Planet FSCI

June 20, 2025

• Thejeshgn GN Weekly Notes 25/2025

  I continue to do Physiotherapy. It has helped a lot. Thanks to all the friends who recommended, encouraged, and gave me leads for Physiotherapy. One of the things that I believe helped me in my recovery is the Memory Foam Contour Cervical Pillow with Coolgel from My Armor. I know it’s a mouthful, but it’s all true. I always had problems with picking up a pillow. They are either too soft or too hard or too thin or too thick, but this is one time I have got it correct; I am happy. You can squeeze it and carry it in a suitcase if you like, so it’s not travel-unfriendly.

  

  • This week, I had an initial conversation with my Yoga instructor about restarting the practice. We plan to restart next month.
  • It was challenging to find a dataset on Major Stampede Events in India, so I began creating one. It required a lot of reading that left me feeling sad and angry at the same time. It’s still a work in progress, as many events are not reported well in the media, making it difficult to verify and tabulate. But in a few months, it will be in a decent state to publish. Please send me references or links to such events. This dataset is similar to Non Virus Deaths dataset created during COVID-19.
  • The one thing that could completely ruin WhatsApp is here — Meta says users will now start seeing ads in parts of the app. It’s time to add me on your XMPP or Jabber thej@chat.thejeshgn.com.
  • Just when you thought things couldn’t get worse—here we are. Global media is once again banging the “Weapons of Mass Destruction” drum. Hopefully, this time, people will see through it, unlike the Bush era. Even within this loud crowd, there are some sane voices.
  • The best part of teaching or doing workshops at IITM is the opportunity to meet people in their early twenties from various backgrounds. I am glad that I got to spend more time during this Paradox in extended and serious conversations with them. I find most of them more hopeful and accepting than many of us middle-aged Indian men (40 to 60 years old). I realize, as I return to my regular life that there is a lot to learn from them. I am hopeful about the future even though I think we are going through a dark period in our lives.
  • I am developing a simple semantic search engine for Kannada text and exploring the use of embedding models. I conducted a preliminary comparison of the available models.
  • I plan to attend IndieWebClub meetup on Sunday. If you’re around, say hello. BTW, blr.today is an aggregator of events in Bengaluru by Nemo. It reminds me of EventsBangalore, but it’s much better executed.

  ---

  You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

  Subscribe

  The post Weekly Notes 25/2025 first appeared on Thejesh GN.

---

June 18, 2025

• Thejeshgn GN Embedding models for Kannada

  Embedding models transform words, sentences, documents, or digital items into vectors of numbers (usually floats) so that machines can understand and compare them semantically¹. A good embedding model has enough information to capture the meaning and relationships in dense vector form.

  I have been using them to replace simple FTS, to implement sophisticated RAG applications, etc. Most embedding models are English-only; however, some multilingual models are available, but their quality varies significantly. So, I conducted a small exercise to determine the optimal embedding model for Kannada. You can find the marimo notebook here. ² This is inspired by Anand’s Embedding similarity threshold post.

  As expected, most models do well in English compared to Kannada. You can come to your conclusions by looking at the graph. In Open Weight models, I found nomic-embed-text-v2-moe and snowflake-arctic-embed2 close to my taste as far as Kannada is concerned. In closed models OpenAIs text-embedding-3-large does well. But its the only closed model I tried.

  
  I am yet to try the closed models by Voyage, Cohere, and Open Weight model – intfloat/multilingual-e5-large-instruct. I have added them to the list. I will try them in the next post.

  Open Weight Models

  nomic-embed-text-v2-moe

  nomic-embed-text-v2-moe is a state-of-the-art multilingual Mixture-of-Experts Embedding Model text embedding model that excels in multilingual retrieval.

  

  

  paraphrase-multilingual

  paraphrase-multilingual is a sentence-transformers model: It maps sentences & paragraphs to a 768-dimensional dense vector space and can be used for tasks like clustering or semantic search.

  

  

  bge-m3

  BGE-M3 is based on the XLM-RoBERTa and is known for its versatility in Multi-Functionality, Multi-Linguality, and Multi-Granularity.

