Kirsle.net logo Kirsle.net

Welcome to Kirsle.net!

This is the personal homepage of Noah Petherbridge, and it's where I keep my web blog and various creative projects.

I blog about anything I find interesting, and since I have a lot of varied interests, my blog entries are kind of all over the place. You can browse my tags to sort them by topic and see which ones I frequently write about, or the archive has a complete history of my posts, dating back to 2008!

Besides my blog, I have pages for my creative projects, which are linked to on the navigation bar.

I write a lot about Linux and Android, Minecraft, and I like to rant about stuff. Generally anything that makes me curious. Also check out my Bookmarks for all sorts of cool websites about various topics I'm interested in.

For the geeks: this website respects your privacy and doesn't run any third party ads or analytics. This site speaks HTTP and doesn't require any JavaScript to work.

"Just compile it yourself!" and other misguided security suggestions
June 9, 2021 by Noah

On forums like r/privacy people often discuss the role of open source software when it comes to privacy and end-to-end encrypted messaging applications. The general consensus is: a privacy focused app must be open source so that people can get their eyes on the source code and audit it for security vulnerabilities, verify it's doing what it says in the tin and without any secret government backdoors built in that would undermine the security and reveal peoples' private chats.

These are all well and good: if the source code is not open, you can't verify the code isn't doing something sneaky like uploading your encryption keys to the service provider or whatever. But, open source alone isn't a silver bullet to help guarantee the security of the app:

  • Just because the code is readable and somebody could audit it for bugs, doesn't actually mean anybody does. Some vendors of such software may hire security firms to deliberately audit their code, but for random small projects that haven't been formally audited, "open source != automatically secure" -- but still, it is better than closed source where nobody can audit the code.
  • Just because the source code is available doesn't mean the program you download from the App Store is built on exactly the same code. Google Chrome, for example, is built on top of the open source Chromium browser but after Google injects a few proprietary services and features; the Chrome program released by Google has features not found in the Chromium source code. This can be helped by so-called "reproducible builds" and I'll cover that below, but reproducible builds do not come "for free."

In this post I'll address a few common tired things I hear people on r/privacy say in regards to this topic and how it's never quite that simple.

Read more...

Tags: 0 comments | Permalink
Blockchain in a nutshell
May 9, 2021 by Noah

Have you ever wondered basically how blockchains work and what it means to "mine a Bitcoin" and why it's a time-consuming (and energy-intensive) process to mine one? In this blog post I'll summarize what basically drives blockchains and how they work, from my understanding of them anyway.

If you're anywhere close to a novice web developer or have ever hashed a password in your life, you already know the basic technology at play here. And even if you haven't, I think I can get you caught up pretty quickly.

The explanation I give below is surely super simplified and is based on my reading of how these work, along with several "Create your own blockchain in under 200 lines of code" type of tutorials which you could find for Python, or JavaScript or anything. It doesn't cover how the decentralized networking aspects work or any of those details, but just the basics on the cryptography side.

Read more...

Tags: 0 comments | Permalink
Visual perception and peeking thru the veil
April 2, 2021 (updated April 3, 2021) by Noah

Among my many diverse interests, one thing that fascinates me is to contemplate the nature of the universe and what Reality is made of, or at least, what my perception of Reality is made of and how the inner mind works.

To that end, topics such as quantum physics, simulation theory, and esoteric writings from the world's oldest religions like Hinduism and Gnosticism are interesting to me, and I like to talk crazy about that sort of thing from time to time.

In this post, though, I'm going to write strictly about visual perceptions that I've experienced at different times in my life. Many are related to psychotropic compounds, including cannabis, but now I'm able to experience some crazy things just by meditating while sober too.

Stories on the full blog post:

Read more...

Tags: 0 comments | Permalink
VNC Server for Pinephone
April 1, 2021 by Noah

I didn't find this documented very many places but it's possible to get a VNC server running for "remote desktop" to access and control your Pinephone display from your laptop.

Quick list of related technologies:

  • To take screenshots of your Pinephone, use the grim command.
  • To record videos of your Pinephone's screen, use wf-recorder.
  • To run a VNC Server, use wayvnc.

