Planet FSCI

May 23, 2025

S. Badri Towards a Password-Mukt XMPP

These days, a password is, more often than not, a single-use affair. One hurriedly settles upon a password while signing up to some new account or other. By the time one needs to sign in again, the password almost invariably eludes the memory, resurfacing only after the password reset process has been completed.
This poses something of a problem in XMPP-land. In an attempt to keep data collection to a bare minimum, many servers ask only for a preferred username and password. With no further information, how can they verify it's really you in order to reset your password? And if you don't go through the motions of resetting your password, what hope does your memory have of retrieving the old one?
To prevent their users from being locked out of their accounts, some XMPP providers allow you to set a recovery email address, to which password reset details may be forwarded when the occasion arises. Allowing for the privacy-minded, this recovery email is often made optional: a good thing, though unfortunate for those optimists who think they will remember their passwords without fail, until they realise they actually don't.
A bigger drawback with this setup is that, as of now, such extra fields are not supported in the in-app registration process. Server operators usually make custom HTTP pages for registration, which can collect all the additional information. This works effectively, but it means the user has to leave the app and (manually) open a web browser to complete registration before coming back to the app and (again, manually) entering their newly acquired login details. Perhaps not a major inconvenience on the scale of things, but certainly so on the scale of "hyper-polished corporate-backed apps that make it so easy to sign up you could almost do it by accident"!
As an aside, sending the user to an HTTP page to sign up is not necessarily a bad thing: it does let the server operator show off a bit more of their website and potentially highlight the fact that theirs is a service run by people, not merely some faceless corporation.
That said, I think it would be nice if, having taken the trouble to download and install an app, users could get started without having to leave it again.
To better blend in with the faceless corporations, Quicksy and Prav have reasoned thus: if people are going to reset their passwords almost every time they log in, why not use the password reset process as the default way to log in?
This is possible because Quicksy and Prav control both the client and the server of their respective services. Their "signing in" process involves entering a phone number to receive a one-time code on it, which can then be entered to authenticate the session. Internally, this is the point at which a new, randomly generated password is set for your client to use in future communications.
As you can see, it is, quite literally, nothing but a password reset process.
A problem with this is that signing in on a secod device will change the password, rendering the account inaccessible to your first device. A workaround is to directly view or set the password on your first device, and enter that password on all subsequent devices to sign in the "normal" way. Of course, that means you lose out on the "passwordless" part and are back in the whole password routine.
Fortunately, the future seems to hold ways in which we can not only go passwordless, but also remain so.
When a client connects to a server for the first time, it usually has to authenticate itself—whether by a password or through some other means. But what about after the first time? That's where XEP-0484 or Fast Authentication Streamlining Tokens (FAST) comes in.
Once a connection is made, FAST lets the server give a special token to the client, which the client can then use for future authentications. Practically, it's almost like the current Quicksy and Prav routine of setting a new password each time—except that the "password" is client-specific and doesn't affect the ability of the other clients to continue logging in.
FAST tokens have an expiry date, but one that can be automatically extended—so while your client that has been offline for two months may need re-authentication, the one that has been logging in every day for two months won't.
FAST solves the problem of "having to set a password after authentication" but what about the authentication process itself? This is a problem in two parts, because there are two different situations in which you'd want to log in to your account: the first time, and every time that comes after.
The first time you want to use XMPP, you don't have an account yet: you have to sign up or "register" one. The ubiquitous XEP-0077 In-Band Registration (IBR) defines a standardised way to do just that...but with a username and password, and, worse, with only a username and password. XMPP providers that want to collect more fields, such as an email address, or use something other than a password to authenticate, like a phone number, have to either host an external HTTP page or customise the client itself.
Or, they could use something like the experimental XEP-0389 Extensible In-Band Registration (nicknamed IBR2 or extensible IBR). This XEP replaces the single "username and password" form of IBR with a series of "challenges" and "responses", where a "challenge" can be simply "what's your preferred username and password?" but could also be "check your SMSes and enter the code we sent you there" or "enter the numbers in reverse order to prove you're not a robot". Like the original IBR, the extensible version is backed by XEP-0004 Data Forms, making it truly extensible to anything you want it to be.
For the HTTP-happy, there is "out of band" registration which automatically opening up a web browser and reads the response when done. This means server operators can potentially keep their existing web-based signup pages, but allow them to be seamlessly opened and closed by the app itself—possibly the best of both worlds.
Once you have an XMPP account, the current standard way to sign in is to negotiate an SASL connection, which decides the security features of your "stream"—the XMPP connection—but usually also involves your client passing in your username and password at some point.
Similar to extensible IBR, XEP-0388 Extensible SASL Profile builds upon the normal SASL negotiation process to let you add other options to the mix. The XEP gives an example of second-factor authentication through TOTP, but one can imagine using a challenge mechanism similar to extensible IBR to make a one-time code the only factor, rather than the second one.
Taking things a step further, perhaps we could handle new users by merely adding a "challenge" of "what username would your prefer?" thereby eliminating the need for "registration" altogether? Is there really that much difference, after all, between logging in for the first time and loggin in every other time?
The standards-minded reader would have noted, with some alarm, that by blithely using "authentication through SMSed code" we are replacing a truly independent and decentralised authentication mechanism—the password—with a rather more centralised one.
Fortunately, SMS is only one example. The same authentication code could just as easily be delivered by some other means, such as through email via SMTP, within an existing webapp, on a different messaging network like IRC...
...or through XMPP itself, to an already connected client of the user's. This would allow a user to sign in with a new XMPP client by authorising it using an already existing one.
While there is no XEP yet for "sign in to a new client by authorising with an existing one", there are a few bits and pieces that could be put together.
The simplest option is, of course, to do what we do on other networks and simply send an ordinary XMPP message saying "your password is so-and-so".
More interesting in XEP-0070 Verifying HTTP Requests via XMPP. THe original purpose of this XEP is to let an XMPP client authorise access to an HTTP client such as a web browser. When your web browser tries to load a page, the HTTP server forwards the request to your XMPP server, which passes it on to your client. On your end, you'll see a popup saying something like "Hey, should we allow browser with code so-and-so to access this page of yours?"
While it may matter to you whether the request originated from an HTTP request or it was just your server making things up, your XMPP client doesn't care. All it knows is that the server has sent an XEP-0070 authorisation request, to which you can answer either yea or nay.
That makes it a small matter for the server to "make up" an authorisation request when you try to sign in from another client. Any client with XEP-0070 support can handle it. It matters not if the original trigger at the other end is the SASL negotiation process for your newly installed chat client, rather than an HTTP request from your not-necessarily-newly-installed web browser.
Ironically, this setup would be quite helpful for web-based XMPP clients, where people may not be comfortable entering their XMPP passwords. Now, they can just authenticate the webclient via some other client instead! Needless to say, if this becomes a regular feature, it would be a good idea to define it as such in a separate XEP. This would allow for more levels of protection, and perhaps encryption key verification as well.
Wait, the security-minded reader may ask: what prevents a malicious server from serving a truly "made-up" authorislation request, allowing a random device to be logged in?
The answer is: nothing!—but the same goes for a server operator overwriting or reading your password as well. All the authorisation discussed here is between you and your server, or, more specifically, for you to prove your identity to your server. If the server decides to ignore that and let other people in too, there's nothing you can do to stop it at this level. That's why we have an added layer of end-to-end encryption, OMEMO keys, and all that jazz.
Incidentally, XEP-0070 (or whatever we develop to replace its interesting half) provides a good opportunity to conduct key signing or identity verification as well. The keys could be generated on your device before it attempts to log in, setting the stage for a more secured handshake above the server-mediated one.
Going a step further, this setup paired with XEP-0450 Automatic Trust Management (ATM) could pave the way for more decentralised logins, where one could log in with different JIDs and different XMPP servers and still be recognised by one's friends (and their XMPP clients) as the same person. But that's venturing into the territory of a whole different topic...
The XEP-0070 hack demonstrates that there is, in fact, a difference between logging in for the first time and logging in every other time. We can use it to log into an XMPP client if we already have other logged-in XMPP client, but surely we cannot claim to have "XMPP clients all the way down"!
So, how would the first XMPP client get authorised? One option is to return a FAST token during in-band registration, so the client can use that as its first connection.
Better still, if we are able to complete registration during SASL negotiation as I speculated about before, the client would automatically be authorised with a FAST token already! Perhaps we can have "XMPP clients all the way down" after all.
We now have a registration system that is not only purely XMPP based, but also entirely passwordless. Before we celebrate though, let's pause to see if we have really covered all our bases.
When online services require a phone number for registration, its purpose is twofold: to prove your specific identity as an individual, but also to prove, within a reasonable level of tolerance, your identity as a member of the human race. In other words, if you are able to receive SMSes through a standard phone number on the telecom network, chances are you're not a robot. This is necessary to prevent spurious signups from automated bots, who can then proceed to send spam messages across the inter XMPP network.
Alas! Our new passwordless mechanism accounts for the first problem but not the second.
Fortunately, this can be readily remedied by making full use of the "extensible" part of extensible IBR. There, we are free to add any other spam-prevention challenges such as additional questions, or if we update the spec accordingly, maybe even a CAPTCHA.
Another way to address this, using mechanisms that already exist, is based on social trust. The idea is to close off public registration and allow signups only using XEP-0401 Ad-hoc Account Invitation Generation. This XEP allows for account invitation links, that any existing user can generate and pass on to a prospective human user. It's up to them to keep the link to humans, of course.
Traditionally, invites open up the old password-based registration screen, but as before we can always skip the password part. Since the XEP allows suggesting a username along with the invitation, it would be possible for new users to be registered, authenticated, and signed in automatically—all by merely clicking on a link!
While this is a nice way to let humans bring other humans into the community, it only scratches the surface of what social trust can do.
It is a truth universally acknowledged, that a person in possession of a good authentication mechanism, will inadvertently lock themselves out with it. In our case, that would mean accidentally uninstalling the last logged-in client, or losing the device onto which it was installed.
This though is no different from doing the same with a password-based account and then forgetting the password. The simple solution is to implement a similar flow based on a second factor like an email or a phone number, which provides a fresh authentication token at the end of it: essentially, a "reset password" flow without the bit at the end where you actually set your password.
To make things more spicy, the Dark Crystal standard allows for account recovery through social trust. The idea is that your recovery information is broken up into pieces, which you can put back together when the time comes. The "social" part is that each piece is given to a different trusted contact for safekeeping.
If you ever get locked out, your account information remains safe with friends—or "in the minds of neighbouring families", if you will.
There is an assumption these days that every person has at least one personal computing device, which they carry with them wherever they go. More often than not, it is assumed that at least one of these devices is connected to the telecom network, which means it is capable of receiving messages via the SMS protocol.
Such assumptions have led to people using SMS and its related phone numbers as a proxy for individual identity, which poses something of a problem in situations where a person does not have a phone number, or where multiple people share the same phone number. Examples include multiple family members sharing the same phone, or a child who has not yet been deemed old enough to receive their own phone. The situation cuts both ways: it is likely that children are reciving their first phone number earlier than before precisely because so many authentication mechanisms require one.
A purely XMPP-based authentication mechanism solves the problem of phone number dependency—but what of the overarching assumption of a separate personal computing device for each person?
Imagine quickly signing into your friend's laptop to check messages, or borrowing a shared account on the family desktop when nobody else is using it. Such interactions used to be common—and are still easily possible—with basic email. On the messaging side, however, end-to-end encryption has made things harder, and a mandatory "sign in using an already-authenticated device" would make it nigh on impossible.
The only way to make this work easily is to use a trusted server, paired with an authentication key that can be carried anywhere and activated on any random device you come across. What fits the bill better than the humble password—which is always with you, right inside your head?
All this goes to show that passwords, though less popular, are far from obsolete—and may never be. However, for those who have trouble with them, there are now feasible alternatives. Thanks to the decentralised nature of XMPP, we don't have to fight between one or the other, rather offering multiple options, the better for each to choose their own.
Thanks to discussions with MSavoritias (fae,ve), Kris, edhelas, and others on the JoinJabber dev room for providing some of the ideas and inspiration behind this article.

