Diné Bizaad Bínáhooʼaah Notes
Created by Steven Baltakatei Sandoval on 2023-02-01T09:31+00 under a CC BY-SA 4.0 license and last updated on 2023-02-03T00:03+00.
Background
In 2023-01, I decided to purchase a copy of "Diné Bizaad Bínáhooʼaah = Rediscovering the Navajo Language" to aid me in my studies of the Navajo language. I had tried out the Navajo lessons of Duolingo and found them problematic when it came to anything more complex than memorizing vocabulary (especially regarding verb conjugations).
So, as I read through it, I will record notes on this web page that I think other readers may find useful.
Stats
- Title: Diné Bizaad Bínáhooʼaah = Rediscovering the Navajo language : an introduction to the Navajo language
- Authors:
- Evangeline Parsons Yazzie
- Margaret Speas
- Editors:
- Jessie Ruffenach
- Berlyn Yazzie (Navajo)
- ISBN: 978-1-893354-73-9
- OCLC: 156845819
- Edition: 1st
- Printing: 3rd
- Publisher: Salina Bookshelf, Inc.
- Location: Flagstaff, Arizona
By page
Page xvii
The following hyperlink:
http://www.swarthmore.edu/SocSci/ifernal1/nla/halearch/halearch.htm
is not valid as of 2023-02-01
. Searching pages under the
swarthmore.edu
domain yields this page which likely contains the
material referenced (i.e. "If you are not sure how this can be done
for Navajo, we suggest that you consult the materials on Situational
Navajo, by Wayne Holm, Irene Silentman and Laura Wallace, available
for download…"):
https://fernald.domains.swarthmore.edu/nla/halearch/halearch.htm
This page and one level of outlinks has been saved via the Internet Archive here.
Page 3
The consonant ʼ
The glyph used in the text to encode the consonant named "glottal stop" appears to be the glyph that is MODIFIER LETTER APOSTROPHE (U+02BC) or RIGHT SINGLE QUOTATION MARK (U+2019) in Unicode.
However, due to widespread input method limitations, the ASCII character APOSTROPHE (U+0027) is often used instead.
The text addresses this:
You probably wonder why an apostrophe has been added to the list above. The letter that looks like an apostrphe is called a glottal stop. A glottal stop is a consonant. We will talk about the glottal stop in the section below on consonants.
In Navajo, the glottal stop is a consonant in the same class as
k
orx
which each have their own dedicated glyphs. A rational typesetter would not use MULTIPLICATION SIGN (U+00D7) (×) instead of LATIN SMALL LETTER X (U+0078) (x) even though both use similar glyphs.So, the question arises of whether to use MODIFIER LETTER APOSTROPHE (U+02BC) or RIGHT SINGLE QUOTATION MARK (U+2019).
Regarding the difference, the Unicode Standard 15.0 (PDF) has this to say in its General Punctuation section of Writing Systems and Punctuation:
Apostrophes
U+0027 apostrophe is the most commonly used character for apostrophe. For historical reasons, U+0027 is a particularly overloaded character. In ASCII, it is used to represent a punctuation mark (such as right single quotation mark, left single quotation mark, apos- trophe punctuation, vertical line, or prime) or a modifier letter (such as apostrophe modi- fier or acute accent). Punctuation marks generally break words; modifier letters generally are considered part of a word.
When text is set, U+2019 right single quotation mark is preferred as apostrophe, but only U+0027 is present on most keyboards. Software commonly offers a facility for auto- matically converting the U+0027 apostrophe to a contextually selected curly quotation glyph. In these systems, a U+0027 in the data stream is always represented as a straight ver- tical line and can never represent a curly apostrophe or a right quotation mark.
Letter Apostrophe. U+02BC modifier letter apostrophe is preferred where the apostrophe is to represent a modifier letter (for example, in transliterations to indicate a glottal stop). In the latter case, it is also referred to as a letter apostrophe.
Punctuation Apostrophe. U+2019 right single quotation mark is preferred where the character is to represent a punctuation mark, as for contractions: “We’ve been here before.” In this latter case, U+2019 is also referred to as a punctuation apostrophe.
An implementation cannot assume that users’ text always adheres to the distinction between these characters. The text may come from different sources, including mapping from other character sets that do not make this distinction between the letter apostrophe and the punctuation apostrophe/right single quotation mark. In that case, all of them will generally be represented by U+2019.
The semantics of U+2019 are therefore context dependent. For example, if surrounded by letters or digits on both sides, it behaves as an in-text punctuation character and does not separate words or lines.
So, according to its standard, the apropriate Unicode character to use for glottal stops in the Navajo language is MODIFIER LETTER APOSTROPHE (U+02BC) (ʼ).
Before 2023-02-02, I've recommended use of RIGHT SINGLE QUOTATION MARK (U+2019) (’) primarily as a means to get away from using the "overloaded" character APOSTROPHE (U+0027) where reasonable. However, going forward, I'm now recommending U+02BC instead.
Input methods designed for the Navajo language should dedicate an entire key to MODIFIER LETTER APOSTROPHE (U+02BC) (ʼ) as it would for the ASCII letter LATIN SMALL LETTER K (U+006B) (k).
In summary,
ʼ
is the glottal stop consonant, not'
.
See Also
Wikipedia articles exist for the authors:
Libro.fm Recommendation
Created by Steven Baltakatei Sandoval on 2023-01-04T15:26+00 under a CC BY-SA 4.0 license and last updated on 2023-01-04T21:11+00.
Background
I enjoy listening to audiobooks. I first began listening to them regularly in 2010 upon my return to Stanford University after serving a 2-year mission for the LDS Church in Panamá. The iPhone had come out while I had been out of the country (I still remember seeing my first iPhone at an electronics shop in David, Chiriquí; I was amazed by how reponsive the operating system was to touch screen input when resizing photographs via the novel "pinch and zoom" mechanic.); I didn't purchase an iPhone immediately (I think I would use a fliphone until purchasing an iPhone from AT&T after I left college), but I did purchase with my allowance from my father an iPod Touch which was basically an iPhone without a SIM card slot. I bring up the iPod Touch story because I believe I used its portability and Audible–iTunes integration allowed me to listen to audiobooks while away from my desktop computer. Audible was the first company I purchased audiobooks from; I would continue using it until 2022.