Mobian already packages grim and wf-recorder so these are just an apt install away, and these are documented on Mobian's wiki. But wayvnc is not yet packaged in Mobian and you gotta build it from source code yourself.

Follow the directions on the git repo, including cloning down the neatvnc and aml dependencies. The README has instructions to build it for Fedora and Arch but the Debian instructions are missing! I found by trial-and-error the dependencies I needed to install to build this program for Debian:

sudo apt install gcc meson ninja-build pkg-config libpixman-1-dev \
  libdrm-dev libxbcommon-dev libwayland-dev

I ran the built binary like wayvnc 0.0.0.0 to start the server and connected with the TigerVNC client from my desktop.

It has a couple of quirks to watch out for:

  • The mouse cursor only appears on the Pinephone's screen, but not in the VNC viewer window, making some UIs hard to work with (the lock screen in particular).
  • The Pinephone display was "too tall" to fit on my screen when in portrait orientation. My desktop monitor is 1920x1080 but the Pinephone display is 720x1280 so it ran off the bottom of my screen by 200 pixels. Switching the display to Landscape fit better.

wayvnc.png

Tags: 0 comments | Permalink
A federated social app idea
March 26, 2021 by Noah

This is a general idea or concept I've had kicking around in my head about a way that a federated social network could work, wherein the user's own local device controls their identity rather than having a username on somebody's server.

To understand what I'm talking about, first let's run through what a federated social website even is. Briefly:

  1. Facebook, Twitter, Instagram and so on are all centralized social networks. You register a username on Twitter.com, their database holds your profile and user information, and you can follow and talk to other Twitter users that are on the same website. But from your Twitter page you can not comment on an Instagram post; you need to go make an account on Instagram to use their centralized social network instead.
  2. So then you have the Fediverse and for a specific example, Mastodon is a federated Twitter-like web app. It's open source, there's hundreds of servers, each run by various individuals or small companies, and you can install the Mastodon server on your own machine if you like. No matter which Mastodon server you sign up a username on, you can like, follow and comment on anybody's posts on any Mastodon server you like. I could be "@kirsle" on the "mastodon.online" server and you can be "@soandso" on the "toot.online" server and we can follow each other all the same. It's decentralized, but each server does still have their own user account base.
    • But what if my chosen Mastodon instance decides to shut down? My profile goes down with it. Sure, I can sign up on another instance but I lose all my history and gotta start over from scratch!
  3. What if there was a way to own my own profile on my local device, but still be able to interact with users on a decentralized fediverse of different servers?

How would it look? With typical websites, there's a database and everyone has a user ID in it along with their email, username, bio text and whatever other details, and each website has their own database. What if you could move that user authentication to the client side? So instead of, "I log in as @kirsle with my password, so your back-end database can attest to my identity" it's instead "I'm telling you who I am, using a profile stored on my phone and not on your database."

The technologies to make this work on the client-side apps would be:

  • Public/private key cryptography. Each user device would roll its own encryption keys, keep the private key to itself, and the fingerprint of the public key becomes your "globally unique user identity token" -- in exactly the same way that Bitcoin wallets work, or how Tor .onion hidden-service domains work, and so on. You can't spoof my public key fingerprint unless you have the exact private key that goes with it.
  • My local device holds a JSON blob of my profile data: my nickname, my avatar picture, my bio text for my profile page, and any other personal account info.
  • When my device connects to your server: I send my public key fingerprint, + my blob of personal account information, + a cryptographic signature of my account blob signed by my private key which matches my public key fingerprint.
    • When your server sees me the very first time, it could create a row in its database using my public key signature as "user ID" or w/e as needed for the server's operation, e.g., so if I create a post, the "user ID author" of the post is my public key. Or it might cache my account info to be shown in comment threads to others (for my avatar URL and display name, etc.)
    • When I come back to your site later, your site still remembers me and I still 'own' the posts I made (can edit or delete them if I want, etc.); nobody else can spoof as me unless they have my private key.
    • If I spam your server you can ban my public key signature, and I'd need to roll a new account. The landscape of spam problems on the Internet is not any different to the current status quo (ppl can just sign up new usernames...)
  • For the technically inclined: think JSON Web Tokens except each individual client app is attesting to their own identity: the client tells the server who it is, without passwords or anything, and the server just takes their properly formed message as-is and uses their public key fingerprint as user identifier for any back-end purposes.

