RSS Atom Add a new post titled:

Diné Bizaad Bínáhooʼaah Notes

Created by Steven Baltakatei Sandoval on 2023-02-01T09:31+00 under a CC BY-SA 4.0 license and last updated on 2023-02-03T00:03+00.


In 2023-01, I decided to purchase a copy of "Diné Bizaad Bínáhooʼaah = Rediscovering the Navajo Language" to aid me in my studies of the Navajo language. I had tried out the Navajo lessons of Duolingo and found them problematic when it came to anything more complex than memorizing vocabulary (especially regarding verb conjugations).

So, as I read through it, I will record notes on this web page that I think other readers may find useful.


  • Title: Diné Bizaad Bínáhooʼaah = Rediscovering the Navajo language : an introduction to the Navajo language
  • Authors:
    • Evangeline Parsons Yazzie
    • Margaret Speas
  • Editors:
    • Jessie Ruffenach
    • Berlyn Yazzie (Navajo)
  • ISBN: 978-1-893354-73-9
  • OCLC: 156845819
  • Edition: 1st
  • Printing: 3rd
  • Publisher: Salina Bookshelf, Inc.
  • Location: Flagstaff, Arizona

By page

Page xvii

The following hyperlink:

is not valid as of 2023-02-01. Searching pages under the domain yields this page which likely contains the material referenced (i.e. "If you are not sure how this can be done for Navajo, we suggest that you consult the materials on Situational Navajo, by Wayne Holm, Irene Silentman and Laura Wallace, available for download…"):

This page and one level of outlinks has been saved via the Internet Archive here.

Page 3

  1. The consonant ʼ

    The glyph used in the text to encode the consonant named "glottal stop" appears to be the glyph that is MODIFIER LETTER APOSTROPHE (U+02BC) or RIGHT SINGLE QUOTATION MARK (U+2019) in Unicode.

    However, due to widespread input method limitations, the ASCII character APOSTROPHE (U+0027) is often used instead.

    The text addresses this:

    You probably wonder why an apostrophe has been added to the list above. The letter that looks like an apostrphe is called a glottal stop. A glottal stop is a consonant. We will talk about the glottal stop in the section below on consonants.

    In Navajo, the glottal stop is a consonant in the same class as k or x which each have their own dedicated glyphs. A rational typesetter would not use MULTIPLICATION SIGN (U+00D7) (×) instead of LATIN SMALL LETTER X (U+0078) (x) even though both use similar glyphs.

    So, the question arises of whether to use MODIFIER LETTER APOSTROPHE (U+02BC) or RIGHT SINGLE QUOTATION MARK (U+2019).

    Regarding the difference, the Unicode Standard 15.0 (PDF) has this to say in its General Punctuation section of Writing Systems and Punctuation:


    U+0027 apostrophe is the most commonly used character for apostrophe. For historical reasons, U+0027 is a particularly overloaded character. In ASCII, it is used to represent a punctuation mark (such as right single quotation mark, left single quotation mark, apos- trophe punctuation, vertical line, or prime) or a modifier letter (such as apostrophe modi- fier or acute accent). Punctuation marks generally break words; modifier letters generally are considered part of a word.

    When text is set, U+2019 right single quotation mark is preferred as apostrophe, but only U+0027 is present on most keyboards. Software commonly offers a facility for auto- matically converting the U+0027 apostrophe to a contextually selected curly quotation glyph. In these systems, a U+0027 in the data stream is always represented as a straight ver- tical line and can never represent a curly apostrophe or a right quotation mark.

    Letter Apostrophe. U+02BC modifier letter apostrophe is preferred where the apostrophe is to represent a modifier letter (for example, in transliterations to indicate a glottal stop). In the latter case, it is also referred to as a letter apostrophe.

    Punctuation Apostrophe. U+2019 right single quotation mark is preferred where the character is to represent a punctuation mark, as for contractions: “We’ve been here before.” In this latter case, U+2019 is also referred to as a punctuation apostrophe.

    An implementation cannot assume that users’ text always adheres to the distinction between these characters. The text may come from different sources, including mapping from other character sets that do not make this distinction between the letter apostrophe and the punctuation apostrophe/right single quotation mark. In that case, all of them will generally be represented by U+2019.

    The semantics of U+2019 are therefore context dependent. For example, if surrounded by letters or digits on both sides, it behaves as an in-text punctuation character and does not separate words or lines.

    So, according to its standard, the apropriate Unicode character to use for glottal stops in the Navajo language is MODIFIER LETTER APOSTROPHE (U+02BC) (ʼ).

    Before 2023-02-02, I've recommended use of RIGHT SINGLE QUOTATION MARK (U+2019) (’) primarily as a means to get away from using the "overloaded" character APOSTROPHE (U+0027) where reasonable. However, going forward, I'm now recommending U+02BC instead.

    Input methods designed for the Navajo language should dedicate an entire key to MODIFIER LETTER APOSTROPHE (U+02BC) (ʼ) as it would for the ASCII letter LATIN SMALL LETTER K (U+006B) (k).

    In summary, ʼ is the glottal stop consonant, not '.

See Also

Wikipedia articles exist for the authors:

Posted 2023-02-01T10:04:37+0000 Recommendation

Created by Steven Baltakatei Sandoval on 2023-01-04T15:26+00 under a CC BY-SA 4.0 license and last updated on 2023-01-04T21:11+00.



I enjoy listening to audiobooks. I first began listening to them regularly in 2010 upon my return to Stanford University after serving a 2-year mission for the LDS Church in Panamá. The iPhone had come out while I had been out of the country (I still remember seeing my first iPhone at an electronics shop in David, Chiriquí; I was amazed by how reponsive the operating system was to touch screen input when resizing photographs via the novel "pinch and zoom" mechanic.); I didn't purchase an iPhone immediately (I think I would use a fliphone until purchasing an iPhone from AT&T after I left college), but I did purchase with my allowance from my father an iPod Touch which was basically an iPhone without a SIM card slot. I bring up the iPod Touch story because I believe I used its portability and Audible–iTunes integration allowed me to listen to audiobooks while away from my desktop computer. Audible was the first company I purchased audiobooks from; I would continue using it until 2022.