Thejeshgn GN Weekly Notes 21/2025
It was mostly kids and me at home this week. Managing full-time work, kids, and housework by myself was tough. Four kids (okay, one human toddler, a parent, and two pets) are a handful, even when you have regular support. But thanks to a friend and sibling who live close by, I could manage easily. “Live closer to your friends; they will make your life better”.

Uma loves doing puzzles
- The weather has been good in Bengaluru. It’s been raining (pre-monsoon rains – clouds, big GIF) almost daily. Apparently, Monsoons have come early, like nearly a week to ten days early. I have still not seen a year where Monsson was predicted correctly. There is a lot to do in that regard.
- I had not taken the Political Compass survey in a long time. So, I took it this week and logged it for future reference. TLDR: My political views have not changed much since 2009, when I first took the survey.
- Most hospitals are horrible in India. I know many of my NRI friends fly down to India for affordable and decent treatment, but let’s not confuse that with good service. They are subpar regarding quality of care, communication, and accountability—even in so-called A+++ (top-tier) hospitals. You must have someone inside, a doctor or a specialist, basically an influential person, for the hospital to provide good QoS and communication. Without that, you’re just another file on a desk. Everyone I know who’s had a smooth healthcare experience had that advantage. You can’t just walk into an A+++ grade hospital, choose the best option, and expect top-notch care. It doesn’t work that way here. These places are often unprofessional, disorganized, apathetic, and, for lack of a better word—money-minting machines. And I’m talking about the best hospitals here; forget about others.
- Rema aunty was at the hospital for an optional QoL surgery. But then she had to return because of an allergy to medication from the theater !?! But it almost took a week for her to recover. Anju was with her. In general not a good experience.
- Over the last couple of weeks, I’ve said this more than once—“Let me try and fail.” It came up when people hesitated, thinking they had failed and I would fail anyway. But to me, not trying feels worse than failing. Also, variables might have changed from the last time to this time.
- Thanks to hot packs, daily exercises, and one solid physiotherapy session, it’s been a good week. The therapist went on vacation afterward, but even that single session helped. More sessions are planned for next week
- I update ZimWiki and there have been small but significant updates. Search has become so much better; now it’s based on SQLite FTS5. One could easily build an add-on for the vector search. That will make it very useful, especially to me, who has thousands of pages and work notes. In the meantime, since everything is a text file in ZimWiki, you can sync the folder with OpenWeb UI (Workspace > Knowledge > Sync Directory) and use it as a knowledge base
- So Mozilla has put AI chats in the browser, in the side tab bar. Currently, it has a limited choice of cloud services if you plan to use your Open WebUI. Then go to about:config and edit browser.ml.chat.provider to give your OpenWebUI frontend URL and not API endpoint. BTW, ChatGPT can speak Kannada now.
- I am test-driving LibreWolf, a custom version of Firefox focused on privacy, security, and freedom. I was mainly using Firefox and a bit of Chrome. I was looking for a third browser that allows me to control almost all aspects of browsing. LibreWolf came close. I will let you know how the test drive goes.
- I watched Conclave; I liked it. I think the ending was a bit obvious and simplified—otherwise, it’s not a bad movie to watch.
You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

Subscribe

The post Weekly Notes 21/2025 first appeared on Thejesh GN.

May 22, 2025

Thejeshgn GN What is My Political View in 2025?

I am quite politically engaged and follow it with genuine interest. So I need to understand where I stand using a consistent set of parameters. Sometime in 2009, I came across The Political Compass, which felt like a good fit for this purpose. Since then, I’ve been taking the survey from time to time and noting the results on this blog, for both my readers and myself.

Political Views of Thejesh GN in 2009.

Political Views of Thejesh GN in 2011.

Political Views of Thejesh GN in 2010.

Political Views of Thejesh GN in 2014.

Some of my answers have likely changed over the years, either due to new experiences or a deeper understanding of the issues. Even the extent to which I agree or disagree with certain ideas might have shifted. Taking the survey periodically helps capture how, and if, I’ve changed over time.

The last one I did was in 2014, which was high time. With that note, here is the survey result from 2025.

Political Views of Thejesh GN in 2025.

As you see, I am still in the same quadrant. Economic Left, Social Libertarian. Also, I am more or less in the center of that quadrant. At the same time, India itself has moved to the opposite quadrant, at least socially, i.e, Economic Right, Social Authoritarian. When you get time, read the HRW/2025 report and Heritage’s Economic Freedom.

Political Views of nations.

Political Views of popular readers.

I have also added the graphs of popular people and countries above to give you an idea. You can read more on their site.

You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

Subscribe

The post What is My Political View in 2025? first appeared on Thejesh GN.

May 16, 2025

Thejeshgn GN Weekly Notes 20/2025
It’s been a good week. The pain did flare up midweek, but regular exercise has helped bring it down. I can correlate the reduction to neck exercises. I’m starting physiotherapy at Stairs Physiotherapy again.

Interestingly, I’ve received a few messages and emails about this. It turns out that I’m not alone; others in my industry have gone through this and have recovered. These weekly notes have sparked some helpful conversations and suggestions. That’s reason enough to keep writing about my recovery.

I have been using premix coffee sachets we picked up in Langkawi this week. They are popular all over Southeast Asia, but I am not sure why they aren’t available in India.
- All the introduction emails and most of the payments related to NMG/2025 are complete. I updated the project page. The kind from the neighborhood is in their final year (same kid from the last two years), their grant will happen, but it is not counted as part of regular NMG.
- The niblings spent some time with us during their busy holidays. It’s always fun having them around—and this was their first school break with Uma. I wanted to watch Flow in the theater, but couldn’t. But I used this opportunity to watch it on Prime with them. We all loved it.
- Uma will start pre-school at Earth School this July. Until now, she was going to play school.
- I wrote a blog post about FOSS apps that I use to share files between devices. It’s part of my Linked List, an ongoing series where I share a curated list of exciting or useful things — books, apps, hardware tools, and more.
- I have been using premix coffee sachets we picked up in Langkawi this week. They are popular all over Southeast Asia, but I am not sure why they aren’t available in India. They are cheap, easy to carry, and it takes a minute to make a decent coffee. There are sugarless versions, too. Sure, it’s not an Espresso, but it’s close to what South Indian’s call black coffee (A diluted drink made from chicory-coffee decoction, sometimes sweetened with jaggery or sugar, and occasionally spiced with pepper). I first tried them in Jakarta, where a street vendor used them to make coffee for us. Since then, every time I visit that part of the world, I buy and bring a ton of them.
- I have moved entirely to Flatpak as the format and Flathub as the application source. For some applications, I have gone outside Flathub to install a Flatpak. I know Flatpak has limitations, but I had to get behind something, and Flatpak seemed the best for me. If something is unavailable as Flatpak, I will look for AppImage format. Finally, I go for the Debian package.
- A few friends from the Open Data and DataMeet communities and I are putting together the Open Data Devroom at this year’s IndiaFOSS on 20/21 Sept @ Bengaluru. The call for proposals is open now. Please do submit if you have anything interesting to share with the community.
- Anju and I watched Adolescence last week. It was a bit shocking, but felt very real, especially in India, where boys and men often try to be “macho” through misogyny. You see it everywhere now—on social media and in WhatsApp groups. This attitude isn’t new ¹, but social media has amplified and spread it to every corner, and is trying to make it cool. Now back to the series – I loved the last episode where parents reflect upon their upbringing, parenthood, their influence on kids vs the society has on them, etc. It’s raw and leaves you sad.
- I have a channel for Kannada movies on Are.na, available for free on YouTube (for now)—the ones I like. You might want to watch a few, especially if you have an ad-free version of YouTube.
You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

Subscribe
1. Where else in the world would you see acid attacks on the women they apparently *love* ↩
The post Weekly Notes 20/2025 first appeared on Thejesh GN.

May 13, 2025

Ravi Dwivedi KDE India Conference 2025

Last month, I attended the KDE India conference in Gandhinagar, Gujarat from the 4th to the 6th of April. I made my mind to attend when Sahil told me about his plans to attend and giving a talk.

A day after my talk submission, the organizer Bhushan contacted me on Matrix and informed me that my talk had been accepted. I was also informed that KDE will cover my travel and accommodation expenses. So, I planned to attend the conference at this point. I am a longtime KDE user, so why not ;)

I arrived in Ahmedabad, the twin city of Gandhinagar, a day before the conference. The first thing that struck me as soon as I came out of the Ahmedabad airport was the heat. I felt as if I was being cookedâ€”exactly how Bhushan put it earlier in the group chat. I took a taxi to get to my hotel, which was close to the conference venue.

Later that afternoon, I met Bhushan and Joseph. Joseph lived in Germany. Bhushan was taking him to get a SIM card, so I tagged along and got to roam around. Joseph was unsure about where to go after the conference, so I asked him what he wanted out of his trip and had conversations along that line.

Later, Vishal convinced him to go to Lucknow. Since he was adamant about taking the train, I booked a Tatkal train ticket for him to Lucknow. He was curious about how Tatkal booking works and watched me in amusement while I was booking the ticket.

The 4th of April marked the first day of the conference, with around 25 attendees. Bhushan started the day with an overview of KDE conferences in India, followed by Vishal, who discussed FOSS United’s activities. After the lunch, Joseph gave an overview of his campaign to help people switch from Windows to GNU/Linux due to environmental and security reasons. He continued his session in detail the next day.

Conference hall

A key takeaway for me from Joseph’s session was the idea pointed out by Adwaith: marketing GNU/Linux as a cheap alternative may not attract as much attention as marketing it as a status symbol. He gave the example of how the Tata Nano didn’t do well in the Indian market due to being perceived as a poor person’s car.

My talk was scheduled for the evening of the first day. I hadn’t prepared any slides because I wanted to make my session interactive. During my talk, I did an activity with the attendees to demonstrate the federated nature of XMPP messaging, of which Prav is a part. After the talk, I got a lot of questions, signalling engagement. The audience was cooperative (just like Prav ;)), contrary to my expectations (I thought they will be tired and sleepy).

