Yutaka Niibe gniibe@identi.ca

Maebashi, Japan

GNU wannabee ['gnu:be], FSIJ chairman, Debian Developer

  • Submitting a patch series to lkml

    2018-03-20T03:48:31Z via Pumpa To: Public CC: Followers

    It was more than 25 years ago, when I submitted the first patch of mine to Linux mailing list. We didn't have lkml yet at that time.

    Things have been changed a lot sice then, but I believe that I found a long standing bug.

  • Emacs crashes X

    2018-02-28T02:32:34Z via Pumpa To: Public CC: Followers

    I was bitten by this bug: https://bugzilla.freedesktop.org/show_bug.cgi?id=105169

    Emacs redraw caused this issue. I installed experimental mesa libraries.

  • FQDN

    2018-01-27T00:57:11Z via Pumpa To: Public CC: Followers

    Upgrading to stretch, I found that it's better to use FQDN for /etc/hostname (for exim4, at least).

    Practice changes in time.

    McClane likes this.

  • Spectre & Meltdown

    2018-01-10T04:41:45Z via Pumpa To: Public CC: Followers

    I found their names in the author list. Since 2013, they sent us (GnuPG team) several side channel attacks.

    Now, it's not an application, but CPU itself.

  • USB signal and USART signal

    2017-12-19T08:57:05Z via Pumpa To: Public CC: Followers

    USB full-speed is 12Mbps, USART running at 115200 bps.

  • po: msgstr entries with unmatched %-format string

    2017-12-19T02:34:16Z via Pumpa To: Public CC: Followers

    The problem of GnuPG key generation only for Japanese was reported: https://dev.gnupg.org/T3619

    It is due to unmatched %-format in msgstr (in po/ja.po).

    This kind of bug can cause DoS targetted to a specific locale. I think that msgfmt -c should check this, too.

  • Learning Sigrok

    2017-12-11T01:29:20Z via Pumpa To: Public CC: Followers

    I develop my USB driver with no USB alalyzer or digital alalyzer. I mean, with no looking any signals on wire.

    Last week, I looked the signal using Sigrok. With my ZEROPLUS, only it can caputure three frames of USB (3ms). But I can see the transactions: command from host, response from device, seven NAKs while responding an answer.

    McClane likes this.

  • regcomp+regexec with REG_ICASE

    2017-11-10T01:43:06Z via Pumpa To: Public CC: Followers

    On GNU system, regexp \x\y\z doesn't match xyz, while \X\Y\Z does. I tested on FreeBSD, both match xyz.

    I learned that grep uses DFA, so its behavior is different.

  • GnuPG 2.2.2 released

    2017-11-07T23:06:52Z via Pumpa To: Public CC: Followers

    This time, message translation for Japanese is 100%.

    Ben Sturmfels likes this.

  • -1/12: Answer from My Imaginary Calculator

    2017-10-25T23:30:11Z via Pumpa To: Public CC: Followers

    These days, input systems based on prediction are common, even for werstern world. Perhaps, because of phones.

    It would be interesting for a calculator to adopt "prediction" feature, I considered.

    Then, the temporal output for input: $1+2+3$ is $-1/12$, before pressing '=' key?

    P.S. When my friend is teaching math in India, I am reading about Ramanujan. And I'm a fan of Euler.

  • MicroPython on ESP32

    2017-10-17T04:57:08Z via Pumpa To: Public CC: Followers

    I bought ESP32 thing and installed MicroPython.

    While the chip is only 5mm x 5mm, quite easily, I can write a script of simple web service for GPIO control through WiFi.

    I wonder if it were "MicroGNU"... Possibly, the scripting would be done by Scheme.

  • A Solution for the Emulation (of USB device)

    2017-10-05T23:38:20Z via Pumpa To: Public CC: Followers

    I decided to introduce a feature specifying VID:PID at runtime, like:

    $ /usr/local/libexec/gnuk --vidpid=VVVV:PPPP

    That is, it is the end user who will specify the VID:PID. The distributed binary won't have any VID:PID, thus, no violation (of the USB-IF member agreement) will occur when someone will distribute Gnuk binary for emulation.