Before I left Audible
I listened to Audible's audiobooks for about 12 years (2010/2022); these were encrypted by Digital Rights Management (DRM) schemes that inhibited copying. I had not yet learned the importance of using Free/Libre Open Source Software (FLOSS) formats (I wouldn't stop regularly using Windows until I purchased my first dedicated Debian GNU/Linux workstation from Think Penguin in 2018). Therefore, I spent thousands of USD over time buying audiobooks. Audible's feature of allowing me to download and listen to audiobooks indefinitely (from their servers and using only their closed-source apps) kept me satisfied. Even today, in 2023, I'm fairly certain I could install the Audible app from the Google Play store and download every audiobook I have "purchased" from them.
I believe my first misgivings about using Audible were when I realized in transitioning to using FLOSS that I couldn't listen to my audiobooks. In 2018 I would have had to use my Android smartphone or my Windows machine since Audible published their software for use on those platforms. There is no official Audible player in the Debian repository. I can't open an encrypted Audible file in ffmpeg on my Debian machine to compress it; I'd have to use a janky daisy chain of audio inputs and output devices to even be able to do automatic speech transcription in case I wanted to search what I was listening to at a later time. Still, that wasn't enough activation energy to get me to leave Audible until 2022.
The thing that triggered my departure was something mundane: a billing misunderstanding. At some point I had failed to realize that my Audible credits did not roll over from year-to-year. In the beginning, I didn't realize that such a policy existed since I generally used up my platinum subscription credits immediately, especially when I drove a long commute during 2011/2018 in the mostly featureless landscape of southern Utah. After I resigned from my commuting job and I wasn't forcing myself to drive two hours a day (nearly 10% of my life) anymore, I found myself listening to Audible audiobooks less. By the time 2022 rolled around, I hadn't checked my Audible app in months. It was in late 2022-03 that I realized that my credits regularly had been expiring instead of accumulating. A background daydream that I would one day buy a long audiobook series on Audible all at once was dispelled. I decided to leave.
The interm
I decided that if I were to return, it would be if I could guarantee my audiobooks were DRM-free. For some months in 2022 I subsisted on podcasts such as Opening Arguments (for law explanation by a lawyer), Citation Needed (for comedic takes on various Wikipedia articles) and Security Now (to be aware of IT-specific news). In the past I knew that it was possible to download audiobooks directly from authors if authors took the effort to do so; for example, in late 2020, I purchased DRM-free copies of Cory Doctorow's books Radicalized (2019; WorldCat) and Attack Surface (2020; WorldCat), paying him via PayPal and receiving a download link to DRM-free zip files containing unencrypted audio files. A friend recommended I use AudioAnchor, an F-Droid app designed to facilitate audiobook listening on an Android phone; it worked great. However, Cory Doctorow is only a single author; I wanted a DRM-free audiobook vendor.
Libro.fm: My new audiobook source
In late 2022 I discovered Libro.fm via a blog post by Cory Doctorow on boingboing.net talking about how Google launched a DRM-free audiobook store. In background that he provided, I latched onto some DRM-free audiobook store recommendations that he made, including Downpour and Libro.fm. I poked around both Downpour and Libro.fm and found that I liked Libro.fm best. I bought How To, by Randall Munroe, and Klara and the Sun, by Kazuo Ishiguro.
Since then, I've purchased various titles including:
- What We Owe the Future by William MacAskill
- The Silver Ships series (minus the first book since that's an Audible exclusive, but it's pulp sci-fi so, no book is really that critical to the entertainment)
- American Crusade by Andrew L. Seidel
- What If? 2 by Randall Munroe
- Educated by Tara Westover (from Obama's 2019 summer reading list)
- Seveneves (a book I already purchased on Audible back in 2015 but I really wanted a copy I could preserve)
- Artemisa por Andy Weir (spanish version of Artemis)
- El marciano por Andy Weir (spanish version of The Martian; Andy Weir's works in english seem to be Audible exclusives, so those two years walking around Panama didn't go completely to waste =P)
- Proyecto Hail Mary (spanish version of Project Hail Mary)
- NPCs by Drew Hayes (some Dungeons and Dragons-themed comedy)
I noticed that Libro.fm lacks the selection of Audible. For example, it doesn't carry my favorite Terry Pratchett novel Small Gods (1992) but it does carry recent titles of his such as Snuff (2011) and The Shepherd's Crown (2015).
Aside: DRM piracy
I imagine the main reason why Audible chooses to restrict access to their audiobooks via DRM is: piracy. Some people, when they get their hands on an unencrypted digital file, share it with others. Digital copies can be manufactured at basically zero cost but commercial publishers like Audible grew rich on profit margins on production and distribution costs; books had mass which incurred costs upon which a percentage fee could be applied at the final sale; when the distribution cost fell to zero, instead of becoming like Apple and the music industry in 2006 and simply selling songs at 0.99 USD each, they chose to require customers to run secret software that would decrypt books at the point of consumption. That isn't to say that all music Apple sold wasn't locked by DRM; many were. But the point of my retelling this history is to point out that DRM is not required to make money.
Services such as Libro.fm sell audiobooks without DRM. No special software is required to play the audio. It's true that I could upload these files to some server and share them with my friends. However, what I think keeps most people from doing so are issues of trust and effort. Downloading and double-clicking on files you download from the internet is a fast way for the average user to corrupt their computer with malware. A sort of natural selection process of behaviors is at work. Behaviors that result in broken computers due to downloading and running files from unknown sources are seen as destructive and the sites involved avoided. Behaviors that result in non-broken computers and a simple high quality experience are seen as good. Some people dedicate time to master the esoteric computer science techniques of verifying cryptographic digests, preserving their anonymity via onion routing, maintaining a firewall around their home networks, and regularly updating their software with the latest security updates; these people can be effective pirates. However, with all those skills they can also become effective software developers and make money that they can spend at places like Libro.fm or Downpour.com to save themselves the trouble of having to bypass DRM restrictions in the first place. The real valuable service DRM-free audiobook vendors can provide is two parts:
- Files are guaranteed to be available for fast download.
- Files are guaranteed not to be malicious.
