Yubikey & PAM

之前没看懂 PAM 怎么用,今天重新看了一下pam(8),打算搞好之前想弄的 yubikey 解锁桌面。

pam(8)的结果:这在说什么?

看了一篇讲 PAM 的博客:噢,我明白了(没有懂),甚至应该修改 /etc/pam.d下的哪一个文件都不清楚。

还是另一篇博客让我豁然开朗。

先在 Arch Linux 上安装yubico-pam包。

然后修改/etc/pam.d/system-auth,将下面一行添加到 auth required pam_unix.so ... 那一行的前面。如果添加到后面的话,还会先调用 pam_unix.so 来索取密码,而且失败了就失败了,并不能 fallback 到 Yubikey 登陆,然而将 sufficientpam_yubico 放在最前,当 yubikey 验证成功了就一定成功。

如果写的是 required 而不是 sufficient ,结果就是不仅要 yubikey 验证成功,而且还要接着再输一遍密码,相当于倒过来的二步验证。

auth sufficient pam_yubico.so id=<yubikey API id> authfile=/etc/yubikeys

这样就大功告成了!现在 sudo,解锁屏,登陆都可以用 Yubikey 一摁完成了!

当然,如果 KDE 的用户

  • 只想用它解锁屏,就把这一行放到 /etc/pam.d/kde 里的对应位置,注意当前用户需要有 authfile 的读权限,否则无法使用
  • 只想用它登陆,就把这一行放到 /etc/pam.d/sddm 里的对应位置

如果只想用 yubikey 登陆 console (估计没有这样的人),就把这一行放到 /etc/pam.d/login 里就行了,ssh类似,大概。

而如果想离线也能验证,或者嫌在线验证时间过长的话,就换用 challenge-response 模式就可以了。具体见 Yubico 官网的相关页面,就懒得再翻译一遍了。设置好之后甚至连一摁都不需要了。

Arch Wiki 关于 Yubikey 的条目可以说比较混乱,而 Fedora Wiki 的页面则较为简洁直白,可以作为参考。

顺便一提,也是 Fedora Wiki 告诉我有 modhex 这种东西。 Yubikey 作为键盘输入,它只会向机器发送键盘扫描码,机器再将其转换为按键。因此 Yubikey 不能控制键盘的 layout ,也就导致如果随意输入,在不同的键盘 layout 上可能会输出不同的字符。比如QWERTY的Y,在德语键盘上就成了Z(它交换了Y和Z),而在日语键盘上差不多就是假名 N (说差不多的意思是在假名输入下才是 N)。因此 Yubikey 选择了那些在任何键盘 layout 下都不会变的16个字符,用以表示16进制数,这就是 modhex 。

请关掉假名输入!不然そそそそそそりこはすいきまにすこまきましすいりそなままりこのかいそひひしきのにすきしのき

中断

今天读了一篇关于硬件中断,以及如何用 PIC 处理的博文,因为没怎么看懂,就不翻译了。

玩蛇?玩个蛇皮!

Arcaea 潜力值终于上 9 了,或者说,才上 9 。啊……

慢慢来吧。

Comment and share

Computer Architecture

  • Cache Optimization
    • Lower 3C:
      • +cache block size -> -compulsory -> +conflict
      • +cache capacity -> -capacity caused misses -> hit time
      • +associativity -> +parallel comparison
    • Lower cost of cache miss:
      • multi-layer cache(victim cache)
        • global miss rate vs. local miss rate, AMAT
        • If L2 cache is much larger than L1, the global miss rate is close to that with a single level cache of L2’s size
        • placeholder
    • placeholder
      • Small and simple first level caches
      • Critical timing path:
      • Direct-mapped caches can overlap tag compare and transmission
      • placeholder

Programming Languages

Refer to this page.

Since in OCaml the content of a function is not evaluated in its definition, the approach could be used to create lists with infinite length.

type 'a list = Nil | Cons of 'a * (unit -> 'a list);;

The good thing about it is that the function is not evaluated at once, so the infinite recursion is avoided.

And there is some other utilities:

let head x = let Cons(a, _) = x in a;;

let tail x = let Cons(_, b) = x in b ();;

let rec take n x = match n, x with
| _, Nil -> []
| 0, _ -> []
| n, Cons(h, tf) -> h :: take (n-1) (tf ());;

let rec drop n x = match n, x with
| _, [] -> []
| 0, x -> x
| n, Cons(h, tf) -> drop (n - 1) (tf ());;

let rec fmap f x = match x with
| Nil -> Nil
| Cons(h, tf) -> Cons(f h, fun () -> fmap f (tf ()));;

Note that () is of type unit in OCaml, not () in Haskell.

