This website uses third party cookies exclusively to collect analytics data. If you continue browsing or close this notice, you will accept their use. The EU now requires all sites to display this banner which confuses users and does nothing, actually, to improve your privacy.
Read more on why this law is ignorantLearn about this website's cookiesDisallow cookies
Carlos Fenollosa

Carlos Fenollosa

Engineer, developer, entrepreneur

Carlos Fenollosa — Blog

Thoughts on science and tips for researchers who use computers

Links for 2019-12-08

December 08, 2019 — Carlos Fenollosa

๐Ÿ’ป Hack your Thinkpad

My personal fight against the modern laptop (45 min, video, via)

In this talk, I will take you through the tools and techniques I used to reverse engineer the keyboard controller in my Thinkpad laptop and re-flash it with custom firmware.

Thinkpad keyboards, never such a niche topic has generated so much debate

Comparison of Thinkpad keyboards

๐Ÿ’ฅ Fight AMP

How to fight back against Google AMP as a web user and a web developer (5 min, via)

The actual contents of the article are not that interesting —don't use Google, don't use Chrome, speed up your website— but the topic is, and the HN discussion is quite insightful

HN user soyyo comments

For publishers, amp is about trying to top the results on google search and capture traffic, it's their only motivation to publish their content using amp, and the only metric they look in order to evaluate the results.

๐Ÿฒ AI-generated text adventure

AI Dungeon 2 โ€“ AI-generated text adventure built with 1.5B param GPT-2 (RH, via)

Imagine an infinitely generated world that you could explore endlessly, continually finding entirely new content and adventures. What if you could also choose any action you can think of instead of being limited by the imagination of the developers who created the game?

If you love text adventures (you should) and you're ready to be mildly amused by the fact that an AI is generating the game (you should), go ahead and give it a go.

๐Ÿ“ฒ 2/3 of your battery is used to move data around

In mobile, 62.7% of energy is spent on data movement (15 min, PDF, via)

The title may suggest that we're talking about the antennas, but it's focused on moving data from memory, and suggests designing new RAM systems with specific instructions for copying and zeroing data.

A bit long, but very interesting.

๐Ÿ“น 30 -> 60 fps using AI

Turning animations to 60fps using AI! (4 min, video, via)

Depth-Aware Video Frame Interpolation [DAIN] is a project that let you interpolate frames using an advanced AI.

Just watch this video:

๐Ÿ‡ A first look into Plan 9

Plan 9: Not dead, Just Resting, by Ori Bernstein (1h, video, via) and How I Switched To Plan 9

Plan 9 is an experimental OS that takes some UNIX principles to the extreme.

Plan 9 from Bell Labs is a research system developed at Bell Labs starting in the late 1980s. Its original designers and authors were Ken Thompson, Rob Pike, Dave Presotto, and Phil Winterbottom.

Plan 9 demonstrates a new and often cleaner way to solve most systems problems. The system as a whole is likely to feel tantalizingly familiar to Unix users but at the same time quite foreign.

In Plan 9, each process has its own mutable name space. A process may rearrange, add to, and remove from its own name space without affecting the name spaces of unrelated processes. Included in the name space mutations is the ability to mount a connection to a file server speaking 9P, a simple file protocol. The connection may be a network connection, a pipe, or any other file descriptor open for reading and writing with a 9P server on the other end.

It is not well suited for most people's daily needs, but it is very interesting both from a research and from a hobbyist point of view.

Think about it as "Plan 9 is to OpenBSD what OpenBSD is to Linux."

Make sure to check out the links above and fall into the Plan 9 rabbit hole.

๐Ÿ Malicious Python libraries

Two malicious Python libraries caught stealing SSH and GPG keys (1 min, via)

The first is "python3-dateutil," which imitated the popular "dateutil" library. The second is "jeIlyfish" (the first L is an I), which mimicked the "jellyfish" library.

Well, another attack to add to the books. Let's keep vigilant when including non-vetoed libraries in our code.

๐Ÿงฎ Vim-like tools

Big Pile of Vim-like (RH, via)

E-mail clients, file managers, browsers, music players... a bunch of software designed after some vim feature.

If you're a vim fan this is a must read!

๐ŸŽ What it's like to sell your company to Steve Jobs

Andy Miller | Sold 1st Co. For $275m, Future of Esports (1 hour, video)

What a fascinating story! Andy Miller explains how he sold his company to Apple, with plenty of anecdotes.

A very rare window inside the mind of Steve Jobs: how he lowballed the exit price with a veiled threat, how he pushed people over acceptable limits to make the most out of theirselves, and how Andy stole Jobs' laptop by mistake on what probably was the worst day of his life.