With piracy to safely avoid DRM media, a user might expect to spend anywhere between an hour to weeks identifying and downloading media that might be a trojan horse. With DRM-free vendors, a user can expect to spend a few minutes with a commercial guarantee of the product's authenticity. When you use Audible, you form an on-going contract that Audible can end at any time, resulting in your "purchases" becoming unusable noise. When you use Libro.fm, Libro.fm can't retroactively make files they sold me unusable; without DRM, there is no mechanism for controlling user behavior. A principle of Free/Libre Open Source Software is the avoidance of such methods of control in order to grant the user freedom.
Conclusion
Although lacking in selection, Libro.fm surpasses Audible in the fact that money I spend with them results in audiobooks that I can preserve forever without worrying about finding an app to verify I have a license to download some decryption key. This is why I'm redirecting my cash flow towards DRM-free vendors.
Copyright
"A tower of used books - 8443" by Jorge Royan is licensed under CC BY-SA 3.0.
Inactive on Twitter
Created by Steven Baltakatei Sandoval on 2022-11-10T20:14+00. under a CC BY-SA 4.0 license and last updated on 2023-02-01T23:14+00.
UPDATE (2023-02-01): I think I finally managed to delete all my tweets and likes from Twitter via TweetDelete. Some previous attempts didn't quite clear everything from 2017 and earlier. I've been enjoying using my twit.social/@baltakatei account with the Tusky app via F-Droid.
UPDATE (2022-11-23): My new microblogging feed is at twit.social/@baltakatei , one of many Mastodon servers. My last Twitter post is an announcement of this migration. I chose twit.social since it is operated by Leo Laporte, the host of several podcasts and television shows I have listened to in the past and found trustworthy as far as communicating technology news. I still listen regularly to his and Steve Gibson's Security Now podcast.
I decided to not be active on the microblogging site Twitter after Elon Musk completed his purchase of the publicly traded social media company and promptly fired the CEO and dissolved the board of directors, making himself the only director. I had developed some trust of its original CEO, Jack Dorsey, back when Twitter had been the subject of discussion on Leo Laporte's This Week in Tech podcast in the last 00s. In the 2010s I decided that I would be okay publishing text on Twitter because from the get-go the site explained that what was submitted would be public; in contrast, Facebook (which I deactivated back in the early 2010s, long before Zuckerberg renamed it "Meta"), advertised privacy settings that would allow posts to be only shared with a limited number of contacts (and with Facebook employees); however, the privacy settings were complex and there didn't seem to be a default setting that would stick over time. So, Twitter's transparently public nature seems more honest. My posts would be available and there was no sign that the administrators of the site favored any particular political party; the most common reason I saw for Tweets being removed was due to threats of violence or harassment. Prior to 2022, posts to Twitter could be relied upon to remain unfiltered, provided you weren't threatening violence or spreading misinformation.
That changed in 2022 when I saw Elon Musk purchase the company, making the service his own privately owned property. Now, were I to continue to post to Twitter, I was making a public donation to Musk that he could choose to throw away like he did the company leaders that he fired. That in itself may not have been a dealbreaker for me, but he also proceeded to endorse the Republican Party which continues to rely upon the criminal President who organized the attempted coup of the United States of 2021-01-06. His tweet removed any doubt that he would turn Twitter into a tool to promote the Republican Party. Privileged mechanisms to promote his own political opinions at the expense of silencing others by leveraging his exclusive ownership of Twitter include:
- Removing user-submitted content that criticize him (as he has banned users for adopting his name and image in protest).
- Removing features from his critics (as Congresswoman Alexandria Ocasio-Cortez reported).
I admit that many people are firmly rooted in habit to use Twitter as their default social media space to remain connected to eachother. Choosing to leave Twitter for another space risks losing contact with people who have not yet left. Habitual use of Twitter is like a gravity well that requires a significant activation energy of its inhabitants to escape. However, I stand by my decision for reasons similar to those that compelled me to leave Facebook: I can no longer assume what I post will be secure from censorship.
So, what is my social media space? Without Twitter, Reddit is my default. I'd like to make use of this blog more often, although I will need to figure out a more convenient way to post content Currently, my process is:
- Author posts in Emacs Org mode.
- Export posts into Markdown text.
- Commit the Markdown text to a git repo.
- Push the commit to my reboil.com server.
- Wait for an update script to run or log into the server to run it manually.
I could probably automate all that to a single Emacs function or bash script, given enough time, in order to mimic the simplicity of microblogging. However, for now, these longer form posts satisfy me for now.
Notable Public Keys Update
Created by Steven Baltakatei Sandoval on 2022-11-10T19:06Z under a CC BY-SA 4.0 license and last updated on 2022-11-10T19:13Z.
I updated my Notable Public Keys book (PDF, git, sig, ots) to include a section on KeePassXC, a cross-platform password manager that I recommend to people who lack a password manager and want complete control of their passwords without involving a cloud service like LastPass.
How to install DWSIM 8.0.4 on Debian 10
Created by Steven Baltakatei Sandoval on 2022-07-27T21:23Z under a CC BY-SA 4.0 license and last updated on 2022-07-27T22:44Z.
Summary
These are instructions for installation DWSIM 8.0.4 onto a Debian 10 machine with amd64 CPU architecture (e.g. Intel i9 or AMD Ryzen).
Background
DWSIM is an open source chemical process simulator produced under a GPLv3 license. Although its full-featured version is available only for Windows due to most CAPE-OPEN modules usually intended to be run in Windows, the main developer Daniel Medeiros compiles and publishes a version of DWSIM that can be run in Debian 10). The following instructions may apply to other Debian-derived distributions such as Ubuntu, but some customizations may be rqeuired (e.g. a different Mono Stable repository is required between Ubuntu, Debian)
Setup
Download DWSIM Debian Installer Package
Download the DWSIM Debian Installer Package ( .deb
) file from the
website. You should get a file with a name resembling this:
dwsim_8.0.4-amd64.deb
Don't do this
Note, if you try to install the
.deb
file via the usual$ sudo dpkg -i package.deb
trick, you will get the following errors, telling you about missing dependencies (read on to solve them):$ sudo dpkg -i dwsim_8.0.4-amd64.deb [sudo] password for baltakatei: Selecting previously unselected package dwsim. (Reading database ... 237740 files and directories currently installed.) Preparing to unpack dwsim_8.0.4-amd64.deb ... Unpacking dwsim (8.0.4) ... dpkg: dependency problems prevent configuration of dwsim: dwsim depends on mono-complete (>= 6.8); however: Package mono-complete is not installed. dwsim depends on mono-vbnc (>= 4.0); however: Package mono-vbnc is not installed. dwsim depends on gtk-sharp2 (>= 2.12); however: Package gtk-sharp2 is not installed. dwsim depends on libfontconfig1-dev; however: Package libfontconfig1-dev is not installed. dwsim depends on coinor-libipopt1v5; however: Package coinor-libipopt1v5 is not installed. dpkg: error processing package dwsim (--install): dependency problems - leaving unconfigured Errors were encountered while processing: dwsim
Install DWSIM
With the .deb
file downloaded, from here it is possible to use a
script (link) I wrote to perform the remaining steps.