And we can have something like 1... now in OCaml:

let rec toinf = fun x -> Cons(x, fun () -> toinf (x + 1));;

Or better, some Fibonacci series:

let rec fib = fun x y -> Cons(x, fun () -> fib y (x + y));;

Argh.

This one, though it looks elegant, would run slow.

let rec toinfslow x = Cons(x, fun () -> fmap ((+) 1) (toinf x));;

Imagine: you get 20 in toinfslow 10 by adding to it 1 ten times.

And a even slower Fibonacci series:

let rec fibslow x y = Cons(x, fun () -> Cons(y, fun () -> sum (fibslow x y) (tail (fibslow x y))));;

Go with take 40 (fibslow 1 1) and you would not get the result as fast as the first one.

OCaml has a lazy module that would delay the evaluation of the expression, and also cache the result. So a lazy list would be faster after calculating once.

About Hacking Conferences

Chinese government has banned its security researchers from participating foreign security conferences this year, and Pwn2Own on Mar. 12-14, which Chinese dominated for years, was impacted by this new policy. And Zhou Hongyi, chief executor of 360, has previously stated that these loopholes ‘should remain in China’.

Learning Kana Input…

ろぬふあう えおやゆよ わほへ ` 1 2 3 4 5 6 7 8 9 0 - =

たていすか んなにらせ ゛゜む q w e r t y u i o p [ ] \

ちとしはき くまのりれ け a s d f g h j k l ; ’

つさそひこ みもねるめ z x c v b n m , . /

Use shift key for smaller kana. E.g. ゃ is entered with Shift + 7.

Misc

Was yea erra hymme sarla yorr.

About Vocaloid

  • Kemu was probably once troubled by Suzumu, a member of Kemu VOXX, and who had a similar style. Kemu came back with Haikei Doppelganger in 2017, which possibly refers to Suzumu.

  • After the admitting the ghostwriting of some of his songs, Suzumu announced that he would retire from making vocaloid songs in 2017. Which means the Bookmark of Demise Project stopped without ending.

  • Mafumafu is said to had bad terms with Suzumu, which brought a lot damage to him.

  • Powapowa-P, a.k.a. Shiina Mota, deceased at 20, with a red pen. The cause of his death was not revealed.

  • Samfree died at 31 from illness. Recommend his Promise, although a lot may have already known it from Project Diva.

Comment and share

Records from 3/29 to 4/2

To be filled…

Facts about SQL

  • MySQL does not support data integrity check(that is, it parses but ignores CHECK constraint).
  • MariaDB was the same but started implementing it since 10.2.
  • PostgreSQL is likely to support this feature.

Facts about Arch Linux

  • Arch Linux has only in its official repo MariaDB 10.1 because of this.
  • updpkgsums is a command line tool to update the checksums in the PKGBUILD file.
  • Running makepkg with -s would install the dependencies for it, and -i would install the package built.
  • trizen, aurman are also AUR helpers, the same as yaourt, pacaur.

Facts about CentOS 7

  • It uses Linux 3.10.
  • The packages in EPEL can be very old as well.
  • The lttng package in EPEL is ver 2.4.

Fact about Oracle

It sucks.

Facts about Input Methods

  • The author of Flypy(http://www.flypy.com) is stingy about the double pinyin scheme they created – they haunt every developer of an input method which make Flypy available – either as preset or configurable afterwards – without their authorization.

  • Rime, GBoard, and MS IME seem not (yet) in trouble.

  • The author of Flypy criticized others’ approach to tackle zero-consonant characters(‘a’, ‘er’, ‘ou’, etc.) from their perspective. Flypy uses the first and the last letter of the syllable(‘ee’ for ‘e’, ‘ag’ for ‘ang’, etc.), while some others allocate a specific letter, say, ‘o’, for it.(That is, ‘oa’ for ‘a’, ‘ol’ for ‘ai’ for MS).

  • A family of double pinyin derives from Ziranma, with minor differences. MS and Sogou are among them.

  • Mozc could be configured using /usr/lib/mozc/mozc_tool --mode=config_dialog, where the input mode could be switched between Romaji and Kana.

Misc

空はきれいなのに

Comment and share

Facts about Bash/Dash/sh

  • Arch Linux uses Bash(Bourne Again Shell) for POSIX shell (/bin/sh)
  • When Bash is called with sh, it tries to emulate the POSIX shell
  • Dash is POSIX compatible, making it Bash incompatible.