On the third day, I did a demo on editing OpenStreetMap (referred to as “OSM” in short) using the iD editor. It involved adding points to OSM based on the students’ suggestions. Since my computer didn’t have an HDMI port, I used Subin’s computer, and he logged into his OSM account for my session. Therefore, any mistakes I made will be under Subin’s name. :)

On the third day, I attended Aaruni’s talk about backing up a GNU/Linux system. This was the talk that resonated with me the most. He suggested formatting the system with the btrfs file system during the installation, which helps in taking snapshots of the system and provides an easy way to roll back to a previous version if, for example, a file is accidentally deleted. I have tried many backup techniques, including this one, but I never tried backing up on the internal disk. I’ll certainly give this a try.

A conference is not only about the talks, that’s why we had a Prav table as well ;) Just kidding. What I really mean is that a conference is more about interactions than talks. Since the conference was a three-day affair, attendees got plenty of time to bond and share ideas.

Prav stall at the conference

Conference group photo

After the conference, Bhushan took us to Adalaj Stepwell, an attraction near Gandhinagar. Upon entering the complex, we saw a park where there were many langurs. Going further, there were stairs that led down to a well. I guess this is why it is called a stepwell.

Adalaj Stepwell

Later that day, we had Gujarati Thali for dinner. It was an all-you-can-eat buffet and was reasonably priced at 300 rupees per plate. Aamras (Mango juice) was the highlight for me. This was the only time we had Gujarati food during this visit. After the dinner, Aaruni dropped Sahil and I off at the airport. The hospitality was superb - for instance, in addition to Aaruni dropping us, Bhushan also picked up some of the attendees from the airport.

Finally, I would like to thank KDE for sponsoring my travel and accommodation costs.

Let’s wrap up this post here and meet you in the next one.

Thanks to contrapunctus and Joseph for proofreading.

May 12, 2025

Thejeshgn GN Linked List: FOSS Apps for Sharing Files between Devices

It’s a common requirement to share the files between multiple devices we own, sometimes even with strangers. Even though it’s a widespread requirement, there is no universal standard. iOS folks use AirDrop and Android folks use QuickShare, etc. They work only within their walled gardens, even though the data transfer happens in a p2p way. Over the years, some successful FOSS products have come close to fulfilling this requirement. Here are mine.

LocalSend

LocalSend is what I use every day to share ad hoc files between devices on the same local network or my WireGuard network. You can send files, folders, text, or clipboard content. It works very well on Android and Linux. It’s also supported on Mac, iOS, and Windows. No registration required; other devices on the network are discovered automatically. There is an option to share with folks who don’t have a client by using the URL.

Technically, it’s pretty straightforward. When you start LocalSend, it starts a RESTful service used for communication. Each device generates its own TLS/SSL certificate for communication. You can get the information from the local info endpoint once you start the LocalSend. It’s easy to use; it works all the time; the protocol is easy to understand. You could write custom clients if you want.

Tip: If your device is not auto-discovered on the VPN/WireGuard, go to Send, Nearby devices, favorites ❤️ and add using the IP. After joining a new network, you need to restart LocalSend so that its services are re-advertised and accessible across all or appropriate IP subnets (e.g., 192.x.x.x, 100.x.x.x, 10.x.x.x).

KDE Connect

KDE Connect isn’t just for file sharing — it’s about sharing devices. You can send files and links, ring your phone, check its battery, get notifications, control media, run presentations, use a remote keyboard or trackpad, and even send custom commands. I am a Gnome person, I have installed it using GSConnect, a Gnome Shell Extension.

Syncthing

Syncthing is more like Dropbox, to keep folders in sync between devices. I use it to sync my work folders between devices. It works very well between Linux devices. I use Syncthing-Fork on Android.

I have used SnapDrop/PairDrop a few times, and they work. I have used them only for not-so-private things. I don’t use them that much anymore.

These three tools are solid, well-tested, and used by millions. You might even need to use more than one, depending on what you’re trying to do. They’ve got tons of features too—but that’s another post.

You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

Subscribe

The post Linked List: FOSS Apps for Sharing Files between Devices first appeared on Thejesh GN.

May 09, 2025

Abhijith PA Bug squashing party, Kochi
Last weekend, 4 people (3 DDs and 1 soon to be, hopefully in coming months) sit together for a Bug squashing party in Kochi. We fixed lot of things including my broken autopkgtest setup.

It all began from a discussion in #debian-in of not having any BSPs in the past in India. Then twisted in to hosting a BSP by me. I fixed the dates to 3rd & 4th May to get packages migrate naturally to testing with NMUs before the hard freeze on 15th May.

Finding a venue was a huge challenge. Unlike other places, we have very limited options on hackerspaces. We also had some company spaces (if we asked), but we may have to follow their office timings and finding accommodation near by was also a challenge.

Later we decided to go with a rental apartment where could hack all night and sleep. We booked a very bare minimal apartment for 3 nights and 3 days. I updated wiki page and sent announcement.

Not even Wi-Fi was there in the apartment, so we setup everything by ourselves (DebConf style :p ). I short listed some newbie bugs, just in case if newcomers joined the party. But it was only we 4 people and Kathara who joined remotely.

We started from May 2nd night, stacked our cabin with snacks, instant noodles and drinks. Arranged beds, tables and started hacking and having discussions. My autopkgtest-lxc setup was broken. I think its related to #1017753, which got fixed magically and now I started using autopkgtest-podman.

I learned
- reportbug tool can use its own SMTP server by default
- autoremovals can be extended if we pinged to the bug report.
On last day, we went to a nice restaurant and had food. There was a church festival nearby, so we were able to watch wonderful procession and fireworks at night.

All in all we managed to touch 46 bugs of which 35 is now fixed/done and 11 is open, some of this get status done when it reaches testing. It was a fun and productive weekend. More importantly we had fun.

Thejeshgn GN Weekly Notes 19/2025
NMG/2025 results are out. It took me a while to go through the applications this time. But finally I sat down and closed. There are some emails and follow-ups left; otherwise, it’s done. I’m pleased with how this year’s grant turned out and the number of people who participated. It’s starting to feel like a community, which wasn’t the original goal, but it’s a wonderful outcome.

Uma at the park playground—she loves walking around barefoot.
- Getting back to work slowly with lots of caution. This week has been very good. I got things done. I am also working on some interesting things. Hopefully, I get to write more about them.
- I have been feeling much better than last week. I plan to start physiotherapy next week as there is very little pain now.
- Took a break from the daily grind to have lunch at Dolphins Bar. It was a weekday, so it was less crowded and we could have a decent conversation.
- Bengaluru weather has been good. It’s still not as hot as I thought it would be.
- For toddlers, school and sickness often go hand in hand. Uma had a lingering cold earlier but is doing much better now that we have summer holidays. She still meets her friends at the park daily, and we walk together in the evenings.
- Is it controversial to say WAR IS BAD?
- I found a bunch of weekly-noters this week – Steve, Mike, Courtney, and Daryl. I am yet to update the blogring.
- I introduced vector-based matching to a friend working on one of my older projects, replacing the traditional keyword-based matching. This shift should significantly improve the ability to retrieve thematically similar songs. I hope they go ahead with it. It will be interesting to see how it turns out. It was one of the earliest (2012) projects to use FOSS MongoDB. I loved it. In the last few years, MongoDB has become a source-only project. Also, some features, like FTS or Vector Search, are not in the community edition. At some point, it would be ideal to move to PostgreSQL using FerretDB without code changes. FerretDB is a proxy that converts MongoDB wire protocol queries to SQL and uses PostgreSQL with the DocumentDB extension as a database engine. That way, we can go back to boring technologies. Though FerretDB’s interface currently doesn’t have vector columns, we could use Vector Index-based search or pgvector within the same PostgreSQL instance. They are presently using ChromDB as an additional vector Database. It’s the easiest VectorDB to get started with, especially when you are on a really small project.
You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

Subscribe

The post Weekly Notes 19/2025 first appeared on Thejesh GN.

May 08, 2025

aktsbot Announcing spb and lil
Announcing spb and lil

08 May 2025

spb

simple paste bin had been around for a couple of years. For a long time, spb ran with a mongodb database. Not anymore!

I updated it to use sqlite3 for its database and modernized the codebase a little bit.

Improve the source code over at github or see it in the wild over at spb.aktsbot.in.

lil

This is my take on a url shortener. The goal with lil was to
1. Store no user data.
2. Be usable from the terminal. i.e have a no BS api.
3. Use zero client side JavaScript.
4. Be easy to maintain
Source is at github. See it live on one0.xyz.

Happy Hacking & have a great day!

May 07, 2025

Thejeshgn GN Nagarathna Memorial Grant – 2025 – Results

Let me start by saying I am sorry for the delay. I have been suffering from Cervical Radiculopathy from the beginning of this year. Thankfully, pain has reduced, and I am working on getting back to physiotherapy. Thank you for understanding.

There were 100+ high-quality applications this year, making going through and selecting hard and time-consuming. I am happy about them. Thanks to friends for pitching. Gangadhar(25K), Shweta/Ashwini(50K), Divya(50K), Nemo(55K), Kamala Manoharan (100K), Y(30K), S(10K), and T(10K) pitching in to make the total amount 4.3L. This is also the first year a former grantee has become a grantor (Not in their name), making it truly special.

Name	Amount
Vihan Verma – 3D Design Work – clinostats	15,000
Sai Phanindra – OSM Related Work	15,000
Benson Muite – FOSS Work	15,000
Mihir Pathak – Local Khoji	35,000
Rupesh – Laptop Upgrade for work	25,000
Shrirang Kahale – FOSS Mirrors	25,000
Vinay Kumar – reclaimconstitution.in	50,000
Ishita Das – Illustrations of Kodagu butterfly and moth	50,000
Nehal Agrawal – The Reading Tent	50,000
Gaurav Patil – Film Project on Mr. Pradip Patade	50,000
Subhadip Senapati – Engaging Female Students/Prayoga Institute	100,000

You should receive an email with the details today. Congratulations to all the grantees, and a huge thank you to everyone who applied, shared, and supported.

Join our moderated Friends of NMG email list to connect with like-minded people and stay updated. You can go to main project page for all the details.

Note: Updated Nemo’s contribution and Mihir’s grant on May 17, 2025. Total grant amount in 4.3L.

You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

The post Nagarathna Memorial Grant – 2025 – Results first appeared on Thejesh GN.

