Skip to content

Category: Computer Science

Paw is nice

Paw is a graphical curl with JSON decoder and a bunch of code generators.

Paw is a nice graphical curl with a JSON decoder and a bunch of code generators. If you want to test or explore a REST API, it’s really helpful.

So let’s autogenerate Grafana Dashboards from config data in a MySQL using Python now.

1 Comment

Hashes in Structures

In Hashes and their uses we have been talking about hash functions in general, and cryptographic hashes in particular. We wanted four things from cryptographic hashes:

  1. The hash should be fast to calculate on a large string of bytes.
  2. The hash is slow to reverse (i.e. only by trying all messages and checking each result).
  3. The hash is slow to find collisions for (i.e. it’s hard to find two input strings that have the same hash value).
  4. The hash does chaotically cascade changes (i.e. a single bit flip in the original message does flip many bits in the hash value).

With these things and general cryptography we can built three very versatile things that see many applications: Digital signatures, eternal logfiles (“blockchains”) and hash trees (“torrents”).


Hashes and their uses

A hash function is a function that maps a large number of arbitrary data types onto a smaller number of contiguous integers.

This simple hash function maps strings of arbitrary length to integers. Some strings are mapped to the same integer: a hash value collision.

The base set here is a number of strings of arbitrary length, which is a theoretically open ended set size. The target is a bounded number of integer values. It is thus inevitable that two strings exist which are mapped to the same target number, a hash value collision.

Hash functions are useful in computer science, and you have been using them in everyday life, or at least seen them:

  • as checksums
  • to quickly assign a position to an arbitrary object
  • or to create object identity from content.
Leave a Comment

Spectre #2 Mitigation – Retpolines

Intel finally published a whitepaper about Spectre #2 Mitigation. The PDF is also featured on Hacker News. It’s a technical whitepaper, but you can see the footprints of lawyers all over the language.

For me, it basically says that, yes, Retpolines are indeed incompatible with Controlflow Enforcement Technology (CET) that Intel was planning for later CPUs (PDF, El Reg article).

CET introduces a shadow stack for return addresses only, and will fail your code into an exception if the normal stack return address and the shadow stack address disagree. Trying to touch and manipulate the shadow stack will also fail into an exception. That is, CET makes touching a return address on the stack toxic by having in effect separate argument and return address stacks, and your code explodes every time you try to do something funny with return addresses.

Which is what Retpolines depend on.

Leave a Comment

Seven Versions of No Backup

When you configure a modern Android, it turns on Backup by Default.

Android 7 or 8, like their predecessors for some time now, offer you to make a backup. The config setup looks somewhat like above, and that’s seems to be quite good. It certainly looks like something you’d want.

Now, it’s 2018, and we all do have multple Android devices on the same account. So if you are using, say, a 5X, and it dies bootlooping, you’d might be tempted to revive an older device for a few days, until the replacement arrives.

Then this happens:


BQ Aquaris X pro

Last weekend my Nexus 5X did the Boot Loop Thing (Article in German, refund only for US customers).

So I needed a new device, quickly. I am certainly not spending 1K Euro on hardware, so I was looking for a Nexus 5X priced device that does not suck.

Harald recommended I am looking at, a spanish company that makes 3D printers, and smartphones, and indeed the X pro delivers. 5X sized, the device can do dual-SIM or SIM+SD, has up to 128 GB memory (I got the 64 GB model), a decent camera and a close to stock Android with a bi-monthly update cycle. Android 7.1.1 with a late 2017 patchlevel in my code. Less than 300 EUR, performs as advertised.

Oh, and the selfie frontside flash is Men-in-Black level weird.



Today I was looking for a way to subscribe to file changes in a directory in MacOS, in order to trigger automatically running commands whenever files change.

Turns out Homebrew has “fswatch”, which tells you when things change, but little else.

Turns out Homebrew has “watchman”, which does all this, and on multiple trees, finds changes across restarts and automatically manages a set of commands for different file endings.

Also turns out that I know the author. Thanks, Wez!

Leave a Comment