upd
This commit is contained in:
parent
796cb7eb08
commit
8c1ee0d40e
15 changed files with 56 additions and 25 deletions
2
Justfile
2
Justfile
|
@ -1,2 +1,2 @@
|
||||||
serve:
|
serve:
|
||||||
hugo serve --buildDrafts
|
hugo serve --bind 0.0.0.0 --buildDrafts
|
||||||
|
|
|
@ -31,6 +31,8 @@ header {
|
||||||
}
|
}
|
||||||
|
|
||||||
footer {
|
footer {
|
||||||
|
margin: auto 12px;
|
||||||
|
|
||||||
margin-top: 24px;
|
margin-top: 24px;
|
||||||
margin-bottom: 40px;
|
margin-bottom: 40px;
|
||||||
text-align: center;
|
text-align: center;
|
||||||
|
@ -69,7 +71,21 @@ blockquote {
|
||||||
}
|
}
|
||||||
|
|
||||||
.postlisting-row td {
|
.postlisting-row td {
|
||||||
padding-bottom: 12px;
|
padding-bottom: 20px;
|
||||||
|
|
||||||
|
.title {
|
||||||
|
font-size: 1.5em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.summary {
|
||||||
|
padding-top: 4px;
|
||||||
|
font-size: 0.8em;
|
||||||
|
color: $smaller-text-color;
|
||||||
|
|
||||||
|
p {
|
||||||
|
display: inline;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#content {
|
#content {
|
||||||
|
|
|
@ -8,7 +8,8 @@ $monofont: "Roboto Mono", "Roboto Mono for Powerline", "Inconsolata", "Consolas"
|
||||||
@media (prefers-color-scheme: light) {
|
@media (prefers-color-scheme: light) {
|
||||||
$background-color: white;
|
$background-color: white;
|
||||||
$text-color: #15202B;
|
$text-color: #15202B;
|
||||||
$small-text-color: lighten($text-color, 15%);
|
$small-text-color: lighten($text-color, 10%);
|
||||||
|
$smaller-text-color: lighten($text-color, 18%);
|
||||||
$link-color: royalblue;
|
$link-color: royalblue;
|
||||||
@import "content";
|
@import "content";
|
||||||
}
|
}
|
||||||
|
@ -16,7 +17,8 @@ $monofont: "Roboto Mono", "Roboto Mono for Powerline", "Inconsolata", "Consolas"
|
||||||
@media (prefers-color-scheme: dark) {
|
@media (prefers-color-scheme: dark) {
|
||||||
$background-color: #15202B;
|
$background-color: #15202B;
|
||||||
$text-color: #D4D4D4;
|
$text-color: #D4D4D4;
|
||||||
$small-text-color: darken($text-color, 15%);
|
$small-text-color: darken($text-color, 10%);
|
||||||
|
$smaller-text-color: darken($text-color, 18%);
|
||||||
$link-color: lightskyblue;
|
$link-color: lightskyblue;
|
||||||
@import "content";
|
@import "content";
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,7 @@ date = 2018-02-01
|
||||||
tags = ["arch", "linux", "setup", "computers"]
|
tags = ["arch", "linux", "setup", "computers"]
|
||||||
+++
|
+++
|
||||||
|
|
||||||
This is my first post on my new blog! I used to put a CTF challenge writeup here but decided to change it up a bit. Recently, I've been changing a lot of the technology that I use day to day. Here's some of the changes that I've made!
|
This is my first post on my new blog! <!--more--> I used to put a CTF challenge writeup here but decided to change it up a bit. Recently, I've been changing a lot of the technology that I use day to day. Here's some of the changes that I've made!
|
||||||
|
|
||||||
## Operating System
|
## Operating System
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ tags = ["computers", "linux", "terminal"]
|
||||||
languages = ["bash"]
|
languages = ["bash"]
|
||||||
+++
|
+++
|
||||||
|
|
||||||
Is your shell loading slower than it used to? Maybe you've been sticking a bit more into your `.bashrc`/`.zshrc` than you thought.
|
Is your shell loading slower than it used to? Maybe you've been sticking a bit more into your `.bashrc`/`.zshrc` than you thought. <!--more-->
|
||||||
|
|
||||||
It's only been a couple weeks since I installed my computer, and already my shell has been starting to lag. Since there's not that much I've put into my `.zshrc` file, I knew who the main culprits were. Namely, oh-my-zsh's "git" plugin and the nvm (node version manager) trying to load itself on startup. I'm not exactly in a situation where I need nvm most of the time I open my shell, so getting rid of that made my shell load a lot faster. It also means that every time I want to use node or npm, I'd have to manually call nvm, but that's not as important to me as a faster shell load time, especially since I don't really touch node that much.
|
It's only been a couple weeks since I installed my computer, and already my shell has been starting to lag. Since there's not that much I've put into my `.zshrc` file, I knew who the main culprits were. Namely, oh-my-zsh's "git" plugin and the nvm (node version manager) trying to load itself on startup. I'm not exactly in a situation where I need nvm most of the time I open my shell, so getting rid of that made my shell load a lot faster. It also means that every time I want to use node or npm, I'd have to manually call nvm, but that's not as important to me as a faster shell load time, especially since I don't really touch node that much.
