michael
/
blog
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

I don't want to be loweercase anymore...

This commit is contained in:
Michael Zhang 2022-02-07 16:41:38 -06:00
parent 79159229a5
commit 26478e2add
17 changed files with 37 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config.toml
View File

@ -1,6 +1,6 @@
baseURL = "http://example.org/"
languageCode = "en-us"
title = "michael's blog"
title = "Michael's Blog"
enableGitInfo = true
[taxonomies]

2
content/_index.md
View File

@ -9,7 +9,7 @@ distributed systems.
[SIFT]: https://www.sift.net/
## contact
## Contact
- Email: `b64d(bWFpbEBtemhhbmcuaW8=)`
- PGP Key: [`925ECC02890D5CDAE26180D4BDA47A31A3C8EE6B`][PGP]

8
content/about/_index.md
View File

@ -1,5 +1,5 @@
+++
title = "about"
title = "About"
weight = 2
[cascade]
@ -27,12 +27,6 @@ I'm also an avid rhythm game player and beatmap creator, mostly involved with
the free-to-play game [osu!][3]. Check out some of my beatmaps on my [osu!
userpage][4].
## contact
- Email: `mail` @ [this domain]
- PGP Key: [`925ECC02890D5CDAE26180D4BDA47A31A3C8EE6B`][10]
- IRC: `mzh` on [libera.chat][5]
[1]: https://keybase.io/michaelz/pgp_keys.asc?fingerprint=925ecc02890d5cdae26180d4bda47a31a3c8ee6b
[2]: https://git.mzhang.io/explore
[3]: https://osu.ppy.sh

2
content/posts/2018-02-01-my-new-life-stack.md
View File

@ -1,5 +1,5 @@
+++
title = "my new life stack"
title = "My new life stack"
date = 2018-02-01
tags = ["arch", "linux", "setup", "computers"]
+++

2
content/posts/2018-02-25-cleaning-up-your-shell.md
View File

@ -1,5 +1,5 @@
+++
title = "cleaning up your shell"
title = "Cleaning up your shell"
date = 2018-02-25
tags = ["computers", "linux", "terminal"]
languages = ["bash"]

2
content/posts/2018-04-23-fixing-tmux-colors.md
View File

@ -1,5 +1,5 @@
+++
title = "fixing tmux colors"
title = "Fixing tmux colors"
date = 2018-04-23
tags = ["computers"]
+++

12
content/posts/2018-05-28-web-apps.md
View File

@ -1,5 +1,5 @@
+++
title = "web apps"
title = "Web apps"
date = 2018-05-28
tags = ["computers", "web", "things-that-are-bad"]
languages = ["javascript"]
@ -7,7 +7,7 @@ languages = ["javascript"]
The other day, I just turned off JavaScript from my browser. <!--more--> "fucking neckbeard", "you'll turn it back in 2 weeks", "living without JavaScript is like living without electricity" were some of the responses I got. And they might be right. But let's see why things are the way they are and what we can do about it.
## what is the purpose of the web?
## What is the purpose of the web?
Well, the answer's pretty obvious, right? So you can surf it. But what does that even mean anymore? In the past, surfing the web meant viewing websites. You'd open something like your favorite news website, and it'd show you some of the latest updates. Or maybe you'd open the website for some company to find out their telephone so you can contact them. In other words, it was a channel from which you could receive information.
@ -15,7 +15,7 @@ If you wanted to do anything more complicated or that required more interaction,
Things aren't that way anymore. For some reason, the web browser has become the all-in-one client for every service. Instead of simply acting as a HTTP client, your browser is now also capable of running full-blown 3D games, chat rooms, real-time word processors, and [full x86 emulators, apparently](http://copy.sh/v86/). What the hell happened?
## spoiler alert: javascript happened
## Spoiler alert: Javascript happened
JavaScript happened. That little _scripting_ language invented to, you know, make some hover animation on your page or have dropdowns on your menu bar. Thanks to the introduction of JavaScript (and jQuery especially), developers stopped viewing webpages as Word documents that you can share, and more like canvases. Hover animations are cute and dropdowns are useful. Sure. But when this _scripting_ language starts turning into a _systems_ language (for lack of a better term), you have a problem. When's the last time you used Perl to write an operating system?
@ -25,7 +25,7 @@ On top of that, look at these huge frameworks that almost every company is hirin
Look at Facebook's home page. Just from regular use, that webpage itself can use over 4 gigabytes of RAM. It makes large amounts of network calls for data that's all just being stored in memory. And everyone who opens the Facebook website (for the first time) must download _all_ of that JavaScript. The website has its own tabs (within the page, yes) for chat windows, games, advertisements, embedded video players, and much more I probably didn't even know about. Why are we running full-blown apps in our browser?
## ok but what can i do
## Ok but what can i do
There's a number of things that can be done to turn this state of the web down a different path. Here's some ideas for users:
@ -38,9 +38,9 @@ For developers:
- Consider the impact of every library you include. Can you do without it? What if you just wrote something from scratch instead of importing a full framework to do it?
- Write more non-JavaScript software/libraries. Developers have only turned towards sticking JavaScript everywhere because it's easy to use, and libraries are readily available through npm.
## ok but what can you do
## Ok but what can you do
I'm helping with a project called flubber, which originated as an IRC bouncer, but is slowly turning into a general messaging protocol. All-in-one messengers exist (and a particular one exists by that name exactly), but they all work by opening a browser view and just loading the page within it, so it's no different from just opening tabs in a browser. Flubber will communicate with these services through APIs, and then expose a uniform interface to clients which makes it easy to bring all into a single view. Check out my progress [here](https://github.com/iptq/flubber). Other than that, I'm also working on making my websites as light as possible in general, including this one (which, by the way, has 0 JavaScript content).
I'm helping with a project called flubber, which originated as an IRC bouncer, but is slowly turning into a general messaging protocol. All-in-one messengers exist (and a particular one exists by that name exactly), but they all work by opening a browser view and just loading the page within it, so it's no different from just opening tabs in a browser. Flubber will communicate with these services through APIs, and then expose a uniform interface to clients which makes it easy to bring all into a single view. Check out my progress [here](https://github.com/iptq/flubber). Other than that, I'm also working on making my websites as light as possible in general, including this one which has no required Javascript (some pages use Katex for displaying math elements but are still readable without).
And of course, I've disabled JavaScript in my browser.

