How 2023 came and went, and the new year of 2024 is here Mon Jan 01 2024 2023 had its highs, lows, and weird moments with a lot of coding for a convention and concern for global conflicts. -------------------------------------------------------------------------------- How 2023 came and went, and the new year of 2024 is here ======================================================== Published Jan 1, 2024 - 13 min read /--------------------- Table of contents --------------------\ | Table of contents | | * How 2023 came and went, and the new year of 2024 is here | | * The better parts of 2023 | | * The weird parts of 2023 | | * The low parts of 2023 | | * The new year, 2024 | \------------------------------------------------------------/ "What a year, huh?" "Captain, it's March." would be felt nearly every month of 2023. /------------------------------------------------------------------------------\ | Captain, it's Wednesday @yikes@bbs.kawa-kun.com | |------------------------------------------------------------------------------| | [I1: Yikes!] | | | | [L1] 8/30/2023 | \------------------------------------------------------------------------------/ Ever since COVID-19 reached the U.S.A., my sense of time has been forced into a combination of constant whiplash at the intense events of the world and taking things day by day. The seasons change, the events and wars of the world change, and yet nearly every day feels the same. /------------------------------------------------------------------------------\ | This section is a bit of a downer | |------------------------------------------------------------------------------| | Last year, and the year before that, have been a constant cycle of | | stressors. Some come and go, and any gaps that provide momentary relief are | | filled with another stressor. | | | | Do others feel this too? Is that why there is so much contention, | | disagreement, and continual shouting? With inflation, wars, stagnant wages, | | and growing risks to people and their future — it seems like the world is | | optimizing for suffering of the many instead of happiness and tranquility. | \------------------------------------------------------------------------------/ The better parts of 2023 ------------------------ I wrote quite a bit! In 2023, I wrote twenty-five articles, which is on par with my 2022 collection. A fair bit of it came from separating out the various sessions I attended at DEF CON. I have more notes from that time to refine and publish. You might see some of that in January if I have a break. From January to April 2023, I process engineered a furry convention [L2]. It was incredibly successful and in doing so, I developed a moderate competency in Python. /---------------------------------------------------------[kyrmeso: trade-deal]\ | Your character is a snake. Are you telling me that Python wasn't pre- | | installed? | \------------------------------------------------------------------------------/ /[cendyne: snake-on-keyboard]--------------------------------------------------\ | If only. Though, my experience with Lua, Ruby, and JavaScript came in handy. | \------------------------------------------------------------------------------/ The summer had DEF CON, which was incredibly enjoyable. I talked with a few people outside of the furry space which was rewarding. Afterwards, I paid for an SSD of all the recordings. I listened to them while walking, driving, and so on. They usually take a year to publish it all. A month later, they published nearly each one over the course of a few days. Which was cool, though, I could have waited and not paid for it. I made tremendous progress with my most precious side project [L3], this blog. The front-end you see is dynamically rendered from a JSON intermediate representation. Eventually, I hope to leave behind the awkward markdown format I use to write all this stuff. And, like late last winter and early spring, I went back to developing that convention software again [L4]. From September through the end of December, nearly every spare moment has gone into improving its usability for: * Completely new attendee registration that is up to date with PCI compliance * Volunteer info collection * Configurable prices, times, rewards, etc. * Administration features refunds and transaction troubleshooting * Digitizing cash exchanges and receipt printing * Differentiating vendor / dealer pricing and availability * Automated reminders for approved vendors * American Association of Motor Vehicle Administrators (AAMVA) Drivers License ID (DLID) [L5] scanning for cash