Lair Of The Multimedia Guru

The key iam using everyday is really becoming old. OTOH the new key iam using for signing my git commits isnt really good as a general key as it needs to be available on the machiene i work on to sign rebased commits and all that. So its more “my git development box” key than mine.
And i have that cute little ledger that has a gpg plugin. So i thought, thats something i should look into. Yeah, or maybe i shouldnt have done that.
It supports ed25519 and cv25519. So i created one and signing worked, decryption failed with a gpg: public key decryption failed: Card error. So i tried again with default options which generates the encryption key apparently on the host backs it up and uploads. That worked fine, it asked for a password to encrypt the backup, signing worked decryption worked, all was fine, or was it? I had set the ledger to require a button before decryption and it didnt. Hmm, i started to have a odd feeling. I disconnected the ledger and tried again, yes it still decrypted it. Was it caching the key or passphrase ? i killed gpg-agent, it still decrypted it. It took me a moment before i fully believed it but yes there was a unencrypted private key where a stub should have been pointing to the ledger.
More testing showed that the ledger works fine with RSA and NISTP256 keys for decryption and RSA and ED25519 for signing. Though it is not able to generate NISTP256 keys, or at least not when i tried, these need to be copied onto. RSA upto 4096 can be generated on the thing if one has patience. CV25519 seems not to work no matter what i tried even though it seems to be supposed to be supported.
Now, i have setup mine (and the public keys are below if you want to send me something secret) but the whole experience leaves me with afterthoughts about wanting to use this. The way this failed and the thing that the source code sometimes speaks of “ed2559” and sometimes of “ed255519” leaves me with some desire for a different device for storing my key on in the long run. Not that any of this is pointing to any real security issues once one got a working key on it and made sure no plain copies remain.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEY73h4hYJKwYBBAHaRw8BAQdAsSAAq3LxY0Fcw29nsG39GDF4CMgAoDV8Qb27
aHh2obq0MU1pY2hhZWwgTmllZGVybWF5ZXIgPG1pY2hhZWwta2V5MkBuaWVkZXJt
YXllci5jYz6IlgQTFggAPhYhBFwRfsTnHWQ2HRuoQq1G6+FU56XXBQJjveHiAhsD
BQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEK1G6+FU56XXPyoBAJTK
YelgVZBdkSK0zo4IYqyXR+dUJMjT8SlXvAxsbHVwAP97VsXCcXWxH6oPR/LKGJgA
PDO+X5iy6pDFO6eQNmzgA4hdBBMRCAAdFiEEn/ISixR+9nMLrfEzYR7HhwQLD6sF
AmO96VUACgkQYR7HhwQLD6uDZQCfTc2K/GL0A6wi5BIGuQMM5iYMX2sAnAvxsZfA
bUjviZzbdsuCplgQduG7uFYEY73h4hIIKoZIzj0DAQcCAwS96wJJL1mSdwT94Atc
c2Q0r1O4vIkEIqnGDLGXGu3egxWzStCjojpCg+ELEDjU2rxtu51GzYLQUTazEzWU
Ql+IAwEIB4h4BBgWCAAgFiEEXBF+xOcdZDYdG6hCrUbr4VTnpdcFAmO94eICGwwA
CgkQrUbr4VTnpdflbQD+KCouQqLQ6Gl9bNrPZfXf8055b6qVtfzsQzQF+LOeo4EB
AK+6cxLVHB2jcYyvlIv73R8JWvNHcxE/3mDEYKiP3D0J
=IkKl
-----END PGP PUBLIC KEY BLOCK-----

I was playing around with a VM remotely. Without much thinking i setup a VPN and hit enter after the connect command.
It worked fine, or rather i suspect it did because it blocked the connection to the router through which i accessed it.

Now I could have gotten in the car and driven over to the thing or just ignored it as it had no real use anyway. But it turns out it was too hard for me to just ignore it. That had to be fixable remotely.
I would have expected virtualbox to have some sort of serial console or something like that. And iam sure it has a host of ways to recover this nicer but what i found first and that worked was this:

vboxmanage  controlvm (name) screenshotpng this.png ; ffplay this.png
vboxmanage  controlvm (name) keyboardputstring "foobar"
vboxmanage  controlvm (name) keyboardputscancode 12 34 56

With these we can look at the screen and we can enter things, thats more than enough to recover it. One thing to keep in mind is that the keyboardputstring commend seems to assume a us keyboard layout.
The 2nd thing to keep in mind if you use this for a similar case, you want to make sure you do not put any passwords into any shell history files. At least not without realizing it and changing the password then

Why Crypto?

With the IPFS support in FFmpeg and the discussions surrounding it. Several people stated their dislike for crypto, for NFTs and stated how its harmful and full of scams.
I disagree, Or rather I think people are seeing the “What” today but are missing the “Why” tomorrow.

