aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFranklin Wei <franklin@rockbox.org>2019-11-30 22:31:25 -0500
committerFranklin Wei <franklin@rockbox.org>2019-11-30 22:31:25 -0500
commit1f5d57bd9e1e644d969e6ef968d5d735bb86421c (patch)
treef35fa3be2951b622cacdc138c4efa36b348bf1de
parent76e478608dac0149fae6283896083c86952a9984 (diff)
downloadblog-1f5d57bd9e1e644d969e6ef968d5d735bb86421c.zip
blog-1f5d57bd9e1e644d969e6ef968d5d735bb86421c.tar.gz
blog-1f5d57bd9e1e644d969e6ef968d5d735bb86421c.tar.bz2
blog-1f5d57bd9e1e644d969e6ef968d5d735bb86421c.tar.xz
New post. Update things.
-rw-r--r--README.md5
-rwxr-xr-xextract_field.sh2
-rw-r--r--footer.inc2
-rw-r--r--index.csv7
-rw-r--r--posts/adieu-quake.md82
-rw-r--r--posts/index.md7
-rw-r--r--posts/opening-black-boxes.md19
-rw-r--r--posts/single-use-ssh-keys.md64
8 files changed, 139 insertions, 49 deletions
diff --git a/README.md b/README.md
index 01c5886..5058054 100644
--- a/README.md
+++ b/README.md
@@ -19,9 +19,12 @@ Assorted files (such as images) can be placed in `files/`.
Install pandoc.
Run `./build.sh` from the project root. This will produce the compiled
-output in `out`.
+output in `blog-staging`.
### Deployment
Run `./deploy.sh`. It will try to log into my website. This will not
work. Edit it for your own needs.
+
+To deploy to *p*roduction, run `./deploy.sh -p`. Again, this will not
+work unless you have my SSH key.
diff --git a/extract_field.sh b/extract_field.sh
index aab4b6a..030ddaf 100755
--- a/extract_field.sh
+++ b/extract_field.sh
@@ -2,4 +2,4 @@
# Usage: ./extract_field.sh DBNAME KEY FIELDIDX
-awk 'BEGIN { FS = ":" } $1 == "'"$2"'" { print $'"$3"'}' < $1
+awk 'BEGIN { FS = "_" } $1 == "'"$2"'" { print $'"$3"'}' < $1
diff --git a/footer.inc b/footer.inc
index 12c4059..348ba2c 100644
--- a/footer.inc
+++ b/footer.inc
@@ -1,4 +1,4 @@
</div>
<footer>
- <a href="/blog">Blog index</a> | <a href="/">Home</a>
+ <a href="index.html">Blog index</a> | <a href="/">Home</a>
</footer>
diff --git a/index.csv b/index.csv
index 6eef389..91b989e 100644
--- a/index.csv
+++ b/index.csv
@@ -1,3 +1,4 @@
-adieu-quake.md:Adieu, Quake!
-opening-black-boxes.md:Opening Black Boxes
-index.md:Quite Frankly
+adieu-quake.md_Adieu, Quake!
+opening-black-boxes.md_On Opening Black Boxes or: How I Learned to Stop Worrying and Love G-Code
+single-use-ssh-keys.md_Single-Use SSH Keys
+index.md_Quite Frankly
diff --git a/posts/adieu-quake.md b/posts/adieu-quake.md
index c167542..cc7a451 100644
--- a/posts/adieu-quake.md
+++ b/posts/adieu-quake.md
@@ -1,13 +1,18 @@
-# Adieu, Quake!
+% Adieu, Quake!
+%
+% 27 Aug 2019
-[![Quake on Rockbox](http://img.youtube.com/vi/74i8aBOmyos/0.jpg)](http://www.youtube.com/watch?v=74i8aBOmyos)
-
-![](quake.jpg)
+<center>
+<figure>
+[![Quake on Rockbox](https://img.youtube.com/vi/74i8aBOmyos/0.jpg){height=300}](https://www.youtube.com/watch?v=74i8aBOmyos)\ ![Quake on the iPod Classic.](quake.jpg){height=300}
+<figcaption>Quake running on an iPod Classic.</figcaption>
+</figure>
+</center>
**TL;DR** I made Quake run on MP3 players. Read how it happened.
I spent part of this summer playing with two of my favorite things:
-[Rockbox](https://rockbox.org) and id Software's
+[Rockbox](https://www.rockbox.org) and id Software's
[Quake](https://en.wikipedia.org/wiki/Quake_(video_game)). I even got
the chance to combine the two by porting Quake to run *on* Rockbox!