However, I will explain the actions it performs in case you wish to do them manually.
Enable Mono Stable's Debian 10 repository
The DWSIM
.deb
file requires themono-complete
package (version>=6.8
) that is available in a non-standard repository hosted by the Mono Project. To configure Debian 10 to download package lists and updates from this repository, run the following commands (taken from the Mono Project's download page):sudo apt install apt-transport-https dirmngr gnupg ca-certificates sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF echo "deb https://download.mono-project.com/repo/debian stable-buster main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list sudo apt update
These commands tell the operating system to trust software produced by the Mono Project and tells the system where to get future updates via
apt
.Install DWSIM dependencies
Now that the operating system knows about the Mono repository, install software from Mono:
$ sudo apt install mono-complete $ sudo apt install mono-vbnc gtk-sharp2 libfontconfig1-dev coinor-libipopt1v5
Install DWSIM
Now othat the Mono dependencies are installed,
dpkg
can be used to manually install the.deb
file:$ sudo dpkg -i dwsim_8.0.4-amd64.deb
Note: if you run this command without the required dependencies being available, you may need to explore using
$ sudo apt -f install
and related commands to fix things.
Run DWSIM
To run DWSIM, you can run dwsim
from the command-line.
$ dwsim
In order to test that DWSIM is working, here is a DWSIM 8.0.4 project file that you can download and open. It is the simple gas compressor. A screenshot of the process flow diagram can be downloaded here.
GNOME Extension: Panel Date Format
Created by Steven Baltakatei Sandoval on 2022-04-28T21:03Z under a CC BY-SA 4.0 license and last updated on 2022-04-28T22:08Z.
Background
I enjoy keeping track of the time using ISO-8601 format. It permits unambiguous big endian time indication in a sortable format. I believe the default time format used in the top bar in Pop!OS 22 (which is basically Ubuntu 22) depends upon which region the machine is configured for (e.g. "United States", or "Germany", etc.).
My default date time format is something like Apr 28 2022, 21:44
(I'm not sure because I don't care ^_^). What I really want is an
ISO-8601 date time format like 2022-04-28T21:45:33+0000
. The +0000
explicitly states the time zone my machine is configured for (UTC in
this case); this is useful in case I want to communicate the time to
someone unambiguously; knowing the time zone is required to do
so. Also, time units are sorted in descending fashion (year, month,
day, hour, minute, second) instead of the tradition-bound madness that
is US date time format (month, day, year, hour, minute, second).
One GNOME Extension that I found works for me in Pop!OS 22 is "Panel Date Format" (GitHub).
Setup
Install the GNOME Shell integration add-on for Firefox.
Go to the Panel Date Format extension page.
- Enable using the toggle switch on the top right of the page.
Go to the GitHub repository for the extension.
- Copy the
dconf
command into a text editor.
- Copy the
Modify the
dconf
command's date format string from"'%Y-%m-%d'"
to"'%Y-%m-%dT%H:%M:%S%z'"
The command I used is:
~$ dconf write /org/gnome/shell/extensions/panel-date-format/format "'%Y-%m-%dT%H:%M:%S%z'"~
Verify the change is loaded by running
$ dconf dump / > dconf_dump.txt
and searching this.txt
file for a part labelled[org/gnome/shell/extensions/panel-date-format]
. (you can also use thedump
andload
commands to automatically backup settings that use thedconf
database; I useyadm
's bootstrap function to do this automatically when automatically setting up a new Debian machine).
The date time indicator on the top bar should now look like this:
Conclusion
Using GNOME Extensions and a command in the command line, it is possible to customize the top bar date time indicator to use ISO-8601 formatting in Pop!OS 22.
Using Open Timestamps with Git
Created by Steven Baltakatei Sandoval on 2022-04-22T15:00+00 under a CC BY-SA 4.0 license and last updated on 2023-03-04T14:22+00 .
Edit(2023-03-04T14:22+00):Updated ikiwiki blog repository URL.
Summary
I learned how to configure git
to automatically create Open
Timestamps proofs whenever I sign a commit with my OpenPGP key.
Background
Although Bitcoin is mostly popular for its use as digital money, in order for it to properly function in a decentralized manner, it must also act as a timestamping service to itself. Bitcoin does this by requiring miners to mark each candidate block they produce with a timestamp; accuracy is enforced by some rules that cause a block to be rejected. These rules can be roughly summarized as:
- The timestamp must be in the future (Median Past Time rule)
- The timestamp must not be too far into the future (Future Block Time rule)
Therefore, provided that the majority of miners are honest (an assumption Bitcoin already requires), the most recent block will likely have a timestamp that can be expected to be accurate to within a few hours.
OpenTimestamps is a timestamping service and set of programs that relies upon this internal timestamping feature of the Bitcoin blockchain. Open Timestamps was created by Peter Todd, a former Bitcoin Core developer. I believe I first heard about Open Timestamps (OTS) while following discussions on the /r/Bitcoin subreddit (possibly from this thread).
The timestamp service works by having a "calendar" server program
collect file hashes submitted from client programs at the direction of
some users. The hash of each user's file(s) is integrated into a
merkle tree by the server. Then, periodically, the calendar server
will create and submit a Bitcoin transaction containing the tree's
merkle root. Once the transaction is included in the Bitcoin
blockchain, the calendar server can then provide a client with the
merkle branch leading from the merkle root to the file hash the client
submitted; the merkle branch is typically encoded in an .ots
file
created next to the hashed file; this .ots
file permits the client,
armed with a copy of the blockchain, to verify that the hashed file
existed at least as far back as the timestamp of the block containing
the merkle root.