Before I left Audible

I listened to Audible's audiobooks for about 12 years (2010/2022); these were encrypted by Digital Rights Management (DRM) schemes that inhibited copying. I had not yet learned the importance of using Free/Libre Open Source Software (FLOSS) formats (I wouldn't stop regularly using Windows until I purchased my first dedicated Debian GNU/Linux workstation from Think Penguin in 2018). Therefore, I spent thousands of USD over time buying audiobooks. Audible's feature of allowing me to download and listen to audiobooks indefinitely (from their servers and using only their closed-source apps) kept me satisfied. Even today, in 2023, I'm fairly certain I could install the Audible app from the Google Play store and download every audiobook I have "purchased" from them.

I believe my first misgivings about using Audible were when I realized in transitioning to using FLOSS that I couldn't listen to my audiobooks. In 2018 I would have had to use my Android smartphone or my Windows machine since Audible published their software for use on those platforms. There is no official Audible player in the Debian repository. I can't open an encrypted Audible file in ffmpeg on my Debian machine to compress it; I'd have to use a janky daisy chain of audio inputs and output devices to even be able to do automatic speech transcription in case I wanted to search what I was listening to at a later time. Still, that wasn't enough activation energy to get me to leave Audible until 2022.

The thing that triggered my departure was something mundane: a billing misunderstanding. At some point I had failed to realize that my Audible credits did not roll over from year-to-year. In the beginning, I didn't realize that such a policy existed since I generally used up my platinum subscription credits immediately, especially when I drove a long commute during 2011/2018 in the mostly featureless landscape of southern Utah. After I resigned from my commuting job and I wasn't forcing myself to drive two hours a day (nearly 10% of my life) anymore, I found myself listening to Audible audiobooks less. By the time 2022 rolled around, I hadn't checked my Audible app in months. It was in late 2022-03 that I realized that my credits regularly had been expiring instead of accumulating. A background daydream that I would one day buy a long audiobook series on Audible all at once was dispelled. I decided to leave.

The interm

I decided that if I were to return, it would be if I could guarantee my audiobooks were DRM-free. For some months in 2022 I subsisted on podcasts such as Opening Arguments (for law explanation by a lawyer), Citation Needed (for comedic takes on various Wikipedia articles) and Security Now (to be aware of IT-specific news). In the past I knew that it was possible to download audiobooks directly from authors if authors took the effort to do so; for example, in late 2020, I purchased DRM-free copies of Cory Doctorow's books Radicalized (2019; WorldCat) and Attack Surface (2020; WorldCat), paying him via PayPal and receiving a download link to DRM-free zip files containing unencrypted audio files. A friend recommended I use AudioAnchor, an F-Droid app designed to facilitate audiobook listening on an Android phone; it worked great. However, Cory Doctorow is only a single author; I wanted a DRM-free audiobook vendor. My new audiobook source

In late 2022 I discovered via a blog post by Cory Doctorow on talking about how Google launched a DRM-free audiobook store. In background that he provided, I latched onto some DRM-free audiobook store recommendations that he made, including Downpour and I poked around both Downpour and and found that I liked best. I bought How To, by Randall Munroe, and Klara and the Sun, by Kazuo Ishiguro.

Since then, I've purchased various titles including:

  • What We Owe the Future by William MacAskill
  • The Silver Ships series (minus the first book since that's an Audible exclusive, but it's pulp sci-fi so, no book is really that critical to the entertainment)
  • American Crusade by Andrew L. Seidel
  • What If? 2 by Randall Munroe
  • Educated by Tara Westover (from Obama's 2019 summer reading list)
  • Seveneves (a book I already purchased on Audible back in 2015 but I really wanted a copy I could preserve)
  • Artemisa por Andy Weir (spanish version of Artemis)
  • El marciano por Andy Weir (spanish version of The Martian; Andy Weir's works in english seem to be Audible exclusives, so those two years walking around Panama didn't go completely to waste =P)
  • Proyecto Hail Mary (spanish version of Project Hail Mary)
  • NPCs by Drew Hayes (some Dungeons and Dragons-themed comedy)

I noticed that lacks the selection of Audible. For example, it doesn't carry my favorite Terry Pratchett novel Small Gods (1992) but it does carry recent titles of his such as Snuff (2011) and The Shepherd's Crown (2015).

Aside: DRM piracy

I imagine the main reason why Audible chooses to restrict access to their audiobooks via DRM is: piracy. Some people, when they get their hands on an unencrypted digital file, share it with others. Digital copies can be manufactured at basically zero cost but commercial publishers like Audible grew rich on profit margins on production and distribution costs; books had mass which incurred costs upon which a percentage fee could be applied at the final sale; when the distribution cost fell to zero, instead of becoming like Apple and the music industry in 2006 and simply selling songs at 0.99 USD each, they chose to require customers to run secret software that would decrypt books at the point of consumption. That isn't to say that all music Apple sold wasn't locked by DRM; many were. But the point of my retelling this history is to point out that DRM is not required to make money.

Services such as sell audiobooks without DRM. No special software is required to play the audio. It's true that I could upload these files to some server and share them with my friends. However, what I think keeps most people from doing so are issues of trust and effort. Downloading and double-clicking on files you download from the internet is a fast way for the average user to corrupt their computer with malware. A sort of natural selection process of behaviors is at work. Behaviors that result in broken computers due to downloading and running files from unknown sources are seen as destructive and the sites involved avoided. Behaviors that result in non-broken computers and a simple high quality experience are seen as good. Some people dedicate time to master the esoteric computer science techniques of verifying cryptographic digests, preserving their anonymity via onion routing, maintaining a firewall around their home networks, and regularly updating their software with the latest security updates; these people can be effective pirates. However, with all those skills they can also become effective software developers and make money that they can spend at places like or to save themselves the trouble of having to bypass DRM restrictions in the first place. The real valuable service DRM-free audiobook vendors can provide is two parts:

  • Files are guaranteed to be available for fast download.
  • Files are guaranteed not to be malicious.