If you're a Jobs fan, this piece is one of a kind. Watch the video, or convert it to mp3 and listen to it as a podcast.

๐ŸŒŒ The end of the universe

TIMELAPSE OF THE FUTURE: A Journey to the End of Time (30 min, video)

Do you wonder how the universe will end? This excellently produced video explains how the stars will die, and then black holes, and then photons, until there is nothing in the universe, and that nothing stays forever.

A beautiful, moving piece, very informative, that helps put things into perspective.

๐Ÿ“ก How radar works

How Radar Works (15 min, via)

The author makes great effort into explaining how radar works, both from a theoretical point of view, and also with formulas.

I must admit that the math is a bit out of my comfort zone, but I recommend that you read it and at least try to understand the basic concepts. It's worth it.

Tags: roundup

Comments? Tweet  

KONPEITO, Gemini and Gopher

December 07, 2019 — Carlos Fenollosa

KONPEITO is quarterly Lo-fi hip hop & chill bootleg mixtape, distributed exclusively through the Gemini protocol. Each tape is a half-hour mix, clean on side A and repeated on side B with an added ambient background noise layer for atmosphere. Tapes are generally released in the first week of each meteorological season.

Okay, so there's a lot to unpack here.

  • KONPEITO is a very nice chill mixtape with a couple mp3 files that I found thanks to Tomasino on Mastodon
  • These files are distributed over the Gemini protocol, via this link
  • Gemini is a new internet procotol in between Gopher and HTTP
  • There is one Gemini client available, AV-98
  • The specs of the Gemini protocol can be accessed via this Gopher link
  • Gopher is a protocol that ruled over the internet once but got replaced by HTTP, what we know as "the Web" nowadays
  • You can reach Gopher links with lynx or a web proxy, but there are no modern graphical clients
  • Gopher is making a niche comeback among a few enthusiasts and you should definitely check it out if only for its nostalgic and historical value

Now that's one hell of a rabbit hole. If you reach the end you'll find a very cool mp3 mixtape.

Tags: internet, retro

Comments? Tweet  

Links for 2019-12-01

December 01, 2019 — Carlos Fenollosa

Ocarina of Time glitches and code execution

Arbitrary Code Execution in Ocarina of Time (30 min, video via)

I find these kinds of glitches fascinating. See for yourself!

Online tools for pet projects

Software Tools for Hobby-Scale Projects (RH, via)

Below is a list of useful tools Iโ€™ve come in contact with over the years.

  • They cost less than a coffee or are free.
  • They can be learned quickly.
  • They allow you to accomplish a single task in a short timeframe (such as a Sunday afternoon)
  • They are less focused on the needs of long term projects (scalability, speed, etc.) and more focused on ease of use and prototyping speed.

Rick Carlino has compiled a very nice list of online tools, such as mobile push notifications, VPS and DB hosting.

I have to admit that many of these were new for me, so it's definitely not a rehash of the usual links. Great list!

BBS: The documentary

BBS The Documentary (5 hours split in 8 videos)

In the Summer of 2001, Jason Scott, a computer historian (and proprietor of the textfiles.com history site) wondered if anyone had made a film about these BBSes. They hadn't, so he decided he would.

Fascinating. I've just put the videos in my watch queue.

Trying out NomadBSD

NomadBSD | Installation & First Impressions (20 min, video via)

For some reason, this is the first time I've heard about NomadBSD. It's a "portable" version of FreeBSD, to be run from a USB drive.

Anybody remember Knoppix? The first popular Linux distro that could be run from a CD. It contributed to hardware discovery on boot, and thanks in part to their efforts, Linux hardware setup did a huge leap forward.

Hope that NomadBSD can do that for FreeBSD, which already has reat hardware support, albeit limited, but its defaults are not so great.

Darwin OS

A Look at PureDarwin - an OS based on the open source core of macOS (5 min, via) provides some background, history and status of the PureDarwin project, a 100% free software OS built on top of the Darwin (macOS) kernel

PureDarwin Xmas, showing the applications xcalc, xclock, xterm and xfontsel running in the Window Maker desktop window manager

Metadata leak with SSH keys

Public SSH keys can leak your private infrastructure (5 min, via)

You don't need a private key to validate if a server allows access from a particular public/private key combination. That is, by having access to a public key, you can check if a server allows access for the specified public key and a username pair

This is a known issue. Filippo Valsorda posted a related proof of concept in 2015.

My SSH server knows who you are (5 min, 2015, via)

Did you know that ssh sends all your public keys to any server it tries to authenticate to?

If this metadata disclosure is a problem for you, the solution is very simple.

