Planet FSCI

July 17, 2025

Thejeshgn GN Intentional Observation

Uma started school last week. As part of her schooling, I attend school every day to observe her and provide support if needed. Currently, it’s for an hour every weekday. During this period, I sit there observing her and her surroundings for an hour, and nothing else.

I don’t interact with her or anyone else, except to acknowledge Uma when she looks at me. No phones, no books, and I don’t take any physical notes during this period. I just sit and observe things around me. It’s like Vipassana in a crowded place.

I have not done this in a long time. One always has a phone to listen to something if not staring into it, or a book to read, or at least you are interacting with someone or daydreaming.

Uma – Collecting flowers on the way

This level of intentional observation is something I have not done before. At max, it would have been five or ten minutes. An hour is long. It was difficult for the first couple of days. Now I am getting the hang of it.

The best part is that I’m noticing things I wouldn’t have seen otherwise. I have learned a few small things about Uma in this one week. They are not big things, but small interesting things, nuances. And I am happy about it.

In general, I now wonder what I have missed just because I wasn’t paying intentional attention or intentionally observing things around me.

You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

Subscribe

The post Intentional Observation first appeared on Thejesh GN.

July 14, 2025

Thejeshgn GN There won’t be another Emergency
In 1975, India under Indira Gandhi declared an Emergency to enable arbitrary actions by the state, suspending all fundamental rights of citizens.

Today, those same powers exist under regular law. Over time, every ruling government has passed laws—like IPC 124A, AFSPA, the now-defunct POTA, NSA, UAPA, Sec 144/IT Act, PMLA, Sec 132/Income Tax, and FCRA—that curtail civil liberties.

Take UAPA: a person can be jailed without proof, based only on accusation, and held indefinitely without trial. No trial means no chance to prove innocence. The idea of suspending rights under an Emergency is redundant—rights are already suspended.

What our parents lived through for twenty-one months, we’re living every day. The frog has been slowly boiled to ignore the changes¹. The bird born in a cage thinks flying is illegal. The elephant tied with a weak chain believes it’s not strong enough to break free—that’s what the next generation will feel too.

What was once used sparingly is now used routinely against ordinary citizens. An emergency is no longer needed. It’s the norm. Hence, there won’t be another Emergency.

Below is the list of laws that curtail our civil liberties. These are the ones I know. There could be many more.
1. UAPA (Unlawful Activities Prevention Act) – a much worse successor to POTA, Jail without charge; dissent = terrorism.
2. NSA (National Security Act) – Detention without trial for 12 months.
3. AFSPA (Armed Forces Special Powers Act) – Military immunity; shoot/arrest without warrant.
4. Sedition (IPC 124A) – Criticizing govt = jail. Still misused.
5. Temporary Suspension of Telecom Services (Amendment) Rules, 2020 – Internet shutdowns with little oversight. to POTA
6. PMLA (Prevention of Money Laundering Act) – The accused must prove innocence (reverses burden). ED has sweeping powers.
7. Income Tax Search & Seizure (Sec 132) – There is no need for public disclosure of reasons by department. Assets can be seized first, explained later.
8. FCRA (Foreign Contribution Regulation Act) – Limits NGO funding; used to silence civil society.
9. Demonetization (via RBI Act 26(2)) – Massive economic disruption with no accountability. Arbitrary limit on cash ownership.
10. Mandatory Aadhaar Linking – The Aadhaar bill was passed as a financial bill. Huge surveillance concerns. Excludes people from welfare if not linked.
11. Various Goonda Acts at state level- generally jail without proof.
  1. Tamil Nadu Goondas Act ,Tamil Nadu Prevention of Dangerous Activities of Bootleggers, Drug Offenders, Goondas, Immoral Traffic Offenders, Forest Offenders, Sand Offenders, Slum-Grabbers and Video Pirates Act, 1982 – Used on bootleggers, drug offenders, but also journalists and protesters.
  2. Karnataka Goondas Act, Karnataka Prevention of Dangerous Activities of Bootleggers, Drug-offenders, Gamblers, Goondas, [IMMORAL TRAFFIC OFFENDERS, SLUM-GRABBERS AND VIDEO OR AUDIO PIRATES] ACT, 1985 – Extended over time to include cybercrime, sexual offenders, even social media posts.
  3. Uttar Pradesh Control of Goondas Act, 1970 – Allows externment (banishing people from a district). Vague terms like “public tranquility” are used.
  4. Maharashtra Prevention of Dangerous Activities Act (MPDA), The Maharashtra Prevention Of Dangerous Activities Of Slumlords, Bootleggers, Drug-Offenders, Dangerous Persons And Video Pirates Act, 1981 – Similar provisions. Used on political dissenters.
You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

Subscribe
1. scientifically wrong, but the analogy works ↩
The post There won’t be another Emergency first appeared on Thejesh GN.

KhubsuratInsaan Promoting OpenStreetMap as a Leisure Class Activity

Most of our mapping parties, if not all, start with a brief introduction. The newbies are informed about the various benefits of using and contributing to OpenStreetMap, such as massive improvements to the individual’s privacy and an easy mechanism to correct data.

However, I have been wondering if this approach is the optimal path. This doubt started nagging me after I picked up The Theory of the Leisure Class by Thorstein Veblen. If class distinctions are really so pervasive as theorized in the book, shouldn’t we try to incorporate these findings in our promotion of OSM in mapping parties and everywhere else?

A clear description of the context would be in order. Though our existing method of extolling the benefits of OSM is good, I don’t think it is the best one for India. India has, unfortunately, one of the lowest proportion of people contributing to social activities. In conversation with my friends, I often find them considering the idea of “doing something for free” repugnant. Maybe its due to the oppressive nature of the Indian classes, where people’s aspirations are mostly reduced to the singular objective of rising above their current class. Whatever is the reason, we can at least conclude that the current system of promoting OSM is unsatisfactory in the context of India.

We can, for instance, try to frame OSM as a hobby and actively compare the intensity of mapping activity with other mappers (say, by focusing on the heat map that is displayed on the OSM profile page). Setting aside the moral considerations this entails, I believe this approach is likely to bring some interesting results. People may or may not be excited by the idea of increasing their reputation by performing conspicuous leisure in the form of contributions. However, it must be tested on field before we derive any conclusions.

July 11, 2025

Thejeshgn GN Weekly Notes 28/2025
Uma started school this week at Earth School. We walk to school every day. It’s about 500 meters, but it takes us at least half an hour to cover that distance. Everything on the way has to be observed by her every day.

Uma on her way to school

Friends at ToIT
- For those of us born in 1980, this is a significant year, as we are all completing 45 rounds. This week was one of my friend’s birthday, and we were lucky enough to have friends in town to get together for a beer.
- I was in Mumbai on Wednesday for business. It was a quick but good visit. I miss Vistara.
- The Weekly Note from Jedda, led me to a note by Sylvia, which quoted James’s blog post “More People Should Write.” That blog post led me to a book titled “Field Notes on Science and Nature.” I started reading the book, which is about notes by various scientists. Their process, methodology, etc. It is interesting, especially if you keep work notes, maintain lab journals, or publish weekly notes. Adjacent to it are the books How to Teach Nature Journaling (also a blog and online resources) and Keeping a Nature Journal. They are on my list to read next. I love the web.
- Deep cleaning has started at home. We now do a whole-house deep cleaning twice a year. It’s less painful than painting, as we can do it room by room, and it doesn’t smell of chemicals, but it’s still painful. Last year, we used a local merchant to do this. This year, we are also using UrbanCompany along with them.
- In 2000, I was a student when Sushmita Sen became a young single parent by adoption; it was a surprise and an inspiration to me. In 2024, Bhavana Ramanna did something similar but close to home. She is inspiring to many people who want to have kids but want to remain single. I know many people have done this before her, but it makes a significant difference when someone can express that desire in Kannada¹. I am very happy for her. I wish her a happy and fulfilling parenthood.
- I am concluding this week’s notes with an excerpt from the book “Field Notes on Science and Nature.” I think it clearly defines what Weekly Notes are, as they are our notes based on observation of life around us.
Taking time to write out an idea or observation forces us to pause and consider. Recording the daily unfolding of experiments—their success or failure—encourages an honest assessment of how each day’s work fits within the underlying goals and theory of the project. It takes time to create a narrative of experiments, events, and observations, but it eventually pays dividends because it forces thorough examination, which is a common characteristic of science across disciplines. In Darwin’s description of the marine iguana, for example, we can imagine him on board the Beagle, penning his zoological notes and pondering the origin of their “apparent stupidity.”‘

Pathu – play mode on

Pathu – sleep mode on

You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

Subscribe
1. For people around me ↩
The post Weekly Notes 28/2025 first appeared on Thejesh GN.

July 08, 2025

Thejeshgn GN Local LanguageTool With Eloquent and LibreOffice
English wasn’t my first/primary language. I attended a Kannada-medium school during my primary school years and switched to an English-medium school in high school. I caught up with it as I grew up speaking it with friends and then colleagues, as English is the primary language at work ¹. Now that we are a multilingual family, it has become the language I use with my daughter and at home. What a change – it will need a different blog post!

Essentially, I need a reliable spelling and grammar checker to write well. Over the years, I have used many; in recent times, I found Grammarly, which has been good ². However, I have always been looking for a decent FOSS alternative. That’s when I found LanguageTool, both the SAAS service and the FOSS server. The FOSS server performs basic spelling and grammar checking, which is sufficient in most cases. ³

LanguageTool is an Open Source proofreading software for English, Spanish, French, German, Portuguese, Polish, Dutch, and more than 20 other languages. It finds many errors that a simple spell checker cannot detect.

On Linux, I found Eloquent, which I installed from Flathub.

Eloquent on Gnome

Eloquent is a proofreading software for English, Spanish, French, German, Portuguese, Polish, Dutch, and more than 20 other languages. It finds many errors that a simple spell checker cannot detect. It works fully offline, powered by LanguageTool standalone server.

In addition to using Eloquent’s UI, I also integrated it with my other applications, such as LibreOffice. This makes it easy to use, and everything happens locally.

When Eloquent starts, it also starts the LanguageTool Server locally and uses its HTTP APIs. You can test if the LanguageTool Server is running locally by going to http://localhost:8081/v2/languages. That link will show all the available languages. Once it is running, you can use the same server with other front-ends besides Eloquent.

If you are not using Eloquent or don’t want to install it, then you can start a standalone LanguageTool Server on your machine. It exposes the same set of APIs. I have used Eloquent because it’s an easy, one-step installation for non-technical users. It installs and runs both the server and a frontend app, which is Eloquent.

To use LanguageTool with LibreOffice, first, you need to configure LibreOffice to use a local server. Go to LibreOffice -> Tools –> Options. Then, follow the screenshots below.

LibreOffice settings screen to enter or configure LanguageTool Server settings.

Enable LanguageTool server for grammar checking.

Sometimes the LibreOffice doesn’t save your LanguageTool Remote Grammar Checker in Available Language Modules. Then shutdown the LibreOffice and reopen enable it. It should save it.

Compare LibreOffice and Eloquent, they are using the same back-end Language tool server.

Now, you can use the LanguageTool in LibreOffice along with Eloquent. In fact, you can configure any other tool that uses the LanguageTool APIs. Now that I am using it regularly, I should be able to conclude soon which one suits me better: LanguageTool FOSS, LanguageTool SaaS, or Grammarly⁴.

You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

Subscribe

Footnotes
1. For the IT sector, It’s the primary language in India ↩
2. I don’t use their browser addon or Android keyboard; I use their online editor on their website. So they get only what I give them. ↩
3. That said, I have been testing both the FOSS and SaaS services, along with Grammarly. I am comparing them to check which works better for me. Yet to conclude. ↩
4. I have heard about ZeroGPT’s grammar checker, but I haven’t tried it yet. ↩
The post Local LanguageTool With Eloquent and LibreOffice first appeared on Thejesh GN.

Sahil Dhiman Five Years of Writing - Now What?
Okay, here’s the deal, I pushed my first post on Reimagined Doodle - Alias Command, five years ago on July 8th, 2020. Don’t think I ever mentioned that post started out as a Github Gist which I later transferred here seeking a more long-term home on an independent platform.

Writing about writings, motivations, and the blog itself has been a recurring theme here over the years. ¹ ² ³ ⁴ ⁵ ⁶ ⁷ ⁸ ⁹

I’m unsure how I sustained expressing myself and writing here for this long. Now and then, I go months without any thought of writing, and then all of a sudden I start in bursts with sequential posts one after another. There isn’t a pattern per se in topics other than whatever burning question I have at the moment.

So here’s to a milestone and then some.