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ tags = ["computers", "web", "rant", "things-that-are-bad"]
|
||||||
languages = ["javascript"]
|
languages = ["javascript"]
|
||||||
+++
|
+++
|
||||||
|
|
||||||
The other day, I just turned off JavaScript from my browser. "fucking neckbeard", "you'll turn it back in 2 weeks", "living without JavaScript is like living without electricity" were some of the responses I got. And they might be right. But let's see why things are the way they are and what we can do about it.
|
The other day, I just turned off JavaScript from my browser. <!--more--> "fucking neckbeard", "you'll turn it back in 2 weeks", "living without JavaScript is like living without electricity" were some of the responses I got. And they might be right. But let's see why things are the way they are and what we can do about it.
|
||||||
|
|
||||||
## what is the purpose of the web?
|
## what is the purpose of the web?
|
||||||
|
|
||||||
|
|
|
@ -6,13 +6,13 @@ tags = ["crypto"]
|
||||||
languages = ["python"]
|
languages = ["python"]
|
||||||
+++
|
+++
|
||||||
|
|
||||||
## 1. introduction
|
There's [a great paper][1] I found by Dan Boneh from 1998 highlighting the weaknesses of the RSA cryptosystem. I found this paper to be a particularly enlightening read (and interestingly enough, it's been 20 years since that paper!), so here I'm going to reiterate some of the attacks described in the paper, but using examples with numbers in them. <!--more-->
|
||||||
|
|
||||||
There's [this great paper][1] by Dan Boneh from 1998 about the RSA cryptosystem and its weaknesses. I found this paper to be a particularly interesting read (and interestingly enough, it's been 20 years since that paper!), so here I'm going to reiterate some of the attacks described in the paper, but using examples with numbers in them. (Also please excuse the lack of proper formatting, I've yet to figure out how to get Gutenberg to accept Latex)
|
(Also please excuse the lack of proper formatting, I've yet to figure out how to get Gutenberg to accept Latex)
|
||||||
|
|
||||||
That being said, I _am_ going to skip over the primer of how the RSA cryptosystem works, since there's already a great number of resources on how to do that.
|
That being said, I _am_ going to skip over the primer of how the RSA cryptosystem works, since there's already a great number of resources on how to do that.
|
||||||
|
|
||||||
### 1.1 factoring large integers
|
### factoring large integers
|
||||||
|
|
||||||
Obviously this is a pretty bruteforce-ish way to crack the cryptosystem, and probably won't work in time for you to see the result, but can still be considered an attack vector. This trick works by just factoring the modulus, N. With N, finding the private exponent d from the public exponent e is a piece of cake.
|
Obviously this is a pretty bruteforce-ish way to crack the cryptosystem, and probably won't work in time for you to see the result, but can still be considered an attack vector. This trick works by just factoring the modulus, N. With N, finding the private exponent d from the public exponent e is a piece of cake.
|
||||||
|
|
||||||
|
@ -44,11 +44,11 @@ Now all that's left is to discover the private exponent and solve for the origin
|
||||||
|
|
||||||
And that's it! Now let's look at some more sophisticated attacks...
|
And that's it! Now let's look at some more sophisticated attacks...
|
||||||
|
|
||||||
## 2. elementary attacks
|
## elementary attacks
|
||||||
|
|
||||||
These attacks are related to the _misuse_ of the RSA system. (if you can't tell, I'm mirroring the document structure of the original paper)
|
These attacks are related to the _misuse_ of the RSA system. (if you can't tell, I'm mirroring the document structure of the original paper)
|
||||||
|
|
||||||
### 2.1 common modulus
|
### common modulus
|
||||||
|
|
||||||
My cryptography professor gave this example as well. Suppose there was a setup in which the modulus was reused, maybe for convenience (although I suppose with libraries today, it'd actually be more _inconvenient_ to reuse the key). Key pairs would be issued to different users and they would share public keys with each other and keep private keys to themselves.
|
My cryptography professor gave this example as well. Suppose there was a setup in which the modulus was reused, maybe for convenience (although I suppose with libraries today, it'd actually be more _inconvenient_ to reuse the key). Key pairs would be issued to different users and they would share public keys with each other and keep private keys to themselves.
|
||||||
|
|
||||||
|
@ -114,7 +114,7 @@ True
|
||||||
|
|
||||||
We've successfully recovered `p` and `q` from just `N`, `e`, and `d`!
|
We've successfully recovered `p` and `q` from just `N`, `e`, and `d`!
|
||||||
|
|
||||||
### 2.2 blinding
|
### blinding
|
||||||
|
|
||||||
This attack is actually about RSA _signatures_ (which uses the opposite keys as encryption: private for signing and public for verifying), and shows how you can compute the signature of a message M using the signature of a derived message M'.
|
This attack is actually about RSA _signatures_ (which uses the opposite keys as encryption: private for signing and public for verifying), and shows how you can compute the signature of a message M using the signature of a derived message M'.