    And when an end user does specify VID:PID of existing one, with her knowledge of emulation, I don't think it is violation of anything, either.


    Claes Wallin (韋嘉誠) likes this.

    As long as VID:PID cannot be copyrighted, or registered as a trademark.

    Yutaka Niibe at 2017-10-05T23:41:19Z

  • USB vendor ID for emulation

    2017-10-05T03:18:26Z via Pumpa To: Public CC: Followers

    In the USB Implementers Forum's member agreement, it says:

    Vendor ID (VID) Number. Company hereby applies for a USB Vendor ID Number and agrees to the following: The USB Implementers Forum is the authority which assigns and maintains all USB Vendor ID Numbers. Each Vendor ID Number is assigned to one company for its sole and exclusive use, along with associated Product ID Numbers. They may not be sold, transferred, or used by others, directly or indirectly, except in special circumstances and then only upon prior written approval by USB-IF. Unauthorized use of assigned or unassigned USB Vendor ID Numbers and associated Product ID Numbers are strictly prohibited.

    That's reasonable for hardware product.

    FSIJ owns a Vendor ID (234B) and uses it for Gnuk and NeuG.

    Now, I have a problem, because I'm now working for the emulation for those devices on GNU/Linux.

    The idea is to allow those who don't have hardware use "virtual" product by a program on GNU/Linux using USBIP. The problem is that we need to use some vendor ID and product ID within the program, which is not the one of hardware product.

    It is best if the program can use FSIJ's vendor ID, but it would violate the member agreement if FSIJ allows everyone to use its vendor ID for such a program.

    Claes Wallin (韋嘉誠) likes this.

    Now it works!

    $ /usr/local/bin/gnuk-emulation-setup # To generate flash image

    From terminal A:

    $ /usr/local/libexec/gnuk

    From terminal B:

    # usbip attach -r -b 1-1

    From terminal C:

    $ gpg --card-status
    Reader ...........: 234B:0000:FSIJ-1.2.5-EMULATED:0
    Application ID ...: D276000124010200FFFEF1420A7A0000
    Version ..........: 2.0
    Manufacturer .....: unmanaged S/N range
    Serial number ....: F1420A7A
    Name of cardholder: [not set]
    Language prefs ...: [not set]
    Sex ..............: unspecified
    URL of public key : [not set]
    Login data .......: [not set]
    Signature PIN ....: forced
    Key attributes ...: rsa2048 rsa2048 rsa2048
    Max. PIN lengths .: 127 127 127
    PIN retry counter : 3 3 3
    Signature counter : 0
    Signature key ....: [none]
    Encryption key....: [none]
    Authentication key: [none]
    General key info..: [none]

    Yutaka Niibe at 2017-10-05T05:05:44Z

  • Bug fix for Amelia Mary Earhart?

    2017-09-08T02:31:42Z via Pumpa To: Public CC: Followers

    It found GnuPG "make check" fails with "UTC-12":

    So far, no developers from this timezone.
    But I think that it's worth to fix for the aviation pioneer.

    Ben Sturmfels, Claes Wallin (韋嘉誠) likes this.

    Scorpio, Scorpio shared this.

  • Curve25519

    2017-09-06T23:39:52Z via Pumpa To: Public CC: Followers

    Probably, I was the worst implementer of Curve25519 ECDH (see CVE-2017-0379).

    Given the situation of libgcrypt structure, I had to use general purpose MPI routines, which was far from "constant-time".
    I had known that it killed the important point of Curve25519, which is designed to be "constant-time".

    I thought that "Still, it's better than nothing". Perhaps, this kind of attitude would not be good.