July 07, 2025

Sahil Dhiman Let's Talk About AI

Recently, Seth Godin wrote Productivity, AI and pushback:

Typesetters did not like the laser printer. Wedding photographers still hate the iphone. And some musicians are outraged that AI is now making mediocre pop music.

In the article, Seth connected how AI is increasing productivity and how anything that improves productivity always wins.

Nowadays, large language models (LLMs) have become synonymous with AI, while AI is a broader field. AI has brought a shift in how things are done. Use cases might vary, but it’s helping in ways like quickly summarizing huge knowledge bases to answer questions or, in my case, helping understand the contextual meaning of complex word (or sentence) usage in language and literature in both English and Hindi, which was sometimes not easy to comprehend with simple web search results.

Even if you or I don’t really like “AI in everything”, we can’t deny the fact that AI is here to stay. This doesn’t take away from the fact that AI needs to become ethical, regulated, and environmentally sustainable.

July 06, 2025

KhubsuratInsaan Lonely: Part 2

Previous post in the series: Lonely: Part 1

Nope. It was mostly a failure. Though I did met a strong chess player. Unfortunately, that person is mostly interested in antichess, while I like classical chess and chess 960.

July 04, 2025

Thejeshgn GN Weekly Notes 27/2025
Welcome to the second half of 2025. How was the year so far for you? For me, it’s been mostly good, except for the radiculopathy and the rapid pace of the year. If the first half has gone by so quickly, I can’t imagine how fast the second will go. It usually feels even faster with all the holidays, birthdays, and general busyness.

At Ulsoor junction in Bengaluru. Even tanks, need a protection wall and a humble hand roller to build that wall.
- Work has been hectic but good. There is so much to write about but so little time
- I wrote about the first set of movies that I watched in a theater with my parents.
- I have updated the IDVC (Idly Dose Vada Coffee Rates in Bengaluru) data. It should show 2025 data now. The data is not statistically significant yet.
- I got a yearly subscription to YouTube. YT is a much better product without advertisements and with background play. Just those two features make it worth it; plus, they seem to share some revenue with creators, which is a bonus. Also, I’m talking about regular YT videos—shorts are crappy.
- I have been exploring the software for opening DICOM Images (A standard for medical images). I found Weasis. I have used 3DSlicer to convert MRI images into STL files before. I just wanted to try a different tool. In comparison, 3DSlicer appears to be much more capable than Weasis. But Weasis is simple, easy, and good enough if you just want a viewer to explore or export images.
- I want to map my weekly notes to a “My Life in a Weeks” kind of graph. Have it show some highlights and also link to the post when I have them. Since they don’t exactly match, I will have to play around with it.
- If you enjoy opening things and peeking into what they have, then you might like Pallav’s blog—also updated BlogRing after a long time. I am very close to cataloging 100 blogs.
- I was using Glitch (is dead) to deploy data projects using Datasette. I moved it to Datasette lite, and now it runs entirely in the user’s browser.
- I wrote a simple map app with all the navigation shortcuts so one doesn’t have to enter addresses into apps. You can click on a link and book an Ola or Uber to the given address, etc. Take a look at PoI, the National Gallery of Modern Art, BLR. The app uses either deep links or web links to fill in the address and utilizes OpenLocationCode. I will explore and add more services. It’s inspired by Wikipedia’s GeoHack page.
- I love the web. I don’t think there’s a platform that’s as beginner-friendly, yet as forgiving, and yet as capable. Just like blogs, I continue to collect simple websites and apps that are only possible due to the web. They are helpful, fun and also serve as an inspiration to build creative things. I usually share them on fediverse, but I also want to share them here for reach, discoverability, and inspiration. So expect a paragraph of links. Owls In Towels (Cute rescued owls in towels), We Love LAPD (aka fucklapd.com), TV Garden (once in a while, you want to see what Indian news channels are broadcasting), IPTV Community ( Community and API that powers TV Garden), AirlineMeals (largest online photo archive of inflight meals), OpenBenches (Crowdsourced memorial benches), WheelMap (map of wheelchair accessible places from OSM)—enough for this weekend.
You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

Subscribe

The post Weekly Notes 27/2025 first appeared on Thejesh GN.

Sahil Dhiman Secondary Authoritative Name Server Options for Self-Hosted Domains
In the past few months, I have moved authoritative name servers (NS) of two of my domains (sahilister.net and sahil.rocks) in house using PowerDNS. Subdomains of sahilister.net see roughly 320,000 hits/day across my IN and DE mirror nodes, so adding secondary name servers with good availability (in addition to my own) servers was one of my first priorities.

I explored the following options for my secondary NS, which also didn’t cost me anything:

1984 Hosting
- 1984 Hosting Company FreeDNS.
- Hosting provider from Iceland.
- AXFR over IPv4 only.
- Following secondaries are offered:
- Not all of NS support IPv6.
- Personally, I use ns1.1984.is which is hosted by Netnod, one of 13 root name servers and .SE ccTLD operator.
- Same infrastructure serves 1984.hosting as well.
Hurriance Electric
- Hurricane Electric Free DNS Hosting.
- One has to delegate NS towards one or more of ns[1-5]he.net to verify ownership. It does lead to a minor lame server period between NS addition and first zone transfer.
- Supports TSIG and DNSSEC pre-signed zones.
- Following secondaries are offered:
- The service went down when he.net domain was put on hold. NANOG thread and Hurricane Electric’s response there. Better not depend on just one external provider.
- Same infrastructure serves he.net as well.
Afraid.org
- FreeDNS at Afraid.org.
- Backup DNS option on left side menu on their website.
- Following secondary offered:
  - ns2.afraid.org
Puck
- PUCK Free Secondary DNS service.
- One person show, been long-standing though there seems to be manual approval of each account, which did take some time.
- Following secondary offered:
  - puck.nether.net
NS-Global
- NS-Global DNS Service.
- From FAQ, anycast with 16 POP, including 1 POP in Tokyo.
- Kenneth Finnegan’s blog post carries how this came to be. Same person who also pulled off the Fremont Cabal Internet Exchange and MicroMirror CDN project.
- Following secondary is offered:
  - ns-global.kjsl.com
- ns-global.kjsl.com uses Afraid.org, Puck and their NS for their own zone.
Asking friends

Two of my friends and fellow mirror hosts have their own authoritative name server setup, Shrirang (ie albony) and Luke. Shirang gave me another POP in IN and through Luke (who does have an insane amount of in-house NS, see dig ns jing.rocks +short), I added a JP POP.

If we know each other, I would be glad to host a secondary NS for you in (IN and/or DE locations).

Some notes
- Adding a third-party secondary is putting trust that the third party would serve your zone right.
- Hurricane Electric and 1984 hosting provide multiple NS. One can use some or all of them. Ideally, you can get away with just using your own with full set from any of these two. Play around with adding and removing secondaries, which gives you the best results. . Using everyone is anyhow overkill, unless you have specific reasons for it.
- Moving NS in-house isn’t that hard. Though, be prepared to get it wrong a few times (and some more). I have already faced partial outages because:
  - Recursive resolvers (RR) in the wild behave in a weird way and cache the wrong NS response for longer time than in TTL.
  - NS expiry took more than time. 2 out of 3 of my Netim’s NS (my domain registrar) had stopped serving my domain, while RRs in the wild hadn’t picked up my new in-house NS. I couldn’t really do anything about it, though.
  - Dot is pretty important at the end.
  - With HE.net, I forgot to delegate my domain on their panel and just added in my NS set, thinking I’ve already done so (which I did but for another domain), leading to a lame server situation.
- In terms of serving traffic, there’s no distinction between primary and secondary NS. RR don’t really care who they’re asking the query to. So one can have hidden primary too.
- I initially thought of adding periodic RIPE Atlas measurements from the global set but thought against it as I already host a termux mirror, which brings in thousands of queries from around the world leading to a diverse set of RRs querying my domain already.
- In most cases, query resolution time would increase with out of zone NS servers (which most likely would be in external secondary). 1 query vs. 2 queries. Pay close attention to ADDITIONAL SECTION Shrirang’s case followed by mine:
```
$ dig ns albony.in

; <<>> DiG 9.18.36 <<>> ns albony.in
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60525
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;albony.in.			IN	NS

;; ANSWER SECTION:
albony.in.		1049	IN	NS	ns3.albony.in.
albony.in.		1049	IN	NS	ns4.albony.in.
albony.in.		1049	IN	NS	ns2.albony.in.
albony.in.		1049	IN	NS	ns1.albony.in.

;; ADDITIONAL SECTION:
ns3.albony.in.		1049	IN	AAAA	2a14:3f87:f002:7::a
ns1.albony.in.		1049	IN	A	82.180.145.196
ns2.albony.in.		1049	IN	AAAA	2403:44c0:1:4::2
ns4.albony.in.		1049	IN	A	45.64.190.62
ns2.albony.in.		1049	IN	A	103.77.111.150
ns1.albony.in.		1049	IN	AAAA	2400:d321:2191:8363::1
ns3.albony.in.		1049	IN	A	45.90.187.14
ns4.albony.in.		1049	IN	AAAA	2402:c4c0:1:10::2

;; Query time: 29 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Fri Jul 04 07:57:01 IST 2025
;; MSG SIZE  rcvd: 286
```
vs mine
```
$ dig ns sahil.rocks

; <<>> DiG 9.18.36 <<>> ns sahil.rocks
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64497
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;sahil.rocks.			IN	NS

;; ANSWER SECTION:
sahil.rocks.		6385	IN	NS	ns5.he.net.
sahil.rocks.		6385	IN	NS	puck.nether.net.
sahil.rocks.		6385	IN	NS	colin.sahilister.net.
sahil.rocks.		6385	IN	NS	marvin.sahilister.net.
sahil.rocks.		6385	IN	NS	ns2.afraid.org.
sahil.rocks.		6385	IN	NS	ns4.he.net.
sahil.rocks.		6385	IN	NS	ns2.albony.in.
sahil.rocks.		6385	IN	NS	ns3.jing.rocks.
sahil.rocks.		6385	IN	NS	ns0.1984.is.
sahil.rocks.		6385	IN	NS	ns1.1984.is.
sahil.rocks.		6385	IN	NS	ns-global.kjsl.com.

;; Query time: 24 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Fri Jul 04 07:57:20 IST 2025
;; MSG SIZE  rcvd: 313
```
- Theoretically speaking, a small increase/decrease in resolution would occur based on the chosen TLD and the popularity of the TLD in query originators area (already cached vs. fresh recursion).
- One can get away with having only 3 NS (or be like Google and have 4 anycast NS or like Amazon and have 8 or like Verisign and make it 13 :P).
- Nowhere it’s written, your NS needs not to be called dns* or ns1, ns2 etc. Get creative with naming NS; be deceptive with the naming :D.
- A good understanding of RR behavior can help engineer a good authoritative NS system.
Further reading
- RFC 2182: Selection and Operation of Secondary DNS Servers is a good read on what to consider while choosing secondaries.
- RFC 1537: Common DNS Operational and Configuration Errors.
- DNS Nameservers by Geoff Huston gives a good overview of how common RRs behave. Another link from the same article is Recursives in the Wild:Engineering Authoritative DNS Servers.
- DNS Nameservers: Service Platforms and Resilience by Geoff Huston.
- Looking at Centrality in the DNS by Geoff Huston.

July 02, 2025

Thejeshgn GN Cinema Sundays with My Parents

I watched so many (probably hundreds?) movies with my parents as a child and a teenager. We mostly saw them in theaters; in fact, there was no other option. The first set I remember is Premaloka and Ranadheera, directed by Ravichandran. Both were remakes, but it didn’t matter.

Premaloka was released in 1987 and was a major hit. I remember watching it in the theater with my parents. Motorcycle, songs, and Juhi Chawla are all I remember, nothing else.

Premaloka Movie Poster

I watched Ranadheera in 1988/89 in theatres at Majestic (Kalpana Theater?) as a 9-year-old boy. It was not a children’s film per se, although in the movie (Yes, the movie starts and ends with the director’s cameo), director Ravichandran narrates a love story to schoolchildren. It remained one of my favorite films for two reasons: the songs and the climax, which ended in a song with a magical twist.

There used to be days for going to the movies and eating out. I have fond memories of going out with my parents on Sundays—traveling 35 km in a BTS (Bangalore Transport Service, before BMTC) bus to Majestic. We’d watch a movie, eat masala dose, then catch another first-show film, eat again, and return late on the last bus. The BTS driver often waited for us at Majestic (Now Kempegowda Bus Station) if we were running late—he knew us, and it was the last service of the day. Those late evening bus rides used to be so much fun.

I remembered all that today while listening to my old playlist, which had a bunch of songs from those two movies—still my favorites. In addition to the quality of the songs, I think they’ve stayed favorites because they’re tied to so many good memories.

You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

Subscribe

The post Cinema Sundays with My Parents first appeared on Thejesh GN.

