diff options
| -rw-r--r-- | README.md | 5 | ||||
| -rwxr-xr-x | extract_field.sh | 2 | ||||
| -rw-r--r-- | footer.inc | 2 | ||||
| -rw-r--r-- | index.csv | 7 | ||||
| -rw-r--r-- | posts/adieu-quake.md | 82 | ||||
| -rw-r--r-- | posts/index.md | 7 | ||||
| -rw-r--r-- | posts/opening-black-boxes.md | 19 | ||||
| -rw-r--r-- | posts/single-use-ssh-keys.md | 64 |
8 files changed, 139 insertions, 49 deletions
@@ -19,9 +19,12 @@ Assorted files (such as images) can be placed in `files/`. Install pandoc. Run `./build.sh` from the project root. This will produce the compiled -output in `out`. +output in `blog-staging`. ### Deployment Run `./deploy.sh`. It will try to log into my website. This will not work. Edit it for your own needs. + +To deploy to *p*roduction, run `./deploy.sh -p`. Again, this will not +work unless you have my SSH key. diff --git a/extract_field.sh b/extract_field.sh index aab4b6a..030ddaf 100755 --- a/extract_field.sh +++ b/extract_field.sh @@ -2,4 +2,4 @@ # Usage: ./extract_field.sh DBNAME KEY FIELDIDX -awk 'BEGIN { FS = ":" } $1 == "'"$2"'" { print $'"$3"'}' < $1 +awk 'BEGIN { FS = "_" } $1 == "'"$2"'" { print $'"$3"'}' < $1 @@ -1,4 +1,4 @@ </div> <footer> - <a href="/blog">Blog index</a> | <a href="/">Home</a> + <a href="index.html">Blog index</a> | <a href="/">Home</a> </footer> @@ -1,3 +1,4 @@ -adieu-quake.md:Adieu, Quake! -opening-black-boxes.md:Opening Black Boxes -index.md:Quite Frankly +adieu-quake.md_Adieu, Quake! +opening-black-boxes.md_On Opening Black Boxes or: How I Learned to Stop Worrying and Love G-Code +single-use-ssh-keys.md_Single-Use SSH Keys +index.md_Quite Frankly diff --git a/posts/adieu-quake.md b/posts/adieu-quake.md index c167542..cc7a451 100644 --- a/posts/adieu-quake.md +++ b/posts/adieu-quake.md @@ -1,13 +1,18 @@ -# Adieu, Quake! +% Adieu, Quake! +% +% 27 Aug 2019 -[](http://www.youtube.com/watch?v=74i8aBOmyos) - - +<center> +<figure> +[{height=300}](https://www.youtube.com/watch?v=74i8aBOmyos)\ {height=300} +<figcaption>Quake running on an iPod Classic.</figcaption> +</figure> +</center> **TL;DR** I made Quake run on MP3 players. Read how it happened. I spent part of this summer playing with two of my favorite things: -[Rockbox](https://rockbox.org) and id Software's +[Rockbox](https://www.rockbox.org) and id Software's [Quake](https://en.wikipedia.org/wiki/Quake_(video_game)). I even got the chance to combine the two by porting Quake to run *on* Rockbox! What more could I ask? @@ -25,7 +30,7 @@ months, so I'm trying to get this brain dump in before the deluge. ## Rockbox -[Rockbox](https://rockbox.org) is a fun open-source project I spend +[Rockbox](https://www.rockbox.org) is a fun open-source project I spend far too much time hacking on. The web page explains it best: "Rockbox is a free replacement firmware for digital music players." That's right, we provide a complete replacement for the manufacturer's @@ -37,8 +42,8 @@ we support loadable extensions called *plugins* -- small programs to run on your MP3 player. Rockbox already has a bunch of nifty games and demos, the most impressive of which were probably the first-person shooters [Doom](https://www.rockbox.org/wiki/PluginDoom) and [Duke -Nukem 3D](https://www.rockbox.org/wiki/PluginDuke3D). But I still felt -there was something missing. +Nukem 3D](https://www.rockbox.org/wiki/PluginDuke3D).