  

  

  snowflake-arctic-embed2

  Arctic Embed 2.0 by Snowflake is their latest frontier embedding model, which has multilingual capabilities.

  

  

  OpenAI Model

  text-embedding-3-large

  

  

  ---

  You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

  Subscribe

  1. In a more meaningful way than just text compare ↩
  2. If you didn’t know marimo, you should, it’s an useful tool. ↩

  The post Embedding models for Kannada first appeared on Thejesh GN.

---

June 15, 2025

• Sahil Dhiman A Look at .UA ccTLD Authoritative Name Servers

  I find the case of the .UA country code top level domain (ccTLD) interesting simply because of the different name server secondaries they have now. Post Russian invasion, the cyber warfare peaked, and critical infrastructure like getting one side ccTLD down would be big news in anycase.

  Most (g/cc)TLDs are served by two (and less likely) by three or more providers. Even in those cases, not all authoritative name servers are anycasted.

  Take, example of .NL ccTLD name servers:

  $ dig ns nl +short
  ns1.dns.nl.
  ns3.dns.nl.
  ns4.dns.nl.
  

  ns1.dns.nl is SIDN which also manages their registry. ns3.dns.nl is ReCodeZero/ipcom, another anycast secondary. ns4.dns.nl is CIRA, anycast secondary. That’s 3 diverse, anycast networks to serve the .NL ccTLD. .DE has a bit more at name servers at 6 but only 3 seems anycasted.

  Now let’s take a look at .UA. Hostmaster LLC is the registry operator of the .UA ccTLD since 2001.

  $ dig soa ua +short
  in1.ns.ua. domain-master.cctld.ua. 2025061434 1818 909 3024000 2020
  

  Shows in1.ns.ua as primary nameserver (which can be intentionally deceptive too).

  I used bgp.tools for checking anycast and dns.coffee for timeline of when secondary nameserver was added. dns.coffee only has data going back till 2011 though.

  Let’s deep dive at who’s hosting each of the name servers:

  in1.ns.ua by Intuix LLC

  • 74.123.224.40
  • 2604:ee00:0:101:0:0:0:40
  • unicast
  • Serving .UA since 13/12/2018.
  • Company by Dmitry Kohmanyuk and Igor Sviridov who’re administrative and technical contacts for .UA zone as well as the IANA DB.

  ho1.ns.ua by Hostmaster LLC

  • 195.47.253.1
  • 2001:67c:258:0:0:0:0:1
  • bgp.tools doesn’t mark the prefix as anycast but basis test from various location, this is indeed anycasted (visible in atleast DE, US, UA etc.). Total POPs unknown.
  • Serving .UA atleast since 2011.
  • The registry themselves.

  bg.ns.ua by ClouDNS

  • 185.136.96.185 and 185.136.97.185
  • 2a06:fb00:1:0:0:0:4:185 and 2a06:fb00:1:0:0:0:2:185
  • anycast
  • Serving .UA since 01/03/2022.
  • atleast 62 PoPs

  cz.ns.ua by NIC.cz

  • 185.43.134.15
  • 2001:148f:fffd:0:0:0:0:15
  • anycast
  • atleast 11 PoPs.
  • Serving .UA since 29/03/2024. NIC.cz adding secondary server blog.
  • .CZ operator.

  nn.ns.ua by Netnod

  • 194.58.197.4
  • 2a01:3f1:c001:0:0:0:0:53
  • anycast
  • atleast 80 PoPs.
  • Serving .UA since 01/12/2022.
  • Netnod has the distinction of being one of the 13 root server operator (i.root-servers.net) and .SE operator.

  pch.ns.ua by PCH

  • 204.61.216.12
  • 2001:500:14:6012:ad:0:0:1
  • anycast
  • atleast 328 POPs.
  • Serving .UA atleast since 2011.
  • “With more than 36 years of production anycast DNS experience, two of the root name server operators and more than 172 top-level domain registries using our infrastructure, and more than 120 million resource records in service” from https://www.pch.net/services/anycast.

  rcz.ns.ua by RcodeZero

  • 193.46.128.10
  • 2a02:850:ffe0:0:0:0:0:10
  • anycast
  • Atleast 56 PoPs via 2 different cloud providers.
  • Serving .UA since 04/02/2022.
  • sister company of nic.at (.AT operator).