June 30, 2025

KhubsuratInsaan An Experiment in Delhi School of Economics

I recently shifted my site from insaan.codeberg.page to khubsuratinsaan.codeberg.page. My site will continue to exist at the old URL till someone claims it. Please update your bookmark and RSS feed.

The Centre for Development Economics at Delhi School of Economics is a research institute funded by the central government to conduct research in Economics. A few days ago, Mrs Rubina, my microeconomics professor, shared an invitation from CDE about a ‘social experiment.’ The language of the invitation was very vague, and I was unable to determine if the students would be subjects or moderators in the project. Though the idea of being a subject is less enticing than that of being a moderator, it was still preferable to doing nothing. Hence, I signed up for the project and appeared on the campus at the allotted time.

The game started once 3 people arrived in the lab. In the game, we were paired with 2 people from the player pool and emulate 16 rounds of a special type of the “public goods problem.” In each round, every person was given ₹4. Out of these ₹4, a person could donate an amount x‎, double it, and distribute it among the other two players. As the instructions put it: the return on investment is zero. I quickly understood that the socially optimal decision would be for each person to donate all of their wealth, and the Nash equilibrium would be achieved by each person donating nothing.

Since I was in my rebel mode, I decided to donate all of my money in almost all of the rounds. Result: I got ₹29 at the end of the experiment, while player 3 got more than ₹100. You might be wondering, how was I able to get those ₹29? The simple answer is that player 1 also decided to contribute some money, though they followed the strategy of donating nothing for most of the rounds. A more nuanced answer would also involve why they contributed that money. Unfortunately, I missed the chance to talk to them after the experiment and, hence, that question would remain unanswered.

This was my first time experiencing a social experiment in a laboratory. Even though I was just a subject, I learned a lot of things from it. I spotted that the moderators were cutting corners on some fronts, though I admired the length of distance they were maintaining between themselves and the subjects. I noticed some difference in the way the researcher treated the winners and the losers. I saw that they were using a locally hosted website for the game and Google Forms to collect non-game data. (Ugh.) And, of course, I came to know through talking to other people that most people indeed donated almost nothing in the experiment.

At the end of the experiment, I was asked “keeping in view this experiment, rate the trustworthiness of people.” I reminded myself of how player 1 gave me money though it resulted in so many losses for them. Finally I chose a score of 4 out of 5.

June 27, 2025

Thejeshgn GN Weekly Notes 26/2025
The only thing I miss about working remotely is being around people. I enjoy meeting people outside of work, such as over coffee or during lunch breaks. Even working remotely, I have tried to go out and meet and work with people at least once a week. However, for some reason, I didn’t return to that mode after COVID-19. Now I plan to; I am slowly attending events, conferences, and the like. I also plan to work one day a week outside with others, possibly organizing a DataMeet; let’s see.

We got two Strawberries from our kitchen plant :)
- I was at the IndieWeb Meetup on Sunday, organized by Tanvi and Ankur. I also wrote a blog post as part of their writing session. It was fun. I also got to meet many new and familiar faces IRL. Haripriya, Suneela, and Yeswanth.
- I was at VizChitra today. I met many DataMeeters, including Anand and Rukmini, who were keynoting. I was mostly there to meet people, and that worked out wellâ€”Sai, Anand Chitipothu, Rohit, Nemo, Karan, Noopur, and many more. I also got to see Jackerhack’s new cube.
- I met college friends over the weekend at the Skydeck. They were playing 2000s music, such as Bryan Adams, Enrique, and Backstreet Boys, among others. Which kind of matched the people I was meeting. We were in college in 2000.
- I need to remember to take pictures when I meet people. I often forget. Please remind me if you meet me next time and if you’re interested.
- Work has been interesting, and I am at it. I hope to write about it soon.
- The pain has returned, although not to its original level, but rather at around 4/10. I am still doing physiotherapy, unlike last time.
- So, they have officially started yet another war. In 2004/5, when I was in the USA, It was George W Bush’s time. I was warned multiple times not to speak against war. And the younger me thought it would improve in the future; here we are in 2024/5, and the world is going through multiple wars and genocide, and yet you can’t speak against them, even in India.
- Since LLMs are built based on crowdsourced data (i.e., the web), should they be referred to as Crowd Intelligence (C.I.) rather than A.I? Also, they have the “common sense” of the crowd, no?
- A Family Court in MP admits WhatsApp chats procured illegally using spyware as evidence in a matrimonial dispute. Does that mean spying on your spouse is allowed in India?
You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

Subscribe

The post Weekly Notes 26/2025 first appeared on Thejesh GN.

June 22, 2025

Thejeshgn GN Godless but not joyless

So, when you don’t believe in God or follow a specific religion, what do you celebrate with others? Just because I’m not religious doesn’t mean I’m anti-social—I still want to spend time with family and friends, which often happens around religious festivals.

Christmas 2024

Lately, I’ve been thinking about turning religious festivals into social events. For example:

Christmas becomes a time to decorate the house, meet friends, and enjoy good food.

Yugadi or Hosa Thodaku could be about playing games with friends and sharing a great meal.

Ramzan becomes a chance for food walks with friends.

Deepavali could focus on cleaning the house, lighting lamps, and maybe reading or sharing poetry.

That gives us one festival every quarter. Besides that, we have around five birthdays to celebrate each year.

Really, all you need is good company, good food, and a reason to come together—and that reason can be anything you choose to create.

Note: This post was in my head for a long time but I wrote it as part of the writing session at IndieWebClub Bangalore #4.

You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

Subscribe

The post Godless but not joyless first appeared on Thejesh GN.

Sahil Dhiman Case of (broken) maharashtra.gov.in Authoritative Name Servers

Maharashtra is a state here in India, which has Mumbai, the financial capital of India, as its capital. maharashtra.gov.in is the official website of the State Government of Maharashtra. We’re going to talk about authoritative name servers serving it (and bunch of child zones under maharashtra.gov.in).

Here’s a simple trace for the main domain:

$ dig +trace maharashtra.gov.in

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> +trace maharashtra.gov.in
;; global options: +cmd
.            33128    IN    NS    j.root-servers.net.
.            33128    IN    NS    h.root-servers.net.
.            33128    IN    NS    l.root-servers.net.
.            33128    IN    NS    k.root-servers.net.
.            33128    IN    NS    i.root-servers.net.
.            33128    IN    NS    g.root-servers.net.
.            33128    IN    NS    f.root-servers.net.
.            33128    IN    NS    e.root-servers.net.
.            33128    IN    NS    b.root-servers.net.
.            33128    IN    NS    d.root-servers.net.
.            33128    IN    NS    c.root-servers.net.
.            33128    IN    NS    m.root-servers.net.
.            33128    IN    NS    a.root-servers.net.
.            33128    IN    RRSIG    NS 8 0 518400 20250704050000 20250621040000 53148 . pGxGZftwj+6VNTSQtstTKVN95Z7/b5Q8GSjRCXI68GoVYbVai9HNelxs OGIRKL4YmSrsiSsndXuEsBuvL9QvQ+qbybNLkekJUAiicKYNgr3KM3+X 69rsS9KxHgT2T8/oqG8KN8EJLJ8VkuM2PJ2HfSKijtF7ULtgBbERNQ4i u2I/wQ7elOyeF2M76iEOa7UGhgiBHSBqPulsbpnB//WbKL71yyFhWSk0 tiFEPuZM+iLrN2qBsElriF4kkw37uRHq8sSGcCjfBVdkpbb3/Sb3sIgN /zKU17f+hOvuBQTDr5qFIymqGAENA5UZ2RQjikk6+zK5EfBUXNpq1+oo 2y64DQ==
;; Received 525 bytes from 9.9.9.9#53(9.9.9.9) in 3 ms

in.            172800    IN    NS    ns01.trs-dns.com.
in.            172800    IN    NS    ns01.trs-dns.net.
in.            172800    IN    NS    ns10.trs-dns.org.
in.            172800    IN    NS    ns10.trs-dns.info.
in.            86400    IN    DS    48140 8 2 5EE4748C2069B99C98BC39A56881A64AF17CC78711E6297D43AC5A4F 4B5BB6E5
in.            86400    IN    RRSIG    DS 8 1 86400 20250704050000 20250621040000 53148 . jkCotYosapreoKKPvr9zPOEDECYVe9OtJLjkQbFfTin8uYbm/kdWzieW CkN5sabif5IHTFU4FEVOShfu4DFeUolhNav56TPKjGqEGjQ7qCghpqTj dNN4iY2s8BcJ2ujHwhm6HRfdbQRVoKYQ73UUZ+oWSute6lXWHE9+Snk2 1ZCAYPdZ2s1s7NZhrZW2YXVw/nHIcRl/rHqWIQ9sgUlsd6MwmahcAAG+ v15HG9Q48rCG1A2gJlJPbxWpVe0EUEu8LzDsp+ORqy1pHhzgJynrJHJz qMiYU0egv2j7xVPSoQHXjx3PG2rsOLNnqDBYCA+piEXOLsY3d+7c1SZl w9u66g==
;; Received 679 bytes from 199.7.83.42#53(l.root-servers.net) in 3 ms

maharashtra.gov.in.    900    IN    NS    ns8.maharashtra.gov.in.
maharashtra.gov.in.    900    IN    NS    ns9.maharashtra.gov.in.
maharashtra.gov.in.    900    IN    NS    ns10.maharashtra.gov.in.
maharashtra.gov.in.    900    IN    NS    ns18.maharashtra.gov.in.
maharashtra.gov.in.    900    IN    NS    ns20.maharashtra.gov.in.
npk19skvsdmju264d4ono0khqf7eafqv.gov.in. 300 IN    NSEC3 1 1 0 - P0KKR4BMBGLJDOKBGBI0KDM39DSM0EA4 NS SOA MX TXT RRSIG DNSKEY NSEC3PARAM
npk19skvsdmju264d4ono0khqf7eafqv.gov.in. 300 IN    RRSIG NSEC3 8 3 300 20250626140337 20250528184339 48544 gov.in. Khcq3n1Jn34HvuBEZExusVqoduEMH6DzqkWHk9dFkM+q0RVBYBHBbW+u LsSnc2/Rqc3HAYutk3EZeS+kXVF07GA/A486dr17Hqf3lHszvG/MNT/s CJfcdrqO0Q8NZ9NQxvAwWo44bCPaECQV+fhznmIaVSgbw7de9xC6RxWG ZFcsPYwYt07yB5neKa99RlVvJXk4GHX3ISxiSfusCNOuEKGy5cMxZg04 4PbYsP0AQNiJWALAduq2aNs80FQdWweLhd2swYuZyfsbk1nSXJQcYbTX aONc0VkYFeEJzTscX8/wNbkJeoLP0r/W2ebahvFExl3NYpb7b2rMwGBY omC/QA==
npk19skvsdmju264d4ono0khqf7eafqv.gov.in. 300 IN    RRSIG NSEC3 13 3 300 20250718144138 20250619135610 22437 gov.in. mbj7td3E6YE7kIhYoSlDTZR047TXY3Z60NY0aBwU7obyg5enBQU9j5nl GUxn9zUiwVUzei7v5GIPxXS7XDpk7g==
6bflkoouitlvj011i2mau7ql5pk61sks.gov.in. 300 IN    NSEC3 1 1 0 - 78S0UO5LI1KV1SVMH1889FHUCNC40U6T TXT RRSIG
6bflkoouitlvj011i2mau7ql5pk61sks.gov.in. 300 IN    RRSIG NSEC3 8 3 300 20250626133905 20250528184339 48544 gov.in. M2yPThQpX0sEf4klooQ06h+rLR3e3Q/BqDTSFogyTIuGwjgm6nwate19 jGmgCeWCYL3w/oxsg1z7SfCvDBCXOObH8ftEBOfLe8/AGHAEkWFSu3e0 s09Ccoz8FJiCfBJbbZK5Vf4HWXtBLfBq+ncGCEE24tCQLXaS5cT85BxZ Zne6Y6u8s/WPgo8jybsvlGnL4QhIPlW5UkHDs7cLLQSwlkZs3dwxyHTn EgjNWClhghGXP9nlvOlnDjUkmacEYeq5ItnCQjYPl4uwh9fBJ9CD/8LV K+Tn3+dgqDBek6+2HRzjGs59NzuHX8J9wVFxP7/nd+fUgaSgz+sST80O vrXlHA==
6bflkoouitlvj011i2mau7ql5pk61sks.gov.in. 300 IN    RRSIG NSEC3 13 3 300 20250718141148 20250619135610 22437 gov.in. raWzWsQnPkXYtr2v1SRH/fk2dEAv/K85NH+06pNUwkxPxQk01nS8eYlq BPQ41b26kikg8mNOgr2ULlBpJHb1OQ==
couldn't get address for 'ns18.maharashtra.gov.in': not found
couldn't get address for 'ns20.maharashtra.gov.in': not found
;; Received 1171 bytes from 2620:171:813:1534:8::1#53(ns10.trs-dns.org) in 0 ms

;; communications error to 10.187.202.24#53: timed out
;; communications error to 10.187.202.24#53: timed out
;; communications error to 10.187.202.24#53: timed out
;; communications error to 10.187.202.28#53: timed out
;; communications error to 10.187.203.201#53: timed out
;; no servers could be reached

Quick takeaways:

5 authoritative NS are listed ie:
- ns8.maharashtra.gov.in.
- ns9.maharashtra.gov.in.
- ns10.maharashtra.gov.in.
- ns18.maharashtra.gov.in.
- ns20.maharashtra.gov.in.
No address (no A/AAAA records) could be found for ns18.maharashtra.gov.in and ns20.maharashtra.gov.in. Internet Archive snapshots for bgp.tools at time of writing NS18 and NS20.
“communications error to 10.187.202.24#53: timed out”, “communications error to 10.187.202.28#53: timed out” and “communications error to 10.187.203.201#53: timed out” is likely due to RFC 1918 records for NS. Ofcourse, they will never respond on public internet.
Not in trace, but NS10 has private or empty A/AAAA record against it (detailed further down).
The query resolution failed with “no servers could be reached” ie we didn’t recieved any A/AAAA record for that query.