[^1] But I still +felt there was something missing. ## Enter Quake @@ -58,8 +63,9 @@ with CPUs as slow as 11MHz and as little as 2 MB of RAM (of course, Quake wasn't going to be running on *those* devices). With this in mind, I looked at my ever-shrinking DAP collection and picked out the most powerful surviving member: an Apple iPod Classic/6G, with a 216 -MHz ARMv5E and 64 MB of DRAM. Nothing to sneeze at, but certainly -marginal when it comes to running Quake. +MHz ARMv5E and 64 MB of DRAM (the *E* indicates the presence of ARM +DSP extensions -- this will be important later). Nothing to sneeze at, +but certainly marginal when it comes to running Quake. ## The Port @@ -84,10 +90,10 @@ avail -- the bug was too hard for me, or so it felt. And so it remained, for years. I should probably give a little timing information at this point. This first attempt at Quake took place in -September 2017, after which I gave up. My Quake-Rockbox abomination -sat on a shelf, collecting dust, until July 2019. By just the right -combination of boredom and motivation, I resolved to finish what I had -started. +September 2017, after which I gave up, and my Quake-Rockbox +abomination sat on a shelf, collecting dust, until July 2019. By just +the right combination of boredom and motivation, I resolved to finish +what I had started. I got to debugging. Now, my flow state is such that I remember virtually no details of what exactly I did, but I'll try my best here @@ -119,7 +125,7 @@ gotten Quake to boot on an MP3 player! ## Down the Rabbit Hole This project finally gave me an excuse to do something I'd been -putting off for a while: learn ARM assembly language.[^1] +putting off for a while: learn ARM assembly language.[^2] The application was in a performance-sensitive sound mixing loop in `snd_mix.c` (remember the lawnmower-like sound?). @@ -178,14 +184,15 @@ SND_PaintChannelFrom8: ~~~ There's some hackery going on here that could use some explaining. I'm -using the ARM `qadd` DSP instruction to get saturation addition for -cheap^[1](#asm-listing-25)^, but `qadd` only works with 32-bit words, and the sound samples -are 16 bits. The hack, then, is to first shift the samples left by 16 -bits; `qadd` the samples together; and then shift them back. This -accomplishes in one instruction what GCC took seven to do. (Sure, I -could've avoided this hack altogether if I were working with ARMv6, -which has MMX-esque packed saturation arithmetic with `qadd16`, but -alas -- life isn't so easy. And besides, it was a cool hack!) +using the ARM `qadd` DSP instruction to get saturation addition [for +cheap](#asm-listing-25), but `qadd` only works with 32-bit words, and +the sound samples are 16 bits. The hack, then, is to first shift the +samples left by 16 bits; `qadd` the samples together; and then shift +them back. This accomplishes in one instruction what GCC took seven to +do. (Sure, I could've avoided this hack altogether if I were working +with ARMv6, which has MMX-esque packed saturation arithmetic with +`qadd16`, but alas -- life isn't so easy. And besides, it was a cool +hack!) Notice also that I'm reading and writing two stereo samples at a time (with a word-sized `ldr` and `str`) to save a couple more cycles. @@ -225,7 +232,7 @@ will lead to an integer wraparound to `0xFFFFFFFF` and an extremely long delay (which will eventually resolve itself). This corner case was triggered by one sound in particular, of 7325 -samples in length.[^2] What's so special about 7325, you ask? Try taking it +samples in length.[^3] What's so special about 7325, you ask? Try taking it modulo any power of two: $$ @@ -259,10 +266,11 @@ isn't it? ## Adieu In the end I ended up packaging this port up as a -[patch](http://gerrit.rockbox.org/r/#/c/1832/) and merging it into the +[patch](http://gerrit.rockbox.org/r/1832/) and merging it into the Rockbox mainline, where it resides today. It ships with builds for most of the ARM targets with color displays in Rockbox 3.15 and -later.