May 06, 2025

Bhavani Shankar Why I don't use full disk encryption
After diving into the rabbit hole of encrypting my entire disk, I decided it is not worth it. These are my reasons:
- High app launch delay: Cloudflare benchmarked dm-crypt encrypted disks to be 2-7 times slower. It means apps start at snail's pace; imagine a web browser opening in 5s instead of 0.7s.
- Impact on battery life and RAM: Encrypting, decrypting bytes, and juggling them across the boundaries of disk and RAM is expensive. If you are on a laptop, it eats up battery life.
- Shortens SSD lifespan: FDE, for security reasons, doesn't enable TRIM by default. It fills the entire disk with random data causing increased wear and tear of your solid state drive.
- Extremely inefficient: It impartially encrypts everything — even those parts that don't require it like system files — making it harder to fix a broken system.
Popular methods of full disk encryption
- TPM, secure boot: Completely transparent to the user because the key is stored on TPM. This variant is good for tamper prevention. Thieves can boot your device and access your data.
- Passphase based: /boot is not encrypted and is responsible for prompting the password during boot. It leads to bad user experience. If somebody puts a virus in /boot, the next time the user enters the password, it infects the whole system.
More drawbacks
- Sleep/Suspend vulnerability: A machine with a fully encrypted disk is secure only when it is off. Data on the RAM is not encrypted and can be extracted.
- Doesn't stop strong adversaries: It's useless against law enforcement and the mafia because they can force you to unlock your device.
- Multi-user systems: It doesn't protect your files from other users on your machine.
A better alternative

Application level encryption overcomes all these drawbacks.

Selectively encrypt files and folders

Encrypt just your private files — it's incredibly fast and secure. You may even use a different password for each file/folder. Multi-user device? No worries. I would suggest to:
- Encrypt files and folders — including personal pictures, videos, and documents etc with gocryptfs. You can sync encrypted folders across devices with Dropbox and automatically mount on login.
- Encrypt browser profile (folder) with gocryptfs. It prevents others from accessing your web browsing history, passwords, payment methods, and web subscriptions etc.
- Set a strong passphrase for ssh and gpg keys to secure your private keys.
- Use read-only filesystems for system files. Conveniently Nixos has a read-only filesystem and hashed folder names at /nix — where system files are stored — making it resilient to tampering.
- Make use of deniable encryption with Veracrypt. Create hidden virtual disks inside encrypted file systems. Nobody can even know that they exist.
- Encrypt files and folders with gocryptfs. You can sync encrypted folders across devices with Dropbox and automatically mount on login.
- Use Tails OS: When you need as much privacy and anonymity as possible, boot into tails from a USB drive and then shut it down as soon as your work is done.

May 05, 2025

Ravi Dwivedi A visit to Paris

After attending the 2024 LibreOffice conference in Luxembourg, I visited Paris in October 2024.

If you are wondering whether I needed another visa to cross the border into France— I didn’t! Further, they are both also EU members, which means you don’t need to go through customs either. Thus, crossing the Luxembourg-France border is no different from crossing Indian state borders - like going from Rajasthan to Uttar Pradesh.

I took a TGV train from Luxembourg Central Station, which was within walking distance from my hostel. The train took only 2 hours and 20 minutes to cover the 300 km distance to Paris. It departed from Luxembourg at 10:00 AM and reached Paris at 12:20 PM. The ride was smooth and comfortable, arriving on time. It gave me an opportunity to see the countryside of France. I booked the train ticket online a couple of days prior through the Omio website.

TGV train I rode from Luxembourg to Paris

I planned the first day with my friend Joenio, whom I met upon arriving in Paris’ Gare de l’Est station, along with his wife Mari. We went to my hostel (which was within walking distance from the station) to store my luggage, but we were informed that we needed to wait for a couple of hours before I could check in. Consequently, we went to an Italian restaurant nearby for lunch, where I ordered pasta. My hostel was unbelievably cheap by French standards (25 euros per night) that Joenio was shocked when he learned about it.

Pasta I had in Paris

Walking in the city, I noticed it had separate cycling tracks and wide footpaths, just like Luxembourg. The traffic was also organized. For instance, there were traffic lights even for pedestrian crossings, unlike India, where crossing roads can be a nightmare. Car drivers stopping for pedestrians is a big improvement over what I am used to in India. The weather was also pleasant. It was a bit on the cooler side - around 15 degrees Celsius - and I had to wear a jacket.

A cycling track in Paris

After lunch, we returned to my hostel for my check-in at around 3 o’clock. Then, we went to the Luxembourg Museum (Musée du Luxembourg in French) as Joenio had booked tickets for an exhibition of paintings by the Brazilian painter Tarsila do Amaral. To reach there, we took a subway train from Gare du Nord station. The Paris subway charges 2.15 euros irrespective of the distance (or number of stations) traveled, as opposed to other metro systems I have used.

We reached the museum at around 4 o’clock. I found the paintings beautiful, but I would have appreciated them much more if the descriptions were in English.

Luxembourg Museum

Afterward, we went to a beautiful garden just behind the museum. It served as a great spot to relax and take pictures. Following this, we walked to the Pantheon - a well-known attraction in the city. It is a church built a couple of centuries ago. It has a dome-shaped structure at the top, recognizable from far away.

A shot of the park near to the Luxembourg Museum

Pantheon, one of the attractions of Paris.

Then we went to Notre Dame after having evening snacks and coffee at a nearby bakery. The Notre Dame was just over a kilometer from the Pantheon, so we took a walk. We also crossed the beautiful Seine river. On the way, I sampled a crêpe, a signature dish of France. The shop was named Crêperie and had many varieties of Crêpe. I took the one with eggs and Emmental cheese. It was savory and delicious.

Photo with Joenio and Mari

Notre Dame, another tourist attraction of Paris.

By the time we reached Notre Dame, it was 07:30 PM. I learned from Joenio that Notre Dame was closed and being renovated due to a fire a couple of years ago, so we just sat around and clicked photos. It is a catholic cathedral built in French Gothic architecture (I read that on Wikipedia ;)). I read on Wikipedia that it is located on an island named Île de la Cité and I didn’t even realize we are on an island.

At night, we visited the most well-known attraction of Paris, The Eiffel Tower. We again took the subway, alighting at the Bir-Hakeim station, followed by a short walk. We reached the Eiffel Tower at 9 o’clock. It was lit bright yellow. There was not much to do there, so we just clicked photos and hung out. After that, I came back to my hostel.

My photo with Eiffel Tower in the background

Next day, I roamed around the city by walking mostly. France is known for its bakeries, so I checked out a couple of local bakeries. I had espresso a couple of times and sampled croissant, pain au chocolat and lemon meringue tartlet.

Items at a bakery in Paris. Items from left to right are: Chocolate Twist, Sugar briochette, Pain au Chocolat, Croissant with almonds, Croissant, Croissant with chocolate hazlenut filling.

Here are some random shots:

The Paris subway

Inside a Paris subway

A random building and road in Paris

A shot near Seine river

A view of Seine river

On the third day, I had my flight for India. Thus, I checked out of the hostel early in the morning, took an RR train from Gare du Nord station to reach the airport. It costs 11.8 euros.

I heard some of my friends had bad experiences in France. Thus, I had the impression that I would not feel welcomed. Furthermore, I have encountered language problems in my previous Europe trip to Albania and Kosovo. Likewise, I learned a couple of French words, like how to say thank you and good morning, which went a long way.

However, I didn’t have bad experiences in Paris, except for one instance in which I asked my hostel’s reception about my misplaced watch and the person at the reception asked me to be “polite” by being rude. She said, “Excuse me! You don’t know how to say Good Morning?”

Overall, I enjoyed my time in Paris and would like to thank Joenio and Mari for joining me. I would also like to thank Sophie, who gave me a map of Paris.

Let’s end this post here. I’ll meet you in the next one!

Credits: Thanks to contrapunctus for reviewing this post before publishing

KhubsuratInsaan The Gradual Encroachment of Capitalistic Tendencies

As an OpenStreetMapper, I love adding things which are supposed to be more or less guaranteed to persist for more than 10 years, such as parks and addresses. The act of seeing my parks on the map with their striking green colour gives me immense joy, and I get a similar joy from seeing the cute house numbers displayed on a series of nice rectangles.

So, it was obvious to me that addresses would be among one of my first contributions. I started looking out for areas with “nice” regular buildings who have clearly displayed their addresses in front of their houses.

My friend’s house was one such building. On a sunny day when (say) A and I were strolling, I told them about my plan to add their street to OSM. I was expecting, at the worst, some casual indifference about that whole affair. However, their response surprised me. They told me that ’the address is their private property’ just like ’the part of the street in front of their house is their private property.'

First of all, both of those statements are false. As is often the case, the street where my friend live is owned by the government, and all of its addresses are in public domain. I could, of course, have ignored this stupidity. However, I decided to reflect a little on this thing. What would a private system of addresses entail?

A private system of address would mean that the address is owned by the house owners. To prevent any intelligent guessing, these house numbers would have to be random, and can be appended with brand names to generate extra money for the house owners (like “SBI 1675343204892384123809323”). A government agency can be given the task of ensuring that the addresses remain private.

Now comes the difficult part, we have to make these addresses excludable and rivalrous. To ensure excludability we can generate a new address every time it is accessed by someone. So, if A visits SBI 1675343204892384123809323 (by paying a fee to the government agency which transfers the money to the house owner) and connects it to a coordinate, then the owner can change the address to a new one, ensuring that the next person would also have to pay the fee. This has the obvious disadvantage that once B’s personal data is revealed, A can instead connect the coordinates to B’s personal data and then sell it in the underground market. To avoid this problem, B can try to hide their personal data as much as possible, going as far as to change their personal data after a “leak.” To make the “good” rivalrous, the owner can impose a monthly limit on the number of access.

I have to admit, the above framework is pretty flaky. However, it is an OK starting point to think about monetisation of addresses. I am very happy that the above system is not practical, and so mapping addresses is still a useful endeavour. For now.

May 02, 2025

Thejeshgn GN Weekly Notes 18/2025
We follow a zero-screen policy for Uma. That means we don’t watch anything when she’s awake. It’s reduced my phone and TV time, which is good. Thankfully, she’s not too interested in work computers.

But keeping toddlers away from phones is hard. Everyone has one, and you can’t control others. The moment she gets a chance, she’s drawn to a phone—and most people happily show her something :(

No screens also means we have to keep her engaged all the time. That’s tough, especially on days when we’re exhausted or sick. If you are a parent, how do you do it? Send some tips.