With piracy to safely avoid DRM media, a user might expect to spend anywhere between an hour to weeks identifying and downloading media that might be a trojan horse. With DRM-free vendors, a user can expect to spend a few minutes with a commercial guarantee of the product's authenticity. When you use Audible, you form an on-going contract that Audible can end at any time, resulting in your "purchases" becoming unusable noise. When you use, can't retroactively make files they sold me unusable; without DRM, there is no mechanism for controlling user behavior. A principle of Free/Libre Open Source Software is the avoidance of such methods of control in order to grant the user freedom.


Although lacking in selection, surpasses Audible in the fact that money I spend with them results in audiobooks that I can preserve forever without worrying about finding an app to verify I have a license to download some decryption key. This is why I'm redirecting my cash flow towards DRM-free vendors.


"A tower of used books - 8443" by Jorge Royan is licensed under CC BY-SA 3.0.

Posted 2023-01-04T20:53:32+0000

Inactive on Twitter

Created by Steven Baltakatei Sandoval on 2022-11-10T20:14+00. under a CC BY-SA 4.0 license and last updated on 2023-02-01T23:14+00.


UPDATE (2023-02-01): I think I finally managed to delete all my tweets and likes from Twitter via TweetDelete. Some previous attempts didn't quite clear everything from 2017 and earlier. I've been enjoying using my account with the Tusky app via F-Droid.

UPDATE (2022-11-23): My new microblogging feed is at , one of many Mastodon servers. My last Twitter post is an announcement of this migration. I chose since it is operated by Leo Laporte, the host of several podcasts and television shows I have listened to in the past and found trustworthy as far as communicating technology news. I still listen regularly to his and Steve Gibson's Security Now podcast.

I decided to not be active on the microblogging site Twitter after Elon Musk completed his purchase of the publicly traded social media company and promptly fired the CEO and dissolved the board of directors, making himself the only director. I had developed some trust of its original CEO, Jack Dorsey, back when Twitter had been the subject of discussion on Leo Laporte's This Week in Tech podcast in the last 00s. In the 2010s I decided that I would be okay publishing text on Twitter because from the get-go the site explained that what was submitted would be public; in contrast, Facebook (which I deactivated back in the early 2010s, long before Zuckerberg renamed it "Meta"), advertised privacy settings that would allow posts to be only shared with a limited number of contacts (and with Facebook employees); however, the privacy settings were complex and there didn't seem to be a default setting that would stick over time. So, Twitter's transparently public nature seems more honest. My posts would be available and there was no sign that the administrators of the site favored any particular political party; the most common reason I saw for Tweets being removed was due to threats of violence or harassment. Prior to 2022, posts to Twitter could be relied upon to remain unfiltered, provided you weren't threatening violence or spreading misinformation.

That changed in 2022 when I saw Elon Musk purchase the company, making the service his own privately owned property. Now, were I to continue to post to Twitter, I was making a public donation to Musk that he could choose to throw away like he did the company leaders that he fired. That in itself may not have been a dealbreaker for me, but he also proceeded to endorse the Republican Party which continues to rely upon the criminal President who organized the attempted coup of the United States of 2021-01-06. His tweet removed any doubt that he would turn Twitter into a tool to promote the Republican Party. Privileged mechanisms to promote his own political opinions at the expense of silencing others by leveraging his exclusive ownership of Twitter include:

  • Removing user-submitted content that criticize him (as he has banned users for adopting his name and image in protest).
  • Removing features from his critics (as Congresswoman Alexandria Ocasio-Cortez reported).

I admit that many people are firmly rooted in habit to use Twitter as their default social media space to remain connected to eachother. Choosing to leave Twitter for another space risks losing contact with people who have not yet left. Habitual use of Twitter is like a gravity well that requires a significant activation energy of its inhabitants to escape. However, I stand by my decision for reasons similar to those that compelled me to leave Facebook: I can no longer assume what I post will be secure from censorship.

So, what is my social media space? Without Twitter, Reddit is my default. I'd like to make use of this blog more often, although I will need to figure out a more convenient way to post content Currently, my process is:

  • Author posts in Emacs Org mode.
  • Export posts into Markdown text.
  • Commit the Markdown text to a git repo.
  • Push the commit to my server.
  • Wait for an update script to run or log into the server to run it manually.

I could probably automate all that to a single Emacs function or bash script, given enough time, in order to mimic the simplicity of microblogging. However, for now, these longer form posts satisfy me for now.

Posted 2023-01-04T15:24:51+0000

Notable Public Keys Update

Created by Steven Baltakatei Sandoval on 2022-11-10T19:06Z under a CC BY-SA 4.0 license and last updated on 2022-11-10T19:13Z.

I updated my Notable Public Keys book (PDF, git, sig, ots) to include a section on KeePassXC, a cross-platform password manager that I recommend to people who lack a password manager and want complete control of their passwords without involving a cloud service like LastPass.

Posted 2022-11-10T19:14:02+0000

How to install DWSIM 8.0.4 on Debian 10

Created by Steven Baltakatei Sandoval on 2022-07-27T21:23Z under a CC BY-SA 4.0 license and last updated on 2022-07-27T22:44Z.



These are instructions for installation DWSIM 8.0.4 onto a Debian 10 machine with amd64 CPU architecture (e.g. Intel i9 or AMD Ryzen).