Using OpenTimestamps (OTS)
It is possible to use the opentimestamps.org
website to create the
.ots
file using only a web browser. See the "STAMP & VERIFY" section
of the main webpage.
However, client software is also provided in the Python, Javascript, and Java programming languages. Personally, I used the Python implementation which the examples later in this blog post will reference.
Installation
On a fresh Debian-based system, the Python implementation of OTS can be installed via:
$ sudo apt install python3-pip
$ pip3 install opentimestamps-client
The ots
and ots-git-gpg-wrapper
(to be used later) executables
then should be added to the PATH
environment variable. This can be
done by adding this code to your $HOME/.profile
file (or whichever
file you use to automatically load custom environment variables;
e.g. $HOME/.bashrc
):
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
export PATH="$HOME/.local/bin:$PATH"
fi
Running source ~/.profile
(or whichever sh
file contains the above
code) will then modify PATH
. Environment variables set in your
current shell can be found by running $ printenv
.
OTS CLI Usage
The command line interface for OTS version 0.7.0
works like this:
You want to timestamp a file named THESIS.md
. You do can do this by
running:
$ ots stamp THESIS.md
This will create a THESIS.md.ots
file adjacent to THESIS.md
.
However, this .ots
file does not contain the full merkle branch data
necessary, meaning the calendar server(s) used by ots
(several are
configured by default) will have to be contacted in order to upgrade
the .ots
file.
An .ots
file can be upgraded via:
$ ots upgrade THESIS.md.ots
If you are okay with the command waiting the (typically) several hours required for a calendar server to provide merkle branch data before exiting, then you can run this from the start:
$ ots --wait stamp THESIS.md
A .ots
can be verified by running:
$ ots verify THESIS.md.ots
In any case that results in downloading a proof from a calendar
server, ots
will save a cache of the merkle branch data in the
$HOME/.cache/ots
directory. ots
looks for proof data here before
contacting a calendar server. Also, I suspect that because ots
only
ever adds files to $HOME/.cache/ots
and never modifies files there,
multiple machines running the same version of ots
can use a file
synchronization tool such as syncthing
to merge their OTS caches for
future reference.
I have used this procedure to timestamp some of my own files for my own amusement and reference.
OTS Git Wrapper
The reason I created this blog post, aside from documenting my own
usage of ots
, was to document how I started using the
ots-git-gpg-wrapper
feature.
git
(distributed version control software I use in this blog, my
Notable Public Keys book, and other projects) can be configured to use
ots
to improve signed commits. The OTS documentation for this
feature can be found within the OTS GitHub repository.
Typical Usage
To summarize, the feature can be activated for all git repositories by running:
$ path_wrapper="$HOME/.local/share/ots/ots-git-gpg-wrapper.sh" $ git config --global gpg.program "$path_wrapper"
If you want to only activate this feature for a single repository, change the working directory to the repository, replace
--global
to--local
, then run the command, like so:$ cd $HOME/some_git_repo $ path_wrapper="$HOME/.local/share/ots/ots-git-gpg-wrapper.sh" $ git config --local gpg.program "$path_wrapper"
The default contents of
ots-git-gpg-wrapper.sh
are:#!/bin/sh # Wrapper for the ots-git-gpg-wrapper # # Required because git's gpg.program option doesn't allow you to set command # line options; see the doc/git-integration.md ots-git-gpg-wrapper --gpg-program "`which gpg`" -- "$@"
Advanced Usage
To go further, I modified the original wrapper script
ots-git-gpg-wrapper.sh
to contain:#!/bin/sh # Wrapper for the ots-git-gpg-wrapper # # Required because git's gpg.program option doesn't allow you to set command # line options; see the doc/git-integration.md # Check if gpg is alias. (see https://unix.stackexchange.com/a/288513 ) if alias gpg 2>/dev/null; then ## Get gpg alias command gpg_cmd="$(type gpg)"; # get raw alias definition gpg_cmd="${gpg_cmd#*=\'}"; # trim chars before and including first apostrophe gpg_cmd="${gpg_cmd%\'*}"; # trim chars after and including last apostrophe else gpg_cmd="$(which gpg)"; fi; # Check if jsonrpc_option file available path_jsonrpc_option="$HOME/.local/share/ots/jsonrpc_option.txt"; if [ -f "$path_jsonrpc_option" ]; then jsonrpc_option="$(cat "$path_jsonrpc_option" | head -n1)"; else jsonrpc_option=""; fi; eval "ots-git-gpg-wrapper $jsonrpc_option --gpg-program $gpg_cmd -- $@"
To add the
--wait
option when runningots-git-gpg-wrapper
, I copiedots-git-gpg-wrapper.sh
to an adjacent file namedots-git-gpg-wrapper-wait.sh
containing:#!/bin/sh # Wrapper for the ots-git-gpg-wrapper # # Required because git's gpg.program option doesn't allow you to set command # line options; see the doc/git-integration.md # Check if gpg is alias. (see https://unix.stackexchange.com/a/288513 ) if alias gpg 2>/dev/null; then ## Get gpg alias command gpg_cmd="$(type gpg)"; # get raw alias definition gpg_cmd="${gpg_cmd#*=\'}"; # trim chars before and including first apostrophe gpg_cmd="${gpg_cmd%\'*}"; # trim chars after and including last apostrophe else gpg_cmd="$(which gpg)"; fi; # Check if jsonrpc_option file available path_jsonrpc_option="$HOME/.local/share/ots/jsonrpc_option.txt"; if [ -f "$path_jsonrpc_option" ]; then jsonrpc_option="$(cat "$path_jsonrpc_option" | head -n1)"; else jsonrpc_option=""; fi; eval "ots-git-gpg-wrapper --wait $jsonrpc_option --gpg-program $gpg_cmd -- $@"
Part of these modifications take into account the fact that I use the
alias
function to include custom options whenever I rungpg
.Additionally, my modifications include permitting
ots