  Some points to note

  • That’s 1 unicast and 6 anycast name servers with hundreds of POPs from 7 different organizations.
  • Having X number of Point of Presence (POP) doesn’t always mean each location is serving the .UA nameserver prefix.
  • Number of POPs keeps going up or down based on operational requirements and optimizations.
  • Highest concentration of DNS queries for a ccTLD would essentially originate in the country (or larger region) itself. If one of the secondaries doesn’t have POP inside UA, the query might very well be served from outside the country, which can affect resolution and may even stop during outages and fiber cuts (which have become common there it seems). - Global POPs do help in faster resolutions for others/outside users though and ofcourse availability.
  • Having this much diversity does lessen the chance of the ccTLD going down. Theoretically, the adversary has to bring down 7 different “networks/setups” before resolution starts failing (post TTLs expiry).

  Read more links

  • Delegation record for .UA at IANA.
  • Panel discussion: “Running a top level domain in times of war” at CyberChess 2023 with .UA operators post the invasion.
  • History of .UA domain on Hostmaster LLCs website.
  • .UA ccTLD overview talk presentation at ENOG 2011.

---

June 13, 2025

• Thejeshgn GN Weekly Notes 24/2025

  My visit to IITM/Chennai was enjoyable; I met many students and spent time with some of them. In general, it was great to catch up with all of them. This is the fifth year of the program. Many graduated this year with three-year and four-year degrees. It’s amazing to see this happening at this scale. I don’t think there is an equivalent. However, we can do a lot better, and we will as we grow together.

  

  • Wrote a blog post or dictated a blog post while strolling IIT. It’s about dictating a blog post.
  • It’s been a busy week. I’ve gotten a lot done, but the pipeline’s still long—I might need to put in a couple of hours over the weekend.
  • My physiotherapy is going well. Pain is almost nil. I will restart yoga next month if everything goes as planned.
  • Okay, now that I have some clarity on how June and July will be, I will be at VizChitra on June 27th at BIC, just as a participant and to meet folks.
  • Explored the new Indic translation model by Sarvam. I am also trying to build a highly subjective test dataset to evaluate the translation models. It’s not fully ready yet. I need to have at least 1000 good samples to try. But you can check them here (JSON). Let me know if you would like to contribute. And I will figure out a way.
  • If you have time for two articles to read, then you need to read ‘Nurturing Hope in Prison a Risky Business’ Umar Khalid’s letter from Tihar Jail. As a system, you have every right to file charges, argue your case, and seek justice. But jailing someone for five years without trial is not just inhuman — it’s something a colonial or apartheid regime would do, not a democracy. It’s a crime against India and humanity.
  • I have not been attending events/talks. But this week I did attend an event at lossfunk  about openpilot project by comma.ai. I don’t want an auto pilot. I want an augmented Advanced Driver Assistance Systems (ADAS) which is open source and can probably run on cheap harware (phone?). I don’t want it to take any action, I want it to warn me or alert me. Give me ability to see things that I can’t see. Like thermal vision when driving in night, etc. I dont expect it to come from car companies. I think it will come from outside.    
  • I renewed my FSF Membership.

  ---

  You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

  Subscribe

  The post Weekly Notes 24/2025 first appeared on Thejesh GN.

---

June 12, 2025

• Thejeshgn GN Walking, Talking, Writing: A Blog Post Experiment

  So, I’m going to attempt to write a blog post, actually by dictating it using IdeaShell. It’s my dream to write a whole blog post using voice. It’s not done using any Text-generating LLMs, but this is done using Speech to Text (STT). Just to try it out. I’m doing this while I’m taking a stroll at Madras, an evening stroll. It’s a good way to test it because I just wanted to test it in different environments. How does it perform?

  

  I’ve made voice notes to myself before, like this, where I walk and talk to myself. This is a little bit more than that. Here, I am not recording for sound. I’m not interested in a voice recording, but I’m more interested in the text part of it. So, I will edit this later once it gets converted into text. Most probably, it’s going to be because there’s lots of nonsense when I’m talking. This is similar to how I edit audio recordings before sending them to someone or making them into a podcast. I will also likely need to edit the text part of this to correct the conversion errors. But I’m guessing 80% of the text would remain there. If this works, I think it will be a great way for me to write things. I think it’s like writing the first draft, and then I can go back and edit it later when I’m free before I publish.