What more could I ask?
@@ -25,7 +30,7 @@ months, so I'm trying to get this brain dump in before the deluge.
## Rockbox
-[Rockbox](https://rockbox.org) is a fun open-source project I spend
+[Rockbox](https://www.rockbox.org) is a fun open-source project I spend
far too much time hacking on. The web page explains it best: "Rockbox
is a free replacement firmware for digital music players." That's
right, we provide a complete replacement for the manufacturer's
@@ -37,8 +42,8 @@ we support loadable extensions called *plugins* -- small programs to
run on your MP3 player. Rockbox already has a bunch of nifty games and
demos, the most impressive of which were probably the first-person
shooters [Doom](https://www.rockbox.org/wiki/PluginDoom) and [Duke
-Nukem 3D](https://www.rockbox.org/wiki/PluginDuke3D). But I still felt
-there was something missing.
+Nukem 3D](https://www.rockbox.org/wiki/PluginDuke3D).[^1] But I still
+felt there was something missing.
## Enter Quake
@@ -58,8 +63,9 @@ with CPUs as slow as 11MHz and as little as 2 MB of RAM (of course,
Quake wasn't going to be running on *those* devices). With this in
mind, I looked at my ever-shrinking DAP collection and picked out the
most powerful surviving member: an Apple iPod Classic/6G, with a 216
-MHz ARMv5E and 64 MB of DRAM. Nothing to sneeze at, but certainly
-marginal when it comes to running Quake.
+MHz ARMv5E and 64 MB of DRAM (the *E* indicates the presence of ARM
+DSP extensions -- this will be important later). Nothing to sneeze at,
+but certainly marginal when it comes to running Quake.
## The Port
@@ -84,10 +90,10 @@ avail -- the bug was too hard for me, or so it felt.
And so it remained, for years. I should probably give a little timing
information at this point. This first attempt at Quake took place in
-September 2017, after which I gave up. My Quake-Rockbox abomination
-sat on a shelf, collecting dust, until July 2019. By just the right
-combination of boredom and motivation, I resolved to finish what I had
-started.
+September 2017, after which I gave up, and my Quake-Rockbox
+abomination sat on a shelf, collecting dust, until July 2019. By just
+the right combination of boredom and motivation, I resolved to finish
+what I had started.
I got to debugging. Now, my flow state is such that I remember
virtually no details of what exactly I did, but I'll try my best here
@@ -119,7 +125,7 @@ gotten Quake to boot on an MP3 player!
## Down the Rabbit Hole
This project finally gave me an excuse to do something I'd been
-putting off for a while: learn ARM assembly language.[^1]
+putting off for a while: learn ARM assembly language.[^2]
The application was in a performance-sensitive sound mixing loop in
`snd_mix.c` (remember the lawnmower-like sound?).
@@ -178,14 +184,15 @@ SND_PaintChannelFrom8:
~~~
There's some hackery going on here that could use some explaining. I'm
-using the ARM `qadd` DSP instruction to get saturation addition for
-cheap^[1](#asm-listing-25)^, but `qadd` only works with 32-bit words, and the sound samples
-are 16 bits. The hack, then, is to first shift the samples left by 16
-bits; `qadd` the samples together; and then shift them back. This
-accomplishes in one instruction what GCC took seven to do. (Sure, I
-could've avoided this hack altogether if I were working with ARMv6,
-which has MMX-esque packed saturation arithmetic with `qadd16`, but
-alas -- life isn't so easy. And besides, it was a cool hack!)
+using the ARM `qadd` DSP instruction to get saturation addition [for
+cheap](#asm-listing-25), but `qadd` only works with 32-bit words, and
+the sound samples are 16 bits. The hack, then, is to first shift the
+samples left by 16 bits; `qadd` the samples together; and then shift
+them back. This accomplishes in one instruction what GCC took seven to
+do. (Sure, I could've avoided this hack altogether if I were working
+with ARMv6, which has MMX-esque packed saturation arithmetic with
+`qadd16`, but alas -- life isn't so easy. And besides, it was a cool
+hack!)
Notice also that I'm reading and writing two stereo samples at a time
(with a word-sized `ldr` and `str`) to save a couple more cycles.
@@ -225,7 +232,7 @@ will lead to an integer wraparound to `0xFFFFFFFF` and an extremely
long delay (which will eventually resolve itself).