commands run from my main GNU/Linux Debian-based workstation that is NOT a bitcoin node to connect to a bitcoin node using the--bitcoin-node
option for theots-git-gpg-wrapper
command. I do this by loading into a variable the first line of a file namedjsonrpc_option.txt
that I maintain alongside theots-git-gpg-wrapper.sh
file. The first line of thejsonrpc_option.txt
file contains information used to permit connection to a bitcoin node (a Raspiblitz in my case) on the local network at IP address192.168.0.4
via the RPC interface on port 8332 using usernameraspibolt
and passwordhunter2
. The file contents take the form:--bitcoin-node http://raspibolt:hunter2@192.168.0.4:8332/
With those changes in place and the
ots-git-gpg-wrapper.sh
wrapper script activated via agit config
command mentioned earlier, if I create a signed commit and then rungit log
, I will see:commit 626303d06805ee6cd50e231da6988fc0235bd8e8 (HEAD -> master) ots: Calendar https://btc.calendar.catallaxy.com: Pending confirmation in Bitcoin blockchain ots: Calendar https://finney.calendar.eternitywall.com: Pending confirmation in Bitcoin blockchain ots: Calendar https://alice.btc.calendar.opentimestamps.org: Pending confirmation in Bitcoin blockchain ots: Calendar https://bob.btc.calendar.opentimestamps.org: Pending confirmation in Bitcoin blockchain ots: Could not verify timestamp! gpg: Signature made Fri 22 Apr 2022 05:58:35 PM GMT gpg: using RSA key 38F96437C83AC88E28B7A95257DA57D9517E6F86 gpg: Good signature from "Steven Sandoval <baltakatei@gmail.com>" [ultimate] gpg: aka "Steven Sandoval <baltakatei@alumni.stanford.edu>" [ultimate] gpg: aka "[jpeg image of size 1846]" [ultimate] Primary key fingerprint: 3457 A265 922A 1F38 39DB 0264 A0A2 95AB DC34 69C9 Subkey fingerprint: 38F9 6437 C83A C88E 28B7 A952 57DA 57D9 517E 6F86 Author: Steven Baltakatei Sandoval <baltakatei@gmail.com> Date: 2022-04-22T17:57:30+00:00 draft(posts:20220422):using ots with git - note: testing timestamp feature with example commit
After three hours, this message changed to:
commit 626303d06805ee6cd50e231da6988fc0235bd8e8 (HEAD -> master) ots: Calendar https://btc.calendar.catallaxy.com: Pending confirmation in Bitcoin blockchain ots: Calendar https://finney.calendar.eternitywall.com: Pending confirmation in Bitcoin blockchain ots: Calendar https://alice.btc.calendar.opentimestamps.org: Pending confirmation in Bitcoin blockchain ots: Got 1 attestation(s) from https://bob.btc.calendar.opentimestamps.org ots: Success! Bitcoin block 733047 attests existence as of 2022-04-22 GMT ots: Good timestamp gpg: Signature made Fri 22 Apr 2022 05:58:35 PM GMT gpg: using RSA key 38F96437C83AC88E28B7A95257DA57D9517E6F86 gpg: Good signature from "Steven Sandoval <baltakatei@gmail.com>" [ultimate] gpg: aka "Steven Sandoval <baltakatei@alumni.stanford.edu>" [ultimate] gpg: aka "[jpeg image of size 1846]" [ultimate] Primary key fingerprint: 3457 A265 922A 1F38 39DB 0264 A0A2 95AB DC34 69C9 Subkey fingerprint: 38F9 6437 C83A C88E 28B7 A952 57DA 57D9 517E 6F86 Author: Steven Baltakatei Sandoval <baltakatei@gmail.com> Date: 2022-04-22T17:57:30+00:00 draft(posts:20220422):using ots with git - note: testing timestamp feature with example commit
The line that matters is the one mentioning block 733047 (probably this transaction, based on the current state of the "bob" opentimestamps.org calendar server).
ots: Success! Bitcoin block 733047 attests existence as of 2022-04-22 GMT
If I run
git log
another time, theots:
lines change to indicate the local cache is being used to verify instead of a calendar server.commit 626303d06805ee6cd50e231da6988fc0235bd8e8 (HEAD -> master) ots: Got 1 attestation(s) from cache ots: Success! Bitcoin block 733047 attests existence as of 2022-04-22 GMT ots: Good timestamp gpg: Signature made Fri 22 Apr 2022 05:58:35 PM GMT gpg: using RSA key 38F96437C83AC88E28B7A95257DA57D9517E6F86 gpg: Good signature from "Steven Sandoval <baltakatei@gmail.com>" [ultimate] gpg: aka "Steven Sandoval <baltakatei@alumni.stanford.edu>" [ultimate] gpg: aka "[jpeg image of size 1846]" [ultimate] Primary key fingerprint: 3457 A265 922A 1F38 39DB 0264 A0A2 95AB DC34 69C9 Subkey fingerprint: 38F9 6437 C83A C88E 28B7 A952 57DA 57D9 517E 6F86 Author: Steven Baltakatei Sandoval <baltakatei@gmail.com> Date: 2022-04-22T17:57:30+00:00 draft(posts:20220422):using ots with git - note: testing timestamp feature with example commit
If I had instead activated
ots-git-gpg-wrapper-wait.sh
, then thegit commit
operation would wait until it received a proof from a calendar server before exiting. This may be useful for for major signed commits and tags where it is desirable to transmit the proof via the git repository itself instead of relying upon a calendar server or the cache files being available in the future. I don't know of a method to upgrade the OTS proof data already included in a git repository.
Use Cases
.ots
files
Generating .ots
files is easier than messing with the OTS git
wrapper script since no knowledge of git
is required. For this
reason, I imagine timestamping files via Python or the
OpenTimestamps.org website would be more common.
Some use cases I can imagine are:
- A reporter timestamping
.eml
files containing controversial correspondence. - A lawyer timestamping controversial secret
.pdf
documents that will be revealed at a later time. - A civil engineer timestamping a receipt of a
.pdf
report they create for a building owner about the need to perform expensive repairs. - A business owner timestamping a contract encoded in a
.pdf
to help prove when an agreement was made. - A speedrunner wanting to prove that a world record they recorded in
a
.mkv
video file was made by a certain date in the past. - A software developer wanting to prove that certain archived versions of their software existed as early as a certain date.