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,9 @@ tags = ["computers", "web"]
|
||||||
languages = ["rust"]
|
languages = ["rust"]
|
||||||
+++
|
+++
|
||||||
|
|
||||||
Procedural macros (proc macros for short) in Rust are incredible because they allow pre-compile source transformation. Many of the greatest abstractions in Rust take advantage of this feature. For example, you can
|
Procedural macros (proc macros for short) in Rust are incredible because they allow arbitrary pre-compile source transformation, which leads to endless possibilities (and hazards!). But if we take careful advantage of this feature, we can use it to make clean abstractions for messy boilerplate, especially in the case of web forms. <!--more-->
|
||||||
|
|
||||||
|
In fact, proc macros are incredibly pervasive around Rust's ecosystem. For example, using the [`serde`][1] serialization/deserialization crate, you can simply write:
|
||||||
|
|
||||||
```rs
|
```rs
|
||||||
#[derive(Serialize)]
|
#[derive(Serialize)]
|
||||||
|
@ -14,6 +16,8 @@ struct Foo {
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
and code will be generated to serialize and deserialize to a multitude of formats including JSON, YAML, CBOR, etc.
|
||||||
|
|
||||||
It occurred to me that this feature can also be useful for generating code for rendering and validating forms (as in a place where you fill out info). **wtforms** is one of the nicest Python packages for handling form behavior in web applications, and with the power of proc macros, this functionality can be easily achieved in Rust as well.
|
It occurred to me that this feature can also be useful for generating code for rendering and validating forms (as in a place where you fill out info). **wtforms** is one of the nicest Python packages for handling form behavior in web applications, and with the power of proc macros, this functionality can be easily achieved in Rust as well.
|
||||||
|
|
||||||
In this post I'm going to outline some of the ideas I have for a wtforms-ish library for handling forms in Rust.
|
In this post I'm going to outline some of the ideas I have for a wtforms-ish library for handling forms in Rust.
|
||||||
|
@ -82,3 +86,5 @@ then calling something like `instance.verify()` should run all those validators
|
||||||
## conclusion
|
## conclusion
|
||||||
|
|
||||||
This project is a work in progress! You can see how far I am [on Github](https://github.com/iptq/wtforms).
|
This project is a work in progress! You can see how far I am [on Github](https://github.com/iptq/wtforms).
|
||||||
|
|
||||||
|
[1]: https://docs.rs/serde
|
||||||
|
|
|
@ -4,7 +4,7 @@ date = 2019-03-04
|
||||||
tags = ["computers"]
|
tags = ["computers"]
|
||||||
+++
|
+++
|
||||||
|
|
||||||
This is just something stupid I thought of recently, but decided to write about it anyway.
|
This is just a stupid analogy I thought of recently, but decided to write about it anyway.
|
||||||
|
|
||||||
If you think about it, a server waiting for clients is kind of like the host at the front of a restaurant leading guests to tables. They don't actually take orders or serve food, they just stand at the front and wait for new guests to arrive. Then there's another waiter that's specifically assigned to take that table's orders.
|
If you think about it, a server waiting for clients is kind of like the host at the front of a restaurant leading guests to tables. They don't actually take orders or serve food, they just stand at the front and wait for new guests to arrive. Then there's another waiter that's specifically assigned to take that table's orders.
|
||||||
|
|
||||||
|
|
|
@ -6,9 +6,9 @@ tags = ["email", "rant", "computers", "things-that-are-bad", "privacy"]
|
||||||
|
|
||||||
You probably get emails every day, and spend a lot of time reading them. And
|
You probably get emails every day, and spend a lot of time reading them. And
|
||||||
whenever someone performs an action or does something in vast quantities, you
|
whenever someone performs an action or does something in vast quantities, you
|
||||||
_bet_ the data people have figured out a way to capitalize on it. For many
|
_bet_ the data giants have figured out a way to capitalize on it. For many
|
||||||
years consumer privacy has basically gone unnoticed, and invasive tracking has
|
years consumer privacy has basically gone unnoticed, and invasive tracking has
|
||||||
grown [viral][1].