It’s a hit or miss for this DNS query resolution.

Looking at in zone data

Let’s look at NS added in zone itself (with 9.9.9.9):

$ dig ns maharashtra.gov.in

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> ns maharashtra.gov.in
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 172
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;maharashtra.gov.in.        IN    NS

;; ANSWER SECTION:
maharashtra.gov.in.    300    IN    NS    ns8.maharashtra.gov.in.
maharashtra.gov.in.    300    IN    NS    ns9.maharashtra.gov.in.

;; ADDITIONAL SECTION:
ns9.maharashtra.gov.in.    300    IN    A    10.187.202.24
ns8.maharashtra.gov.in.    300    IN    A    10.187.202.28

;; Query time: 180 msec
;; SERVER: 9.9.9.9#53(9.9.9.9) (UDP)
;; WHEN: Sat Jun 21 23:00:49 IST 2025
;; MSG SIZE  rcvd: 115

Pay special attention to “ADDITIONAL SECTION”. Running dig ns9.maharashtra.gov.in and dig ns8.maharashtra.gov.in, return RFC 1918 ie these private addresses. This is coming from zone itself, so in zone A records of NS8 and NS9 point to 10.187.202.28 and 10.187.202.24 respectively.

Cloudflare’s 1.1.1.1 has a slightly different version:

$ dig ns maharashtra.gov.in @1.1.1.1

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> ns maharashtra.gov.in @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36005
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;maharashtra.gov.in.        IN    NS

;; ANSWER SECTION:
maharashtra.gov.in.    300    IN    NS    ns8.
maharashtra.gov.in.    300    IN    NS    ns10.maharashtra.gov.in.
maharashtra.gov.in.    300    IN    NS    ns9.

;; Query time: 7 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Sun Jun 22 10:38:30 IST 2025
;; MSG SIZE  rcvd: 100

Interesting response here for sure :D.

The reason for difference between response from 1.1.1.1 and 9.9.9.9 is in the next section.

Looking at parent zone

gov.in is the parent zone here. Tucows is operator for gov.in as well as .in ccTLD zone:

$ dig ns gov.in +short
ns01.trs-dns.net.
ns01.trs-dns.com.
ns10.trs-dns.org.
ns10.trs-dns.info.

Let’s take a look at what parent zone (NS) hold:

$ dig ns maharashtra.gov.in @ns01.trs-dns.net.

; <<>> DiG 9.18.36 <<>> ns maharashtra.gov.in @ns01.trs-dns.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56535
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 6
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: f13027aa39632404010000006856fa2a9c97d6bbc973ba4f (good)
;; QUESTION SECTION:
;maharashtra.gov.in.        IN    NS

;; AUTHORITY SECTION:
maharashtra.gov.in.    900    IN    NS    ns8.maharashtra.gov.in.
maharashtra.gov.in.    900    IN    NS    ns18.maharashtra.gov.in.
maharashtra.gov.in.    900    IN    NS    ns10.maharashtra.gov.in.
maharashtra.gov.in.    900    IN    NS    ns9.maharashtra.gov.in.
maharashtra.gov.in.    900    IN    NS    ns20.maharashtra.gov.in.

;; ADDITIONAL SECTION:
ns20.maharashtra.gov.in. 900    IN    A    52.183.143.210
ns18.maharashtra.gov.in. 900    IN    A    35.154.30.166
ns10.maharashtra.gov.in. 900    IN    A    164.100.128.234
ns9.maharashtra.gov.in.    900    IN    A    103.23.150.89
ns8.maharashtra.gov.in.    900    IN    A    103.23.150.88

;; Query time: 28 msec
;; SERVER: 64.96.2.1#53(ns01.trs-dns.net.) (UDP)
;; WHEN: Sun Jun 22 00:00:02 IST 2025
;; MSG SIZE  rcvd: 248

The ADDITIONAL SECTION gives a completely different picture (different from in zone NSes). Maybe this was how it was supposed to be, but none of the IPs listed for NS10, NS18 and NS20 are responding to any DNS query.

Assuming NS8 as 103.23.150.88 and NS9 as 103.23.150.89, checking SOA on each gives following:

$ dig soa maharashtra.gov.in @103.23.150.88 +short
ns8.maharashtra.gov.in. postmaster.maharashtra.gov.in. 2013116777 1200 600 1296000 300

$ dig soa maharashtra.gov.in @103.23.150.89 +short
ns8.maharashtra.gov.in. postmaster.maharashtra.gov.in. 2013116757 1200 600 1296000 300

NS8 (which is marked as primary in SOA) has serial 2013116777 and NS9 is on serial 2013116757, so looks like the sync (IXFR/AXFR) between primary and secondary is broken. That’s why NS8 and NS9 are serving different responses, evident from the following:

$ dig ns8.maharashtra.gov.in @103.23.150.88 +short
103.23.150.88

$ dig ns8.maharashtra.gov.in @103.23.150.89 +short
10.187.202.28

$ dig ns9.maharashtra.gov.in @103.23.150.88 +short
103.23.150.89

$ dig ns9.maharashtra.gov.in @103.23.150.89 +short
10.187.202.24

$ dig ns maharashtra.gov.in @103.23.150.88 +short
ns9.
ns8.
ns10.maharashtra.gov.in.

$ dig ns maharashtra.gov.in @103.23.150.89 +short
ns9.maharashtra.gov.in.
ns8.maharashtra.gov.in.

$ dig ns10.maharashtra.gov.in @103.23.150.88 +short
10.187.203.201

$ dig ns10.maharashtra.gov.in @103.23.150.89 +short

# No/empty response ^

This is the reason for difference in 1.1.1.1 and 9.9.9.9 responses in previous section.

To summarize:

Primary and secondary NS aren’t in sync. Serials aren’t matching, while NS8 and NS9 are responding differently for same queries.
NSes have A records with private address, not reachable on the internet, so lame servers.
Incomplete NS address, not even FQDN in some cases.
Difference between NS delegated in parent zone and NS added in actual zone.
Name resolution works in very particular order (in my initial trace it failed).

Initially, I thought of citing RFCs, but I don’t really think it’s even required. 1.1.1.1, 8.8.8.8 and 9.9.9.9 are handling (lame servers, this probelm) well, handing out the A record for the main website, so dig maharashtra.gov.in would mostly pass and that was the reason I started this post with +trace to recurse the complete zone to show the problem.

For later reference:

$ dig maharashtra.gov.in @8.8.8.8 +short
103.8.188.109

Email to SOA address

I have sent the following email to address listed in SOA:

Subject - maharashtra.gov.in authoritative DNS servers not reachable

Hello,

I wanted to highlight the confusing state of maharashtra.gov.in authoritative DNS servers.

Parent zone list following as name servers for your DNS zone:

ns8.maharashtra.gov.in.
ns18.maharashtra.gov.in.
ns10.maharashtra.gov.in.
ns9.maharashtra.gov.in.
ns20.maharashtra.gov.in.

Out of these, ns18 and ns20 don’t have public A/AAAA records and are thus not reachable. ns10 keeps on shuffling between NO A record and 10.187.203.201 (private, not reachable address). ns8 keeps on shuffling between 103.23.150.88 and 10.187.202.28 (private, not reachable address). ns9 keeps on shuffling between 103.23.150.89 and 10.187.202.24 (private, not reachable address).

These are leading to long, broken, or no DNS resolution for the website(s). Can you take a look at the problem?

Regards, Sahil

I’ll update here if I get a response. Hopefully, they’ll listen and fix their problem.

June 21, 2025

Ravi Dwivedi Getting Brunei visa
In December 2024, my friend Badri and I were planning a trip to Southeast Asia. At this point, we were planning to visit Singapore, Malaysia and Vietnam. My Singapore visa had already been approved, and Malaysia was visa-free for us. For Vietnam, we had to apply for an e-visa online.

We considered adding Brunei to our itinerary. I saw some videos of the Brunei visa process and got the impression that we needed to go to the Brunei embassy in Kuching, Malaysia in person.

However, when I happened to search for Brunei on Organic Maps¹, I stumbled upon the Brunei Embassy in Delhi. It seemed to be somewhere in Hauz Khas. As I was going to Delhi to collect my Singapore visa the next day, I figured I’d also visit the Brunei Embassy to get information about the visa process.

The next day I went to the location displayed by Organic Maps. It was next to the embassy of Madagascar, and a sign on the road divider confirmed that I was at the right place.

That said, it actually looked like someone’s apartment. I entered and asked for directions to the Brunei embassy, but the people inside did not seem to understand my query. After some back and forth, I realized that the embassy wasn’t there.

I now searched for the Brunei embassy on the Internet, and this time I got an address in Vasant Vihar. It seemed like the embassy had been moved from Hauz Khas to Vasant Vihar. Going by the timings mentioned on the web page, the embassy was closing in an hour.

I took a Metro from Hauz Khas to Vasant Vihar. After deboarding at the Vasant Vihar metro station, I took an auto to reach the embassy. The address listed on the webpage got me into the correct block. However, the embassy was still nowhere to be seen. I asked around, but security guards in that area pointed me to the Burundi embassy instead.

After some more looking around, I did end up finding the embassy. I spoke to the security guards at the gate and told them that I would like to know the visa process. They dialled a number and asked that person to tell me the visa process.

I spoke to a lady on the phone. She listed the documents required for the visa process and mentioned that the timings for visa application were from 9 o’clock to 11 o’clock in the morning. She also informed me that the visa fees was ₹1000.

I also asked about the process Badri, who lives far away in Tamil Nadu and cannot report at the embassy physically. She told me that I can submit a visa application on his behalf, along with an authorization letter.

Having found the embassy in Delhi was a huge relief. The other plan - going to Kuching, Malaysia - was a bit uncertain, and we didn’t know how much time it would take. Getting our passport submitted at an embassy in a foreign country was also not ideal.

A few days later, Badri sent me all the documents required for his visa. I went to the embassy and submitted both the applications. The lady who collected our visa submissions asked me for our flight reservations from Delhi to Brunei, whereas ours were (keeping with our itinerary) from Kuala Lampur. She said that she might contact me later if it was required.

For reference, here is the list of documents we submitted -
- Visa application form
- Passport
- A photocopy of passport
- Authorization letter from Badri (authorizing me to submit his application on his behalf)
- Airline ticket itinerary
- Hotel bookings
- Cover letter
- 2 photos
- Proof of employment
- 6 months bank statement (they specifically asked for ₹1,00,000 or more in bank balance)
I then asked about the procedure to collect the passports and visa results. Usually, embassies will tell you that they will contact you when they have decided on your applications. However, here I was informed that if they don’t contact me within 5 days, I can come and collect our passports and visa result between 13:30-14:30 hours on the fifth day. That was strange :)

I did visit the embassy to collect our visa results on the fifth day. However, the lady scolded me for not bringing the receipt she gave me. I was afraid that I might have to go all the way back home and bring the receipt to get our passports. The travel date was close, and it would take some time for Badri to receive his passport via courier as well.

Fortunately, she gave me our passports (with the visa attached) and asked me to share a scanned copy of the receipt via email after I get home.

We were elated that our visas were approved. Now we could focus on booking our flights.

If you are going to Brunei, remember to fill their arrival card from the website within 48 hours of your arrival!