OTS git wrapper
In the abstract, the OTS git wrapper allows me to prove the existence of files in a git repository that I already am using OpenPGP to sign. This is useful for avoiding ambiguities associated with the possibility of some attacker capturing my OpenPGP private key and signing files with forged timestamps in order to try and convince someone to believe their revised history of some event.
Although I personally am not in the business of proving the existence
of files for others, I can imagine some software developers who use
git
who may want to prove who had created a piece of code before a
copycat.
Also, git
, because it is version control software for file trees,
can be used to prove the existence of many files at a time (albeit via
SHA1 which, as of 2022, is the best method git
supports for hashing
data). This may be useful if the number of proofs I need to create is
large enough to saturate a significant fraction of public calendar
server bandwidth and storage capacities.
Caveats
An OTS timestamp can only prove data existed after a certain date. It cannot prove exactly when data was created.
Also, an attacker could pregenerate a large fraction of all possible
permutations of data and create an OTS proof for each permutation. For
example, if I wanted to bamboozle people into thinking I could predict
the weather anywhere in the world 8 years in advance, I could create a
large number of text files containing permutations of the general
prediction "I predict in 2022 that on [date in 2030], in [location],
it will be [weather type]." I would then create .ots
proof files for
each prediction and sit on them for 8 years. Then, on the specified
date in 2030, I would selectively reveal only the predictions that
happened to be true.
Conclusion
OpenTimestamps can be used to prove the existence of files and git commits in a scalable manner using the Bitcoin blockchain.
Notable Public Keys book update (F-Droid, Qubes OS)
Created by Steven Baltakatei Sandoval on 2022-04-11T14:23Z under a CC BY-SA 4.0 license and last updated on 2022-04-12T01:18Z.
I updated the Pubkeys book (PDF, Gitlab).
New Sections
F-Droid
I added the Android app FOSS repository that I use. The developers publish OpenPGP signatures for the downloadable APK of the F-Droid client, a package manager similar to the the Google Play Store app. I had started creating a chapter months ago but hadn't fleshed it out yet due to slow loading times of the F-Droid main website.
From what I can tell, F-Droid didn't publish a OpenPGP signature for
their main client's APK file until late 2017. Also, there's no obvious
place to download the public key (41E7 044E 1DBA 2E89
).
Qubes OS
I saw a Reddit post from someone looking to install Qubes OS and was looking for a method to verify PGP software to verify a Qubes OS installation file. Although I've not yet started a GnuPG chapter (I imagine it will contain a lot of history), I decided I could draft a Qubes OS chapter. Such a chapter would contain the fingerprints necessary to reassure someone looking to download and install Qubes OS for themselves.
I was surprised by how detailed the PGP verification instructions
available on the main website were. They have a master key (DDFA 1A3E
3687 9494
) that signs each release key; there is one release key per
major version (e.g. v1.0
, v2.0
, etc.).
Future sections
Here's the short list of upcoming chapters I plan on writing next when the fancy strikes me.
- GnuPG. Software often used to perform OpenPGP operations.
- LibreOffice. An alternative to Microsoft Office.
- Red Hat. A popular commercial GNU/Linux operating system / service company I don't have much experience with but which uses OpenPGP signatures to sign software.
TeXmacs: Thermodynamics and Chemistry by Howard DeVoe - done
Created by Steven Baltakatei Sandoval on 2022-03-17T02:21Z under a CC BY-SA 4.0 license and last updated on 2022-03-20T18:18Z.
Summary
Thermodynamics and Chemistry by Howard DeVoe, Version 10, Transcribed to TeXmacs. It's done. See the repository for the source code. Compare to the original compiled from LaTeX here.
This past week I've made an effort to finish off the Bibliography and citations of the thermodynamics textbook transcription job I assigned myself over a year ago.
Bibliography wrangling
I had to figure out how exactly TeXmacs processes bibtex
data. It's
complicated and usage isn't well-documented but I found a way that
works (when inserting an automatically-updating bibliography section
via "Insert -> Automatic -> Bibliography", it is possible to specify a
file as well as a bibliography style if you examine the
<bibliography>
tag that is created; the file must be a
bibtex
file; then, a tag like <cite|author-1999>
will trigger the
bibliography section to read the file and populate itself with a new
bibliography entry and assign the <cite>
tag a reference number).
One of DeVoe's bibtex
entries kept causing crashes in
TeXmacs whenever I tried to update the bibliography. It was the only
one of its kind.
@incollection{
clapeyron-1834,
Author = {Clapeyron, \'{E}.},
Title = {Memoir on the Motive Power of Heat},
BookTitle = {Reflections on the Motive Power of Fire: Sadi Carnot and other Papers on the Second Law of Thermodynamics by \'{E}.\ Clapeyron and R.\ Clausius},
Editor = {Mendoza, E.},
Publisher = {Dover},
Address = {Mineola, New York},
Pages = {71-105},
Note = {Translation by E.\ Mendoza of ``M\'{e}moire sur la Puissance Motrice de la Chaleur,'' \emph{J.\ de l'\'{E}cole Polytechnique}, \textbf {14}, 153--190 (1834).},
Year = {1988} }
The problem is with the Note
value. There's a lot of what looks like
LaTeX code (which I'm not familiar with). I'm using the tm-plain
style which seems to be okay with processing some LaTeX'isms in these
bibliographical entries (a lot of the markup seems to be used to
effect diacritical marks which could be handled by use of UTF-8
characters, but I wasn't about to go down the rabbit hole of figuring
out how TeXmacs handles Unicode points in its bibliography processing
code). I switched out the Note
value to something simpler (that
references the title's OCLC code) and now book.tm
compiles
(clapeyron-1834
was used in a citation in bio-CLAPEYRON.tm
).
Note = {See OCLC 559435201; 153--190.},
Two columns in one column document
I also figured out that its possible to get two-column pages in an
otherwise single-column TeXmacs document. Basically, you create a
two-column page (single page only) in one TeXmacs document (.tm
)
then <include>
it in another document (via "Insert -> Link ->
Include"). I'm pretty sure this is stretching what the original
developer intended but it seems to work well enough for the
single-page biographical sketches that DeVoe included in his book.