DWSIM is an open source chemical process simulator produced under a GPLv3 license. Although its full-featured version is available only for Windows due to most CAPE-OPEN modules usually intended to be run in Windows, the main developer Daniel Medeiros compiles and publishes a version of DWSIM that can be run in Debian 10). The following instructions may apply to other Debian-derived distributions such as Ubuntu, but some customizations may be rqeuired (e.g. a different Mono Stable repository is required between Ubuntu, Debian)


Download DWSIM Debian Installer Package

Download the DWSIM Debian Installer Package ( .deb) file from the website. You should get a file with a name resembling this:

  1. Don't do this

    Note, if you try to install the .deb file via the usual $ sudo dpkg -i package.deb trick, you will get the following errors, telling you about missing dependencies (read on to solve them):

    $ sudo dpkg -i dwsim_8.0.4-amd64.deb
    [sudo] password for baltakatei: 
    Selecting previously unselected package dwsim.
    (Reading database ... 237740 files and directories currently installed.)
    Preparing to unpack dwsim_8.0.4-amd64.deb ...
    Unpacking dwsim (8.0.4) ...
    dpkg: dependency problems prevent configuration of dwsim:
     dwsim depends on mono-complete (>= 6.8); however:
      Package mono-complete is not installed.
     dwsim depends on mono-vbnc (>= 4.0); however:
      Package mono-vbnc is not installed.
     dwsim depends on gtk-sharp2 (>= 2.12); however:
      Package gtk-sharp2 is not installed.
     dwsim depends on libfontconfig1-dev; however:
      Package libfontconfig1-dev is not installed.
     dwsim depends on coinor-libipopt1v5; however:
      Package coinor-libipopt1v5 is not installed.
    dpkg: error processing package dwsim (--install):
     dependency problems - leaving unconfigured
    Errors were encountered while processing:

Install DWSIM

With the .deb file downloaded, from here it is possible to use a script (link) I wrote to perform the remaining steps.

However, I will explain the actions it performs in case you wish to do them manually.

  1. Enable Mono Stable's Debian 10 repository

    The DWSIM .deb file requires the mono-complete package (version >=6.8) that is available in a non-standard repository hosted by the Mono Project. To configure Debian 10 to download package lists and updates from this repository, run the following commands (taken from the Mono Project's download page):

    sudo apt install apt-transport-https dirmngr gnupg ca-certificates
    sudo apt-key adv --keyserver hkp:// --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
    echo "deb stable-buster main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list
    sudo apt update

    These commands tell the operating system to trust software produced by the Mono Project and tells the system where to get future updates via apt.

  2. Install DWSIM dependencies

    Now that the operating system knows about the Mono repository, install software from Mono:

    $ sudo apt install mono-complete
    $ sudo apt install mono-vbnc gtk-sharp2 libfontconfig1-dev coinor-libipopt1v5
  3. Install DWSIM

    Now othat the Mono dependencies are installed, dpkg can be used to manually install the .deb file:

    $ sudo dpkg -i dwsim_8.0.4-amd64.deb

    Note: if you run this command without the required dependencies being available, you may need to explore using $ sudo apt -f install and related commands to fix things.


To run DWSIM, you can run dwsim from the command-line.

$ dwsim

In order to test that DWSIM is working, here is a DWSIM 8.0.4 project file that you can download and open. It is the simple gas compressor. A screenshot of the process flow diagram can be downloaded here.

Posted 2022-07-27T22:18:35+0000

GNOME Extension: Panel Date Format

Created by Steven Baltakatei Sandoval on 2022-04-28T21:03Z under a CC BY-SA 4.0 license and last updated on 2022-04-28T22:08Z.


I enjoy keeping track of the time using ISO-8601 format. It permits unambiguous big endian time indication in a sortable format. I believe the default time format used in the top bar in Pop!OS 22 (which is basically Ubuntu 22) depends upon which region the machine is configured for (e.g. "United States", or "Germany", etc.).

My default date time format is something like Apr 28 2022, 21:44 (I'm not sure because I don't care ^_^). What I really want is an ISO-8601 date time format like 2022-04-28T21:45:33+0000. The +0000 explicitly states the time zone my machine is configured for (UTC in this case); this is useful in case I want to communicate the time to someone unambiguously; knowing the time zone is required to do so. Also, time units are sorted in descending fashion (year, month, day, hour, minute, second) instead of the tradition-bound madness that is US date time format (month, day, year, hour, minute, second).

One GNOME Extension that I found works for me in Pop!OS 22 is "Panel Date Format" (GitHub).


  • Install the GNOME Shell integration add-on for Firefox.

  • Go to the Panel Date Format extension page.

    • Enable using the toggle switch on the top right of the page.
  • Go to the GitHub repository for the extension.

    • Copy the dconf command into a text editor.
  • Modify the dconf command's date format string from "'%Y-%m-%d'" to "'%Y-%m-%dT%H:%M:%S%z'"

    • The command I used is:

      ~$ dconf write /org/gnome/shell/extensions/panel-date-format/format "'%Y-%m-%dT%H:%M:%S%z'"~

  • Verify the change is loaded by running $ dconf dump / > dconf_dump.txt and searching this .txt file for a part labelled [org/gnome/shell/extensions/panel-date-format]. (you can also use the dump and load commands to automatically backup settings that use the dconf database; I use yadm's bootstrap function to do this automatically when automatically setting up a new Debian machine).

The date time indicator on the top bar should now look like this:



Using GNOME Extensions and a command in the command line, it is possible to customize the top bar date time indicator to use ISO-8601 formatting in Pop!OS 22.

Posted 2022-04-28T22:09:08+0000

Using Open Timestamps with Git

Created by Steven Baltakatei Sandoval on 2022-04-22T15:00Z under a CC BY-SA 4.0 license and last updated on 2022-04-23T13:56Z.


I learned how to configure git to automatically create Open Timestamps proofs whenever I sign a commit with my OpenPGP key.


Although Bitcoin is mostly popular for its use as digital money, in order for it to properly function in a decentralized manner, it must also act as a timestamping service to itself. Bitcoin does this by requiring miners to mark each candidate block they produce with a timestamp; accuracy is enforced by some rules that cause a block to be rejected. These rules can be roughly summarized as:

  1. The timestamp must be in the future (Median Past Time rule)
  2. The timestamp must not be too far into the future (Future Block Time rule)

Therefore, provided that the majority of miners are honest (an assumption Bitcoin already requires), the most recent block will likely have a timestamp that can be expected to be accurate to within a few hours.