Thanks to Badri and Contrapunctus for reviewing the draft before publishing the article.
1. Nowadays, I prefer using Comaps instead of Organic Maps and recommend you do the same. Organic Maps had some issues with its governance and the community issues weren’t being addressed. ↩︎

June 15, 2025

Sahil Dhiman A Look at .UA ccTLD Authoritative Name Servers
I find the case of the .UA country code top level domain (ccTLD) interesting simply because of the different name server secondaries they have now. Post Russian invasion, the cyber warfare peaked, and critical infrastructure like getting one side ccTLD down would be big news in anycase.

Most (g/cc)TLDs are served by two (and less likely) by three or more providers. Even in those cases, not all authoritative name servers are anycasted.

Take, example of .NL ccTLD name servers:
```
$ dig ns nl +short
ns1.dns.nl.
ns3.dns.nl.
ns4.dns.nl.
```
ns1.dns.nl is SIDN which also manages their registry. ns3.dns.nl is ReCodeZero/ipcom, another anycast secondary. ns4.dns.nl is CIRA, anycast secondary. That’s 3 diverse, anycast networks to serve the .NL ccTLD. .DE has a bit more at name servers at 6 but only 3 seems anycasted.

Now let’s take a look at .UA. Hostmaster LLC is the registry operator of the .UA ccTLD since 2001.
```
$ dig soa ua +short
in1.ns.ua. domain-master.cctld.ua. 2025061434 1818 909 3024000 2020
```
Shows in1.ns.ua as primary nameserver (which can be intentionally deceptive too).

I used bgp.tools for checking anycast and dns.coffee for timeline of when secondary nameserver was added. dns.coffee only has data going back till 2011 though.

Let’s deep dive at who’s hosting each of the name servers:

in1.ns.ua by Intuix LLC
- 74.123.224.40
- 2604:ee00:0:101:0:0:0:40
- unicast
- Serving .UA since 13/12/2018.
- Company by Dmitry Kohmanyuk and Igor Sviridov who’re administrative and technical contacts for .UA zone as well as the IANA DB.
ho1.ns.ua by Hostmaster LLC
- 195.47.253.1
- 2001:67c:258:0:0:0:0:1
- bgp.tools doesn’t mark the prefix as anycast but basis test from various location, this is indeed anycasted (visible in atleast DE, US, UA etc.). Total POPs unknown.
- Serving .UA atleast since 2011.
- The registry themselves.
bg.ns.ua by ClouDNS
- 185.136.96.185 and 185.136.97.185
- 2a06:fb00:1:0:0:0:4:185 and 2a06:fb00:1:0:0:0:2:185
- anycast
- Serving .UA since 01/03/2022.
- atleast 62 PoPs
cz.ns.ua by NIC.cz
- 185.43.134.15
- 2001:148f:fffd:0:0:0:0:15
- anycast
- atleast 11 PoPs.
- Serving .UA since 29/03/2024. NIC.cz adding secondary server blog.
- .CZ operator.
nn.ns.ua by Netnod
- 194.58.197.4
- 2a01:3f1:c001:0:0:0:0:53
- anycast
- atleast 80 PoPs.
- Serving .UA since 01/12/2022.
- Netnod has the distinction of being one of the 13 root server operator (i.root-servers.net) and .SE operator.
pch.ns.ua by PCH
- 204.61.216.12
- 2001:500:14:6012:ad:0:0:1
- anycast
- atleast 328 POPs.
- Serving .UA atleast since 2011.
- “With more than 36 years of production anycast DNS experience, two of the root name server operators and more than 172 top-level domain registries using our infrastructure, and more than 120 million resource records in service” from https://www.pch.net/services/anycast.
rcz.ns.ua by RcodeZero
- 193.46.128.10
- 2a02:850:ffe0:0:0:0:0:10
- anycast
- Atleast 56 PoPs via 2 different cloud providers.
- Serving .UA since 04/02/2022.
- sister company of nic.at (.AT operator).
Some points to note
- That’s 1 unicast and 6 anycast name servers with hundreds of POPs from 7 different organizations.
- Having X number of Point of Presence (POP) doesn’t always mean each location is serving the .UA nameserver prefix.
- Number of POPs keeps going up or down based on operational requirements and optimizations.
- Highest concentration of DNS queries for a ccTLD would essentially originate in the country (or larger region) itself. If one of the secondaries doesn’t have POP inside UA, the query might very well be served from outside the country, which can affect resolution and may even stop during outages and fiber cuts (which have become common there it seems). - Global POPs do help in faster resolutions for others/outside users though and ofcourse availability.
- Having this much diversity does lessen the chance of the ccTLD going down. Theoretically, the adversary has to bring down 7 different “networks/setups” before resolution starts failing (post TTLs expiry).
Read more links
- Delegation record for .UA at IANA.
- Panel discussion: “Running a top level domain in times of war” at CyberChess 2023 with .UA operators post the invasion.
- History of .UA domain on Hostmaster LLCs website.
- .UA ccTLD overview talk presentation at ENOG 2011.
- RIPE NCC’s DNS Monitoring Service (DNSMON) page for .UA.

May 27, 2025

Ravi Dwivedi Singapore Visa Process
In November 2024, Badri and I applied for a Singapore visa to visit the country. To apply for a Singapore visa, you need to visit an authorized travel agent listed by the Singapore High Commission on their website. Unlike the Schengen visa (where only VFS can process applications), the Singapore visa has many authorized travel agents to choose from. I remember that the list mentioned as many as 25 authorized agents in Chennai. For my application, I randomly selected Ria International in Karol Bagh, New Delhi from the list.

Further, you need to apply not more than a month before your travel dates. As our travel dates were in December, we applied in the month of November.

For your reference, I submitted the following documents:
- Passport
- My photograph (35 mm x 45 mm)
- Visa application form (Form 14A)
- Cover letter to the Singapore High Commission, New Delhi
- Proof of employment
- Hotel booking
- Flight ticket (reservations are sufficient)
- Bank account statement for the last 6 months
I didn’t have my photograph in the specified dimensions, so the travel agent took my photo on the spot. The visa application was ₹2,567. Furthermore, I submitted my application on a Saturday and received a call from the travel agent on Tuesday informing me that they had received my visa from the Singapore High Commission.

The next day, I visit the travel agent’s office and picked up my passport and a black and white copy of my e-visa. Later, I downloaded a PDF of my visa from the website mentioned on it, and took a colored printout myself.

Singapore granted me a multiple-entry visa for 2 months, even though I had applied for a 4-day single-entry visa. We were planning to add more countries to this trip; therefore, a multiple-entry visa would be helpful in case we wanted to use Singapore Airport, as it has good connectivity. However, it turned out that flights from Kuala Lumpur were much cheaper than those from Singapore, so we didn’t enter Singapore again after leaving.

Badri also did the same process but entirely remotely—he posted the documents to the visa agency in Chennai, and got his e-visa in a few days followed by his original passport which was delivered by courier.

He got his photo taken in the same dimensions mentioned above, and printed as matte finish as instructed. However, the visa agents asked why his photo was looking so faded. We don’t know if they thought the matte finish was faded or what. To rectify this, Badri emailed them a digital copy of the photo to them (both the cropped version and the original) and they handled the reprinting on their end (which he never got to see).

Before entering Singapore, we had to fill an arrival card - an online form asking a few details about our trip - within 72 hours of our arrival in Singapore.

That’s it for now. Meet you in the next post.

Thanks to Badri for reviewing the draft.