and check-in processes * Compatibility and configurations for Motorola DS4208 [L6] (archived [L7]) Standard Range and Drivers License parsing models * 90+% coverage with end to end automated testing for attendee, vendor, and staff tooling with Playwright [L8] Early December, I attended Midwest FurFest again. Some things have improved there. There is more room to improve in their attendee's quality of life and leg pain. I have an idea for a simulation model for evaluating subsequent human queuing processes. While at the convention, I fell asleep reading Zebra Programming Language [L9] (ZPL) documentation. At a high level, it feels a lot like what I've heard goes on in PostScript [L10]. And now I have three Zebra label printers in my home. /----------------------------------------------------------------[kyrmeso: wut]\ | Three?! What do you need three for? | \------------------------------------------------------------------------------/ /[cendyne: failure]------------------------------------------------------------\ | The first was a mistake. It is their small business series [L11] that has | | only internet / cloud connectivity. Their Mac drivers are so bad that just | | putting the computer to sleep will result in the local print queue declaring | | success for any print job, and then nothing prints. I just haven't gotten | | rid of it. | \------------------------------------------------------------------------------/ /------------------------------------------------------------------------------\ | Cendyne @cendyne@furry.engineer | |------------------------------------------------------------------------------| | Finally figured out whats going on with this zebra small business printer. | | | | It is unfortunately one of the Internet of sh*t things where you cant print | | to it directly! its just sitting on a websocket the whole time with the | | cloud. | | | | We have to submit jobs into the cloud instead. | | | | They have an OAuth refresh token, they get customer info, and then it holds | | a connection open for a while for print jobs (I recorded 3 back to back). | | | | They POST ZPL in GRPC from a buggy driver towards the printer. | | | | [I2: Wireshark display where packets are inspected and marked for | | significance] | | | | [L12] 4/16/2023 | \------------------------------------------------------------------------------/ /------------------------------------------------------------------------------\ | Cellivar @Cellivar@furry.engineer | |------------------------------------------------------------------------------| | @cendyne [L13] Hey! If the printers support direct ZPL over USB Ive written | | a library to talk to them from a webpage here github.com/Cellivar/WebZLP | | [L14] | | | | I dont know what model youre playing with so my library may not support | | them. Id be happy to chat with you to expand its abilities. | | | | [L15] 4/16/2023 | \------------------------------------------------------------------------------/ /[cendyne: shinji-cup]---------------------------------------------------------\ | Unfortunately, the printer doesn't have USB. Only power and wifi for the | | cloud. | \------------------------------------------------------------------------------/ /[cendyne: crate-contains-one-naga]--------------------------------------------\ | The other two are an older and more recent model to see and test some ideas. | | I would like to label my storage boxes and equipment with QR codes and have | | a periodically updated contents label slapped on the side. One might be used | | for 1x1 QR code prints and the other could print listings. | \------------------------------------------------------------------------------/ I may experiment with ZPL in 2024. The weird parts of 2023 ----------------------- In the summer, I was taken by surprise with the rapid evolution of generative language and visual models. As written in Reverse Centaur Chickenization, ChatGPT, and Inhuman Centralization [L16], I elaborate on the many ideas I've seen and considered about technology's applications to displacing people from meaningful and enjoyable lives. It is going somewhat predictably, with Adobe at risk of Creative Cloud subscriptions shrinking because of generative tech offerings [L17] (archived [L18]). /[cendyne: phone-surprise]-----------------------------------------------------\ | Yeah yeah, this AI thing [L19] ! We can charge more for it [L20] ! That | | means more revenue! | | ― Adobe | \------------------------------------------------------------------------------/ /[cendyne: shocked]------------------------------------------------------------\ | Huh!? Our revenue is shrinking! Wait, no, not like that! It wasn't meant to | | be like this! | | ― Adobe | \------------------------------------------------------------------------------/ /[cendyne: money-on-fire]------------------------------------------------------\ | And now the Federal Trade Commission is scrutinizing Adobe's subscription | | practices [L21]. I do hope the FTC makes a ruling that is favorable to | | consumers. | \------------------------------------------------------------------------------/ The low parts of 2023 --------------------- I'll keep this section short. More war? I hear a lot about Ukraine, and now often Israel and Hamas. More is happening that I don't actively hear about on established U.S. news. /------------------------------------------------------------------------------\ | TLDR News Global | |------------------------------------------------------------------------------| | Youtube Video [L22] | | Every War in 2023 (So Far) [L23] 12/30/2023 | \------------------------------------------------------------------------------/ And in listening to some of Manufacturing Consent [L24], I have a less trusting view in those that share information in the world. I also listened to some of The Stand [L25] by Stephen King in 1978 about a weaponized influenza that led to post-apocalyptic conditions. For now, I'll table that until the initial pains and scares of COVID-19 fade. One of my goals was to find a new job, preferably one leading a security team or practicing cryptography. That really has gone nowhere with the continual shrinkage of the tech market. With tech salaries deflating, I am not receiving a raise next year. My team has shrunk further and I am having to make significant expert contributions while supporting and mentoring those on my team. And, of course, while I am on vacation for the end of the year… /------------------------------------------------------------------------------\ | Cendyne @cendyne@furry.engineer | |------------------------------------------------------------------------------| | Love to be on holiday vacation and -- oh, someone is using my employers | | backend to mass test credit cards | | | | [L26] 12/22/2023 | \------------------------------------------------------------------------------/ I had to jump in and write 95% of a stop-gap solution and pass it off to the engineers on my team to add configuration flags, test, and deploy it. For the moment, I am choosing some financial stability and familiarity over a novel adventure and its stressors. After all, the American Dream™ costs a magnitude more today than it did for my grandfather. -------------------------------------------------------------------------------- The new year, 2024 ------------------ Now that the new year has begun, I have a few things to look forward to. Hopefully, this credit card testing attack is resolved at work. I have a few ideas to defeat "residential VPNs [L27] " used for this kind of activity. I'll be visiting some art museums with my family soon. After that, I look forward to the convention operating successfully and smoothly. I recently learned what a Key Encapsulation Mechanism [L28] (KEM) is by carefully reading NIST's Module-Lattice-Based Key-Encapsulation Mechanism Standard [L29]. I hope to write about it later this month. Later on, more furry conventions with friends, DEF CON, and hopefully better professional development. This year has plenty of writing to come. The topics? Who knows. I write about what I find interesting and where I have passion. Maybe I'll even write about how to encode black and white images in ESC/POS print codes. /---------------------------------------------------------[kyrmeso: trade-deal]\ | What's with you and printers? They're always frustrating. | \------------------------------------------------------------------------------/ /[cendyne: toaster]------------------------------------------------------------\ | An earlier joy in my career was developing software that prints receipts. | | The real-time nature of getting something physical in my hand as a result of | | my work. Sure, they are frustrating, but it develops patience. | \------------------------------------------------------------------------------/ -------------------------------------------------------------------------------- Key Encapsulation Mechanism (KEM): Key Encapsulation Mechanisms [L28] are a generalized category of establishing symmetric key material between two parties. The symmetric material may be sent by one party to the other, or be derived from a shared