10
content/posts/2018-10-26-twenty-years-of-rsa-attacks.md
View File

@ -1,5 +1,5 @@
+++
title = "twenty years of attacks on rsa with examples"
title = "Twenty years of attacks on rsa with examples"
date = 2018-10-26
toc = true
tags = ["ctf", "crypto"]
@ -16,7 +16,7 @@ paper, but using examples with numbers in them. <!--more-->
That being said, I _am_ going to skip over the primer of how the RSA
cryptosystem works, since there's already a great number of resources on that.
## factoring large integers
## Factoring large integers
Obviously this is a pretty bruteforce-ish way to crack the cryptosystem, and
probably won't work in time for you to see the result, but can still be
@ -56,12 +56,12 @@ original message! (you can find the modular inverse function I used [here][3])
And that's it! Now let's look at some more sophisticated attacks...
## elementary attacks
## Elementary attacks
These attacks are related to the _misuse_ of the RSA system. (if you can't tell,
I'm mirroring the document structure of the original paper)
### common modulus
### Common modulus
My cryptography professor gave this example as well. Suppose there was a setup
in which the modulus was reused, maybe for convenience (although I suppose with
@ -165,7 +165,7 @@ True
We've successfully recovered $p$ and $q$ from just $N$, $e$, and $d$!
### blinding
### Blinding
This attack is actually about RSA _signatures_ (which uses the opposite keys as
encryption: private for signing and public for verifying), and shows how you can

10
content/posts/2019-02-01-magic-forms-with-proc-macros.md
View File

@ -1,5 +1,5 @@
+++
title = "magic forms with proc macros: ideas"
title = "Magic forms with proc macros: Ideas"
date = 2019-02-01
tags = ["computers", "web"]
languages = ["rust"]
@ -22,7 +22,7 @@ It occurred to me that this feature can also be useful for generating code for r
In this post I'm going to outline some of the ideas I have for a wtforms-ish library for handling forms in Rust.
## code generation
## Code generation
Ideally, we should be able to use this library like this:
@ -65,7 +65,7 @@ This should generate the following HTML:
I realize this is probably not very flexible, since you'd really only be able to use this form in a specific context. But in reality, how much do you really lose by redefining that form?
## validation
## Validation
You've already seen the `validators` attribute used above. This defines a set of validators that we'd like to verify the form against. Suppose you receive an instance of the form that looks like (in pseudo-y Rust):
@ -79,11 +79,11 @@ let instance = RegisterForm {
then calling something like `instance.verify()` should run all those validators we've defined on the fields and return a list of errors that go along with each of the fields. For this instance, for example, we should at least get an error that states that the password provided was way too short.
## other interesting features
## Other interesting features
- If a form fails during validation, the user is presented with the errors and a chance to retry the form. At this point, the HTML generated should fill in the values for the fields that passed the validation so the user doesn't have to fill it out again. You see this behavior on web forms sometimes.
## conclusion
## Conclusion
This project is a work in progress! You can see how far I am [on Github](https://github.com/iptq/wtforms).