Now, what kind of site would this support? Not a site like Twitter or Instagram where users have a timeline and you host decades worth of pictures for them; these sort of sites require too much back-end state around user accounts.

Think instead of a site more like Reddit. Reddit is a "forum of forums" with tons of sub-communities but it's all on a centralized site. Imagine instead, that instead of subreddits on one site, each subreddit was its own separate server altogether, each server operated by different individuals on the Internet?

The server only hosts the forums and comment threads, not the user profiles. The user profiles are kept with the client app. If a server disappears, only its discussions are lost, not the users too.

So with my "self-authenticated client app" I could connect to a dozen different servers, each hosting their own communities, using my own local device identity to seamlessly authenticate to each server and post messages to their boards. The long-term state of each server, then, is only to do with the forum messages and less to do with maintaining profile pages and timelines. If a particular server decides to shut down and close up shop, nothing is lost, no user accounts were centrally tied to that server, users will just find replacements for their particular community discussions.

This idea is free for grabs, I don't think there's any money to be made from it, and I wouldn't mind if somebody made it a reality, I'll probably be too lazy to develop it myself. :)

Tags: 2 comments | Permalink
Kanian/Azulian War
March 23, 2021 by Noah

The Adobe Flash Player is finally dead, and so the Flash animations I made back in high school don't play in Chrome anymore, so it was finally time to convert them to standard videos. Fortunately, there was such a thing as a "Standalone Flash Player" that could open my .swf files and it runs perfectly on Linux under Wine! So I just used vokoscreen to record the playback as a video to preserve these old animations for posterity.

The Kanian/Azulian War is the best animation I ever created in Macromedia Flash 5 when I was 15 years old. It features two classes of character I made up, the Kanians and the Azulians, going to war with each other and was inspired by various Newgrounds Flash cartoons that were popular in that era, such as Mario vs. Sonic.

Here is the Flash cartoon, featuring my awful voice acting. Read the full blog post to understand just what the f*ck is going on and who the Azulians and Kanians are, as I imagine this cartoon won't make much sense to people who weren't in my head at the time I made it.

Read more...

Tags: 0 comments | Permalink
Linux is like an old car
February 25, 2021 by Noah

There are many advantages to running a GNU/Linux operating system over something like Windows 10 (performance, privacy/lack of telemetry, security) but one under-appreciated aspect of Linux is that it's easy to repair.

It's like one of those old cars where you can pop the hood and get into the engine and repair it yourself, as compared to many of the modern vehicles out there which have sealed components and require special tools to get into and you need to take them in to a specialist.

Every operating system "breaks" sometimes. When Windows breaks, it boots in to a blue screen of death with a frowney face :( and it offers some "automated troubleshooting tools" which never work. They just spin for a while before saying: sorry! And how do you even begin to fix something like that? What if "Safe Mode" doesn't even load up?

For a specific example, it's been an annual tradition for me that my Windows 10 install gets "stuck": it can not install the new Windows 10 update due to "reasons" that it can't troubleshoot away. It'll do the whole pomp and circumstance: reboot, attempt to install, fail, roll back install, reboot, and tell me how it failed. Only to keep retrying every time I reboot from that point onwards. And I'm a rather light user of Windows (perhaps too much so), I rarely boot into it and even then only to play a few games like Skyrim.

Linux "breaks" sometimes, too, and maybe one day it doesn't boot into the graphical desktop because your nVIDIA drivers got borked somehow or your WiFi stops working after an update. What do you do? First, you can try booting into an older kernel from the bootloader menu; most distros keep the last couple of kernels as options for exactly this case.

Or you can boot into single user (text mode) and have a shell prompt logged in as root, so you can troubleshoot the issue: check log files, edit configuration, install or uninstall programs, and fix it yourself. Everything is very modular in Linux distributions, so it's hard to take down the whole thing. Very rarely is your bootloader so broken that you can't get get into a working single user mode.