Why Crypto?!

For me what i see in crypto is giving power over assets back to the people.
Today, everything is a fight of government vs people. Free speech vs censorship. Privacy vs logging and spying. Self defense vs. outlawing tools to defend oneself. And in the future with advances in gene editing control over ones own body will increasingly also get added. But back today and also with money the people are slowly loosing control to the government. Cash is slowly replaced by fully controllable and logable transactions, money printing and taxes are generally fully controlled by the government already. What you can invest in as a “non accredited” investor also is tightly controlled.
Lets look at money printing alone. That on average causes a 50% loss of value in stable currencies like the USD or EUR every 20 years. That means money literally has a half life time of 20 years in stable western economies. And that doesn’t even account for the recent money printing activities of the last years. You may have noticed inflation recently maybe ? Thats the result not of a war its simply because of all the extra money that was created.
Now with crypto, the government has no control over the inflation anymore. Bitcoin might be worth a lot or a little but is not decaying like USD does. And gold even gold inflates as new gold is mined.
And while with cash, any money you own you can give anyone you choose, as cash disappears and is replaced by government controled digital forms of the USD. You also will loose the ability to do with it what you want. OTOH with crypto you can send it to any wallet. And you can set nearly arbitrary rules with smart contracts. It simply returns the power over wealth and assets back into the peoples hands.

Will it go up

I dont know and I don’t really care. Most of the crypto i have originated from payment for a little FFmpeg work very long ago, ive exchanged some of this in other coins and other crypto stuff but i never took it out of crypto and i have no intend to ever.

NFTs?

Theres 2 things about NFTs, the NOW and the Future
NOW, NFTs are used as a way to raise money, many of the bigger projects are shady. Its expected, the more a project promises the more people want it but also the more its all a lie. I would not be surprised if many of these will go to practically 0 value. Then there are the NFTs from honest people who want to start a business and try to use it for getting initial capital some of these pass 100% of the decisions what to do with the collected money to votes by the NFT holders. There are also art and collectible NFTs and a big overlap between all this. I don’t know what will become of all this. The idea to raise money and then have the investors be 100% in control of the business sounds not fundamentally bad to me. Will this survive regulation? I do not know …
And then theres the FUTURE. NFTs can represent anything, a specific car, a specific house, a specific contract you have with an insurance.
In such a world one could sell, buy, exchange and rent houses, cars, contracts in a 100% secure, 100% undisputed and very simple way. Using the “blockchain” to represent all real world assets is an intriguing future, it has interesting potential. I don’t know if that is something that will ever happen but it surely would be a revolution for alot of things.

For a long time i used cheap wired logitech or microsoft mice and that was ok-ish. But from time to time one needs to buy a new mouse for a new computer, because the old is so dirty its disgusting or the really rare that it stopped working 100% reliable. So for some forgotten reason i bought a new one and my mistake here is that i trusted the amazon ratings (never do that). So i got a “noname == tecknet” mouse, it was cheap had more buttons than the cheap logitech one. It even was the “Amazon choice” for wired mouse. How it got that rating, i can not comprehend. The problem with this mouse is it simply does not work reliable. You turn the scroll wheel one way and it sometimes registers that and sometimes registers the opposite direction.
So as that thing was just annoying, i picked a new mouse again and using my brain slightly more this time, i concluded that any gaming mouse must be reliable as gamers dont like loosing from lost or misread buttons. So i choose based on specs and price a corsair gaming katar pro xt. Nice mouse nice hardware. linux support well, kind of. It works fine out of the box if you like your computer looking like a Christmas tree.

Switching off that LED

My first thought was of course that there must be a tool on linux to turn this off. I failed to find it though.
So the next was screwdriver / soldering iron but that was really not feeling right.
So i spend several hours implementing enough support in ckb_next to adjust the LED for this mouse. This would have been quite trivial with a windows box running the official driver and listening to it but i didnt had a windows machine, so randomly reading and writing things to the mouse was the way to go. This was especially fun as the mouse remembers its settings when disconnected. So if you successfully set something you have an incentive to undo that if you want it working as before. I didnt destroy the mouse no, basically blindfolded stabbing it with random writes allowed me to identify a few more fields of what seems called the bragi protocol. So the protocol header now lists the fields for the hardware DPI values for the 3 modes and also the corresponding colors. the mask of enabled DPI modes, a DPI index (which the hardware does not seem to bound check at least not the way id expect). And the LED brightness for both software and hardware modes. I very interestingly did not find how the LED color itself is set or how the hardware mode animation is controlled. So there are unknown things left to be found. But for my purpose what i wanted (turing the LED off) i found all i wanted.
Code is here, pull request is also send, so it may or may not end in the official ckb-next

Since 15th march, everyone in austria can get 5 free rapid antigen selftests per month. When i first heared of the free self tests i thought, “i wish these where available half a year ago and shiped to everyone, one for every day, that would have safed lives”. One per week is better than nothing of course also now after the vaccines are increasingly available its a bit late.
I dont know if all austriawide are the same but the ones we got are simple lateral flow tests made by JOYSBIO (Tianjin) Biotechnology Co.,Ltd.
They came with 3 leaflets explaining not just how to do the test but also provide details about the tests performance.