[^3] +later.[^4] If you don't have a supported target, you can +[watch](https://www.youtube.com/watch?v=74i8aBOmyos) user890104's demo. I've omitted a couple interesting things here for the sake of space. There is, for example, the race condition that occured only @@ -277,19 +285,23 @@ now, it is time to say goodbye to Quake -- it's been good to me. So long, and thanks for all the fish! -[^1]: If you're interested in learning ARM assembly, Tonc's -[*Whirlwind Tour of ARM -Assembly*](http://www.coranac.com/tonc/text/asm.htm) is a good (albeit -slightly outdated and GBA-oriented) place to start. And while you're -at it, go ahead and get a printout of the [ARM Quick Reference -Card](http://infocenter.arm.com/help/topic/com.arm.doc.qrc0001l/QRC0001_UAL.pdf). +[^1]: The latter game was the first to use the Rockbox SDL runtime and +deserves a post of its own. Watch user890104's demo of it +[here](https://www.youtube.com/watch?v=aEkBJ-fHxhA). + +[^2]: If you're interested in learning ARM assembly, Jasper Vijn's +[*Tonc: Whirlwind Tour of ARM +Assembly*](https://www.coranac.com/tonc/text/asm.htm) is a good +(albeit slightly outdated and GBA-oriented) place to start. And while +you're at it, go ahead and get a printout of the [ARM Quick Reference +Card](https://infocenter.arm.com/help/topic/com.arm.doc.qrc0001l/QRC0001_UAL.pdf). -[^2]: It was the sound triggered by a [100 health +[^3]: It was the sound triggered by a [100 health pickup](r_item2.wav), incidentally. -[^3]: I honestly don't remember exactly which targets do and don't +[^4]: I honestly don't remember exactly which targets do and don't support Quake. If you're curious, head over to the [Rockbox -site](http://rockbox.org) and try installing a build for whatever +site](https://rockbox.org) and try installing a build for whatever target(s) you might have. And do [let me know](mailto:me@fwei.tk) how it runs! New versions of [Rockbox Utility](https://www.rockbox.org/wiki/RockboxUtility) (1.4.1 and diff --git a/posts/index.md b/posts/index.md index 46fcfc9..3a2a3e2 100644 --- a/posts/index.md +++ b/posts/index.md @@ -1,10 +1,13 @@ -# Quite Frankly +% Quite Frankly +% Franklin Wei +% This is my humble blog. Welcome. - [On Opening Black Boxes or: How I Learned to Stop Worrying and Love G-Code](opening-black-boxes.html) (28 Nov 2019) - [Adieu, Quake!](adieu-quake.html) (27 Aug 2019) +- [Single-Use SSH Keys](single-use-ssh-keys.html) (23 Aug 2015) Contact: <me@fwei.tk> -The blog is [open-source](https://fwei.tk/git/blog)! +This blog is [open-source](https://fwei.tk/git/blog)! diff --git a/posts/opening-black-boxes.md b/posts/opening-black-boxes.md index b944166..b246c91 100644 --- a/posts/opening-black-boxes.md +++ b/posts/opening-black-boxes.md @@ -1,6 +1,8 @@ -# On Opening Black Boxes or: How I Learned to Stop Worrying and Love G-Code {#top} +% On Opening Black Boxes or: How I Learned to Stop Worrying and Love G-Code +% +% 28 Nov 2019 -)](baby-yoda.png) +)](baby-yoda.png){width=100%} **TL;DR** PhotoVCarve should not cost $149. I made [my own](https://github.com/built1n/rastercarve). @@ -22,7 +24,11 @@ besides, just see for yourself in the video below: all PhotoVCarve does is take an image and draw a bunch of grooves over it -- *nothing that couldn't be done in a couple lines of Python,* I thought. -[](https://www.youtube.com/watch?v=krFyBxYwWW8) +<center> + +[{width=60%}](https://www.youtube.com/watch?v=krFyBxYwWW8) + +</center> ## G-Code @@ -61,7 +67,7 @@ Python made things *so* much easier than C (or God forbid -- [ARM assembly](adieu-quake.html#asm-listing)). The heart of my program is a function, -[`engraveLine`](http://fwei.tk/git/rastercarve/tree/src/rastercarve.py?id=c2de4a3258c3e37d4b49a41d786eef936262f137#n118) (below), +[`engraveLine`](https://fwei.tk/git/rastercarve/tree/src/rastercarve.py?id=c2de4a3258c3e37d4b49a41d786eef936262f137#n118) (below), which outputs the G-code to engrave one "groove" across the image. It takes in a initial position vector on the border of the image, and a direction vector telling it which way to cut. @@ -111,8 +117,9 @@ christened the program [*RasterCarve*](https://github.com/built1n/rastercarve). The G-code that produced the image at the top of this post is -[here](baby-yoda.nc). Xander Luciano has an excellent online -[simulator](https://ncviewer.com) which can preview this toolpath. +[here](baby-yoda.nc). In addition to the ShopBot previewer, Xander +Luciano has an excellent online [simulator](https://ncviewer.com) +which can simulate this toolpath. ## Conclusion diff --git a/posts/single-use-ssh-keys.md b/posts/single-use-ssh-keys.md new file mode 100644 index 0000000..df4445c --- /dev/null +++ b/posts/single-use-ssh-keys.md @@ -0,0 +1,64 @@ +% Single-Use SSH Keys +% +% 23 Aug 2015 + +**NOTE:** This is a "retroposted" article -- I originally created and +wrote this in the summer of 2015, but now (30 Nov 2019) I'm revising +it and merging it into my new blog system. There was some discussion +about this on [Hacker +News](https://news.ycombinator.com/item?id=10105661) at the time. The +concept here is a bit useless now (everyone's got an SSH client on +their phone, right?), but I think it's a neat thing to have, just in +case. + +This article outlines a system of "single-use SSH keys" -- SSH keys +which, when used to log in, automatically delete themselves from the +user's `authorized_keys` file. + +## Motivation + +Say you're stranded without a laptop, but you need to SSH into a +remote box for some urgent maintenance. You could carry a flash drive +around with a long-term SSH key, but would you trust that to a public +computer? + +This issue could be partially resolved with a "disposable" SSH key -- +a key that can only be used to log in once (ideally you'd never have +to do this -- but the world is non-ideal^\[[citation +needed](https://xkcd.com/285/)\]^). The idea is that you'd generate one +or two keys in advance and use them as needed in situations like the +one above. + +## How It Works + +Each key in a user\'s `.ssh/authorized_keys` file can be modified to run +a command when the key is used for authentication. This mechanism can be +(ab)used to delete the key from the list after it is used to log in: + +~~~ {bash} +command="sed -i \"/MYMH_user_DONOTMODIFYTHISCOMMENT_onetime0^/d\" $HOME/.ssh/authorized_keys ; $SHELL" ssh-rsa AAAA.... MYMH_user_DONOTMODIFYTHISCOMMENT_onetime0 +~~~ + +## Threat Model + +This system is far from perfect. It does *not* offer any protection +against the following: + +- Theft of unused, unencrypted keys. +- Injection of commands by an SSH client. + +It *does*, however, protect against a long-term key from being stolen +and being used by an attacker to authenticate later, because a key is +rendered worthless after being used. + +## Script Download + +To automate the process, I\'ve written a simple shell script that +automatically generates and sets up some single-use keys. + +The script can be downloaded from [here](/pub/onetime_ssh.sh).\ + +::: {.fine} +SHA1: 5a68f99d933003dc4aac17134af5186c65d50efa\ +MD5: c1e4b1d03d516711f006d96e974ce9e9 +::: |