Granted, this does require you to have some knowledge about how Linux works, but the great thing is there's lots of good documentation out there. Just google for "your distro name + thing you want to do". The Arch Wiki is great no matter which distro you run, though some small details may differ if you're using Fedora or Ubuntu, so prefer the wiki closest to your own distro of choice. Information from the Debian Wiki and Fedora Wiki tend to be broadly applicable to other Debian and Fedora downstream distros, like Ubuntu and CentOS.

Some of the most important skills to learn that gets you 90% of the way to fixing a broken Linux OS:

  • Get comfortable with the command line. It's not so scary, and it's so efficient I find myself using one quite a lot even when I could have done the same steps, much more slowly, using the GUI.
  • Firsly: learn about Ctrl-Alt-F1 through Ctrl-Alt-F7 (or so). On most Linux distributions these key combinations swap between several Virtual Terminals (text mode login screens). Usually, F7 or F6 is where your graphical desktop is running so you can switch back to that. Sometimes, if your GUI freezes solid, you can Ctrl-Alt-F1 into a text mode shell, log in, check running processes and maybe fix it yourself without a hard power-down, or if all else fails, run a graceful sudo reboot.
  • Learn how to use your bootloader (usually grub2) and boot your system into single user mode. On Fedora this is editing the kernel arguments to add the word "single", it may vary from distro to distro.
  • Learn about "Run Levels" and how to switch between them. Notable Run Levels include "single user text mode", "networked text mode" and "graphical desktop" and switching them may vary by whether your distro runs SysVinit or systemd.

In single user mode, basically only the Linux kernel and bash command line shell need to work, and it's very difficult for these to fail. No networking services start, no graphical desktop starts, and all video cards support text mode output regardless of any driver issues.

I basically never have to reinstall a Linux OS from scratch to fix any problems, and the times when I did, it was because I messed up and I learned to respect root privileges and double-check my commands. 🤣

Tags: 0 comments | Permalink
Spiritual awakening in practical terms
February 19, 2021 by Noah

or: 6 tangible ways that my personality suddenly shifted in 2018.

When people hear the words "spiritual awakening" they think of woo-woo magical things like Buddhism and enlightenment. But really a spiritual awakening can be explained in practical, ordinary terms as a moment in your life where you suddenly get a new outlook on the world.

In a spiritual awakening, you may suddenly realize that life is inherently meaningless, but that this is somehow a very freeing insight because it means you can create your own meaning. You don't have to be who you're expected to be but are free to be who you want, and you don't care what others think because you're also not even thinking about them. Or maybe a near-death experience, or grappling with your own mortality can trigger an awakening. It's really the same stuff: you'll be gone and all of your accomplishments forgotten, so what really matters in the world, what are we doing?

I had my spiritual awakening in early 2018, and in very practical terms, a lot of things changed in my personality quite suddenly:

  • I stopped judging others. We're all just humans and we have our strengths and weaknesses and none of us is objectively better than the rest of us. Live and let live. We're all just silly hairless apes trying to figure it all out.
  • I don't take myself so seriously anymore. This I think comes generally with age, you pick your battles more carefully and don't sweat the small stuff. And it's all small stuff.
  • I no longer look anxiously toward the future. It isn't here yet, and when it does get here, I'll be able to handle it. I've handled everything else in life so far.
  • I don't dwell too much and regret my past. I'm always free to change my habits and pick up a new hobby. The past doesn't drive me; it all starts now.
  • I'm very slow to anger. I may not control what happens to me, but I am in control of my emotions, and my emotions can quite figuratively be the difference between heaven or hell on earth when I see it all through the lens I choose.
  • I consciously live my life now. Almost everything in life requires consent, and I stopped saying yes all the time and getting myself into life situations I didn't desire. And yes, that also means I'm free to consciously choose to waste some time with videogames once in a while, because time enjoyed is not time wasted.