OpenTimestamps is a timestamping service and set of programs that relies upon this internal timestamping feature of the Bitcoin blockchain. Open Timestamps was created by Peter Todd, a former Bitcoin Core developer. I believe I first heard about Open Timestamps (OTS) while following discussions on the /r/Bitcoin subreddit (possibly from this thread).

The timestamp service works by having a "calendar" server program collect file hashes submitted from client programs at the direction of some users. The hash of each user's file(s) is integrated into a merkle tree by the server. Then, periodically, the calendar server will create and submit a Bitcoin transaction containing the tree's merkle root. Once the transaction is included in the Bitcoin blockchain, the calendar server can then provide a client with the merkle branch leading from the merkle root to the file hash the client submitted; the merkle branch is typically encoded in an .ots file created next to the hashed file; this .ots file permits the client, armed with a copy of the blockchain, to verify that the hashed file existed at least as far back as the timestamp of the block containing the merkle root.

Using OpenTimestamps (OTS)

It is possible to use the website to create the .ots file using only a web browser. See the "STAMP & VERIFY" section of the main webpage.

However, client software is also provided in the Python, Javascript, and Java programming languages. Personally, I used the Python implementation which the examples later in this blog post will reference.


On a fresh Debian-based system, the Python implementation of OTS can be installed via:

$ sudo apt install python3-pip
$ pip3 install opentimestamps-client

The ots and ots-git-gpg-wrapper (to be used later) executables then should be added to the PATH environment variable. This can be done by adding this code to your $HOME/.profile file (or whichever file you use to automatically load custom environment variables; e.g. $HOME/.bashrc):

# set PATH so it includes user's private bin if it exists                                                                                  
if [ -d "$HOME/.local/bin" ] ; then                                                                                                        
    export PATH="$HOME/.local/bin:$PATH"                                                                                                   

Running source ~/.profile (or whichever sh file contains the above code) will then modify PATH. Environment variables set in your current shell can be found by running $ printenv.


The command line interface for OTS version 0.7.0 works like this:

You want to timestamp a file named You do can do this by running:

$ ots stamp

This will create a file adjacent to

However, this .ots file does not contain the full merkle branch data necessary, meaning the calendar server(s) used by ots (several are configured by default) will have to be contacted in order to upgrade the .ots file.

An .ots file can be upgraded via:

$ ots upgrade

If you are okay with the command waiting the (typically) several hours required for a calendar server to provide merkle branch data before exiting, then you can run this from the start:

$ ots --wait stamp

A .ots can be verified by running:

$ ots verify

In any case that results in downloading a proof from a calendar server, ots will save a cache of the merkle branch data in the $HOME/.cache/ots directory. ots looks for proof data here before contacting a calendar server. Also, I suspect that because ots only ever adds files to $HOME/.cache/ots and never modifies files there, multiple machines running the same version of ots can use a file synchronization tool such as syncthing to merge their OTS caches for future reference.

I have used this procedure to timestamp some of my own files for my own amusement and reference.

OTS Git Wrapper

The reason I created this blog post, aside from documenting my own usage of ots, was to document how I started using the ots-git-gpg-wrapper feature.

git (distributed version control software I use in this blog, my Notable Public Keys book, and other projects) can be configured to use ots to improve signed commits. The OTS documentation for this feature can be found within the OTS GitHub repository.

  1. Typical Usage

    To summarize, the feature can be activated for all git repositories by running:

    $ path_wrapper="$HOME/.local/share/ots/"
    $ git config --global gpg.program "$path_wrapper"

    If you want to only activate this feature for a single repository, change the working directory to the repository, replace --global to --local, then run the command, like so:

    $ cd $HOME/some_git_repo
    $ path_wrapper="$HOME/.local/share/ots/"
    $ git config --local gpg.program "$path_wrapper"

    The default contents of are:

    # Wrapper for the ots-git-gpg-wrapper
    # Required because git's gpg.program option doesn't allow you to set command
    # line options; see the doc/
    ots-git-gpg-wrapper --gpg-program "`which gpg`" -- "$@"
  2. Advanced Usage

    To go further, I modified the original wrapper script to contain:

    # Wrapper for the ots-git-gpg-wrapper
    # Required because git's gpg.program option doesn't allow you to set command
    # line options; see the doc/
    # Check if gpg is alias. (see )
    if alias gpg 2>/dev/null; then
        ## Get gpg alias command
        gpg_cmd="$(type gpg)"; # get raw alias definition
        gpg_cmd="${gpg_cmd#*=\'}"; # trim chars before and including first apostrophe
        gpg_cmd="${gpg_cmd%\'*}"; # trim chars after and including last apostrophe
        gpg_cmd="$(which gpg)";
    # Check if jsonrpc_option file available
    if [ -f "$path_jsonrpc_option" ]; then
        jsonrpc_option="$(cat "$path_jsonrpc_option" | head -n1)";
    eval "ots-git-gpg-wrapper $jsonrpc_option --gpg-program $gpg_cmd -- $@"

    To add the --wait option when running ots-git-gpg-wrapper, I copied to an adjacent file named containing:

    # Wrapper for the ots-git-gpg-wrapper
    # Required because git's gpg.program option doesn't allow you to set command
    # line options; see the doc/
    # Check if gpg is alias. (see )
    if alias gpg 2>/dev/null; then
        ## Get gpg alias command
        gpg_cmd="$(type gpg)"; # get raw alias definition
        gpg_cmd="${gpg_cmd#*=\'}"; # trim chars before and including first apostrophe
        gpg_cmd="${gpg_cmd%\'*}"; # trim chars after and including last apostrophe
        gpg_cmd="$(which gpg)";
    # Check if jsonrpc_option file available
    if [ -f "$path_jsonrpc_option" ]; then
        jsonrpc_option="$(cat "$path_jsonrpc_option" | head -n1)";
    eval "ots-git-gpg-wrapper --wait $jsonrpc_option --gpg-program $gpg_cmd -- $@"

    Part of these modifications take into account the fact that I use the alias function to include custom options whenever I run gpg.