This corner case was triggered by one sound in particular, of 7325
-samples in length.[^2] What's so special about 7325, you ask? Try taking it
+samples in length.[^3] What's so special about 7325, you ask? Try taking it
modulo any power of two:
$$
@@ -259,10 +266,11 @@ isn't it?
## Adieu
In the end I ended up packaging this port up as a
-[patch](http://gerrit.rockbox.org/r/#/c/1832/) and merging it into the
+[patch](http://gerrit.rockbox.org/r/1832/) and merging it into the
Rockbox mainline, where it resides today. It ships with builds for
most of the ARM targets with color displays in Rockbox 3.15 and
-later.[^3]
+later.[^4] If you don't have a supported target, you can
+[watch](https://www.youtube.com/watch?v=74i8aBOmyos) user890104's demo.
I've omitted a couple interesting things here for the sake of
space. There is, for example, the race condition that occured only
@@ -277,19 +285,23 @@ now, it is time to say goodbye to Quake -- it's been good to me.
So long, and thanks for all the fish!
-[^1]: If you're interested in learning ARM assembly, Tonc's
-[*Whirlwind Tour of ARM
-Assembly*](http://www.coranac.com/tonc/text/asm.htm) is a good (albeit
-slightly outdated and GBA-oriented) place to start. And while you're
-at it, go ahead and get a printout of the [ARM Quick Reference
-Card](http://infocenter.arm.com/help/topic/com.arm.doc.qrc0001l/QRC0001_UAL.pdf).
+[^1]: The latter game was the first to use the Rockbox SDL runtime and
+deserves a post of its own. Watch user890104's demo of it
+[here](https://www.youtube.com/watch?v=aEkBJ-fHxhA).
+
+[^2]: If you're interested in learning ARM assembly, Jasper Vijn's
+[*Tonc: Whirlwind Tour of ARM
+Assembly*](https://www.coranac.com/tonc/text/asm.htm) is a good
+(albeit slightly outdated and GBA-oriented) place to start. And while
+you're at it, go ahead and get a printout of the [ARM Quick Reference
+Card](https://infocenter.arm.com/help/topic/com.arm.doc.qrc0001l/QRC0001_UAL.pdf).
-[^2]: It was the sound triggered by a [100 health
+[^3]: It was the sound triggered by a [100 health
pickup](r_item2.wav), incidentally.
-[^3]: I honestly don't remember exactly which targets do and don't
+[^4]: I honestly don't remember exactly which targets do and don't
support Quake. If you're curious, head over to the [Rockbox
-site](http://rockbox.org) and try installing a build for whatever
+site](https://rockbox.org) and try installing a build for whatever
target(s) you might have. And do [let me know](mailto:me@fwei.tk) how
it runs! New versions of [Rockbox
Utility](https://www.rockbox.org/wiki/RockboxUtility) (1.4.1 and
diff --git a/posts/index.md b/posts/index.md
index 46fcfc9..3a2a3e2 100644
--- a/posts/index.md
+++ b/posts/index.md
@@ -1,10 +1,13 @@
-# Quite Frankly
+% Quite Frankly
+% Franklin Wei
+%
This is my humble blog. Welcome.
- [On Opening Black Boxes or: How I Learned to Stop Worrying and Love G-Code](opening-black-boxes.html) (28 Nov 2019)
- [Adieu, Quake!](adieu-quake.html) (27 Aug 2019)
+- [Single-Use SSH Keys](single-use-ssh-keys.html) (23 Aug 2015)
Contact: <me@fwei.tk>
-The blog is [open-source](https://fwei.tk/git/blog)!
+This blog is [open-source](https://fwei.tk/git/blog)!
diff --git a/posts/opening-black-boxes.md b/posts/opening-black-boxes.md
index b944166..b246c91 100644
--- a/posts/opening-black-boxes.md
+++ b/posts/opening-black-boxes.md
@@ -1,6 +1,8 @@
-# On Opening Black Boxes or: How I Learned to Stop Worrying and Love G-Code {#top}
+% On Opening Black Boxes or: How I Learned to Stop Worrying and Love G-Code
+%
+% 28 Nov 2019
-![Baby Yoda, engraved. ([G-code](baby-yoda.nc))](baby-yoda.png)
+![Baby Yoda, engraved. ([G-code](baby-yoda.nc))](baby-yoda.png){width=100%}
**TL;DR** PhotoVCarve should not cost $149. I made [my own](https://github.com/built1n/rastercarve).
@@ -22,7 +24,11 @@ besides, just see for yourself in the video below: all PhotoVCarve
does is take an image and draw a bunch of grooves over it -- *nothing
that couldn't be done in a couple lines of Python,* I thought.