But a BIG one is that I feel free to just not take the whole Human Game too seriously. What's the Human Game? It's all of the traditions and social norms we humans have come up with. The life plan of birth, marriage, kids, retirement; gender norms; the "9 to 5" work week; the scourge of social media on society; basically everything we do to distract ourselves from the fact that nobody knows what the fuck is going on or why the universe even exists at all.

It's all optional. You don't need any of it. You play along with the game because you find it fun for now. But it's just a ride. Some choose to go sit on top of a mountain for the rest of their days.

Since 2018 I've been more consciously choosing which parts of the game I play, and not worrying about the rest of it. I've been "de-googling" and don't, or can't, use many popular social networks or messaging apps. Not as many people can message me anymore, but that's just fine for me as an introvert. I can only manage so many relationships anyway, and the people who put in the effort to keep in touch are the ones worth keeping around.

Having 500 friends on Facebook never meant I had 500 friends.

But what is it like?

Now, when somebody goes through a spiritual awakening, a common side effect is that they get some crazy thoughts in their head. They may then go down rabbit holes of woo-woo magical nonsense, which all suddenly takes on a lot more meaning, in search of answers, but I think there are no answers. Just people who've experienced something ineffable that escapes language, and they came up with lots of symbols and stories to try and communicate the feeling. None of it makes any sense until it does.

I can't describe what it feels like, just the practical effects it had on me in real life. And I'm not really out to 'convert' anybody, either, as I know that everybody is already where they need to be right now and everybody wakes up at their own pace. Maybe your spirit wants to experience what it's like to be you for a while before you can wake up and take the wheel. There's no words anybody could write that would 'pop your bubble', and when people try, that's how you get religions and spiritual woo-woo nonsense.

So be nice, have fun, and don't sweat the small stuff.

And it's all small stuff.

Tags: 2 comments | Permalink
Why I don't use Signal
February 10, 2021 by Noah

Signal is an end-to-end encrypted messenger app for smartphones that has been recommended by the likes of Edward Snowden and has seen an especially large influx of new users in recent months who are suddenly more concerned about Facebook or other tech companies reading or censoring their chat messages.

It's a fairly good app for what it does and it would probably fit the needs of your "average user" very well, but it doesn't work well for my needs and I still use Telegram in its place.

Now, I would like to use Signal instead of Telegram, because Signal's technology is more sound and the chats are truly end-to-end encrypted (where Signal Co. would be incapable of reading my chats even if they wanted to). Telegram in comparison uses some home-made cryptography (and you should never roll your own crypto) and their chats are not end-to-end encrypted by default, but Telegram does have some good quality-of-life usability features that makes it more appealing to me than Signal for now.

Read more...

Tags: 1 comment | Permalink
Work Naked Day
February 5, 2021 by Noah

Apparently, Work Naked Day is a thing and it's today (first Friday of February).

...not that I really need an excuse to work naked.

I don't widely publicize it, on this blog especially, but one of the two major 'pillars' of my life (in terms of years invested), apart from chat bots and RiveScript is that I'm a nudist. I like to go naked around the house or (outside of pandemics) go to social nude events; it's not even a sexual thing, but about the freedom of not wearing clothes and all the benefits that come with that (body positivity, fostering good community in a social context, etc.)

In my ideal world, nudity would be normalized and you could be able to drive to the office and work naked and for others to not even really notice or care, and treat you the same as they do when you wear any other random outfit for the day. I have dreams about this exact situation sometimes, and they're always nice. Everybody has naked dreams, many find such dreams embarrassing, but not me -- my dream characters don't care and neither do I; apart from my clothing (or lack thereof) the 'story' of the dream is all the same as normal.

I'm also interested in spirituality topics in recent years, and a thing I often hear from people in those circles goes like this:

"The reason you don't know what you want is because you already have it."

I want to be able to work naked, and -- though it isn't exactly the way I envisioned it -- I already can. I've been working full-time from home since even before the pandemic, and with nobody here to see and with no risk of an HR complaint, I can work naked if I want to. For the odd video call I can throw on a T-shirt and "Donald Duck it" and otherwise get to work in the way that feels the most comfortable for me.

Tags: 1 comment | Permalink