    Additionally, my modifications include permitting ots commands run from my main GNU/Linux Debian-based workstation that is NOT a bitcoin node to connect to a bitcoin node using the --bitcoin-node option for the ots-git-gpg-wrapper command. I do this by loading into a variable the first line of a file named jsonrpc_option.txt that I maintain alongside the file. The first line of the jsonrpc_option.txt file contains information used to permit connection to a bitcoin node (a Raspiblitz in my case) on the local network at IP address via the RPC interface on port 8332 using username raspibolt and password hunter2. The file contents take the form:

    --bitcoin-node http://raspibolt:hunter2@

    With those changes in place and the wrapper script activated via a git config command mentioned earlier, if I create a signed commit and then run git log, I will see:

    commit 626303d06805ee6cd50e231da6988fc0235bd8e8 (HEAD -> master)
    ots: Calendar Pending confirmation in Bitcoin blockchain
    ots: Calendar Pending confirmation in Bitcoin blockchain
    ots: Calendar Pending confirmation in Bitcoin blockchain
    ots: Calendar Pending confirmation in Bitcoin blockchain
    ots: Could not verify timestamp!
    gpg: Signature made Fri 22 Apr 2022 05:58:35 PM GMT
    gpg:                using RSA key 38F96437C83AC88E28B7A95257DA57D9517E6F86
    gpg: Good signature from "Steven Sandoval <>" [ultimate]
    gpg:                 aka "Steven Sandoval <>" [ultimate]
    gpg:                 aka "[jpeg image of size 1846]" [ultimate]
    Primary key fingerprint: 3457 A265 922A 1F38 39DB  0264 A0A2 95AB DC34 69C9
         Subkey fingerprint: 38F9 6437 C83A C88E 28B7  A952 57DA 57D9 517E 6F86
    Author: Steven Baltakatei Sandoval <>
    Date:   2022-04-22T17:57:30+00:00
        draft(posts:20220422):using ots with git
        - note: testing timestamp feature with example commit

    After three hours, this message changed to:

    commit 626303d06805ee6cd50e231da6988fc0235bd8e8 (HEAD -> master)
    ots: Calendar Pending confirmation in Bitcoin blockchain
    ots: Calendar Pending confirmation in Bitcoin blockchain
    ots: Calendar Pending confirmation in Bitcoin blockchain
    ots: Got 1 attestation(s) from
    ots: Success! Bitcoin block 733047 attests existence as of 2022-04-22 GMT
    ots: Good timestamp
    gpg: Signature made Fri 22 Apr 2022 05:58:35 PM GMT
    gpg:                using RSA key 38F96437C83AC88E28B7A95257DA57D9517E6F86
    gpg: Good signature from "Steven Sandoval <>" [ultimate]
    gpg:                 aka "Steven Sandoval <>" [ultimate]
    gpg:                 aka "[jpeg image of size 1846]" [ultimate]
    Primary key fingerprint: 3457 A265 922A 1F38 39DB  0264 A0A2 95AB DC34 69C9
         Subkey fingerprint: 38F9 6437 C83A C88E 28B7  A952 57DA 57D9 517E 6F86
    Author: Steven Baltakatei Sandoval <>
    Date:   2022-04-22T17:57:30+00:00
        draft(posts:20220422):using ots with git
        - note: testing timestamp feature with example commit

    The line that matters is the one mentioning block 733047 (probably this transaction, based on the current state of the "bob" calendar server).

    ots: Success! Bitcoin block 733047 attests existence as of 2022-04-22 GMT

    If I run git log another time, the ots: lines change to indicate the local cache is being used to verify instead of a calendar server.

    commit 626303d06805ee6cd50e231da6988fc0235bd8e8 (HEAD -> master)
    ots: Got 1 attestation(s) from cache
    ots: Success! Bitcoin block 733047 attests existence as of 2022-04-22 GMT
    ots: Good timestamp
    gpg: Signature made Fri 22 Apr 2022 05:58:35 PM GMT
    gpg:                using RSA key 38F96437C83AC88E28B7A95257DA57D9517E6F86
    gpg: Good signature from "Steven Sandoval <>" [ultimate]
    gpg:                 aka "Steven Sandoval <>" [ultimate]
    gpg:                 aka "[jpeg image of size 1846]" [ultimate]
    Primary key fingerprint: 3457 A265 922A 1F38 39DB  0264 A0A2 95AB DC34 69C9
         Subkey fingerprint: 38F9 6437 C83A C88E 28B7  A952 57DA 57D9 517E 6F86
    Author: Steven Baltakatei Sandoval <>
    Date:   2022-04-22T17:57:30+00:00
        draft(posts:20220422):using ots with git
        - note: testing timestamp feature with example commit

    If I had instead activated, then the git commit operation would wait until it received a proof from a calendar server before exiting. This may be useful for for major signed commits and tags where it is desirable to transmit the proof via the git repository itself instead of relying upon a calendar server or the cache files being available in the future. I don't know of a method to upgrade the OTS proof data already included in a git repository.

Use Cases

.ots files

Generating .ots files is easier than messing with the OTS git wrapper script since no knowledge of git is required. For this reason, I imagine timestamping files via Python or the website would be more common.

Some use cases I can imagine are:

  • A reporter timestamping .eml files containing controversial correspondence.
  • A lawyer timestamping controversial secret .pdf documents that will be revealed at a later time.
  • A civil engineer timestamping a receipt of a .pdf report they create for a building owner about the need to perform expensive repairs.
  • A business owner timestamping a contract encoded in a .pdf to help prove when an agreement was made.
  • A speedrunner wanting to prove that a world record they recorded in a .mkv video file was made by a certain date in the past.
  • A software developer wanting to prove that certain archived versions of their software existed as early as a certain date.