A friend sent me this picture of a mural at a Thai restaurant in New Castle. Thank you friend :)
- The pain is varying every day. On Saturday, it was low. On Sunday, it was almost zero. I worked on Monday and Tuesday. It was slightly back on Wednesday, so I reduced work again. Now it’s been okay.
- Hence, all the work is going slow, including NMG. Results will be announced on the 7th. I am almost done with it. I need a few days to consolidate my thoughts and filter things.
- My new computer is here, it’s a ThinkPad T14s 6 Gen (AMD). It has Ubuntu 24.04 LTS with Wayland. I am generally happy, except for a few things that would work with X11, namely Autokey, Peek, and Ksnip, doesn’t work. Thankfully, I could get Ulauncher to work. I am happy to have some horsepower.
- I have already eaten more mangoes than the whole summer last year. We have just entered May, and mangoes will be in the market till July. I love mangoes; it’s one of my favorite fruits.
- Bengaluru weather has been decent this week. It’s not as hot as I expected, thanks to summer showers.
- I watched Nodidavaru Enanatre, a good movie; I liked it. It doesn’t hide the fact that it’s been heavily influenced by Into the Wild. I can sit through bad English, Hindi, or Telugu films. Bad Tamil or Malayalam ones are harder, but I might still watch them. But even an above-average Kannada movie feels unwatchable to me. My expectations are too high—I sometimes feel bad for Kannada filmmakers.
- I also watched FireFly. Its quite experimental, but I loved it
- I bought IndiaFOSS/2025 tickets; It’s on 19th September. I am also helping to put together a FOSS in Open Data DevRoom with Nemo and others. Ping me if you’re interested. I’ll share more details once I have them.
- I will also be at IITM for Paradox/2025 in June, from the 5th to the 8th. I plan to work remotely, meet folks, and enjoy the festivities. Again, if you are going to be there, ping me.
- I have weekly-noters Dougbel Shaw and Tom on my blogring now. The more Weekly Notes I read, the more I am finding. I love it.
- If you plan to share the LLM API keys and budgets with a team, try LiteLLM proxy. You can use it to call LLM APIs using the OpenAI format, generate keys, and keep tabs on a budget in one centralized dashboard. We used it last time at the IITM/Paradox hackathon; it worked well. Also, it’s always good to write code against one interface. I mentioned it briefly in WN-12/2025. But I have started to use it with my team now, so I am repeating it.
- How much ever you avoid, there will be one irritating right-wing hater around you. I usually ignore them and steer clear. But sometimes, it’s unavoidable. In one such moment, I said, “If you don’t like secular India, you’re free to move to a religion-based country.” They were stunned—I guess they thought “leave the country” was only their line. Sometimes, very rarely, I like being a troll of trolls. We are in this mess because we allowed them to occupy safe spaces, including and especially on the web. Someone once said, “The only thing necessary for the triumph of evil is for good men to do nothing.” It’s true, and we are all responsible.
Note: I forgot to click publish on time :) so its late by few minutes.

You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

Subscribe

The post Weekly Notes 18/2025 first appeared on Thejesh GN.

April 29, 2025

Karthik Contributing to Movim Again!

Last week, I got one more opportunity to contribute to movim’s CI/CD setup, which is in same scope as my previous contribution.

As the movim project dropped support for MySQL database, starting with v0.30.1, The developers wanted to test app setup with mariabd along with the existing postgres based setup job in the CI pipeline. Hence i got involved to support it.

It was relatively easy, as i just have to swap out one of the previous job steps involving postgres with mariabd. But, it took me some time to figure out a working mariadb github action out of available options.

Related PR: https://github.com/movim/movim/pull/1431

April 28, 2025

Thejeshgn GN ThinkPad T14s Gen 6 (AMD)
I wanted a replacement for the computer that broke last year (WN 29/2024). LC230 has been fulfilling that place, but it’s not made for that. Finally, I did some research and got a custom-built ThinkPad from Lenovo. For a long time, I considered the budget before buying a laptop (except for my first laptop – Sony Vaio), which was always below ₹75K. But this time I wanted to gift myself a high-end one, and after all, I was buying a workhorse after seven years.

The requirements were simple – sturdy, lightweight, small, robust, and comes with Linux (in all previous cases, it came with Windows, and I had to erase and install Linux).

Meta T14sAMD showing its product description page

Solution

The solution I found was ThinkPad T14s Gen 6 (AMD) (Empty Wikipedia section for the model, as it’s a 2025 model). I customized it to have
- AMD Ryzen™ AI 7 PRO 360 w/ Radeon™ 880M × 16
- 64 GB LPDDR5X-7500MHz (Soldered)
- TB SSD M.2 2280 PCIe Gen4 Performance TLC Opal
- 35.56cms (14) WUXGA (1920 x 1200) – Default
- 5MP RGB+IR with Microphone
- Preinstalled Ubuntu 24.04 LTS
It looked and felt like how I thought it would be. However, preinstalled Ubuntu didn’t come with Full Disk Encryption (FD)E), and there was no reason to trust their installation. So, I reinstalled the same Ubuntu 24.04 LTS with FDE. Everything worked as before.

Things I like

I have not used it a lot but things that I like are here
- It’s small and lightweight
- It’s capable on paper and in my initial tests
- It’s not a standard Thinkpad keyboard, but still very good
- It has a hardware (slide to close/open) shutter button for the camera. I love it.
- Good camera. I don’t have to use an external camera now
- Good enough microphone and speakers
- USB power in
- USB power out for my portable screen
Things I miss
- All USB-Cs are on the left, and I would have loved at least one on the right
- I would have loved the hardware microphone mute button
- I know it’s tough on thin laptops, but an ethernet port would have been perfect
Things for me to explore

It comes with AMD Ryzon AI. Ryzen AI software enables applications to run on the neural processing unit (NPU) built in the AMD XDNA™ architecture, as well as on the integrated GPU. I don’t know much about it. This is my first AMD machine. According to the documentation, the tools and runtime are supported on Linux. It supports ONNX formats. Ideally, it should make the local inferencing faster. I will try that out and let you know how it goes.

I have also not tested its GPU capabilities yet. All I know is my SpeechNote (on Flathub) with Whisper.cpp model is almost instantaneous.

Conclusion

I love it and plan to use it daily. I know it cost a lot (₹1.6 lakh), but I believe I’ll use it almost every day for over five years. So it feels worth it, but I’ll keep you updated.

It’s LC230 in the middle and T14sAMD on right.

LC230 will return to its previous role as a backup computer. That also reminds me I have not written a detailed review of LC230. I will write, now it’s time.

You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

Subscribe

The post ThinkPad T14s Gen 6 (AMD) first appeared on Thejesh GN.

April 21, 2025

KhubsuratInsaan Lonely: Part 1

I often feel lonely, and I don’t have many friends. This blog series documents my journey towards ending this state of deprivation which has been plaguing my work since months.

For a quick start, I decided to join some local communities in Delhi. I am already a part of OpenStreetMap Delhi, but their meetups happen only once a month, which makes it very difficult to nurture the connections I make there (if I am able to create them in the first place). I have searched a little and have now found some other communities where I should be able to find new people.

The first one is HochPoch Delhi, which is a group of 2 people organizing meetups every Wednesday. They hangout in art galleries, museums, and cafes. They seem pretty chill, and I hope to meet some cool people there.

The second one is Lodhi Reads, who meet every Saturday at Lodhi Gardens to read books in silence. This seriously sounds like heaven to me.

I will write about my experience at these two places in Part 2.

April 18, 2025

Bhavani Shankar A weird algorithm for sharing coins
Here's a memorable problem from Project Euler:

There are 7 ways to separate 5 coins into piles (as shown). How about 100 coins?
```
OOOOO
OOOO   O
OOO   OO
OOO   O   O
OO   OO   O
OO   O   O   O
O   O   O   O   O 
```
Solution

In number theory, it is known as the partition function: $p(k)$. So $p(5) = 7$. A simple formula for $p(n)$ is currently unknown but, we can calculate it recursively. The key insight is how we break $p(n)$ into smaller problems.

Let $p(n, k)$ be the number of ways to arrange of $n$ coins into piles allowing up to $k$ coins per pile. For example, $p(4, 2)$ is:
```
OO   OO
OO   O   O 
O    O   O   O
```
Let's build the recurrence.
- If $k = 1$, we can only put 1 coin in each of the $n$ piles; if $n=1$, there's only one coin. There's only one arrangement in either case. Therefore,
$$p(n, 1) = p(1, k) = 1$$
- The possible arrangements for $n, k$ can be segregated into two categories:
  1. Those that only use smaller piles of $k-1$ coins or less.
  2. And the rest — with a pile of $k$ coins. If we remove it, we are left with all possible ways to arrange $n-k$ coins.
$$p(n, k) = p(n, k-1) + p(n-k, k)$$

A concrete example

To be certain that we understand, let's divide $p(5, 3)$ into these two groups. The first group $p(n, k - 1)$ has all arrangements with piles of size $k - 1 = 2$ or less.
```
OO   OO   O
OO   O   O   O
O   O   O   O   O 
```
The 2nd group contains one pile of size 3. If we remove it, we are left with $p(2, 2)$.
```
000   OO
000   O   O
```
Adding these two counts, we can see that $p(5, 3) = 5$. Let's calculate $p(5, 3)$ recursively now.

What if $n \leq 0$?

We missed a base case; $p(0, 2)$ came from $p(2, 2)$ after making a common pile of 2 coins; we need one arrangement to put the common pile. Though it seems a bit counterintuitive, we need to set:

$$p(0, k) = 1$$

During recursion, we will encounter calls like $p(2, 3)$. Blindly expanding will result in negative values for $n$:

$$p(2, 3) = p(2, 2) + p(-1, 3)$$

We can add a maximum of $n$ coins to a pile. So we can set $k$ to $n$ when $k > n$.

$$p(2, 4) = p(2, 2)$$

Writing the code

Let's write an implementation of our 4 base cases and the recurrence and use it to compute $p(100, 100)$.
```
fn partitions(n: usize) -> usize {
    fn partitions_helper(n: usize, k: usize) -> usize {
        if k > n {
            partitions_helper(n, n)
        } else if n == 0 || n == 1 || k == 1 {
            1
        } else {
            partitions_helper(n, k - 1) + partitions_helper(n - k, k)
        }
    }
    partitions_helper(n, n)
}

fn main() {
    println!("{}", partitions(100));
}
```
After about a second, we are greeted with the answer.
```
190569292
```
Speeding it up

A lot of values are computed again and again. For instance,

If we continue expanding the first 2 terms, we will encounter $p(2, 2)$ twice. It makes sense to use caching a.k.a memoization with crates like cached. With caching, this problem goes from exponential to quadratic time complexity i.e $O(e^{n})$ to $O(n^2)$ — a gap so huge that calculating $p(1000)$ would shrink from days to under a second.
```
use cached::proc_macro::cached;
...
    // Just add this proc macro to above code. That's it!
    #[cached]
    fn partitions_helper(n: isize, k: isize) -> isize {
    ...
```
Bottom-up approach

Instead of caching previously computed recursive calls, we can avoid the stack overhead by just starting from the base and building up higher and higher until we reach the answer. This approach is cleaner and faster.
```
fn partitions_bottom_up(n: usize) -> usize {
    let mut partitions = vec![vec![0; n + 1]; n + 1];

    // fill all the base cases
    for i in 0..=n {
        partitions[0][i] = 1;
        partitions[1][i] = 1;
        partitions[i][1] = 1;
    }

    // build up the rest of the n, k values
    for i in 2..=n {
        for j in 2..=n {
            partitions[i][j] = partitions[i][j - 1];
            if i >= j {
                partitions[i][j] += partitions[i - j][j];
            }
        }
    }

    partitions[n][n]
}
```

April 17, 2025

Bhavani Shankar Sudoku solver in 100 lines of Rust

Sudoku is an addictive number placement puzzle that is logic-based. To win, you should fill the missing cells such that all rows, columns and each of the nine 3x3 boxes contain all numbers from 1 to 9. A well-posed Sudoku has only one solution.