May 23, 2025

S. Badri Towards a Password-Mukt XMPP

These days, a password is, more often than not, a single-use affair. One hurriedly settles upon a password while signing up to some new account or other. By the time one needs to sign in again, the password almost invariably eludes the memory, resurfacing only after the password reset process has been completed.
This poses something of a problem in XMPP-land. In an attempt to keep data collection to a bare minimum, many servers ask only for a preferred username and password. With no further information, how can they verify it's really you in order to reset your password? And if you don't go through the motions of resetting your password, what hope does your memory have of retrieving the old one?
To prevent their users from being locked out of their accounts, some XMPP providers allow you to set a recovery email address, to which password reset details may be forwarded when the occasion arises. Allowing for the privacy-minded, this recovery email is often made optional: a good thing, though unfortunate for those optimists who think they will remember their passwords without fail, until they realise they actually don't.
A bigger drawback with this setup is that, as of now, such extra fields are not supported in the in-app registration process. Server operators usually make custom HTTP pages for registration, which can collect all the additional information. This works effectively, but it means the user has to leave the app and (manually) open a web browser to complete registration before coming back to the app and (again, manually) entering their newly acquired login details. Perhaps not a major inconvenience on the scale of things, but certainly so on the scale of "hyper-polished corporate-backed apps that make it so easy to sign up you could almost do it by accident"!
As an aside, sending the user to an HTTP page to sign up is not necessarily a bad thing: it does let the server operator show off a bit more of their website and potentially highlight the fact that theirs is a service run by people, not merely some faceless corporation.
That said, I think it would be nice if, having taken the trouble to download and install an app, users could get started without having to leave it again.
To better blend in with the faceless corporations, Quicksy and Prav have reasoned thus: if people are going to reset their passwords almost every time they log in, why not use the password reset process as the default way to log in?
This is possible because Quicksy and Prav control both the client and the server of their respective services. Their "signing in" process involves entering a phone number to receive a one-time code on it, which can then be entered to authenticate the session. Internally, this is the point at which a new, randomly generated password is set for your client to use in future communications.
As you can see, it is, quite literally, nothing but a password reset process.
A problem with this is that signing in on a second device will change the password, rendering the account inaccessible to your first device. A workaround is to directly view or set the password on your first device, and enter that password on all subsequent devices to sign in the "normal" way. Of course, that means you lose out on the "passwordless" part and are back in the whole password routine.
Fortunately, the future seems to hold ways in which we can not only go passwordless, but also remain so.
When a client connects to a server for the first time, it usually has to authenticate itself—whether by a password or through some other means. But what about after the first time? That's where XEP-0484 or Fast Authentication Streamlining Tokens (FAST) comes in.
Once a connection is made, FAST lets the server give a special token to the client, which the client can then use for future authentications. Practically, it's almost like the current Quicksy and Prav routine of setting a new password each time—except that the "password" is client-specific and doesn't affect the ability of the other clients to continue logging in.
FAST tokens have an expiry date, but one that can be automatically extended—so while your client that has been offline for two months may need re-authentication, the one that has been logging in every day for two months won't.
FAST solves the problem of "having to set a password after authentication" but what about the authentication process itself? This is a problem in two parts, because there are two different situations in which you'd want to log in to your account: the first time, and every time that comes after.
The first time you want to use XMPP, you don't have an account yet: you have to sign up or "register" one. The ubiquitous XEP-0077 In-Band Registration (IBR) defines a standardised way to do just that...but with a username and password, and, worse, with only a username and password. XMPP providers that want to collect more fields, such as an email address, or use something other than a password to authenticate, like a phone number, have to either host an external HTTP page or customise the client itself.
Or, they could use something like the experimental XEP-0389 Extensible In-Band Registration (nicknamed IBR2 or extensible IBR). This XEP replaces the single "username and password" form of IBR with a series of "challenges" and "responses", where a "challenge" can be simply "what's your preferred username and password?" but could also be "check your SMSes and enter the code we sent you there" or "enter the numbers in reverse order to prove you're not a robot". Like the original IBR, the extensible version is backed by XEP-0004 Data Forms, making it truly extensible to anything you want it to be.
For the HTTP-happy, there is "out of band" registration which automatically opening up a web browser and reads the response when done. This means server operators can potentially keep their existing web-based signup pages, but allow them to be seamlessly opened and closed by the app itself—possibly the best of both worlds.
Once you have an XMPP account, the current standard way to sign in is to negotiate an SASL connection, which decides the security features of your "stream"—the XMPP connection—but usually also involves your client passing in your username and password at some point.
Similar to extensible IBR, XEP-0388 Extensible SASL Profile builds upon the normal SASL negotiation process to let you add other options to the mix. The XEP gives an example of second-factor authentication through TOTP, but one can imagine using a challenge mechanism similar to extensible IBR to make a one-time code the only factor, rather than the second one.
Taking things a step further, perhaps we could handle new users by merely adding a "challenge" of "what username would your prefer?" thereby eliminating the need for "registration" altogether? Is there really that much difference, after all, between logging in for the first time and loggin in every other time?
The standards-minded reader would have noted, with some alarm, that by blithely using "authentication through SMSed code" we are replacing a truly independent and decentralised authentication mechanism—the password—with a rather more centralised one.
Fortunately, SMS is only one example. The same authentication code could just as easily be delivered by some other means, such as through email via SMTP, within an existing webapp, on a different messaging network like IRC...
...or through XMPP itself, to an already connected client of the user's. This would allow a user to sign in with a new XMPP client by authorising it using an already existing one.
While there is no XEP yet for "sign in to a new client by authorising with an existing one", there are a few bits and pieces that could be put together.
The simplest option is, of course, to do what we do on other networks and simply send an ordinary XMPP message saying "your password is so-and-so".
More interesting in XEP-0070 Verifying HTTP Requests via XMPP. THe original purpose of this XEP is to let an XMPP client authorise access to an HTTP client such as a web browser. When your web browser tries to load a page, the HTTP server forwards the request to your XMPP server, which passes it on to your client. On your end, you'll see a popup saying something like "Hey, should we allow browser with code so-and-so to access this page of yours?"
While it may matter to you whether the request originated from an HTTP request or it was just your server making things up, your XMPP client doesn't care. All it knows is that the server has sent an XEP-0070 authorisation request, to which you can answer either yea or nay.
That makes it a small matter for the server to "make up" an authorisation request when you try to sign in from another client. Any client with XEP-0070 support can handle it. It matters not if the original trigger at the other end is the SASL negotiation process for your newly installed chat client, rather than an HTTP request from your not-necessarily-newly-installed web browser.
Ironically, this setup would be quite helpful for web-based XMPP clients, where people may not be comfortable entering their XMPP passwords. Now, they can just authenticate the webclient via some other client instead! Needless to say, if this becomes a regular feature, it would be a good idea to define it as such in a separate XEP. This would allow for more levels of protection, and perhaps encryption key verification as well.
Wait, the security-minded reader may ask: what prevents a malicious server from serving a truly "made-up" authorislation request, allowing a random device to be logged in?
The answer is: nothing!—but the same goes for a server operator overwriting or reading your password as well. All the authorisation discussed here is between you and your server, or, more specifically, for you to prove your identity to your server. If the server decides to ignore that and let other people in too, there's nothing you can do to stop it at this level. That's why we have an added layer of end-to-end encryption, OMEMO keys, and all that jazz.
Incidentally, XEP-0070 (or whatever we develop to replace its interesting half) provides a good opportunity to conduct key signing or identity verification as well. The keys could be generated on your device before it attempts to log in, setting the stage for a more secured handshake above the server-mediated one.
Going a step further, this setup paired with XEP-0450 Automatic Trust Management (ATM) could pave the way for more decentralised logins, where one could log in with different JIDs and different XMPP servers and still be recognised by one's friends (and their XMPP clients) as the same person. But that's venturing into the territory of a whole different topic...
The XEP-0070 hack demonstrates that there is, in fact, a difference between logging in for the first time and logging in every other time. We can use it to log into an XMPP client if we already have other logged-in XMPP client, but surely we cannot claim to have "XMPP clients all the way down"!
So, how would the first XMPP client get authorised? One option is to return a FAST token during in-band registration, so the client can use that as its first connection.
Better still, if we are able to complete registration during SASL negotiation as I speculated about before, the client would automatically be authorised with a FAST token already! Perhaps we can have "XMPP clients all the way down" after all.
We now have a registration system that is not only purely XMPP based, but also entirely passwordless. Before we celebrate though, let's pause to see if we have really covered all our bases.
When online services require a phone number for registration, its purpose is twofold: to prove your specific identity as an individual, but also to prove, within a reasonable level of tolerance, your identity as a member of the human race. In other words, if you are able to receive SMSes through a standard phone number on the telecom network, chances are you're not a robot. This is necessary to prevent spurious signups from automated bots, who can then proceed to send spam messages across the inter XMPP network.
Alas! Our new passwordless mechanism accounts for the first problem but not the second.
Fortunately, this can be readily remedied by making full use of the "extensible" part of extensible IBR. There, we are free to add any other spam-prevention challenges such as additional questions, or if we update the spec accordingly, maybe even a CAPTCHA.
Another way to address this, using mechanisms that already exist, is based on social trust. The idea is to close off public registration and allow signups only using XEP-0401 Ad-hoc Account Invitation Generation. This XEP allows for account invitation links, that any existing user can generate and pass on to a prospective human user. It's up to them to keep the link to humans, of course.
Traditionally, invites open up the old password-based registration screen, but as before we can always skip the password part. Since the XEP allows suggesting a username along with the invitation, it would be possible for new users to be registered, authenticated, and signed in automatically—all by merely clicking on a link!
While this is a nice way to let humans bring other humans into the community, it only scratches the surface of what social trust can do.
It is a truth universally acknowledged, that a person in possession of a good authentication mechanism, will inadvertently lock themselves out with it. In our case, that would mean accidentally uninstalling the last logged-in client, or losing the device onto which it was installed.
This though is no different from doing the same with a password-based account and then forgetting the password. The simple solution is to implement a similar flow based on a second factor like an email or a phone number, which provides a fresh authentication token at the end of it: essentially, a "reset password" flow without the bit at the end where you actually set your password.
To make things more spicy, the Dark Crystal standard allows for account recovery through social trust. The idea is that your recovery information is broken up into pieces, which you can put back together when the time comes. The "social" part is that each piece is given to a different trusted contact for safekeeping.
If you ever get locked out, your account information remains safe with friends—or "in the minds of neighbouring families", if you will.
There is an assumption these days that every person has at least one personal computing device, which they carry with them wherever they go. More often than not, it is assumed that at least one of these devices is connected to the telecom network, which means it is capable of receiving messages via the SMS protocol.
Such assumptions have led to people using SMS and its related phone numbers as a proxy for individual identity, which poses something of a problem in situations where a person does not have a phone number, or where multiple people share the same phone number. Examples include multiple family members sharing the same phone, or a child who has not yet been deemed old enough to receive their own phone. The situation cuts both ways: it is likely that children are reciving their first phone number earlier than before precisely because so many authentication mechanisms require one.
A purely XMPP-based authentication mechanism solves the problem of phone number dependency—but what of the overarching assumption of a separate personal computing device for each person?
Imagine quickly signing into your friend's laptop to check messages, or borrowing a shared account on the family desktop when nobody else is using it. Such interactions used to be common—and are still easily possible—with basic email. On the messaging side, however, end-to-end encryption has made things harder, and a mandatory "sign in using an already-authenticated device" would make it nigh on impossible.
The only way to make this work easily is to use a trusted server, paired with an authentication key that can be carried anywhere and activated on any random device you come across. What fits the bill better than the humble password—which is always with you, right inside your head?
All this goes to show that passwords, though less popular, are far from obsolete—and may never be. However, for those who have trouble with them, there are now feasible alternatives. Thanks to the decentralised nature of XMPP, we don't have to fight between one or the other, rather offering multiple options, the better for each to choose their own.
Thanks to discussions with MSavoritias (fae,ve), Kris, edhelas, and others on the JoinJabber dev room for providing some of the ideas and inspiration behind this article.

May 13, 2025

Ravi Dwivedi KDE India Conference 2025

Last month, I attended the KDE India conference in Gandhinagar, Gujarat from the 4th to the 6th of April. I made my mind to attend when Sahil told me about his plans to attend and giving a talk.

A day after my talk submission, the organizer Bhushan contacted me on Matrix and informed me that my talk had been accepted. I was also informed that KDE will cover my travel and accommodation expenses. So, I planned to attend the conference at this point. I am a longtime KDE user, so why not ;)

I arrived in Ahmedabad, the twin city of Gandhinagar, a day before the conference. The first thing that struck me as soon as I came out of the Ahmedabad airport was the heat. I felt as if I was being cookedâ€”exactly how Bhushan put it earlier in the group chat. I took a taxi to get to my hotel, which was close to the conference venue.

Later that afternoon, I met Bhushan and Joseph. Joseph lived in Germany. Bhushan was taking him to get a SIM card, so I tagged along and got to roam around. Joseph was unsure about where to go after the conference, so I asked him what he wanted out of his trip and had conversations along that line.

Later, Vishal convinced him to go to Lucknow. Since he was adamant about taking the train, I booked a Tatkal train ticket for him to Lucknow. He was curious about how Tatkal booking works and watched me in amusement while I was booking the ticket.

The 4th of April marked the first day of the conference, with around 25 attendees. Bhushan started the day with an overview of KDE conferences in India, followed by Vishal, who discussed FOSS United’s activities. After the lunch, Joseph gave an overview of his campaign to help people switch from Windows to GNU/Linux due to environmental and security reasons. He continued his session in detail the next day.

Conference hall

A key takeaway for me from Joseph’s session was the idea pointed out by Adwaith: marketing GNU/Linux as a cheap alternative may not attract as much attention as marketing it as a status symbol. He gave the example of how the Tata Nano didn’t do well in the Indian market due to being perceived as a poor person’s car.

My talk was scheduled for the evening of the first day. I hadn’t prepared any slides because I wanted to make my session interactive. During my talk, I did an activity with the attendees to demonstrate the federated nature of XMPP messaging, of which Prav is a part. After the talk, I got a lot of questions, signalling engagement. The audience was cooperative (just like Prav ;)), contrary to my expectations (I thought they will be tired and sleepy).

On the third day, I did a demo on editing OpenStreetMap (referred to as “OSM” in short) using the iD editor. It involved adding points to OSM based on the students’ suggestions. Since my computer didn’t have an HDMI port, I used Subin’s computer, and he logged into his OSM account for my session. Therefore, any mistakes I made will be under Subin’s name. :)

On the third day, I attended Aaruni’s talk about backing up a GNU/Linux system. This was the talk that resonated with me the most. He suggested formatting the system with the btrfs file system during the installation, which helps in taking snapshots of the system and provides an easy way to roll back to a previous version if, for example, a file is accidentally deleted. I have tried many backup techniques, including this one, but I never tried backing up on the internal disk. I’ll certainly give this a try.

A conference is not only about the talks, that’s why we had a Prav table as well ;) Just kidding. What I really mean is that a conference is more about interactions than talks. Since the conference was a three-day affair, attendees got plenty of time to bond and share ideas.

Prav stall at the conference

Conference group photo

After the conference, Bhushan took us to Adalaj Stepwell, an attraction near Gandhinagar. Upon entering the complex, we saw a park where there were many langurs. Going further, there were stairs that led down to a well. I guess this is why it is called a stepwell.

Adalaj Stepwell

Later that day, we had Gujarati Thali for dinner. It was an all-you-can-eat buffet and was reasonably priced at 300 rupees per plate. Aamras (Mango juice) was the highlight for me. This was the only time we had Gujarati food during this visit. After the dinner, Aaruni dropped Sahil and I off at the airport. The hospitality was superb - for instance, in addition to Aaruni dropping us, Bhushan also picked up some of the attendees from the airport.

Finally, I would like to thank KDE for sponsoring my travel and accommodation costs.

Let’s wrap up this post here and meet you in the next one.

Thanks to contrapunctus and Joseph for proofreading.

May 09, 2025

Abhijith PA Bug squashing party, Kochi
Last weekend, 4 people (3 DDs and 1 soon to be, hopefully in coming months) sit together for a Bug squashing party in Kochi. We fixed lot of things including my broken autopkgtest setup.

It all began from a discussion in #debian-in of not having any BSPs in the past in India. Then twisted in to hosting a BSP by me. I fixed the dates to 3rd & 4th May to get packages migrate naturally to testing with NMUs before the hard freeze on 15th May.

Finding a venue was a huge challenge. Unlike other places, we have very limited options on hackerspaces. We also had some company spaces (if we asked), but we may have to follow their office timings and finding accommodation near by was also a challenge.

Later we decided to go with a rental apartment where could hack all night and sleep. We booked a very bare minimal apartment for 3 nights and 3 days. I updated wiki page and sent announcement.

Not even Wi-Fi was there in the apartment, so we setup everything by ourselves (DebConf style :p ). I short listed some newbie bugs, just in case if newcomers joined the party. But it was only we 4 people and Kathara who joined remotely.

We started from May 2nd night, stacked our cabin with snacks, instant noodles and drinks. Arranged beds, tables and started hacking and having discussions. My autopkgtest-lxc setup was broken. I think its related to #1017753, which got fixed magically and now I started using autopkgtest-podman.

I learned
- reportbug tool can use its own SMTP server by default
- autoremovals can be extended if we pinged to the bug report.
On last day, we went to a nice restaurant and had food. There was a church festival nearby, so we were able to watch wonderful procession and fireworks at night.

All in all we managed to touch 46 bugs of which 35 is now fixed/done and 11 is open, some of this get status done when it reaches testing. It was a fun and productive weekend. More importantly we had fun.

May 08, 2025

aktsbot Announcing spb and lil
Announcing spb and lil

08 May 2025

spb

simple paste bin had been around for a couple of years. For a long time, spb ran with a mongodb database. Not anymore!

I updated it to use sqlite3 for its database and modernized the codebase a little bit.