calculation with a tool like HKDF. KEMs are not necessarily Diffie-Hellman key exchanges, which have known optimizations such as ephemeral keys to allow for few network round trips. There are several KEM post-quantum cryptography candidates. National Institute of Standards and Technology (NIST): NIST [L30] is a standards focused agency of the U.S. department of commerce. They explore and challenge several areas of science and technology. One of those areas is cryptography. NIST has a negative record in its history where it recommended Dual_EC_DRBG [L31], which the NSA bribed adoption in the industry. The construction was found to have a backdoor if certain secret information were known. Since then, they have been acceptable stewards of cryptography recommendations. Today, they direct a post-quantum cryptography competition [L32] in anticipation of trusted cryptography like RSA and ECDSA and ECDH to become weak in the face of sufficiently capable quantum computers. HMAC-based key derivation function (HKDF): Hashed Message Authentication Code (HMAC)-based key derivation function or HKDF is a concrete KDF implementation which uses HMACs to derive new key material. HKDF specifically employes two stages: extract and expand. The extract stage produces a temporary key derivation key which is uniformly random for the expand stage. The expand stage produces the requested length and binds the output to the domain provided in the context or info paremeter. Key Derivation Function (KDF): A Key Derivation Function or KDF takes a secret and can produce longer secrets from it for use in other applications. Since its output must be uniformly random, you will find a KDF relies upon PRFs to produce the desired output. To make longer outputs than the PRF supports, often a PRF gets a counter as part of its input which is incremented as needed until enough output data is available. Pseudo Random Function (PRF): A Pseudo Random Function or PRF is a keyed function that produces uniformly random data. It takes an input and reliably produces the same output with a fixed length. It sounds a lot like a hash function, and often is made with a hash function with additional mechanics around it. Hash based Message Authentication Code (HMAC): An HMAC is a MAC which uses hashes or message digests to authenticate a message. It is resistant to length extension attacks, which the underlying hash function may be susceptible to. You will find that common instatiations of HMAC are also PRFs. [L1]: https://bbs.kawa-kun.com/objects/5e87d205-ff7a-45aa-8230-21c52094d2ed [L2]: /posts/2023-04-16-process-engineering-at-a-furry-convention.html [L3]: /posts/2023-07-10-a-precious-side-project.html [L4]: /posts/2023-11-26-preparing-fur-squared-2024s-new-technology.html [L5]: https://www.aamva.org/getmedia/99ac7057-0f4d-4461-b0a2-3a5532e1b35c/AAMVA -2020-DLID-Card-Design-Standard.pdf [L6]: https://www.frontlinesupplies.com/dl/DS4208-Scanner-User-Manual.pdf [L7]: https://web.archive.org/web/20231230205114/https:// www.frontlinesupplies.com/dl/DS4208-Scanner-User-Manual.pdf [L8]: https://playwright.dev/ [L9]: https://en.wikipedia.org/wiki/Zebra_Programming_Language [L10]: https://en.wikipedia.org/wiki/PostScript [L11]: https://www.zebra.com/smb/us/en.html [L12]: https://furry.engineer/@cendyne/110209565421109112 [L13]: https://furry.engineer/@cendyne [L14]: https://github.com/Cellivar/WebZLP [L15]: https://furry.engineer/@Cellivar/110210309726232939 [L16]: /posts/2023-05-11-reverse-centaur-chickenization-chatgpt.html [L17]: https://www.insideimaging.com.au/2023/will-ai-cannibalise-adobes- customers/ [L18]: https://archive.is/NZOzH [L19]: https://blog.adobe.com/en/publish/2023/10/10/creative-pros-generative-ai- usage [L20]: https://www.dpreview.com/news/1676880155/adobe-increases-creative-cloud- pricing-takes-firefly-out-of-beta [L21]: https://appleinsider.com/articles/23/12/14/adobe-faces-big-fines-from-ftc -over-difficult-subscription-cancellation [L22]: https://youtu.be/bt2IrMThdLw [L23]: https://www.youtube.com/watch?v=bt2IrMThdLw [L24]: https://en.wikipedia.org/wiki/Manufacturing_Consent [L25]: https://en.wikipedia.org/wiki/The_Stand [L26]: https://furry.engineer/@cendyne/111625467436484104 [L27]: https://nordvpn.com/blog/residential-vpn/ [L28]: https://en.wikipedia.org/wiki/Key_encapsulation_mechanism [L29]: https://csrc.nist.gov/pubs/fips/203/ipd [L30]: https://www.nist.gov/ [L31]: https://en.wikipedia.org/wiki/Dual_EC_DRBG [L32]: https://en.wikipedia.org/wiki/NIST_Post-Quantum_Cryptography_ Standardization [I1]: https://c.cdyn.dev/v5_0T6Un [I2]: https://c.cdyn.dev/1CWMeiLN