Disappearing Dotted Line
A few months into the transcription project, I emailed Howard DeVoe a
PDF of a draft. He noted that some figures had dashed lines that
changed depending on how far you were zoomed in. Eventually I
concluded the cause of that problem was some error / wrong assumption
made by either Inkscape, ghostscript, or some converter in between the
source Encapsulated Post Script (EPS or .eps
) file that DeVoe had
emailed me and the .eps
file that I got to work when inserted into
the TeXmacs documents. Instead of trying to hunt down the cause, I
decided to try and fix each issue in each .svg
file that Inkscape
could produce from each .eps
file.
SVG is an XML-like format that I can easily parse with grep
, sed
,
and other command line tools that I'm familiar with; in contrast, EPS
is compiled output not meant for direct editing (perhaps decades ago
it was meant to be human-editable but SVG seems to be the standard
now). So, I converted every EPS file I received from DeVoe into an SVG
master file from which I would export EPS or whatever format I needed
to make the book work (see ink_export_to_eps.sh
). I found that each
image with the dynamically chnanging dashed line issue also had a
"stroke-dasharray" key value pair; so, I wrote ink_convert_dash.sh
(in ref/notes/baltakatei/bash/
in the repository), a script to
convert each dashed path object into a path object in which each dash
is a subpath; it greatly increases the amount of information requried
to define the dashed line but the benefit is that the dashed line
appears the same no matter the zoom level; in other words, every
single dash is converted into a static object instead of letting
whatever vector renderer decide how to draw a dashed line.
While I was patting myself on the back for figuring out how to
automatically get Inkscape to process the many SVG files I had, I
noticed that some of the images lost some dotted lines. I eventually
discovered that some dashed lines had dashes with dash lengths
specified so short (zero length), that the Inkscape extension I was
using (org.inkscape.filter.dashit.noprefs
) was encountering a
"divide by zero" error and deleting the path partially or entirely.
Soooooo, I had to write ink_stroke-dasharray_zerofix.sh
to run
before I ran ink_convert_dash.sh
. ink_stroke-dasharray_zerofix.sh
would change all the 0
's in each stroke-dasharray
to something
small. I also filed a bug report (which led to a fix that was merged
by a Jonathan Neuhauser; thanks!). Testing showed me that a value too
close to zero would be the same as if zero were still present. I had
to use a relative value of nearby non-zero values in the
stroke-dasharray
and my code is super brittle (it probably wouldn't
work for all dashed paths encoding all possible morse code sequences,
but my problem was just with simple dotted lines
disappearing). … — …
I debugged the scripts so they'd do what I wanted (fix the dashed
paths into paths with static subpaths for each dash/dot). I definitely
couldn't do what I did with earlier versions of Inkscape; I downloaded
and ran the latest Inkscape version (inkscape 1.2
); its command line
interface is super slick (although it would be nice if there were a
sleep
command to let me get a peek at changes).
Long story short, I think I've resolved the dashed line issue,
Professor DeVoe. ^^;;
Next steps
The core reason I transcribed the textbook in the first place was so that when I completed the problem sets for my own review and education, I'd be able to have a digital document that I could link to and share with others. That means the next step, now that transcription is done, is to create my own solutions to the problem sets and record them in TeXmacs.
This means I will probably need to use DWSIM more in order to cross-check my thermodynamic calculations and create illustrations / diagrams relevant to each solution. Again, I want to be able to hand someone a ZIP file containing everything they need to learn Chemical Engineering; that means not only textbooks and problem sets, but also simulation software that they might use when applying this knowledge in industry. A ZIP file that I could in good conscience send to the people on the ISS should everyone on the planet's surface be doomed.
Notable Public Keys book update (Electrum, Tails, Veracrypt)
Created by Steven Baltakatei Sandoval on 2022-03-12T12:52Z under a CC BY-SA 4.0 license and last updated on 2022-03-12T13:18Z.
I added three sections to the Notable Public Keys book (PDF, GitLab):
New Sections
Tails
I added a few of the Tails keys and did some research about the origin of Tails. I didn't know that its name (i.e. "The (Amnesic) Incognito Live System") was a hint at the fact that there used to be two projects that merged together. One was called "Incognito" (a privacy-focused operating system based on Gentoo) and the other was "Amnesia" (also a privacy-focused operating system based on Debian). See the PDF for links and notes.
There are many more Tails keys covering various subgroups of Tails
development operations (PR, financial, etc.). I've elected to only
link to the page containing these fingerprints and focusing on the
fingerprints necessary for verifying downloadable installation .iso
images (funnily enough, their mailing list key used to also be an
image signing key very early on so I include it).
Veracrypt
This is software I had learned about from Steve Gibson's Security Now podcast. I've used it occasionally over the years; it was one of my first entries in my OpenPGP fingerprint notes that later became the Notable Public Keys book. I guess the reason I haven't added it to the book until today was because I was still using my unpublished notes as a source of fingerprints. It's time to share what I know!
Electrum
Years ago, I uploaded a Youtube video about how to verify the Electrum installer for Windows 10. It's probably now out-of-date but the verification procedure still relies on using Thomas Voegtlin's fingerprint. Lately the Electrum.org download page has linked to two other public keys; one seems to be an ElectrumX developer.
The cost of failure for not checking signatures of this software grows each year as Bitcoin does what it does best: persist. It's my hope that this chapter of the book can help prevent people from losing money, if only by providing a persistent reference through time about which fingerprint to trust.
Updates
I made various updates to the <index>
tags so that the Index section
can be more organized when TeXmacs generates it. This work actually
probably took about as along as researching the histories of Tails and
Veracrypt combined but involved many more keypresses due to needing to
check each existing chapter's tags.
Future Sections
The next chapters I plan to write are below in descending order of priority.
- GnuPG. Software often used to perform OpenPGP operations.
- F-Droid. An alternative to the Google Play store.
- LibreOffice. An alternative to Microsoft Office.
- Red Hat. A popular commercial GNU/Linux operating system / service company I don't have much experience with but which uses OpenPGP signatures to sign software.
This blog is powered by ikiwiki.
Text is available under the Creative Commons Attribution-ShareAlike license; additional terms may apply.