber de lo que esta pasando hay pero quisiera que me ayudaran mi telefono es el 5XXXXXXX mi domisilio es ( Calle XXXXXX Manzana 2 Lote 11 San Ajustin Chimalhuacan )

Una cosa mas disen que antes de que nosotros construlleramos la casa hase como 8 años era un kinder y una guarderia.

Bueno es todo lo que les puedo mensionar les agradeseria si me informaran de algo ADIOS.

I’m cheating because this uses virtualbox.

This is ubuntu 20.04.

install these debs:

virtualbox
virtualbox-dkms
virtualbox-ext-pack
virtualbox-guest-additions-iso

Download this Win10 evaluation/development VM

or a suitable one from here

Unzip the file, then on virtualbox, import the VM from the ova file.

Update settings for the VM and enable USB controller, with xHCI so it doesn’t take ages to transfer files.

Boot the VM, log in.

Download itunes from apple inside the vm (maybe with edge):

https://www.apple.com/itunes/download/win64

(I couldn’t install from the ms app store because reasons)

Start itunes by keeping SHIFT pressed while opening itunes:

https://support.apple.com/en-ca/guide/itunes/itns3259/windows

Choose the path where the itunes library is.

A few domains are hosted on my server and I have an exim4 setup where I can create virtual addresses by dropping text files in a directory and putting the destination address in the text file. This is convenient because it lets me redirect everything to gmail inboxes and manage all things in one place.

However, sometimes the virtual addresses do receive spam which they promptly forward to gmail, which is unhappy, tanking my server’s reputation.

This came to a head yesterday when I noticed legitimate emails being 550d at the SMTP dialog level, which is bad because they are not resent and we start losing important data.

I installed an additional spam filter, but crucially (I think, remains to be seen whether this really helps) I found this page which describes Sender Rewriting Scheme (and the explanation makes sense, since from Google’s point of view I’m delivering email for the originating domain, after a forward from my server, which is not a designated sender for those domains).

A bit of googling led me to another page describing how to set up srs with an srs client, but unfortunately the config suggested there made a few assumptions that didn’t work for my system. At the bottom of that though, there’s a link to this exim bug which describes a pure exim4 solution with 3 routers and a new transport. This was easy to adapt and it seems to be working well.

#routers
# /etc/exim4/conf.d/router/110_srs
outbound:
  driver =    dnslookup
  domains =   ! +local_domains
  transport = ${if eq {$local_part@$domain} \
                      {$original_local_part@$original_domain} \
                   {remote_smtp} {remote_forwarded_smtp}}

inbound_srs:
  driver =    redirect
  senders =   :
  domains =   +local_domains
  condition = ${if match {$local_part} \
                         {^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)\$} \
                {${if and { {<= {${eval:$tod_epoch/86400 - ${base32d:$2} & 0x3ff}} \
                                {10}} \
                            {eq {$1} \
                                {${l_4:${hmac{md5}{SRS_SECRET}{${lc:$4@$3}}}}}} \
                          } \
                         {true}{false} \
                 }} \
                 {false} \
                }
  data =    ${sg {$local_part} \
                 {^(?i)SRS0=[^=]+=[^=]+=([^=]*)=(.*)\$} \
                 {\$2@\$1}}


inbound_srs_failure:
  driver =    redirect
  senders =   :
  domains =   +local_domains
  condition = ${if match {$local_part} \
                         {^(?i)SRS0=([^=]+)=([^=]+)=([^=]*)=(.*)\$} \
                }
  allow_fail
  data =    :fail: Invalid SRS recipient address

and

# transport
#/etc/exim4/conf.d/router/30_exim4-config_remote_forwarded_smtp
remote_forwarded_smtp:
  driver =              smtp
  return_path =         SRS0\
                        =${l_4:${hmac{md5}{SRS_SECRET}{${lc:$return_path}}}}\
                        =${base32:${eval:$tod_epoch/86400&0x3ff}}\
                        =${domain:$return_path}\
                        =${local_part:$return_path}\
                        @$original_domain

The title of this post is somewhat cryptic but what I learned today is awesome.

I was looking at fzf’s page to see how I could better integrate it with vim. I’ve been happily using fzf in bash for a while now, primarily leveraging the ctrl-r history fuzzy search, and also ocassionally ctrl-t to insert a fuzzily-searched file in the command line. Today I learned about:

Files and directories

Fuzzy completion for files and directories can be triggered if the word before the cursor ends with the trigger sequence, which is by default **.

• COMMAND [DIRECTORY/][FUZZY_PATTERN]**<TAB>

# Files under the current directory
# - You can select multiple items with TAB key
vim **<TAB>

# Files under parent directory
vim ../**<TAB>

# Files under parent directory that match `fzf`
vim ../fzf**<TAB>

# Files under your home directory
vim ~/**<TAB>


# Directories under current directory (single-selection)
cd **<TAB>

# Directories under ~/github that match `fzf`
cd ~/github/fzf**<TAB>

Process IDs

Fuzzy completion for PIDs is provided for kill command. In this case, there is no trigger sequence; just press the tab key after the kill command.

# Can select multiple processes with <TAB> or <Shift-TAB> keys
kill -9 <TAB>

But the one that REALLY blew my mind was this:

ALT-C - cd into the selected directory

• Set FZF_ALT_C_COMMAND to override the default command
• Set FZF_ALT_C_OPTS to pass additional options

This is brilliant, I might get used to this and I’ll become entirely unable to manually cd into a directory now.