-[![PhotoVCarve - Engraving Photographs](http://img.youtube.com/vi/krFyBxYwWW8/0.jpg)](https://www.youtube.com/watch?v=krFyBxYwWW8)
+<center>
+
+[![PhotoVCarve - Engraving Photographs](https://img.youtube.com/vi/krFyBxYwWW8/0.jpg){width=60%}](https://www.youtube.com/watch?v=krFyBxYwWW8)
+
+</center>
## G-Code
@@ -61,7 +67,7 @@ Python made things *so* much easier than C (or God forbid -- [ARM
assembly](adieu-quake.html#asm-listing)).
The heart of my program is a function,
-[`engraveLine`](http://fwei.tk/git/rastercarve/tree/src/rastercarve.py?id=c2de4a3258c3e37d4b49a41d786eef936262f137#n118) (below),
+[`engraveLine`](https://fwei.tk/git/rastercarve/tree/src/rastercarve.py?id=c2de4a3258c3e37d4b49a41d786eef936262f137#n118) (below),
which outputs the G-code to engrave one "groove" across the image. It
takes in a initial position vector on the border of the image, and a
direction vector telling it which way to cut.
@@ -111,8 +117,9 @@ christened the program
[*RasterCarve*](https://github.com/built1n/rastercarve).
The G-code that produced the image at the top of this post is
-[here](baby-yoda.nc). Xander Luciano has an excellent online
-[simulator](https://ncviewer.com) which can preview this toolpath.
+[here](baby-yoda.nc). In addition to the ShopBot previewer, Xander
+Luciano has an excellent online [simulator](https://ncviewer.com)
+which can simulate this toolpath.
## Conclusion
diff --git a/posts/single-use-ssh-keys.md b/posts/single-use-ssh-keys.md
new file mode 100644
index 0000000..df4445c
--- /dev/null
+++ b/posts/single-use-ssh-keys.md
@@ -0,0 +1,64 @@
+% Single-Use SSH Keys
+%
+% 23 Aug 2015
+
+**NOTE:** This is a "retroposted" article -- I originally created and
+wrote this in the summer of 2015, but now (30 Nov 2019) I'm revising
+it and merging it into my new blog system. There was some discussion
+about this on [Hacker
+News](https://news.ycombinator.com/item?id=10105661) at the time. The
+concept here is a bit useless now (everyone's got an SSH client on
+their phone, right?), but I think it's a neat thing to have, just in
+case.
+
+This article outlines a system of "single-use SSH keys" -- SSH keys
+which, when used to log in, automatically delete themselves from the
+user's `authorized_keys` file.
+
+## Motivation
+
+Say you're stranded without a laptop, but you need to SSH into a
+remote box for some urgent maintenance. You could carry a flash drive
+around with a long-term SSH key, but would you trust that to a public
+computer?
+
+This issue could be partially resolved with a "disposable" SSH key --
+a key that can only be used to log in once (ideally you'd never have
+to do this -- but the world is non-ideal^\[[citation
+needed](https://xkcd.com/285/)\]^). The idea is that you'd generate one
+or two keys in advance and use them as needed in situations like the
+one above.
+
+## How It Works
+
+Each key in a user\'s `.ssh/authorized_keys` file can be modified to run
+a command when the key is used for authentication. This mechanism can be
+(ab)used to delete the key from the list after it is used to log in:
+
+~~~ {bash}
+command="sed -i \"/MYMH_user_DONOTMODIFYTHISCOMMENT_onetime0^/d\" $HOME/.ssh/authorized_keys ; $SHELL" ssh-rsa AAAA.... MYMH_user_DONOTMODIFYTHISCOMMENT_onetime0
+~~~
+
+## Threat Model
+
+This system is far from perfect. It does *not* offer any protection
+against the following:
+
+- Theft of unused, unencrypted keys.
+- Injection of commands by an SSH client.
+
+It *does*, however, protect against a long-term key from being stolen
+and being used by an attacker to authenticate later, because a key is
+rendered worthless after being used.
+
+## Script Download
+
+To automate the process, I\'ve written a simple shell script that
+automatically generates and sets up some single-use keys.
+
+The script can be downloaded from [here](/pub/onetime_ssh.sh).\
+
+::: {.fine}
+SHA1: 5a68f99d933003dc4aac17134af5186c65d50efa\
+MD5: c1e4b1d03d516711f006d96e974ce9e9
+:::