Facts about of V-Table

In C++, the virtual table pointer is located in the head of the class instance.

The virtual table is a table of pointer to virtual(overridden or not) functions.

Therefore, to invoked these virtual methods, a mechanism called thunk(a jocular form of think) is needed. It means doing something before the actual function is called. And functional language relies largely on this mechanism.

Fact about Zeromq

  • It is a distributed communication library.
  • It sits on top of the TCP/IP layer, means the possibility is huge that it sends message by syscalls like send.

Facts about lttng

  • Means Linux Tracing Tool, next generation
  • In Artful repo, for older Ubuntu versions, go to ppa:lttng
  • Can be used to trace syscall, or even user application(need to write code into the program)
  • babeltrace could be used to translate the file.

Facts about Ubuntu

  • The life span of Zesty(17.04) has ended in Jan. 2018. Artful will meets its end in Jul. 2018.
  • The life span of non-LTS versions is 9 months.
  • 18.04 is called Bionic, will upgrade later

Facts about Opam

The package manager of OCaml. Not a kind of mineral.

Facts about type algebra

Refer to this page.

The type could be expressed in an algebra-like manner:

0: None type, there is 0 way to construct an empty type object

1: Singleton

2: Two ways to construct the type, boolean type is an example

$+$: Sum type, the object of type $a+b$ could be either type a or type b, but not both, there are exactly $a+b$ ways to construct the object. Injection is used to construct an instance, if it is called an instance.

$\times$: Product type, the object of type $a\times b$ is a combination of an object of type a and one of type b. OCaml adopts this notation, an constructor applied to type $a\times b$ is written as Foo of a*b.

And as a surprising yet unsurprising coincidence, the sum and product obey the rules:

Communicative: $a+b=b+a$

Associative: $a+(b+c)=(a+b)+c$

Distributive: $a\times(b+c)=a\times b+a\times c$

For recursive types like the tree, which is

data Tree a = Leaf a | Branch (Tree a) (Tree a)

The formula is:

$T = a + T^2$

Therefore, we have:

$$T^2-T+a=0 $$

$$T = \frac{1-\sqrt{1-4a}}{2}$$ (Why choose the minus sign?)

Use Taylor series, we could obtain:

$$T=1 + a + a^2 + 2 a^3 + 5 a^4 + 14 a^5 + 42 a^6 \cdots$$

And the coefficients of a are Catalan numbers.

Zippers means we could turn the pocket inside out and focus on one element in a data structure, in a way that updating the focused element , as well as moving the focus around, takes $O(1)$ time.

And we can focus on the holes of a type.

$a\times b$ has one hole of a

$a+a$ has two holes of a, that is data _, a and data a, _

It is likened to partial differentiation, for example:

$$\frac{\partial (u \times v)}{\partial a} = \frac{\partial u}{\partial a} \times v + \frac{\partial v}{\partial a} \times u$$

If $\frac{\partial t}{\partial a}$ means the hole numbers of a in t, and let the g of constant be zero, and g of other variables be one, then magic!

It can be applied to the list type:

data List a = [] | Cons a (List a)

$$L=1+aL$$, take both sides’ derivative of a, we got:

$$\frac{\partial L}{\partial a} = L + \frac{\partial L}{\partial a} \times a$$

$$\frac{\partial L}{\partial a}=\frac{L}{1-a}$$ and$\frac{\partial L}{\partial a}=L^2$. Bravo! That is the zipper type, one pointing to left and the other right.


Added 3/29:

But the same thing could not be perfectly applied to the binary tree type.

Recall, we have the binary tree type:

data Tree a = Leaf | Branch a (Tree a) (Tree a)

Then the formula is:

$$T=1+aT^2$$

The best I could get is about:

$\frac{\partial T}{\partial a}=T^2L$, and the $L$ is a list of type $2aT$.

According to LYAHFGG, the zipper of a binary tree should be something like this:

data Crumbs a = LeftCrumb a (Tree a) | RightCrumb a (Tree a)
type BreadCrumbs a = [Crumbs a]
type Zipper a = (Tree a, Breadcrumbs a)

It is easy to see that Crumbs a has a type of $2aT$ and BreadCrumbs a has a type of $\frac{1}{1-2aT}$.

But wait! That gives $T$ rather than a $T^2$ in the numerator.

Maybe we’ve just started wrong, like, we took the wrong differentiation.

That would be left for future investigation.

Misc

PEBKAC (Problem Exists Between Keyboard And Chair) is the word that describes user error.

Comment and share

Author's picture

NoirGif

A progamer.

(click me to see some )


Student(probably)