2
content/posts/2019-03-04-server-analogy.md
View File

@ -1,5 +1,5 @@
+++
title = "accept server analogy"
title = "Accept server analogy"
date = 2019-03-04
tags = ["computers"]
+++

2
content/posts/2020-04-01-password-managers.md
View File

@ -1,5 +1,5 @@
+++
title = "password managers"
title = "Password managers"
date = 2020-04-01
tags = ["computers", "things-that-are-good", "privacy"]
+++

2
content/posts/2021-06-17-tracking-links.md
View File

@ -1,5 +1,5 @@
+++
title = "email tracking links"
title = "Tracking links in email"
date = 2021-06-17
tags = ["email", "computers", "things-that-are-bad", "privacy"]
+++

2
content/posts/2021-07-05-https-request-from-scratch.md
View File

@ -1,5 +1,5 @@
+++
title = "sending https requests from scratch"
title = "Sending https requests from scratch"
date = 2021-07-05
draft = true
toc = true

14
content/posts/2021-10-31-e2e-encryption-useless-without-client-freedom.md
View File

@ -1,5 +1,5 @@
+++
title = "end-to-end encryption is useless without client freedom"
title = "End-to-end encryption is useless without client freedom"
date = 2021-10-31
tags = ["computers", "privacy"]
+++
@ -14,7 +14,7 @@ be absolutely meaningless.<!--more-->
> Otherwise, I'll start the story all the way back to how computers talk to
> each other.
a game of telephone in a noisy room
A game of telephone in a noisy room
---
Computer networks essentially operate like a bunch of people yelling at each
@ -34,7 +34,7 @@ the first place. But in order for the middlemen to pass on the message, they'd
have to hear the message, so now my lunch has become a public gathering known to
everyone who's heard or passed on the message.
encryption saves the day
Encryption saves the day
---
That's where **encryption** comes in. Encryption lets me change the message to
@ -62,7 +62,7 @@ encryption to make sure no one steals my identity while I'm sending it, and
encryption _at rest_ to make sure someone breaking into Google won't be able to
just pull the hard drive out and read the files off it.
two halves don't equal a whole
Two halves don't equal a whole
---
It turns out just putting together these two types of encryption isn't enough.
@ -92,7 +92,7 @@ then decrypts it offline. [Signal][signal] famously provides end-to-end
encrypted chat, so that no one, not even the government[^1], will be able to
read the messages you send if they're not the intended recipient.
it's still not enough {#not-enough}
It's still not enough {#not-enough}
---
End-to-end encryption seems like it should be the end of the story, but if
@ -141,7 +141,7 @@ run services is insufficient, it's safe to say that trusting companies to make
client software that act in the interest of their users is just as useless as
trusting companies to make services that act in the interest of their users.
what can i do?
What can i do?
---
Although inconvenient, trusting different vendors for different pieces of this
@ -171,7 +171,7 @@ multiple apps and servers, and servers can federate with each other using an
open protocol. I would strongly recommend people who are interested in privacy
to consider it.
conclusion
Conclusion
---
Why care? This might just seem to be some superficial political concern by

2
content/posts/_index.md
View File

@ -1,5 +1,5 @@
+++
title = "home"
title = "Blog"
weight = 1
[cascade]

2
content/projects/_index.md
View File

@ -1,5 +1,5 @@
+++
title = "projects"
title = "Projects"
type = "projects"
layout = "single"
+++

4
layouts/home.html
View File

@ -2,11 +2,11 @@
<div id="homepageContainer">
<div id="homepage">
<h1 id="title">michael zhang</h1>
<h1 id="title">Michael Zhang</h1>
<div id="about">{{ .Content }}</div>
<h2 id="blog-posts-title"><a href="/posts">recent blog posts &raquo;</a></h2>
<h2 id="blog-posts-title"><a href="/posts">Recent Blog Posts &raquo;</a></h2>
<ul id="blog-posts">
{{ $posts := where (.GetPage "/posts").Pages "Draft" false }}
{{- range first 3 $posts -}}