Just today on youtube i again heard people talk about how crypto currencies are special as some are not inflationary while everything else fiat (printing), equity (dilution) and precious metals (mining) are inflationary. That is, all loose value over time.
But this is in some sense, not actually true.
Bitcoins require a blockchain to be maintained and the key requirement for that is that any adversary can never have 51% of the computational power. That requires a continuous “payment” of computational resources / energy. Which ultimately has the same effect as payment though someone printing/diluting/mining. If the blockchain is not maintained with enough computational power then at some point it becomes economic for an attacker to do double spend attacks by modifying the blockchain.
Iam sure iam not the first realizing this. But bitcoins kind of suck due to their vast computational blockchain maintaince requirements which also end up increasing co2 emissions or waste energy if it used renewables. Id wish we had some crypto that didnt had this energy problem and properly maintained privacy, it would be cool in a world where governments try to always increase their power over citizens and what they own.
PS: No, this is not supposed to be a prediction of what the bitcoin value will do in the coming years, it could go up alot or down by alot i have no clue.

Why would one want to do that? Because its a very simple project that doesnt really need a full configure script.
This is from the FFV1 build which builds the related RFC (draft) documents.

The tools versions are checked before a target that uses them, the tests are done just once and not again until you run make clean. It will put a file ending in version-ok for each tool in the build directory to keep track of what has been checked. These are cleared on a make clean.

Heres the full Makefile with the version checks showing how we ended up doing it. So far it seems working on everyones machiene who wanted to work on the ffv1 docs. Note, none of the authors of this Makefile is a Makefile expert, it certainly can be improved. I am just posting this as it might be a useful inspiration/ starting point to others who dont want a full configure in a small project.

PS: if someone has suggestions for improvements, pull requests are welcome in ffmpeg/ffv1

VERSION := 17
STATUS := draft-
OUTPUT := $(STATUS)ietf-cellar-ffv1-$(VERSION)

VERSION-v4 := 14
STATUS-v4 := draft-
OUTPUT-v4 := $(STATUS-v4)ietf-cellar-ffv1-v4-$(VERSION-v4)

$(info RFC rendering has been tested with mmark version 2.2.8, xml2rfc 2.32.0, xmlstarlet 1.6.1, pandoc 1.19.2.1, pdfcrop v1.38, and pdf2svg 0.2.3, please ensure these are installed and recent enough.)

all: $(OUTPUT).html $(OUTPUT).txt $(OUTPUT).xml $(OUTPUT-v4).html $(OUTPUT-v4).txt $(OUTPUT-v4).xml

$(OUTPUT).md: ffv1.md 
        cat rfc_frontmatter.md "$<" rfc_backmatter.md | grep -v "^AART:" | grep -v "^SVGC" | grep -v "{V4}" | sed "s|^AART:||g;s|{V3}||g;s|SVGI:||g;s|@BUILD_DATE@|$(shell date +'%F')|" > $(OUTPUT).md

$(OUTPUT-v4).md: ffv1.md 
        cat rfc_frontmatter.md "$<" rfc_backmatter.md | grep -v "^AART:" | grep -v "^SVGC" | grep -v "{V3}" | sed "s|^AART:||g;s|{V4}||g;s|SVGI:||g;s|@BUILD_DATE@|$(shell date +'%F')|" > $(OUTPUT-v4).md

%.xml: %.md mmark.version-ok xmlstarlet.version-ok pdfcrop.version-ok
        bash makesvg
        mmark "$<" | sed 's||undated|g' > "$@"
        xmlstarlet edit --inplace --insert "/rfc" --type attr -name sortRefs -v "true" "$@"
        bash svg2src "$@"

%.html: %.xml xml2rfc.version-ok
        xml2rfc --html --v3 "$<" -o "$@"