After conquering basic algorithms, a Sudoku solver feels like a rite of passage to be a good coder. So, let's write a program that can solve any Sudoku puzzle in less than a second, starting from scratch.

Algorithm

To solve any problem, we should begin by designing an algorithm. Let's see -

Check if the Sudoku puzzle is valid.
Find an empty cell and guess a number.
Continue with (1) until either:

a. No empty cells are left - we found a solution!

b. We cannot proceed - We made wrong guesses. Then, we should step back and try and continue (1) with a different guess.

This backtracking algorithm will enumerate all solutions. If you are familiar with graphs, you will notice it is identical to depth-first search.

Each circle is an intermediate solution. You jump to the bottom circles by making a valid guess (arrow) and when you reached the bottom, you take a step back and explore other possibilities.

Encoding

To achieve a compact representation, we can write down a Sudoku row by row as an array of numbers. Empty cells are indicated with 0. Then, the above puzzle becomes:

000000005000075060715000002074031006100706003600520970300000859020980000400000000

Validating a region

With this representation in mind, we can begin by writing a check for all Sudoku constraints - all rows, columns and 3x3 boxes should contain 1 to 9 exactly once. Let's call each one of them regions. A region can be one particular row or a column or a box.

fn is_valid_region(region: [u8; 9]) -> bool {
    let mut seen = [false; 10];

    for n in region {
        if n != 0 && seen[n as usize] {
            return false;
        }
        seen[n as usize] = true;
    }

    true
}

The function is_valid_region checks if the numbers 1-9 occur only once.

Extracting regions

Fetching the nth row of a Sudoku is straightforward. In our representation, the 1st row is 0, 1, 2, ..., 8. The 2nd row is 9, 10, 11, ..., 17 and so on. So, the nth row is:

With a similar approach, we can deduce the patterns for nth column and the nth box. To keep the code simple, I hard coded the 1st box and the offsets to get the other boxes.

   // Get nth row of a sudoku
   fn get_row(sudoku: [u8; 81], row_index: usize) -> [u8; 9] {
       let mut row = [0; 9];
       for i in 0..9 {
           row[i] = sudoku[i + row_index * 9];
       }
       row
   }
     // Get nth column of a sudoku
   fn get_column(sudoku: [u8; 81], column_index: usize) -> [u8; 9] {
       let mut column = [0; 9];
       for i in 0..9 {
           column[i] = sudoku[i * 9 + column_index];
       }
       column
   }
     // Get nth box of a sudoku
   fn get_box(sudoku: [u8; 81], box_index: usize) -> [u8; 9] {
       let mut box_region = [0; 9];
       let first_box = [0, 1, 2, 9, 10, 11, 18, 19, 20];
       let box_offsets = [
           0,
           3,
           6,
           9 * 3,
           9 * 3 + 3,
           9 * 3 + 6,
           9 * 6,
           9 * 6 + 3,
           9 * 6 + 6,
       ];
    
       for i in 0..9 {
           box_region[i] = sudoku[first_box[i] + box_offsets[box_index]];
       }
       box_region
   }

Validating Sudoku

To check if a Sudoku is valid, we just need to extract all 27 regions and verify that they are consistent.

// Returns true if a sudoku is valid.
fn is_valid_sudoku(sudoku: [u8; 81]) -> bool {
    for i in 0..9 {
        if !(is_valid_region(get_row(sudoku, i))
            && is_valid_region(get_column(sudoku, i))
            && is_valid_region(get_box(sudoku, i)))
        {
            return false;
        }
    }
    true
}

Solving

The backtracking algorithm that we designed looks like this in Rust:

/// Recursively enumerates all solutions of a sudoku puzzle
pub fn solve_sudoku(sudoku: [u8; 81]) -> Vec<[u8; 81]> {
    let mut solutions = Vec::new();
 
    fn solver(solution: [u8; 81], solutions: &mut Vec<[u8; 81]>) {
        let mut empty_cell_found = false;
     
        for i in 0..81 {
            if solution[i] == 0 {
                empty_cell_found = true;
             
                for n in 1..10 {
                    let mut new_solution = solution;
                    new_solution[i] = n;
                    if is_valid_sudoku(new_solution) {
                        solver(new_solution, solutions);
                    }
                }
                break;
            }
        }
     
        if !empty_cell_found {
            solutions.push(solution);
        }
    }
 
    solver(sudoku, &mut solutions);
    solutions
}

We find an empty cell, make a valid guess and call solver recursively. We keep exploring deeper and deeper until we cannot proceed further. If all the cells are filled up, then it's a solution. We add it to our list. We continue searching the remaining paths in this graph.

This worked beautifully. It printed out the solution to the above puzzle in 0.0s.

534678912672195348198342567859761423426853791713924856961537284287419635345286179

Here's another example:

let sudoku = [
    6, 4, 5, 9, 0, 0, 0, 0, 0,
    0, 7, 3, 1, 0, 0, 0, 5, 0,
    2, 0, 0, 0, 5, 0, 0, 0, 0,
    5, 9, 0, 0, 3, 7, 6, 0, 0,
    0, 0, 0, 0, 0, 0, 0, 0, 0,
    0, 0, 4, 5, 8, 0, 0, 3, 9,
    0, 0, 0, 0, 7, 0, 0, 0, 3,
    0, 3, 0, 0, 0, 4, 1, 9, 0,
    0, 0, 0, 0, 0, 1, 8, 2, 7,
];

let solutions: Vec<[u8; 81]> = vec![
    [
        6, 4, 5, 9, 2, 8, 3, 7, 1,
        9, 7, 3, 1, 4, 6, 2, 5, 8,
        2, 8, 1, 7, 5, 3, 9, 4, 6,
        5, 9, 8, 4, 3, 7, 6, 1, 2,
        3, 2, 7, 6, 1, 9, 5, 8, 4,
        1, 6, 4, 5, 8, 2, 7, 3, 9,
        8, 1, 9, 2, 7, 5, 4, 6, 3,
        7, 3, 2, 8, 6, 4, 1, 9, 5,
        4, 5, 6, 3, 9, 1, 8, 2, 7,
]];

assert_eq!(solve_sudoku(sudoku), solutions);

April 12, 2025

Bhavani Shankar Self-existing objects of time travel
Jinn particle is a mind boggling yet simple concept from theoretical physics that has been explored in fiction. To understand what it is, imagine meeting an old man who gifts you a book. Leaving, he says

"Do not open the book until you know who I am."

Decades pass by and you forget the book in the corner of a closet. Looking in the mirror, one day, you realize that you are starting to appear exactly like that old visitor — maybe you are him? You open the book and find schematics of a time machine. Over the next few years, you digest its contents and construct a time machine. Then, you return the book to the past.

The origins of this book is a perplexing mystery — without a beginning or an end — it just exists in this time loop. But if time travel is real, these self-existing items must exist.

Jinn particles over time

Ordinary books wear out with time; the paper turns yellow, wrinkly, and torn; the print fades. In physics, we call it entropy. To return the book to your past self in exactly the form that you received, either:
1. The book always remains in the exact same condition — time has no effect on it.
2. It reverts to the younger form during time travel. The entropy accumulated by the book is dissipated into the environment.
A human jinn particle

You meet a time traveler at 10 am, today and have a lovely conversation with her. At 10:15 am, she says it's time to go. As she is leaving, you peek inside the time machine and your jaw drops. She has set the destination to 10 am, today — the precise moment she arrived.

This person has changed over the course of the conversation. Her brain formed new connections and memories; her body aged for 15 minutes; she has accumulated entropy. As a jinn particle, she will shed memories of this brief conversation and aging before she arrives.

Implications of their existence

Part of the spookiness of a jinn particle is how certain actions become necessary — you have to return the book to the past. You cannot destroy it. Either the thought itself cannot occur or you refrain from acting on it — perhaps due to a fear of destroying reality. Maybe all your attempts fail due to coincidences or the book simply turns out to be indestructible.

More interestingly, you destroy the book but the schematics of the time machine form in your mind. You write the book and give it to your past self. Then it's not a jinn particle anymore.

Whatever ends up happening, if jinn particles exist, certain events will be predestined. This leaves the notions of free will and non-determinism in jeopardy.

April 10, 2025

KhubsuratInsaan A Rude Girl

Last Saturday a girl messaged me. She was one of my opponents in a Chess tournament I played a long time ago. (After the tournament, she asked for my mobile number; and I was surprised to see her use it after such a long time.) I was, of course, pleased to talk to her after such a long time.

After some chatting, she asked if she can call me. Me being an introvert, the idea of the voice call quickly overwhelmed me. After some thinking, I gave a lazy excuse of college assignments and we decided to talk on a call on Monday.

So, on Monday I started texting her about the call. And she started ignoring me, leaving my texts on “seen.” Meanwhile she was playing at Lichess! I didn’t get even a simple “I am busy” (which would take 15 seconds to type).

After 2 days, I blocked her. I am not going to deal with a person who lacks basic communication decency. Chivalry is seriously dead!

April 07, 2025

Bhavani Shankar A puzzle led me to a curious world of numbers
A seemingly simple puzzle took me down a rabbit hole.

Find a number that grows exactly $\frac{3}{2}$ times when the first digit becomes the last digit.

For example, turning first digit into the last digit looks like this: 1234 â†’ 2341. For brevity, let's call it rotating the number.

Solving with Brute force

The first idea that comes to mind. After all, the computer can check millions of numbers a second; if the solution is small enough, it will work. I began by writing a function to rotate a number.
```
use num_bigint::BigInt;

fn rotate_number(n: BigInt) -> BigInt {
    let digit_count: usize = n.to_string().len() - 1;
    let closest_pow = BigInt::from(10).pow(digit_count.try_into().unwrap());
    let first_digit = n.clone() / closest_pow.clone();
    let rest = n % closest_pow;
    rest * 10u32 + first_digit
}
```
Who knows how big a solution might be? So I chose the bignum library for arbitrary precision integers. It is a bit awkward to get the first digit and the rest of the number. We can also count the number of digits using logarithms.

And then, let's check all numbers until 100 million.
```
fn main() {
    for n in 1..100_000_000 {
        if rotate_number(n) * 2 == 3 * n {
            print(n)
        }
    }
}
```
The code failed to find an answer. After trying even larger limits, I gave up; it's time to try a different approach.

Some observations

After thinking about this number, I deduced that the answer has these properties:
- The number has to be divisible by 6. We are dividing n by 2 - so it has to be even. Similarly, the rotated number is divisible by 3 because the divisibility test for 3 is sum of digits. So the original number is a multiple of 3 too.
- The number has a prefix with 2 or more unique digits in ascending order. E.g. 35 or 117. This ensures that the rotated number is larger.
Maybe we can use these properties to speed up our brute force algorithm? But first, it might be prudent to look at numbers that almost work.