  • Configure your ssh to NOT send any pubkey to unknown hosts
  • Create a new ssh keypair for every new host you want to connect to (see link above)

Instructions here, courtesy of HN user chrisfosterelli.

Advent of Code 2019

Advent of Code 2019 (RH, via)

Advent of Code is a code advent calendar. Each day unlocks a new programming challenge. You score points by completing the challenges quickly

A few years ago I solved some of their challenges and they're really fun.

Be careful! As lobste.rs user narimiran says:

Don't be fooled: You will not just solve tasks and be over with it. There will be tasks that you'll think about all day and you won't be able to think about anything else. And you'll love it :)

Yup. The RH tag is warranted here.

Writing a simple window manager

Challenge: Write a bouncy window manager (RH, via)

Julia Evans plays with tinywm and her enthusiasm is contagious.

Though I use the admittedly weird dwm as my WM, and I've hacked some of its code, I've never considered to write my own WM, or even realized how easy it is.

Give it a try: tinywm is just 50 lines of very readable C.

a terminal window bouncing around the screen

On messaging services

Choosing the Right Messenger (10 min, via) is not a list of messenger services, but rather a thoughtful discussion on privacy tradeoffs: encryption, metadata, sign up process, source code availability, etc.

I highly recommend that you read the article if you're interested in learning more context on why some messengers are more secure/private than others.

The end of IPv4

The RIPE NCC has run out of IPv4 Addresses (1 min)

Our announcement will not come as a surprise for network operators - IPv4 run-out has long been anticipated and planned for by the RIPE community.

Let's see if we can quickly move to an ipv6 world -- my mail server will surely benefit from an untainted ip.

The Twitter Purge

Twitter prepares for huge cull of inactive users (1 min) and Twitter account deletions on 'pause' after outcry (1 min)

Twitter is (was) planning to remove inactive accounts. Even though it would free their handles for new users, apparently the main reason is that those users didn't accept the new terms of service.

There are many interesting angles, but for once, I have to stay on Twitter's side.

However, they should have provided an option to archive these old accounts; after all, users accepted that their content was to be owned and distributed by Twitter. Even if they can't log in, or their account is deleted, Twitter could have stored the content somewhere visible.

Tags: roundup

Comments? Tweet  

Links for 2019-11-24

November 24, 2019 — Carlos Fenollosa

Some SSD encryption is not secure

How secure is hardware disk encryption? (1 min, Twitter thread)

Dan Luu links to a paper by Mejier C et al., titled Self-encrypting deception: weaknesses in the encryption of solid state drives

In a nutshell:

We have analyzed the hardware full-disk encryption of several solid state drives (SSDs) by reverse engineering their firmware.

We found that many models using hardware encryption have critical security weaknesses due to specification, design, and implementation issues [that] allow for complete recovery of the data without knowledge of any secret (such as the password).

To make matters worse:

BitLocker, the encryption software built into Microsoft Windows will rely exclusively on hardware full-disk encryption if the SSD advertises support for it. Thus, for these drives, data protected by BitLocker is also compromised.


Roughly 60% of the market [is affected] currently one should not rely solely on hardware encryption offered by SSDs and users should take additional measures to protect their data.

This is really, really bad.

Download old Linux distros

Linux Distros (RH) is an archive of old Linux ISOs that you can install on a virtual machine or similar.

Every entry has screenshots, making it a very nice resource to browse even if you don't commit to testing the distros.

Designing a modern text editor

Neovim and the state of text editor art in 2019 (15 min, pdf, via)

I never thought that a text editor could be such a complex and inspiring software product!

There is a video of the talk (50 min) in case you want more context than the bare slides.

GIF like it's 1999

The 88x31 GIF Collection (RH, via)

A collection of 2680 classic 88x31 buttons from the 1990's, 2000's, and today in GIF format.

Geocities gif Designed with Macintosh Porn button Best viewed with any browser

Windows 95 UI

Designing Windows 95's User Interface (15 min, via)

Three years ago I came across an interesting paper written up by a Microsoft employee, Kent Sullivan, on the process and findings of designing the new user interface for Windows 95.

The website archives Sullivan's paper The Windows 95 User Interface: A Case Study in Usability Engineering, a very interesting text on easly GUI usability, along with screenshots comparing 3.1 and 95 interface which will put a smile on your face.

Windows 95 UI prototype

OpenBSD review

OpenBSD in 2019 (10 min, via)

I've written similar texts about OpenBSD twice, and I like reading other people's opinions.

There is a pattern here: somebody is angry with some Linux drama, tries OpenBSD, likes it, but for some reason can't use it as a daily driver.