    Well, along with quick fix of the vulnerability, I also do real improvement: https://dev.gnupg.org/T3358; While this becomes better implementation, it has not yet had field specific representation. The representation is still MPI. (Original implementation of Curve25519 uses limb of 2^51 to avoid carry between limbs.)

    And... during this CVE handling, I realized that libgcrypt from Fedora/RedHat doesn't support Curve25519, because of ECC patent fear. It only enabled in the development version recently.

    George Standish, Christopher Allan Webber likes this.

    Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠) shared this.

    I didn't know you worked on libgcrypt... thank you for the work! What an important project!

    Christopher Allan Webber at 2017-09-07T00:03:06Z

    George Standish, Yutaka Niibe likes this.

    The bonus for the library developer is that I can learn its usage; I learn git-crypt and pidgin-openpgp can use Curve25519 encryption (along with gpg+enigmail) by the paper of the attack:

    Yutaka Niibe at 2017-09-07T02:17:28Z

    ... in the development version recently.

    I wrote this based on this comment:


    But it seems that Curve25519 is already available in F26, with libgcrypt-1.7. If so, security fix by libgcrypt-1.7.9 should be used.

    Yutaka Niibe at 2017-09-07T11:26:42Z

  • 1984 and 2017

    2017-09-05T06:41:27Z via Pumpa To: Public CC: Followers

    I remember that the Soviet Union was considered to be a threat for Japanese. I was afraid of their (nuclear) weapons.

    On the other hand, it seems that nobody is serious against North Korea, these days.

    I wonder why.

    Maybe because their leader is seen as a clown (which he is). But it's a very dangerous clown nonetheless.

    And now this clown is playing the threat game with another particularly orange, and also dangerous clown.

    I think there are plenty of reasons to be afraid.

    JanKusanagi at 2017-09-05T13:38:01Z

    Claes Wallin (韋嘉誠), Yutaka Niibe likes this.

    "Clowns to the left of me, Jokers to the right, Here I am, stuck in the middle with you..." :-/

    Charles Stanhope at 2017-09-05T14:41:19Z

    Yutaka Niibe likes this.

    North Korea is super scary *because* he is a clown and because the other clown is doing nothing but egging him on.

    Claes Wallin (韋嘉誠) at 2017-09-08T07:05:54Z

  • libgcrypt 1.8.1 released on Sunday

    2017-08-27T09:42:53Z via Pumpa To: Public CC: Followers

    That's because to fix CVE-2017-0379.

    These days, the title of papers are too good.

  • Stuffed penguin with egg

    2017-08-16T07:29:23Z via Pumpa To: Public CC: Followers

    My daughter lost her stuffed penguin (with egg) around E77 at YYZ or the flight AC005.

    I wrote to aircanada.com.

    Like this one

    She said that she bought it at biodome, Montreal.

    I got reply from aircanada, which suggested to contact lost+found by thier "web chat" system.  Thus, I told that it didn't work, that's the reason why I wrote by email.

    Their web pages has been fixed to remove links to the "web chat" system.  That's the improvement.  But I don't know they accepted my request to forward my message to lost+found.

    Yutaka Niibe at 2017-08-24T01:54:03Z

  • Demonstration by family

    2017-08-11T20:13:31Z via Pumpa To: Public CC: Followers

    We had a talk in Debconf17: Link

    George Standish likes this.

  • For Cat Babe

    2017-08-03T00:26:47Z via Pumpa To: Public CC: Followers

    Someone found that my fingerprint of PGP (RSA) can be read as: For Cat Babe (0x4ca7babe)

    It is not intentional, but it's good when it is easy to remember. It's sad that 32-bit is not enough to distinguish a key these days, though.

    Here, we have a dog, but no cat. Since she became older, she has tendency to stay inside. We accept the exception (it is unusual for our culture. You know, we take off our shoes when we enter inside).

    Claes Wallin (韋嘉誠) likes this.

    easy to remember

    McClane at 2017-08-06T10:53:03Z