OTS git wrapper

In the abstract, the OTS git wrapper allows me to prove the existence of files in a git repository that I already am using OpenPGP to sign. This is useful for avoiding ambiguities associated with the possibility of some attacker capturing my OpenPGP private key and signing files with forged timestamps in order to try and convince someone to believe their revised history of some event.

Although I personally am not in the business of proving the existence of files for others, I can imagine some software developers who use git who may want to prove who had created a piece of code before a copycat.

Also, git, because it is version control software for file trees, can be used to prove the existence of many files at a time (albeit via SHA1 which, as of 2022, is the best method git supports for hashing data). This may be useful if the number of proofs I need to create is large enough to saturate a significant fraction of public calendar server bandwidth and storage capacities.


An OTS timestamp can only prove data existed after a certain date. It cannot prove exactly when data was created.

Also, an attacker could pregenerate a large fraction of all possible permutations of data and create an OTS proof for each permutation. For example, if I wanted to bamboozle people into thinking I could predict the weather anywhere in the world 8 years in advance, I could create a large number of text files containing permutations of the general prediction "I predict in 2022 that on [date in 2030], in [location], it will be [weather type]." I would then create .ots proof files for each prediction and sit on them for 8 years. Then, on the specified date in 2030, I would selectively reveal only the predictions that happened to be true.


OpenTimestamps can be used to prove the existence of files and git commits in a scalable manner using the Bitcoin blockchain.

Posted 2022-04-25T00:12:36+0000

Notable Public Keys book update (F-Droid, Qubes OS)

Created by Steven Baltakatei Sandoval on 2022-04-11T14:23Z under a CC BY-SA 4.0 license and last updated on 2022-04-12T01:18Z.

I updated the Pubkeys book (PDF, Gitlab).

New Sections


I added the Android app FOSS repository that I use. The developers publish OpenPGP signatures for the downloadable APK of the F-Droid client, a package manager similar to the the Google Play Store app. I had started creating a chapter months ago but hadn't fleshed it out yet due to slow loading times of the F-Droid main website.

From what I can tell, F-Droid didn't publish a OpenPGP signature for their main client's APK file until late 2017. Also, there's no obvious place to download the public key (41E7 044E 1DBA 2E89).

Qubes OS

I saw a Reddit post from someone looking to install Qubes OS and was looking for a method to verify PGP software to verify a Qubes OS installation file. Although I've not yet started a GnuPG chapter (I imagine it will contain a lot of history), I decided I could draft a Qubes OS chapter. Such a chapter would contain the fingerprints necessary to reassure someone looking to download and install Qubes OS for themselves.

I was surprised by how detailed the PGP verification instructions available on the main website were. They have a master key (DDFA 1A3E 3687 9494) that signs each release key; there is one release key per major version (e.g. v1.0, v2.0, etc.).

Future sections

Here's the short list of upcoming chapters I plan on writing next when the fancy strikes me.

  • GnuPG. Software often used to perform OpenPGP operations.
  • LibreOffice. An alternative to Microsoft Office.
  • Red Hat. A popular commercial GNU/Linux operating system / service company I don't have much experience with but which uses OpenPGP signatures to sign software.
Posted 2022-04-11T15:22:22+0000

TeXmacs: Thermodynamics and Chemistry by Howard DeVoe - done

Created by Steven Baltakatei Sandoval on 2022-03-17T02:21Z under a CC BY-SA 4.0 license and last updated on 2022-03-20T18:18Z.


Thermodynamics and Chemistry by Howard DeVoe, Version 10, Transcribed to TeXmacs. It's done. See the repository for the source code. Compare to the original compiled from LaTeX here.

This past week I've made an effort to finish off the Bibliography and citations of the thermodynamics textbook transcription job I assigned myself over a year ago.

Bibliography wrangling

I had to figure out how exactly TeXmacs processes bibtex data. It's complicated and usage isn't well-documented but I found a way that works (when inserting an automatically-updating bibliography section via "Insert -> Automatic -> Bibliography", it is possible to specify a file as well as a bibliography style if you examine the <bibliography> (?) tag that is created; the file must be a bibtex file; then, a tag like <cite|author-1999> will trigger the bibliography section to read the file and populate itself with a new bibliography entry and assign the <cite> tag a reference number).

One of DeVoe's bibtex entries kept causing crashes in TeXmacs whenever I tried to update the bibliography. It was the only one of its kind.

   Author = {Clapeyron, \'{E}.},
   Title = {Memoir on the Motive Power of Heat},
   BookTitle = {Reflections on the Motive Power of Fire: Sadi Carnot and other Papers on the Second Law of Thermodynamics by \'{E}.\ Clapeyron and R.\ Clausius},
   Editor = {Mendoza, E.},
   Publisher = {Dover},
   Address = {Mineola, New York},
   Pages = {71-105},
   Note = {Translation by E.\ Mendoza of ``M\'{e}moire sur la Puissance Motrice de la Chaleur,'' \emph{J.\ de l'\'{E}cole Polytechnique}, \textbf {14}, 153--190 (1834).},
 Year = {1988} }

The problem is with the Note value. There's a lot of what looks like LaTeX code (which I'm not familiar with). I'm using the tm-plain style which seems to be okay with processing some LaTeX'isms in these bibliographical entries (a lot of the markup seems to be used to effect diacritical marks which could be handled by use of UTF-8 characters, but I wasn't about to go down the rabbit hole of figuring out how TeXmacs handles Unicode points in its bibliography processing code). I switched out the Note value to something simpler (that references the title's OCLC code) and now compiles (clapeyron-1834 was used in a citation in

Note = {See OCLC 559435201; 153--190.},

Two columns in one column document

I also figured out that its possible to get two-column pages in an otherwise single-column TeXmacs document. Basically, you create a two-column page (single page only) in one TeXmacs document (.tm) then <include> it in another document (via "Insert -> Link -> Include"). I'm pretty sure this is stretching what the original developer intended but it seems to work well enough for the single-page biographical sketches that DeVoe included in his book.