Improve the source code over at github or see it in the wild over at spb.aktsbot.in.

lil

This is my take on a url shortener. The goal with lil was to
1. Store no user data.
2. Be usable from the terminal. i.e have a no BS api.
3. Use zero client side JavaScript.
4. Be easy to maintain
Source is at github. See it live on one0.xyz.

Happy Hacking & have a great day!

May 06, 2025

Bhavani Shankar Why I don't use full disk encryption
After diving into the rabbit hole of encrypting my entire disk, I decided it is not worth it. These are my reasons:
- High app launch delay: Cloudflare benchmarked dm-crypt encrypted disks to be 2-7 times slower. It means apps start at snail's pace; imagine a web browser opening in 5s instead of 0.7s.
- Impact on battery life and RAM: Encrypting, decrypting bytes, and juggling them across the boundaries of disk and RAM is expensive. If you are on a laptop, it eats up battery life.
- Shortens SSD lifespan: FDE, for security reasons, doesn't enable TRIM by default. It fills the entire disk with random data causing increased wear and tear of your solid state drive.
- Extremely inefficient: It impartially encrypts everything — even those parts that don't require it like system files — making it harder to fix a broken system.
Popular methods of full disk encryption
- TPM, secure boot: Completely transparent to the user because the key is stored on TPM. This variant is good for tamper prevention. Thieves can boot your device and access your data.
- Passphase based: /boot is not encrypted and is responsible for prompting the password during boot. It leads to bad user experience. If somebody puts a virus in /boot, the next time the user enters the password, it infects the whole system.
More drawbacks
- Sleep/Suspend vulnerability: A machine with a fully encrypted disk is secure only when it is off. Data on the RAM is not encrypted and can be extracted.
- Doesn't stop strong adversaries: It's useless against law enforcement and the mafia because they can force you to unlock your device.
- Multi-user systems: It doesn't protect your files from other users on your machine.
A better alternative

Application level encryption overcomes all these drawbacks.

Selectively encrypt files and folders

Encrypt just your private files — it's incredibly fast and secure. You may even use a different password for each file/folder. Multi-user device? No worries. I would suggest to:
- Encrypt files and folders — including personal pictures, videos, and documents etc with gocryptfs. You can sync encrypted folders across devices with Dropbox and automatically mount on login.
- Encrypt browser profile (folder) with gocryptfs. It prevents others from accessing your web browsing history, passwords, payment methods, and web subscriptions etc.
- Set a strong passphrase for ssh and gpg keys to secure your private keys.
- Use read-only filesystems for system files. Conveniently Nixos has a read-only filesystem and hashed folder names at /nix — where system files are stored — making it resilient to tampering.
- Make use of deniable encryption with Veracrypt. Create hidden virtual disks inside encrypted file systems. Nobody can even know that they exist.
- Encrypt files and folders with gocryptfs. You can sync encrypted folders across devices with Dropbox and automatically mount on login.
- Use Tails OS: When you need as much privacy and anonymity as possible, boot into tails from a USB drive and then shut it down as soon as your work is done.

May 05, 2025

Ravi Dwivedi A visit to Paris

After attending the 2024 LibreOffice conference in Luxembourg, I visited Paris in October 2024.

If you are wondering whether I needed another visa to cross the border into France— I didn’t! Further, they are both also EU members, which means you don’t need to go through customs either. Thus, crossing the Luxembourg-France border is no different from crossing Indian state borders - like going from Rajasthan to Uttar Pradesh.

I took a TGV train from Luxembourg Central Station, which was within walking distance from my hostel. The train took only 2 hours and 20 minutes to cover the 300 km distance to Paris. It departed from Luxembourg at 10:00 AM and reached Paris at 12:20 PM. The ride was smooth and comfortable, arriving on time. It gave me an opportunity to see the countryside of France. I booked the train ticket online a couple of days prior through the Omio website.

TGV train I rode from Luxembourg to Paris

I planned the first day with my friend Joenio, whom I met upon arriving in Paris’ Gare de l’Est station, along with his wife Mari. We went to my hostel (which was within walking distance from the station) to store my luggage, but we were informed that we needed to wait for a couple of hours before I could check in. Consequently, we went to an Italian restaurant nearby for lunch, where I ordered pasta. My hostel was unbelievably cheap by French standards (25 euros per night) that Joenio was shocked when he learned about it.

Pasta I had in Paris

Walking in the city, I noticed it had separate cycling tracks and wide footpaths, just like Luxembourg. The traffic was also organized. For instance, there were traffic lights even for pedestrian crossings, unlike India, where crossing roads can be a nightmare. Car drivers stopping for pedestrians is a big improvement over what I am used to in India. The weather was also pleasant. It was a bit on the cooler side - around 15 degrees Celsius - and I had to wear a jacket.

A cycling track in Paris

After lunch, we returned to my hostel for my check-in at around 3 o’clock. Then, we went to the Luxembourg Museum (Musée du Luxembourg in French) as Joenio had booked tickets for an exhibition of paintings by the Brazilian painter Tarsila do Amaral. To reach there, we took a subway train from Gare du Nord station. The Paris subway charges 2.15 euros irrespective of the distance (or number of stations) traveled, as opposed to other metro systems I have used.

We reached the museum at around 4 o’clock. I found the paintings beautiful, but I would have appreciated them much more if the descriptions were in English.

Luxembourg Museum

Afterward, we went to a beautiful garden just behind the museum. It served as a great spot to relax and take pictures. Following this, we walked to the Pantheon - a well-known attraction in the city. It is a church built a couple of centuries ago. It has a dome-shaped structure at the top, recognizable from far away.

A shot of the park near to the Luxembourg Museum

Pantheon, one of the attractions of Paris.

Then we went to Notre Dame after having evening snacks and coffee at a nearby bakery. The Notre Dame was just over a kilometer from the Pantheon, so we took a walk. We also crossed the beautiful Seine river. On the way, I sampled a crêpe, a signature dish of France. The shop was named Crêperie and had many varieties of Crêpe. I took the one with eggs and Emmental cheese. It was savory and delicious.

Photo with Joenio and Mari

Notre Dame, another tourist attraction of Paris.

By the time we reached Notre Dame, it was 07:30 PM. I learned from Joenio that Notre Dame was closed and being renovated due to a fire a couple of years ago, so we just sat around and clicked photos. It is a catholic cathedral built in French Gothic architecture (I read that on Wikipedia ;)). I read on Wikipedia that it is located on an island named Île de la Cité and I didn’t even realize we are on an island.

At night, we visited the most well-known attraction of Paris, The Eiffel Tower. We again took the subway, alighting at the Bir-Hakeim station, followed by a short walk. We reached the Eiffel Tower at 9 o’clock. It was lit bright yellow. There was not much to do there, so we just clicked photos and hung out. After that, I came back to my hostel.

My photo with Eiffel Tower in the background

Next day, I roamed around the city by walking mostly. France is known for its bakeries, so I checked out a couple of local bakeries. I had espresso a couple of times and sampled croissant, pain au chocolat and lemon meringue tartlet.

Items at a bakery in Paris. Items from left to right are: Chocolate Twist, Sugar briochette, Pain au Chocolat, Croissant with almonds, Croissant, Croissant with chocolate hazlenut filling.

Here are some random shots:

The Paris subway

Inside a Paris subway

A random building and road in Paris

A shot near Seine river

A view of Seine river

On the third day, I had my flight for India. Thus, I checked out of the hostel early in the morning, took an RR train from Gare du Nord station to reach the airport. It costs 11.8 euros.

I heard some of my friends had bad experiences in France. Thus, I had the impression that I would not feel welcomed. Furthermore, I have encountered language problems in my previous Europe trip to Albania and Kosovo. Likewise, I learned a couple of French words, like how to say thank you and good morning, which went a long way.

However, I didn’t have bad experiences in Paris, except for one instance in which I asked my hostel’s reception about my misplaced watch and the person at the reception asked me to be “polite” by being rude. She said, “Excuse me! You don’t know how to say Good Morning?”

Overall, I enjoyed my time in Paris and would like to thank Joenio and Mari for joining me. I would also like to thank Sophie for giving me a map of Paris, which was handy.

Let’s end this post here. I’ll meet you in the next one!

Credits: Thanks to contrapunctus for reviewing this post before publishing

KhubsuratInsaan The Gradual Encroachment of Capitalistic Tendencies

As an OpenStreetMapper, I love adding things which are supposed to be more or less guaranteed to persist for more than 10 years, such as parks and addresses. The act of seeing my parks on the map with their striking green colour gives me immense joy, and I get a similar joy from seeing the cute house numbers displayed on a series of nice rectangles.

So, it was obvious to me that addresses would be among one of my first contributions. I started looking out for areas with “nice” regular buildings who have clearly displayed their addresses in front of their houses.

My friend’s house was one such building. On a sunny day when (say) A and I were strolling, I told them about my plan to add their street to OSM. I was expecting, at the worst, some casual indifference about that whole affair. However, their response surprised me. They told me that ’the address is their private property’ just like ’the part of the street in front of their house is their private property.'

First of all, both of those statements are false. As is often the case, the street where my friend live is owned by the government, and all of its addresses are in public domain. I could, of course, have ignored this stupidity. However, I decided to reflect a little on this thing. What would a private system of addresses entail?

A private system of address would mean that the address is owned by the house owners. To prevent any intelligent guessing, these house numbers would have to be random, and can be appended with brand names to generate extra money for the house owners (like “SBI 1675343204892384123809323”). A government agency can be given the task of ensuring that the addresses remain private.

Now comes the difficult part, we have to make these addresses excludable and rivalrous. To ensure excludability we can generate a new address every time it is accessed by someone. So, if A visits SBI 1675343204892384123809323 (by paying a fee to the government agency which transfers the money to the house owner) and connects it to a coordinate, then the owner can change the address to a new one, ensuring that the next person would also have to pay the fee. This has the obvious disadvantage that once B’s personal data is revealed, A can instead connect the coordinates to B’s personal data and then sell it in the underground market. To avoid this problem, B can try to hide their personal data as much as possible, going as far as to change their personal data after a “leak.” To make the “good” rivalrous, the owner can impose a monthly limit on the number of access.

I have to admit, the above framework is pretty flaky. However, it is an OK starting point to think about monetisation of addresses. I am very happy that the above system is not practical, and so mapping addresses is still a useful endeavour. For now.

April 29, 2025

Karthik Contributing to Movim Again!

Last week, I got one more opportunity to contribute to movim’s CI/CD setup, which is in same scope as my previous contribution.

As the movim project dropped support for MySQL database, starting with v0.30.1, The developers wanted to test app setup with mariabd along with the existing postgres based setup job in the CI pipeline. Hence i got involved to support it.

It was relatively easy, as i just have to swap out one of the previous job steps involving postgres with mariabd. But, it took me some time to figure out a working mariadb github action out of available options.

Related PR: https://github.com/movim/movim/pull/1431

April 21, 2025

KhubsuratInsaan Lonely: Part 1

I often feel lonely, and I don’t have many friends. This blog series documents my journey towards ending this state of deprivation which has been plaguing my work since months.

For a quick start, I decided to join some local communities in Delhi. I am already a part of OpenStreetMap Delhi, but their meetups happen only once a month, which makes it very difficult to nurture the connections I make there (if I am able to create them in the first place). I have searched a little and have now found some other communities where I should be able to find new people.

The first one is HochPoch Delhi, which is a group of 2 people organizing meetups every Wednesday. They hangout in art galleries, museums, and cafes. They seem pretty chill, and I hope to meet some cool people there.

The second one is Lodhi Reads, who meet every Saturday at Lodhi Gardens to read books in silence. This seriously sounds like heaven to me.

I will write about my experience at these two places in Part 2.

April 18, 2025

Bhavani Shankar A weird algorithm for sharing coins
Here's a memorable problem from Project Euler:

There are 7 ways to separate 5 coins into piles (as shown). How about 100 coins?
```
OOOOO
OOOO   O
OOO   OO
OOO   O   O
OO   OO   O
OO   O   O   O
O   O   O   O   O 
```
Solution

In number theory, it is known as the partition function: $p(k)$. So $p(5) = 7$. A simple formula for $p(n)$ is currently unknown but, we can calculate it recursively. The key insight is how we break $p(n)$ into smaller problems.