Check it out if you are still unsure about its strengths and weaknesses compared to Linux and/or other BSDs.

There is a very good Reddit discussion about this post.

A p2p web browser

Beaker (2 min, via) is an experimental web browser which supports dat://, a modern p2p protocol.

I really like these experiments. I'm not sure if it will take off, but re-decentralizing the web is a great cause.

ASCII art game

ASCIIDENT (RH, via) is an "Open-world sci-fi game with a design completely made by text characters."

After trying the demo, I'd define it as a platform game like Duke Nukum, with a crafting element, and the ASCII novelty which makes it quite nice

ASCIIDENT screenshot

I have to admit I'm tempted to buy the game. To my wishlist it goes...

Save .org

Save .ORG (2 min) is a plea to stop the sale of .org domains control to an equity firm.

Worth a read, check out the original signers. Wikimedia, the FSF, the EFF, the Internet Archive... this is not your typical bullshit change.org petition.

Check out the HN discussion with some alleged ex-ICANN members.

AI is not Terminators

AI today and tomorrow is mostly about curve fitting, not intelligence (5 min, via)

Some people cricize AI because we don't have terminators yet.

On the other hand, there is a lot of AI snake oil

The truth is: people in the field understand that we are harnessing the power of advanced curve fitting, not Hard AI.

It's our job to make journalists and the general public understand it, too.

Pornhub as a bastion of freedom

Banned from Youtube, Chinese propagandists are using Pornhub to publish anti-Hong Kong videos (1 min)

We truly live in the Craziest Timeline

RSS bridge

RSS bridge (2 min, via) is a connector that generates RSS feeds for sites that don't have one (e.g. Instagram, Twitter, Bandcamp...)

Last week I linked to Fraidycat, a similar concept.

I definitely need to set some time aside and check out both tools. I'd love a way to transform friends posts into an RSS feed.

Altair BASIC source code available

Micro-Soft Altair BASIC 3.2 source (RH, via)

After clicking on the link above, since this is the last one in the roundup, now go watch Pirates of Silicon Valley


Tags: roundup

Comments? Tweet  

Links for 2019-11-17

November 17, 2019 — Carlos Fenollosa

PeerTube 2.0 released

PeerTube has worked twice as hard to free your videos from YouTube! (5 min, via)

PeerTube is a decentralized alternative to Youtube. Essentially, you can have your own Youtube-like website, with the added bonus that video traffic is distributed among viewers using p2p techniques.

PeerTube is to YouTube what Mastodon is to Twitter, but with an interesting benefit: you don't need to have your friends using it to enjoy the tool. If a cool video is on PeerTube, you can just go and watch it.

Gaming on OpenBSD

OpenBSD gaming Peertube (RH, via) combines two interesting concepts: Peertube, already mentioned above, and OpenBSD gaming, whichs seems like an oxymoron.

The OpenBSD gaming community is bigger and more vocal than you'd expect, and they have started to do livestreams with their favorite games, some of which, you'd never expected.

Solรจne is one of the most active members, make sure to follow her on Mastodon.

Using AI to scam $250k

Scammers deepfake CEO's voice to talk underling into $243,000 transfer (5 min, via) and its related AI Clones Your Voice After Listening for 5 Seconds (RH, via)

We're moving into a very cyberpunk future where you can only trust when you use your five senses.

Carmack working on AI

Carmack's statement (1 min)

Starting this week, I'm moving to a "Consulting CTO" position with Oculus. [...] As for what I am going to be doing with the rest of my time: [...] I have sometimes wondered how I would fare with a problem where the solution really isn't in sight. I decided that I should give it a try before I get too old. I'm going to work on artificial general intelligence (AGI).

Let's see what one of the top minds alive can do to help advance AI.

No police in Mastodon

The account of the Assam Police has been suspend from this instance (5 min, Mastodon thread)

An interesting discussion about banning cops in Mastodon instances. This is a gray topic with no easy solution, so I'll share some replies from users:

cm_kropot (OP):

The account of the Assam Police has been suspend from this instance.

We decided that we will not welcome cops on this instance, and we encourage the rest of the fediverse to do the same.

Following multiple reports, we decided that it's more important that our community feels safe and in security, than to be a platform for official communication.

Charles mentions pros and cons:

I can't speak for the mods, but I suspect the issue is more that they don't want the presence of police to have a chilling effect on speech. Police are very often at the sharp end of structural violence in any country.

However, cancelling police accounts may create a false sense of security. The police can still read your posts. They can still subpoena your mods. However, at least they're preventing from stirring up trouble.