Finding approximate answers

We are looking for a number $n$ which has the property:

To find a number that almost satisfies this condition, we should minimize the result instead of setting it to zero.

$$|2R(n) - 3n| < \epsilon$$

Where $R(n)$ is the rotated number and $\epsilon$ is a small number.
```
fn measured_error(n: BigInt) -> BigInt {
    let mut error = 2u32 * rotate_number(n.clone()) - 3u32 * n;

    // calculate absolute value
    if error < BigInt::from(0) {
        error = -error;
    }
    error
}

fn find_approximates(limit: u32, eps: u8) -> Vec<BigInt> {
    let mut result = Vec::new();

    for n in 10..limit {
        let mut abs_error = measured_error(BigInt::from(n));
        if abs_error < BigInt::from(eps) {
            result.push(BigInt::from(n));
        }
    }

    result
}
```
Setting $\epsilon = 50$, we find quite a few approximate answers below 100 million.
```
35
58
235
470
3529
5882
23529
35294
58823
117647
235294
352941
470588
2352941
4705882
11764706
47058823
58823529
```
They are very close. Maybe we can tweak them by adding digits to obtain an exact solution? $$117647 \times \frac{3}{2} = 176470.5 \neq 176471$$

A greedy search

These numbers share a prefix and seem to converging to a solution. This gave me an idea. We can grow a solution by adding digits one at a time while keeping the error bounded. We might reach an exact solution in a finite steps or stumble upon an infinite sequence; So, we should limit the size of a guess.

Let's write a function next_guesses that grows the current guess by a digit while keeping the error less than $\epsilon$. For example: next_guesses(11) might output [116, 117, 118]. Then we explore the next guesses of these 3 like a tree.
```
fn next_guesses(n: BigInt, eps: u8) -> Vec<BigInt> {
    let mut guesses = Vec::new();

    for d in 0..10 {
        let next_guess: BigInt = 10 * n.clone() + d;
        let mut abs_error = measured_error(next_guess.clone());
        if abs_error < BigInt::from(eps) {
            guesses.push(next_guess);
        }
    }
    guesses
}

fn search(seed: BigInt, depth: u16, max_depth: u16, eps: u8) {
    for guess in next_guesses(seed, eps) {
        if measured_error(guess.clone()) == BigInt::from(0) {
            println!("{}", guess);
        } else if depth < max_depth {
            search(guess, depth + 1, max_depth, eps);
        }
    }
}

fn main() {
    search(BigInt::from(0), 0, 100, 50);
}
```
Running this code, we are greeted with some solutions.
```
0
1176470588235294
2352941176470588
3529411764705882
4705882352941176
5882352941176470
```
We even found the number 2352941176470588. When rotated, it produces another answer! I don't remember where I found this puzzle but I really enjoyed it. I looked up these numbers online and found cyclic and transposable numbers.

April 06, 2025

Bhavani Shankar Unexpected life lessons near the Tibet border

What I saw passing through a military guarded area, will stay with me to the end.

The incident

A short middle-aged man, wearing muddy, torn clothes was throwing stones at the army officers. His facial features indicated down's syndrome. Clearly, he had the intelligence of a child.

His flings were weak. Most stones missed and a few landed near their boots. A young officer furious, held his neck tight and slapped him with a heavy hand. "Never do it again!" he screamed pointing a finger at him. The teary-eyed man ran away while hurling more pebbles.

Contemplating the aftermath

The man likely didn't connect the dots that his behavior led to punishment. His beliefs about these hostile beings with a dress code were reinforced. His resentment and hatred have been aggravated. He will continue the behavior while trying harder to not get caught.

The army officer, from his place of power thought he was teaching a lesson. He was completely oblivious to the man's intellect and the consequences. Unwittingly, he caused more suffering by ensuring that the man will be beaten up again - the exact opposite of what he intended.

It's so common in India to beat a child to "discipline" them. The parents may even recite with pride, misinformed quotes like:

"Spare the rod, spoil the child."

Well congratulations. You made a conforming child but it is dead inside. It will grow up to be a dysfunctional adult suffering from great torment, mental disorders. Many will abuse drugs and indulge in crimes.

Spread kindness and happiness instead

Aghast by this incident, I asked myself "What would I have done?". Then, it came to me.

I would have treated the man a meal with my buddies. After establishing safety and a connection, and satisfying his hunger, I would gently explain that throwing rocks is bad. From then on, each time I see him on good behavior, I would reinforce it.

This goes in the face of our cultural conditioning. But, it is the only idea with a chance of actually working.

April 01, 2025

Bhavani Shankar Four stories for honing mental toughness

If you suffer from difficult emotions like me, this post can help. After exploring pragmatic beliefs, I long to share these four stories. These tales are a refuge during turbulent times. So, they are close to my heart. Most of these are extracted from discourses given by the Buddha.

Ruminations of a dying king

A king goes hunting in a forest and is shot with a poisoned arrow. His men rush him to the nearest village. The herbal doctor lays him down on a bed and starts dressing up his wound and offers an antidote. The king refuses the medicine and starts saying

"I can't take the medicine until I know who shot me and why. Is he an enemy from a neighboring kingdom? What metal and wood is the arrow made of? Why did he shoot me there but not deeper in the jungle? ..."

The doctor replies "If you don't take the medicine, not only will your questions remain unanswered, you will die".

In the face of hardships that are beyond our control, we tend to sit in a corner and cry. Drowned in victim mindset, we ruminate over questions that lead nowhere — just like the king. Let go, and take the medicine.

Two arrows of hurt

Being hit by two arrows hurts much worse than just one. Buddha said the first arrow is what life throws at us — including pain, diseases, death of loved ones, disagreements, famine, and unfulfilled desires etc. This first arrow is unavoidable. It's a law of nature that we will be shot every once in a while.

The 2nd arrow is us lamenting our fate and yearning for things to be different. This arrow hurts worse and lasts much longer. It is self inflicted — a conditioned response of our mind. Buddha says we can train our mind to diminish its effects until it no longer exists. Therefore, accept everything life gives us.

Cow with a rare disease

Imagine a cow that has no skin due to a rare genetic condition. As it grazes along the banks of a river, leeches, maggots, insects, and all kinds of parasites grasp onto its bare flesh and start feeding on it.

Buddha says an untrained mind is like this cow. All kinds of filth gets into our minds through our senses like billboards, notifications, ads, gossip, criticism and cravings etc and rock it like a boat in a storm. This causes great suffering. Don't consume mindlessly. Use mindfulness as a sentinel that guards our senses and stills the mind.

An absurdly tough ankle noose

An elephant was captured when it was a baby. To keep it from escaping, the captor tied one of its ankles to a banana tree. The elephant struggled with all of its might to get loose. It kept trying for hours and realized it was of no use. Years passed by and the elephant grew into an adult. Every day the human would take the elephant for logging and at the end of the day, tie its ankle to the same banana tree with the same rope. The elephant can now easily break the rope or uproot the tree. But, it never tried to escape — not even once.

Just like the elephant, we are carrying mountains of baggage — false beliefs and habits that limit us. Maybe something as simple as believing we are bad at math, social skills, and sports or being a hoarder due to growing up in poverty or suffering from a paralyzing fear of heights. We can recognize and unlearn everything. Meticulously question each belief, study your behavior, and cultivate an open mind.

March 29, 2025

Bhavani Shankar A simple setup for distraction free writing
I am at peace after purging Instagram, WhatsApp, and YouTube. Life is slower and incredibly mindful. I am settling comfortably into books, the small web and crafting this blog.

Chosen tools for writing

Worn down by configuration fatigue induced by abusing Emacs, Vim, and window managers for years, I am in search for simple tools that get things done. They have to be:
1. Zero config - should have sane defaults and batteries included.
2. Offline and privacy friendly - should not transmit my prose to privacy nightmares like Grammarly or OpenAI.
3. Lightweight, fast - should run on tiny devices and give real-time feedback. LanguageTool (Java) and Electron based bloatware are out.
Writing is fun in Helix

Seduced by its minimalism, speed, and modal editing approach, I switched to the post-modern text editor - Helix. Here are the other packages I utilize for writing:
1. Harper - a tiny grammar and spell checker
2. Prettier - formats text and code snippets
3. Zola - for generating websites and taking notes.
To integrate these tools into helix, and enable text wrapping for prose, append the following into ~/.config/helix/languages.toml.
```
# Check grammar with harper
[language-server.harper-ls]
command = "harper-ls"
args = ["--stdio"]

[[language]]
name = "markdown"
language-servers = [
  { name = "harper-ls" }
]

# Enable soft wrapping of text
soft-wrap.enable = true
text-width = 80
soft-wrap.wrap-at-text-width = true

# Format markdown and code snippets with prettier
formatter = { command = 'prettierd', args = [
  "--parser",
  "markdown",
  "--prose-wrap",
  "never",
] }
auto-format = true
```
Zola for note taking

You may have noticed that some posts like "why start another blog?" link back to this page. That's because Zola can automatically show backlinks - making it a powerful knowledge management system like Obsidian. We just have to tweak its config.toml.
```
bottom_footnotes = true # adds footnote backreference
```
Use the internal linking format (that begins with @). Then, we can use this snippet in the footer template to display all backlinks.
```
{% if page.backlinks %}
<div class="backlinks">
<h4>Links to this page</h4>
<div>
{% for bl in page.backlinks %}
  <div>
    <a href={{ bl.permalink }}>{{ bl.title }}</a>
  </div>
{% endfor %}
</div>
</div>
{% endif %}
```
Bonus: clean reading without ads or spam

I don't use my email to subscribe to newsletters. Now, I am all into RSS feeds and I don't take websites without it seriously. There is plenty of quality content and feeds to discover on Feedle and in the Fediverse. My favorite rss readers are:
- Capyreader (Android)
- Rssguard (Linux, Windows, MacOS)
- Feedbro (Addon for Firefox, Chrome, and edge.)
In this way, you can write freely and avoid brain damaging ads and social media.

March 26, 2025

Bhavani Shankar CSS tips: Gentle image filters for dark mode
Viewing images in dark mode can hurt your eyes. This is because, while text is optimised for reading in low light reading automatically, images are often neglected. So, a bright image in the middle of prose causes discomfort. I mulled over this issue. Here are some solutions I came up with:

Illustrations

Diagrams, illustrations, comics, cartoons etc whose colors aren't constrained by reality fall in this category. We can just invert them and reduce some brightness.
```
@media (prefers-color-scheme: dark) {
  .image-invertible {
    filter: invert(1) brightness(0.67);
  }
}
```
See it in action in my recursive universes post. Try toggling the theme using the button at the top and observe how the diagrams change.

Photos

Images captured by a camera look terrible when inverted. Reducing the brightness is the only thing we can do.
```
@media (prefers-color-scheme: dark) {
  .image-non-invertible {
    filter: brightness(0.67);
  }
}
```
I used this method in my about me page. With tiny tweaks like this one, we can make huge leaps towards delighting our readers.

March 20, 2025

Bhavani Shankar Strange paradoxes of recursive universes
I couldn't believe my own answer to this puzzle. After thinking hard to disprove it, I finally understood it.