%.txt: %.xml xml2rfc.version-ok
        xml2rfc --v3 "$<" -o "$@"

clean:
        rm -f ffv1.pdf ffv1-v4.pdf ffv1.html ffv1-v4.html draft-ietf-cellar-ffv1-* merged_* mmark.version-ok xml2rfc.version-ok xmlstarlet.version-ok pdfcrop.version-ok

mmark.version-ok:
        test ` mmark --version | sed 's/\.\([0-9][0-9]\)/\1/g;s/\./0/g' `0 -ge 202080 && touch mmark.version-ok || (echo mmark version 2.2.8 or later is required && exit 1)

xml2rfc.version-ok:
        test ` xml2rfc --version | sed 's/.* //g;s/\.\([0-9][0-9]\)/\1/g;s/\./0/g' `0 -ge 232000 && touch xml2rfc.version-ok || (echo xml2rfc version 2.32.0 or later is required && exit 1)

xmlstarlet.version-ok:
        test ` xmlstarlet --version | head -1 | sed 's/\.\([0-9][0-9]\)/\1/g;s/\./0/g' `0 -ge 106010 && touch xmlstarlet.version-ok || (echo xmlstarlet version 1.6.1 or later is required && exit 1)

pdfcrop.version-ok:
        test ` pdfcrop --version | sed 's/.* v//;s/\.\([0-9][0-9]\)/\1/g;s/\./0/g' `0 -ge 1380 && touch pdfcrop.version-ok || (echo pdfcrop version 1.38 or later is required && exit 1)

A few days ago i wanted to print a page, nothing special here thats a common thing. But this time was different, my Samsung CLP-365 color laser printer did not print, its main LED red, the 4 toner leds all the same and lighting. On the linux side no error message or anything. Paper was in it, no paper stuck anywhere, power cycling did not help. None of the button combinations i could find that where intended to print debug information did print anything. Searching the wide net lead to a service manual and the tip to look at the display which my printer did not had and some windows software which required a windows machine. A youtube video pointed to the waste toner container but that was not the reason for the failure though it was messy.
What finally helped was connecting the printer to a mac, its printer drivers finally provided a useful error message, namely that the yellow toner cartridge was incompatible. It of course was not a original samsung one because the originals cost as much as a new printer. The other 3 cartridges where still the originals, the yellow one was bought from amazon a bit less than a year ago and it worked fine for a few months. (and this seemed not related to a firmware update)
The final confirmation that this was the issue came today as i received a replacement yellow toner cartridge again non original of course. And putting that in the printer, it came back to life, for now at least.
Iam not sure what i should think about this, but this is uncool. First samsung WTF, why if theres a fatal issue with a toner cartridge why do the LEDs for the toners all light up equally that gives 0 hope to one finding the issue. And iam not commenting about the whole toner original vs compatibility thing except id like the CEOs of all th e printer manufacteurs that make it hard to produce compatible toner cartridges to cleanup all the avoidable waste this creates. Go with a row boat please to the Great Pacific Garbage Patch and pick your incompatible toners and still good but misdiagnosed printers out and recycle them properly.

Thanks

1. install a new xubuntu 20.04, move your stuff to it.
2. Now you realize the taskbar is a lot crappier than years ago, its extra slow. And going over all GUI accessible options and messing with them does not help. But google will eventually lead you to a .config/gtk-3.0/gtk.css and XfcePanelWindow-popup-delay amongth others. So you copy and paste the example and change the popup delay to 0 or 1 millisecond. Who on earth would intentionally want a GUI to react with delay ?
3. Now the panel appears quicker but it still doesnt disappear. Theres a autohide feature with 3 settings none really work and 2 opacity sliders, if one sets autohide to always and “leave” opacity to 0 it disappears quickly.
4. After about 10 minutes of attempted use the panel drives you nuts by behaving in a hard to describe manner, it sometimes appears when you move the mouse to the edge (as it should) sometimes when the mouse just gets close (which is fun when there is something in that area other than the panel you want to click on) but is still far away from the edge. Again going over all GUI options and all text file options known, you find XfcePanelWindow-autohide-size but it doesnt make things better. And then suddenly you realize what is happening. You set opacity to 0%, so you change that to make it vissible, and here you realize the panel auto hides with a random delay (which you didnt see as it was quickly switching to transparent).
5. Finally? you change XfcePanelWindow-popdown-delay to 0 and think all is well but after another 5min of attempted use you realize the panel is still alot slower than it was years ago and on slower hardware, its also eating alot of CPU.
6. Setting all opacities to 100% and making sure no fancy effects are turned on (no none where on). Finally the panel is ok and you cant tell anymore if its as it was previously. Sure you could write code that renders that panel many thousands of times before it appears but you didnt write it and also dont have the time ATM and whoever wrote it had different priorities apparently … But you make a note on your todo “try/test window managers” but then again xfce works well enough so maybe you wont …

I bought some rather cheap bluetooth headphones, for listening to the news while doing other work (so sound quality doesnt matter). My normal headphones are with wires for security.
Did not try the headphones yet but in the package there was this card:

For a moment i considered to follow the instructions and after i get some 10 € (or not) edit my review to a accurate score and report them to amazon. But realizing that this card is not personalized at all not to a customer, not a product, not an order nor a seller. Also as the product was shipped by amazon the seller likely doesnt know who got a card and who doesnt of their customers. Maybe anyone has written a 5 star review and wants to try to get 10€ ;)