Alex shares his experiences:

my experience from moderating a forum globally with popular ravers in the 90s/00s is discouraging overt cops works in the short term but (unsurprisingly) they switch to detective methods to glean info, often co-operating with journalists and agencies (often across borders), and it was still up to "normal" users not to blatantly incriminate themselves.

OTOH US corporate socnets welcome cops as "free moderators" so officers get a sense of entitlement to these spaces..

Ravi arguments on the other side of the spectrum:

Banning their official account from an open network is not going to solve any of those problems in the least. They can carry on their more nefarious activities under cover if required anyway. This ban only serves to illustrate a knee jerk reaction, goes against fediverse practice where somebody is banned only for CoC violation and not on a feel or whim, goes against free speech and is opaque without any upfront policies on this. This is worse than banana republic.

Protonmail can read your emails

Bitcoin and Protonmail, the calling cards of the cryptoshit techbro (5 min, Mastodon thread)

Drew, who you may know as the creator of sourcehut, argues against the use of Bitcoin and Protonmail.

The thread goes back and forth with many people, myself included, asking why Protonmail is not secure as they claim.

After all, the explanation is simple. The only way to send e2e encrypted mail is to use a technology which is similar to PGP.

Drew explains:

  1. I write a plaintext email to you@protonmail.com
  2. My mail server connects to mail.protonmail.ch and writes the plaintext email to it
  3. mail.protonmail.ch now has the plaintext email


I feel kind of cheated by Protonmail, because they are claiming something which is just impossible to do technically.

A more thruthful claim would be: after sending your unencrypted mail to the recipient, we promise to delete it and only keep an encrypted copy. But they do have access to a plaintext copy at some point. The only exception, it seems, is for mail sent between Protonmail accounts.

If you want security, disable hyper-threading

Running on Intel? If you want security, disable hyper-threading, says Linux kernel maintainer (2 min, via)

Here is a summary:

MDS is where one program can read another program's data. That's a bad thing when you are running in a shared environment such as cloud computing, even between browser tabs [...] I see a slowdown of about 20 per cent. That's real. As kernel developers we fight for a 1 per cent, 2 per cent speed increase. Put these security things in, and we go back like a year in performance. [...] We are still fixing Spectre 1.0 issues [almost] two years later. [...] If you're not using a supported distro, or a stable long-term kernel, you have an insecure system. It's that simple. All those embedded devices out there, that are not updated, totally easy to break [...]

Go ahead and read the full article, it's not much longer, and paints a pretty depressing picture for current Intel users.

(If you prefer to run a faster system with no security, read this)

The SQL detective

sql-murder-mystery (RH, via) is a game where you have to solve a crime by writing SQL queries.

Fun, but this is not a five minute game. Prepare a whole afternoon if you want to solve it.

An aggregated "home feed"

Fraidycat (2 min, via)

is a browser extension for Firefox or Chrome that can be used to follow folks on a variety of platforms. But rather than showing you a traditional 'inbox' or 'feed' view of all the incoming posts, you are shown an overview of who is active and a brief summary of their activity.


Fraidycat attempts to dissolve the barriers between networks - each with their own seeming 'network effects' - and forms a personal network for you, a personal surveillance network, if you will, of the people you want to monitor.

I need to check this out in more depth. I would love to have something similar to this on my server, so I can access it from anywhere.

I want to follow people, not networks

Fraidycat feed

You should have seen this

Greg Rutter's definitive list of the 99 things you should have already experienced on the internet unless you're a loser or old or something and his second list (RH, via)

  • Charlie bit me
  • Chocolate rain
  • Mentos and diet coke
  • Badger Badger Badger
  • Play him off, keyboard cat

Stop reading this and watch the 198 videos NOW!

Feature comparison of UNIX flavors

Linux VS open source UNIX (30 min, via)

Is a very in-depth feature comparison of Linux and the BSDs, mostly at the kernel level. Not everybody's cup of tea, but make sure to at least check out the first table and the summary.

Table comparing UNIX kernel features

The Real UNIX

Will the real UNIX please stand up? (2 min, via) opens a discussion about UNIX roots and its impact in the 21st century.

At our level it's not worth worrying too much about which is the "real" UNIX, because all of these projects have benefitted greatly from the five decades of collective development. But it does raise an interesting question: what about the next five decades? Can a solution for timesharing on a 1960s minicomputer continue to adapt for the hardware and demands of mid-21st-century computing?

No more random phone searches in US airports

EFF statement (1 min, via)

In a major victory for privacy rights at the border, a federal court in Boston ruled today that suspicionless searches of travelers' electronic devices by federal agents at airports and other U.S. ports of entry are unconstitutional.

Some good news to wrap this roundup.

Tags: roundup

Comments? Tweet