Let $p(n, k)$ be the number of ways to arrange of $n$ coins into piles allowing up to $k$ coins per pile. For example, $p(4, 2)$ is:
```
OO   OO
OO   O   O 
O    O   O   O
```
Let's build the recurrence.
- If $k = 1$, we can only put 1 coin in each of the $n$ piles; if $n=1$, there's only one coin. There's only one arrangement in either case. Therefore,
$$p(n, 1) = p(1, k) = 1$$
- The possible arrangements for $n, k$ can be segregated into two categories:
  1. Those that only use smaller piles of $k-1$ coins or less.
  2. And the rest — with a pile of $k$ coins. If we remove it, we are left with all possible ways to arrange $n-k$ coins.
$$p(n, k) = p(n, k-1) + p(n-k, k)$$

A concrete example

To be certain that we understand, let's divide $p(5, 3)$ into these two groups. The first group $p(n, k - 1)$ has all arrangements with piles of size $k - 1 = 2$ or less.
```
OO   OO   O
OO   O   O   O
O   O   O   O   O 
```
The 2nd group contains one pile of size 3. If we remove it, we are left with $p(2, 2)$.
```
000   OO
000   O   O
```
Adding these two counts, we can see that $p(5, 3) = 5$. Let's calculate $p(5, 3)$ recursively now.

What if $n \leq 0$?

We missed a base case; $p(0, 2)$ came from $p(2, 2)$ after making a common pile of 2 coins; we need one arrangement to put the common pile. Though it seems a bit counterintuitive, we need to set:

$$p(0, k) = 1$$

During recursion, we will encounter calls like $p(2, 3)$. Blindly expanding will result in negative values for $n$:

$$p(2, 3) = p(2, 2) + p(-1, 3)$$

We can add a maximum of $n$ coins to a pile. So we can set $k$ to $n$ when $k > n$.

$$p(2, 4) = p(2, 2)$$

Writing the code

Let's write an implementation of our 4 base cases and the recurrence and use it to compute $p(100, 100)$.
```
fn partitions(n: usize) -> usize {
    fn partitions_helper(n: usize, k: usize) -> usize {
        if k > n {
            partitions_helper(n, n)
        } else if n == 0 || n == 1 || k == 1 {
            1
        } else {
            partitions_helper(n, k - 1) + partitions_helper(n - k, k)
        }
    }
    partitions_helper(n, n)
}

fn main() {
    println!("{}", partitions(100));
}
```
After about a second, we are greeted with the answer.
```
190569292
```
Speeding it up

A lot of values are computed again and again. For instance,

If we continue expanding the first 2 terms, we will encounter $p(2, 2)$ twice. It makes sense to use caching a.k.a memoization with crates like cached. With caching, this problem goes from exponential to quadratic time complexity i.e $O(e^{n})$ to $O(n^2)$ — a gap so huge that calculating $p(1000)$ would shrink from days to under a second.
```
use cached::proc_macro::cached;
...
    // Just add this proc macro to above code. That's it!
    #[cached]
    fn partitions_helper(n: isize, k: isize) -> isize {
    ...
```
Bottom-up approach

Instead of caching previously computed recursive calls, we can avoid the stack overhead by just starting from the base and building up higher and higher until we reach the answer. This approach is cleaner and faster.
```
fn partitions_bottom_up(n: usize) -> usize {
    let mut partitions = vec![vec![0; n + 1]; n + 1];

    // fill all the base cases
    for i in 0..=n {
        partitions[0][i] = 1;
        partitions[1][i] = 1;
        partitions[i][1] = 1;
    }

    // build up the rest of the n, k values
    for i in 2..=n {
        for j in 2..=n {
            partitions[i][j] = partitions[i][j - 1];
            if i >= j {
                partitions[i][j] += partitions[i - j][j];
            }
        }
    }

    partitions[n][n]
}
```

April 17, 2025

Bhavani Shankar Sudoku solver in 100 lines of Rust

Sudoku is an addictive number placement puzzle that is logic-based. To win, you should fill the missing cells such that all rows, columns and each of the nine 3x3 boxes contain all numbers from 1 to 9. A well-posed Sudoku has only one solution.

After conquering basic algorithms, a Sudoku solver feels like a rite of passage to be a good coder. So, let's write a program that can solve any Sudoku puzzle in less than a second, starting from scratch.

Algorithm

To solve any problem, we should begin by designing an algorithm. Let's see -

Check if the Sudoku puzzle is valid.
Find an empty cell and guess a number.
Continue with (1) until either:

a. No empty cells are left - we found a solution!

b. We cannot proceed - We made wrong guesses. Then, we should step back and try and continue (1) with a different guess.

This backtracking algorithm will enumerate all solutions. If you are familiar with graphs, you will notice it is identical to depth-first search.

Each circle is an intermediate solution. You jump to the bottom circles by making a valid guess (arrow) and when you reached the bottom, you take a step back and explore other possibilities.

Encoding

To achieve a compact representation, we can write down a Sudoku row by row as an array of numbers. Empty cells are indicated with 0. Then, the above puzzle becomes:

000000005000075060715000002074031006100706003600520970300000859020980000400000000

Validating a region

With this representation in mind, we can begin by writing a check for all Sudoku constraints - all rows, columns and 3x3 boxes should contain 1 to 9 exactly once. Let's call each one of them regions. A region can be one particular row or a column or a box.

fn is_valid_region(region: [u8; 9]) -> bool {
    let mut seen = [false; 10];

    for n in region {
        if n != 0 && seen[n as usize] {
            return false;
        }
        seen[n as usize] = true;
    }

    true
}

The function is_valid_region checks if the numbers 1-9 occur only once.

Extracting regions

Fetching the nth row of a Sudoku is straightforward. In our representation, the 1st row is 0, 1, 2, ..., 8. The 2nd row is 9, 10, 11, ..., 17 and so on. So, the nth row is:

With a similar approach, we can deduce the patterns for nth column and the nth box. To keep the code simple, I hard coded the 1st box and the offsets to get the other boxes.

   // Get nth row of a sudoku
   fn get_row(sudoku: [u8; 81], row_index: usize) -> [u8; 9] {
       let mut row = [0; 9];
       for i in 0..9 {
           row[i] = sudoku[i + row_index * 9];
       }
       row
   }
     // Get nth column of a sudoku
   fn get_column(sudoku: [u8; 81], column_index: usize) -> [u8; 9] {
       let mut column = [0; 9];
       for i in 0..9 {
           column[i] = sudoku[i * 9 + column_index];
       }
       column
   }
     // Get nth box of a sudoku
   fn get_box(sudoku: [u8; 81], box_index: usize) -> [u8; 9] {
       let mut box_region = [0; 9];
       let first_box = [0, 1, 2, 9, 10, 11, 18, 19, 20];
       let box_offsets = [
           0,
           3,
           6,
           9 * 3,
           9 * 3 + 3,
           9 * 3 + 6,
           9 * 6,
           9 * 6 + 3,
           9 * 6 + 6,
       ];
    
       for i in 0..9 {
           box_region[i] = sudoku[first_box[i] + box_offsets[box_index]];
       }
       box_region
   }

Validating Sudoku

To check if a Sudoku is valid, we just need to extract all 27 regions and verify that they are consistent.

// Returns true if a sudoku is valid.
fn is_valid_sudoku(sudoku: [u8; 81]) -> bool {
    for i in 0..9 {
        if !(is_valid_region(get_row(sudoku, i))
            && is_valid_region(get_column(sudoku, i))
            && is_valid_region(get_box(sudoku, i)))
        {
            return false;
        }
    }
    true
}

Solving

The backtracking algorithm that we designed looks like this in Rust:

/// Recursively enumerates all solutions of a sudoku puzzle
pub fn solve_sudoku(sudoku: [u8; 81]) -> Vec<[u8; 81]> {
    let mut solutions = Vec::new();
 
    fn solver(solution: [u8; 81], solutions: &mut Vec<[u8; 81]>) {
        let mut empty_cell_found = false;
     
        for i in 0..81 {
            if solution[i] == 0 {
                empty_cell_found = true;
             
                for n in 1..10 {
                    let mut new_solution = solution;
                    new_solution[i] = n;
                    if is_valid_sudoku(new_solution) {
                        solver(new_solution, solutions);
                    }
                }
                break;
            }
        }
     
        if !empty_cell_found {
            solutions.push(solution);
        }
    }
 
    solver(sudoku, &mut solutions);
    solutions
}

We find an empty cell, make a valid guess and call solver recursively. We keep exploring deeper and deeper until we cannot proceed further. If all the cells are filled up, then it's a solution. We add it to our list. We continue searching the remaining paths in this graph.

This worked beautifully. It printed out the solution to the above puzzle in 0.0s.

534678912672195348198342567859761423426853791713924856961537284287419635345286179

Here's another example:

let sudoku = [
    6, 4, 5, 9, 0, 0, 0, 0, 0,
    0, 7, 3, 1, 0, 0, 0, 5, 0,
    2, 0, 0, 0, 5, 0, 0, 0, 0,
    5, 9, 0, 0, 3, 7, 6, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 4, 5, 8, 0, 0, 3, 9,
    0, 0, 0, 0, 7, 0, 0, 0, 3,
    0, 3, 0, 0, 0, 4, 1, 9, 0,
    0, 0, 0, 0, 0, 1, 8, 2, 7,
];

let solutions: Vec<[u8; 81]> = vec![
    [
        6, 4, 5, 9, 2, 8, 3, 7, 1,
        9, 7, 3, 1, 4, 6, 2, 5, 8,
        2, 8, 1, 7, 5, 3, 9, 4, 6,
        5, 9, 8, 4, 3, 7, 6, 1, 2,
        3, 2, 7, 6, 1, 9, 5, 8, 4,
        1, 6, 4, 5, 8, 2, 7, 3, 9,
        8, 1, 9, 2, 7, 5, 4, 6, 3,
        7, 3, 2, 8, 6, 4, 1, 9, 5,
        4, 5, 6, 3, 9, 1, 8, 2, 7,
]];

assert_eq!(solve_sudoku(sudoku), solutions);

April 12, 2025

Bhavani Shankar Self-existing objects of time travel
Jinn particle is a mind boggling yet simple concept from theoretical physics that has been explored in fiction. To understand what it is, imagine meeting an old man who gifts you a book. Leaving, he says

"Do not open the book until you know who I am."

Decades pass by and you forget the book in the corner of a closet. Looking in the mirror, one day, you realize that you are starting to appear exactly like that old visitor — maybe you are him? You open the book and find schematics of a time machine. Over the next few years, you digest its contents and construct a time machine. Then, you return the book to the past.

The origins of this book is a perplexing mystery — without a beginning or an end — it just exists in this time loop. But if time travel is real, these self-existing items must exist.

Jinn particles over time

Ordinary books wear out with time; the paper turns yellow, wrinkly, and torn; the print fades. In physics, we call it entropy. To return the book to your past self in exactly the form that you received, either:
1. The book always remains in the exact same condition — time has no effect on it.
2. It reverts to the younger form during time travel. The entropy accumulated by the book is dissipated into the environment.
A human jinn particle

You meet a time traveler at 10 am, today and have a lovely conversation with her. At 10:15 am, she says it's time to go. As she is leaving, you peek inside the time machine and your jaw drops. She has set the destination to 10 am, today — the precise moment she arrived.

This person has changed over the course of the conversation. Her brain formed new connections and memories; her body aged for 15 minutes; she has accumulated entropy. As a jinn particle, she will shed memories of this brief conversation and aging before she arrives.

Implications of their existence

Part of the spookiness of a jinn particle is how certain actions become necessary — you have to return the book to the past. You cannot destroy it. Either the thought itself cannot occur or you refrain from acting on it — perhaps due to a fear of destroying reality. Maybe all your attempts fail due to coincidences or the book simply turns out to be indestructible.

More interestingly, you destroy the book but the schematics of the time machine form in your mind. You write the book and give it to your past self. Then it's not a jinn particle anymore.

Whatever ends up happening, if jinn particles exist, certain events will be predestined. This leaves the notions of free will and non-determinism in jeopardy.

Planet FSCI

July 17, 2025

July 14, 2025

July 11, 2025

July 08, 2025

Footnotes

July 07, 2025

July 06, 2025

July 04, 2025

1984 Hosting

Hurriance Electric

Afraid.org

Puck

NS-Global

Asking friends

Some notes

Further reading

July 02, 2025

June 30, 2025

June 27, 2025

June 22, 2025

Looking at in zone data

Looking at parent zone

To summarize:

Email to SOA address

June 21, 2025

June 15, 2025

in1.ns.ua by Intuix LLC

ho1.ns.ua by Hostmaster LLC

bg.ns.ua by ClouDNS

cz.ns.ua by NIC.cz

nn.ns.ua by Netnod

pch.ns.ua by PCH

rcz.ns.ua by RcodeZero

Some points to note

Read more links

May 27, 2025

May 23, 2025

May 13, 2025

May 09, 2025

May 08, 2025

Announcing spb and lil

spb

lil

May 06, 2025

Popular methods of full disk encryption

More drawbacks

A better alternative

Selectively encrypt files and folders

May 05, 2025

April 29, 2025

April 21, 2025

April 18, 2025

Solution

A concrete example

What if $n \leq 0$?

Writing the code

Speeding it up

Bottom-up approach