Disappearing Dotted Line

A few months into the transcription project, I emailed Howard DeVoe a PDF of a draft. He noted that some figures had dashed lines that changed depending on how far you were zoomed in. Eventually I concluded the cause of that problem was some error / wrong assumption made by either Inkscape, ghostscript, or some converter in between the source Encapsulated Post Script (EPS or .eps) file that DeVoe had emailed me and the .eps file that I got to work when inserted into the TeXmacs documents. Instead of trying to hunt down the cause, I decided to try and fix each issue in each .svg file that Inkscape could produce from each .eps file.

SVG is an XML-like format that I can easily parse with grep, sed, and other command line tools that I'm familiar with; in contrast, EPS is compiled output not meant for direct editing (perhaps decades ago it was meant to be human-editable but SVG seems to be the standard now). So, I converted every EPS file I received from DeVoe into an SVG master file from which I would export EPS or whatever format I needed to make the book work (see I found that each image with the dynamically chnanging dashed line issue also had a "stroke-dasharray" key value pair; so, I wrote (in ref/notes/baltakatei/bash/ in the repository), a script to convert each dashed path object into a path object in which each dash is a subpath; it greatly increases the amount of information requried to define the dashed line but the benefit is that the dashed line appears the same no matter the zoom level; in other words, every single dash is converted into a static object instead of letting whatever vector renderer decide how to draw a dashed line.

While I was patting myself on the back for figuring out how to automatically get Inkscape to process the many SVG files I had, I noticed that some of the images lost some dotted lines. I eventually discovered that some dashed lines had dashes with dash lengths specified so short (zero length), that the Inkscape extension I was using (org.inkscape.filter.dashit.noprefs) was encountering a "divide by zero" error and deleting the path partially or entirely.

Soooooo, I had to write to run before I ran would change all the 0's in each stroke-dasharray to something small. I also filed a bug report (which led to a fix that was merged by a Jonathan Neuhauser; thanks!). Testing showed me that a value too close to zero would be the same as if zero were still present. I had to use a relative value of nearby non-zero values in the stroke-dasharray and my code is super brittle (it probably wouldn't work for all dashed paths encoding all possible morse code sequences, but my problem was just with simple dotted lines disappearing). … — …

I debugged the scripts so they'd do what I wanted (fix the dashed paths into paths with static subpaths for each dash/dot). I definitely couldn't do what I did with earlier versions of Inkscape; I downloaded and ran the latest Inkscape version (inkscape 1.2); its command line interface is super slick (although it would be nice if there were a sleep command to let me get a peek at changes).

Long story short, I think I've resolved the dashed line issue, Professor DeVoe. ^^;;

Next steps

The core reason I transcribed the textbook in the first place was so that when I completed the problem sets for my own review and education, I'd be able to have a digital document that I could link to and share with others. That means the next step, now that transcription is done, is to create my own solutions to the problem sets and record them in TeXmacs.

This means I will probably need to use DWSIM more in order to cross-check my thermodynamic calculations and create illustrations / diagrams relevant to each solution. Again, I want to be able to hand someone a ZIP file containing everything they need to learn Chemical Engineering; that means not only textbooks and problem sets, but also simulation software that they might use when applying this knowledge in industry. A ZIP file that I could in good conscience send to the people on the ISS should everyone on the planet's surface be doomed.

Posted 2022-03-17T03:48:10+0000

Notable Public Keys book update (Electrum, Tails, Veracrypt)

Created by Steven Baltakatei Sandoval on 2022-03-12T12:52Z under a CC BY-SA 4.0 license and last updated on 2022-03-12T13:18Z.

I added three sections to the Notable Public Keys book (PDF, GitLab):

New Sections


I added a few of the Tails keys and did some research about the origin of Tails. I didn't know that its name (i.e. "The (Amnesic) Incognito Live System") was a hint at the fact that there used to be two projects that merged together. One was called "Incognito" (a privacy-focused operating system based on Gentoo) and the other was "Amnesia" (also a privacy-focused operating system based on Debian). See the PDF for links and notes.

There are many more Tails keys covering various subgroups of Tails development operations (PR, financial, etc.). I've elected to only link to the page containing these fingerprints and focusing on the fingerprints necessary for verifying downloadable installation .iso images (funnily enough, their mailing list key used to also be an image signing key very early on so I include it).


This is software I had learned about from Steve Gibson's Security Now podcast. I've used it occasionally over the years; it was one of my first entries in my OpenPGP fingerprint notes that later became the Notable Public Keys book. I guess the reason I haven't added it to the book until today was because I was still using my unpublished notes as a source of fingerprints. It's time to share what I know!


Years ago, I uploaded a Youtube video about how to verify the Electrum installer for Windows 10. It's probably now out-of-date but the verification procedure still relies on using Thomas Voegtlin's fingerprint. Lately the download page has linked to two other public keys; one seems to be an ElectrumX developer.

The cost of failure for not checking signatures of this software grows each year as Bitcoin does what it does best: persist. It's my hope that this chapter of the book can help prevent people from losing money, if only by providing a persistent reference through time about which fingerprint to trust.


I made various updates to the <index> tags so that the Index section can be more organized when TeXmacs generates it. This work actually probably took about as along as researching the histories of Tails and Veracrypt combined but involved many more keypresses due to needing to check each existing chapter's tags.

Future Sections

The next chapters I plan to write are below in descending order of priority.

  • GnuPG. Software often used to perform OpenPGP operations.
  • F-Droid. An alternative to the Google Play store.
  • LibreOffice. An alternative to Microsoft Office.
  • Red Hat. A popular commercial GNU/Linux operating system / service company I don't have much experience with but which uses OpenPGP signatures to sign software.
Posted 2022-03-12T13:24:30+0000

This blog is powered by ikiwiki.

Text is available under the Creative Commons Attribution-ShareAlike license; additional terms may apply.