Imagine being in a large box with your box lying on the floor beside you. Your box contains a smaller copy of you and a smaller box inside and so on ad infinitum. You reach your hand into your box and pull out the smaller box. As you do this, you see a bigger hand coming from above and taking your box. Note that all the infinite copies of you have done the same. The boxes and the hands can pass through each other. So, there are no collisions.

Then, you put the box in your hand on the floor where the old box was. Where is your box now?

In this picture, your box is colored. The box that you pulled out is shown with a thick border. Dots indicate that the pattern continues forever.

The solution

As insane as this sounds, your box is now infinitely far away.

Let's derive the answer. To keep track, we will assign numbers to the boxes. Your box is 0. The boxes inside will be labeled 1, 2, 3, 4, .... You are inside the box -1. We label the outer boxes -2, -3, -4, .... Here's what it looks like:

Let's use a simple notation to indicate that we can grab box 2 through box 1 (or that 2 is inside 1)

[1] -> [2]

Then, the original configuration of the boxes looks like the following.

... [-2] -> [-1] -> [0] -> [1] -> [2] -> [3] -> [4] -> [5] ...

You pulled box 1 into -1, 0 was pulled into -2, -1 was pulled into -3, -2 was pulled into -4 and so on. We can observe the emergence of two chains - one for odd numbers and one for even numbers.

... [-5] -> [-3] -> [-1] -> [1] -> [3] -> [5] ... (odd numbers)

... [-6] -> [-4] -> [-2] -> [0] -> [2] -> [4] ... (even numbers)

And this is the final result. From your perspective, the even numbered boxes including your box are nowhere to be seen!

We are left with a rather disturbing mystery. Are half of the boxes really gone and when exactly? Can't we just reverse our actions to get them back?

Resolving the mystery

Being a recursive arrangement of boxes within boxes, the connections between boxes were constrained. To reach an inner box, you have to go through the boxes in the middle. So, if one of the boxes in the middle cannot be reached, you lose access to all the boxes inside it - exactly what has happened here. The moment you placed the smaller box on the floor and let it go, you ended up creating two parallel universes. By going inside or outside a box you cannot jump into the other universe.

This concept is often encountered in data structures like linked lists. A linked list is a chain of nodes. Each node contains a number and the address of the next number. If you remember the starting node, you can keep jumping to the next node's address and see all the numbers. But, if you cut the linked list in the middle or take alternate nodes and link them together into 2 linked lists (like above), you cannot reach all nodes starting from any one node.

Simpler example

Sometimes it helps to look at a smaller (finite) example. Imagine there are just 8 boxes.

[-4] -> [-3] -> [-2] -> [-1] -> [0] -> [1] -> [2] -> [3]

The first 2 boxes (-4, -3) are not moved. Both -2 and -3 will be inside -4. -2 has all the even boxes inside and -3 has all the odd boxes inside.
```
[-4] -> [-2]  -> [0]  -> [2]
  â†“  
[-3] -> [-1] -> [1] -> [3]
```
Aha! The largest box still connects the odd and even numbered boxes. But, that connection was pushed away to infinity in our puzzle.

This is a modified version of a puzzle created by Michael Savage.

March 16, 2025

Bhavani Shankar Moving my family to conversations (XMPP)

Conversations is really awesome. It is a secure, private and decentralized chat app. There is no privacy invading ads company like meta running the service. I was sold and wanted to try it out with my family. Only one small issue - conversations costs â‚¹550 in the play store. People don't like paying for software in our country. They would say:

"I can eat for a week with 500 rupees. Let meta have my data and give me WhatsApp for free."

I have lost this argument many times. Fine, we need not pay for it right now. So, I told my brother about F-Droid - an app store with only free apps. Since our parents cannot install the app by themselves, he would set up their accounts too. I live away. So, I had to guide him through each step on the phone. Little did I know that this would turn out to be much harder than I had anticipated.

Installing F-Droid

My brother opened Chrome in his phone and searched for F-Droid. He found the website and clicked "download apk". He told me it had disappeared. That's weird. I told him to download it again. This time, it asked "Do you want to download this file again?". Huh. Maybe it was already downloaded, so we went searching for it in files. We found it after some digging. I then got him to "allow unknown sources" and to install it. It was buried in the ginormous list of bloatware apps that came with his phone.

Installing conversations

F-Droid greeted us with an empty list of apps. We pressed the refresh - nothing. After waiting for 5 minutes, we hung up the phone. I called him back after a couple of hours. The repository has synced by then. We were elated to finally see a list of apps and install conversations.

Setting up accounts

My brother comes home every Sunday. So, we had to do this today. He created 3 accounts - one for each of their phones. But, he made our parents accounts on the wrong phones by mistake. So, he had to log out the account from each of their phones and login to the right accounts. But there was catch:

He forgot their passwords. He wrote the passwords down on a piece of paper, but our mom locked it away for safety and went out.

I could have killed myself here, but I restrained. We decided to update the profile names instead. I couldn't see their updated names until I deleted their contacts and added them back.

Conclusion

I later found Quicksy in the play store. It is the same as Conversations, but with the convenience of registering an account with a phone number - no need of user IDs and passwords. Instead of going through all this trouble, I should have asked them to install Quicksy. Sending SMS is costly. Then, why is this app free but not conversations? Why don't they have just one app that lets you register using both options?

I now understand the UX barrier to open source technologies a bit better. Open source needs to invest in design and simplify user onboarding. Otherwise, the unethical counterparts will keep winning.

March 14, 2025

Ravi Dwivedi Libreoffice Conference 2024 in Luxembourg

Last year, I attended the annual LibreOffice Conference in Luxembourg with the help of a generous travel grant by The Document Foundation (TDF). It was a three-day event from the 10th to the 12th of October 2024, with an additional day for community meetup on the 9th.

Luxembourg is a small (twice as big as Delhi) country in Western Europe. After going through an arduous visa process, I reached Luxembourg on the 8th of October. Upon arriving in Luxembourg, I took a bus to the city center, where my hotel — Park Inn — was located. All the public transport in Luxembourg was free of cost. It was as if I stepped in another world. There were separate tracks for cycling and a separate lane for buses, along with good pedestrian infrastructure. In addition, the streets were pretty neat and clean.

Luxembourg's Findel Airport

Separate cycling tracks in Luxembourg

My hotel was 20 km from the conference venue in Belval. However, the commute was convenient due to a free of cost train connection, which were comfortable, smooth, and scenic, covering the distance in half an hour. The hotel included a breakfast buffet, recharging us before the conference.

This is what trains look like in Luxembourg

Pre-conference, a day was reserved for the community meetup on the 9th of October. On that day, the community members introduced themselves and their contributions to the LibreOffice project. It acted as a brainstorming session. I got a lovely conference bag, which contained a T-Shirt, a pen and a few stickers. I also met my long time collaborators Mike, Sophie and Italo from the TDF, whom I had interacted only remotely till then. Likewise, I also met TDF’s sysadmin Guilhem, who I interacted before regarding setting up my LibreOffice mirror.

Conference bag

The conference started on the 10th. There were 5 attendees from India, including me, while most of the attendees were from Europe. The talks were in English. One of the talks that stood out for me was about Luxchat — a chat service run by the Luxembourg government based on the Matrix protocol for the citizens of Luxembourg. I also liked Italo’s talk on why document formats must be freedom-respecting. On the first night, the conference took us to a nice dinner in a restaurant. It offered one more way to socialize with other attendees and explore food at the same time.

One of the slides from Italo's talk

Picture of the hall in which talks were held

On the 11th of October, I went for a walk in the morning with Biswadeep for some sightseeing around our hotel area. As a consequence, I missed the group photo of the conference, which I wanted to be in. Anyway, we enjoyed roaming around the picturesque Luxembourg city. We also sampled a tram ride to return to our hotel.

We encountered such scenic views during our walk

Another view of Luxembourg city area

The conference ended on the 12th with a couple of talks. This conference gave me an opportunity to meet the global LibreOffice community, connect and share ideas. It also gave me a peek into the country of Luxembourg and its people, where I had good experience. English was widely known, and I had no issues getting by.

Thanks to all the organizers and sponsors of the conference!

March 13, 2025

Bhavani Shankar Easy math puzzle with an unbelievable answer

The answer to this puzzle is so surprising that it has lingered in my mind for decades. Try to solve it before looking at the answer. How would you explain the solution intuitively?

In a class of 500 students, 99% are right-handed. How many right-handers should leave the class to make it 98%?

Solution

The class has 99% right-handers. So, the number of right-handed students is:

The remaining 5 are left-handed.

Say right-handed students left the class. Then the number of right-handed students left is:

The total number of students left is:

We know that the ratio of these two is 98%.

When we substitute the values of and , we get:

Cross multiplying,

Let the answer sink in a bit. You have to remove half of the class to move the percentage of right-handers by just one percent - i.e. from 99% to 98%. How would you make sense of it?

Intuitive explanation

What if I asked you this question instead?

Let's say you have a glass of sugar water. You leave the glass outside and let some water evaporate until its sweetness doubles. How much sugar water will be remaining in the glass?

It is quite intuitive that exactly half of sugar solution will be left. This is the exact same puzzle as above. Just like the sugar, the concentration of left-handed students doubled from 1% to 2%.

This problem came to be known as the famous Potato paradox. The "paradox" comes from the way this problem is poised - by focusing on water instead of the sugar. In math and in life, language and mulling over the wrong things can obscure the truth. When we rephrase, things becomes simple and transparent.

Planet FSCI

May 23, 2025

May 22, 2025

May 16, 2025

May 13, 2025

May 12, 2025

LocalSend

KDE Connect

Syncthing

May 09, 2025

May 08, 2025

Announcing spb and lil

spb

lil

May 07, 2025

May 06, 2025

Popular methods of full disk encryption

More drawbacks

A better alternative

Selectively encrypt files and folders

May 05, 2025

May 02, 2025

April 29, 2025

April 28, 2025

Solution

Things I like

Things I miss

Conclusion

April 21, 2025

April 18, 2025

Solution

A concrete example

What if $n \leq 0$?

Writing the code

Speeding it up

Bottom-up approach

April 17, 2025

Algorithm

Encoding

Validating a region

Extracting regions

Validating Sudoku

Solving

April 12, 2025

Jinn particles over time

A human jinn particle

Implications of their existence

April 10, 2025

April 07, 2025

Solving with Brute force

Some observations

Finding approximate answers

A greedy search

April 06, 2025

The incident

Contemplating the aftermath

Spread kindness and happiness instead

April 01, 2025

Ruminations of a dying king

Two arrows of hurt

Cow with a rare disease

An absurdly tough ankle noose

March 29, 2025

Chosen tools for writing

Writing is fun in Helix

Zola for note taking

Bonus: clean reading without ads or spam

March 26, 2025

Illustrations

Photos

March 20, 2025

The solution

Resolving the mystery

Simpler example

March 16, 2025

Installing F-Droid

Installing conversations

Setting up accounts

Conclusion

March 14, 2025