|
grown [viral][1]. <!--more-->
|
||||||
|
|
||||||
Arguably, if you are someone who runs a business off of writing periodic
|
Arguably, if you are someone who runs a business off of writing periodic
|
||||||
newsletters that are distributed via email, you might want some statistics on
|
newsletters that are distributed via email, you might want some statistics on
|
||||||
|
|
|
@ -9,7 +9,7 @@ languages = ["python"]
|
||||||
|
|
||||||
The web is [so complicated][4] these days, I began wondering exactly how big of a feat it would be to formally verify everything. At this point I realized all I knew about web protocols were from fiddling around with HTTP 1.0 requests from doing CTFs in the past. You'd pop open a socket to wherever you wanted, stick `GET` and then whatever path you wanted, and then add a version number at the end.
|
The web is [so complicated][4] these days, I began wondering exactly how big of a feat it would be to formally verify everything. At this point I realized all I knew about web protocols were from fiddling around with HTTP 1.0 requests from doing CTFs in the past. You'd pop open a socket to wherever you wanted, stick `GET` and then whatever path you wanted, and then add a version number at the end.
|
||||||
|
|
||||||
The modern web's changed significantly since those days, so I thought it would be an interesting undertaking to see exactly how much it would take to send an HTTPS request from scratch, just like what the browser does, using as little as I can.
|
The modern web's changed significantly since 1.0, so I thought it would be an interesting undertaking to see exactly how much it would take to send an HTTPS request from scratch, just like what the browser does, using as little as I can.
|
||||||
|
|
||||||
> **Disclaimer:** Don't use this code for any real software.
|
> **Disclaimer:** Don't use this code for any real software.
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<title>michael's blog</title>
|
<title>michael's blog</title>
|
||||||
|
|
||||||
{{ $style := resources.Get "sass/main.scss" | resources.ToCSS }}
|
{{ $style := resources.Get "sass/main.scss" | resources.ToCSS }}
|
||||||
<link rel="stylesheet" href="{{ $style.Permalink }}" />
|
<link rel="stylesheet" href="{{ $style.RelPermalink }}" />
|
||||||
</head>
|
</head>
|
||||||
|
|
||||||
<body>
|
<body>
|
||||||
|
@ -32,11 +32,11 @@
|
||||||
|
|
||||||
<footer>
|
<footer>
|
||||||
<p style="margin: 0;">
|
<p style="margin: 0;">
|
||||||
blog code licensed under <a href="https://www.gnu.org/licenses/gpl-3.0.txt" target="_blank">gpl3</a>.
|
blog code licensed under <a href="https://www.gnu.org/licenses/gpl-3.0.txt" target="_blank">[gpl3]</a>.
|
||||||
post contents licensed under <a href="https://creativecommons.org/licenses/by-sa/4.0/legalcode.txt">cc by-sa 4.0</a>.
|
post contents licensed under <a href="https://creativecommons.org/licenses/by-sa/4.0/legalcode.txt">[cc by-sa 4.0]</a>.
|
||||||
<br />
|
<br />
|
||||||
written by michael zhang.
|
written by michael zhang.
|
||||||
<a href="https://git.mzhang.io/michael/blog" class="colorlink" target="_blank">source</a>
|
<a href="https://git.mzhang.io/michael/blog" class="colorlink" target="_blank">[source]</a>.
|
||||||
</p>
|
</p>
|
||||||
</footer>
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
{{- define "content" -}}
|
{{- define "content" -}}
|
||||||
|
|
||||||
hellosu
|
|
||||||
|
|
||||||
{{ .Content }}
|
{{ .Content }}
|
||||||
|
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
{{- range .Pages -}}
|
{{- range .Pages -}}
|
||||||
<tr class="postlisting-row">
|
<tr class="postlisting-row">
|
||||||
<td>
|
<td>
|
||||||
<span style="font-size: 1.2em;">
|
<span class="title">
|
||||||
<a href="{{ .RelPermalink }}" class="brand-colorlink">{{ .Title }}</a>
|
<a href="{{ .RelPermalink }}" class="brand-colorlink">{{ .Title }}</a>
|
||||||
</span>
|
</span>
|
||||||
<br />
|
<br />
|
||||||
|
@ -13,6 +13,14 @@
|
||||||
|
|
||||||
on {{ partial "rel-date" .Date }}
|
on {{ partial "rel-date" .Date }}
|
||||||
</small>
|
</small>
|
||||||
|
|
||||||
|
<br />
|
||||||
|
<div class="summary">
|
||||||
|
{{ .Summary }}
|
||||||
|
{{ if .Truncated }}
|
||||||
|
<a href="{{ .RelPermalink }}">read more »</a>
|
||||||
|
{{ end }}
|
||||||
|
</div>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
1
todo.txt
Normal file
1
todo.txt
Normal file
|
@ -0,0 +1 @@
|
||||||
|
- Investigate why GitInfo (AbbreviatedHash) doesn't work in taxonomy list
|
Loading…
Reference in a new issue