  I’m using an app called Idea Stories. I think it’s called IdeaShell, Voice Notes kind of a thing. However, it has several interesting features, including auto-tagging, good speech-to-text (STT), and summarization—modern features for a notebook. I’m not using it as a knowledge management system. I’m using it just to input content easily.

  Why didn’t I use any standard text-to-speech conversion? I wanted it to do some corrections after it converts into STT. So, I didn’t want a simple STT. I wanted something smarter that could correct grammar, spelling, and other issues after it performs speech-to-text (STT). IdeaShell is a little more intelligent than your regular text-to-speech software, and it also performs auto-tagging and other functions, making it easy to find everything.

  Essentially, I’ll be part of a pipeline that directs data from here to my blog or any other destination, such as the knowledge system (ZimWiki), where I’m using it as input.

  That way, it’s much better to input knowledge or notes than actually typing it out because the focus is on reducing typing. Additionally, it reduces the need to be in front of the computer just for typing. It’s somewhat annoying that you want to write a blog post and have all the content in your head, but you still have to sit in front of a computer to type it. This, I think, is a better option.

  I know people walking and typing have done that. I mean, there is much more. I know someone who does most of their programming, also walking and typing with a portable keyboard. This is in the same vein but not the same. I don’t want to type; I want to speak while I’m walking around taking a stroll and then get back to it later, finish it, and publish it. That way, my time in front of the screen is reduced by at least 10% of what it used to be before if I have to produce the same amount of writing.

  Just to remind you, this is not generated content. The content is still by me. It’s probably like an assisted writing tool that converts speech to text, so I don’t have to sit and type physically. Let’s see how this experiment goes. You will read it online if it’s decent, at the very least. Yeah. Bye.

  Notes:

  1. This post was dictated to the IdeaShell App, and then the text was copyedited, linked, and formatted on a computer before being posted.
  2. This post got edited, and many things got removed, but the process was much faster and easier than I expected. About 80% of the words remained. So, it’s not a bad conversion rate.
  3. “This” in this post mostly means this post or this process of posting.
  4. I may or may not use the IdeaShell App in the future. However, until now, that’s the best app I’ve found on mobile for this purpose. On my desktop, I use SpeechNote.
  5. I speak a lot, I ramble a lot, I frequently repeat myself, and I switch contexts. That works as a podcast or in audio format, but when it gets converted into a text post. It feels like I am all over the place. It could also be because I am thinking as I speak. Something for me to keep in mind
  6. I think it works well for first-person stories or blogs. It has a voice. It might work well for some kinds of posts than others. So, I will use this tool.

  ---

  You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

  Subscribe

  The post Walking, Talking, Writing: A Blog Post Experiment first appeared on Thejesh GN.

---

June 10, 2025

• Thejeshgn GN First Impressions of Sarvam Indic Translate Model

  I have been searching for models that perform translations between Kannada and English and vice versa. I learned about the Sarvam Translate model, which seemed very promising. I tried it on their site before downloading the model directly to run locally. Model weights are available under GPL.

  Sarvam-Translate is an advanced translation model from Sarvam AI, specifically designed for comprehensive, document-level translation across the 22 official Indian languages, built on Gemma3-4B-IT. It addresses modern translation needs by moving beyond isolated sentences to handle long-context inputs, diverse content types, and various formats. Sarvam-Translate aims to provide high-quality, contextually aware translations for Indian languages, which have traditionally lagged behind high-resource languages in LLM performance.

  I have mixed feelings about it. Let’s start with the announcement blog post. It contains lots of details about the model and how it was built. I love reading the details; so good. Also, this is a multi-lingual model that can process 22 scheduled Indian languages. But I am focused on Kannada here.

  I am interested in translations of idioms, phrases, prose, poetry, etc. And how they translate into English or vice versa. The example from their blog post is good, but it has a very obvious and staggering error — the title “The Monkey and the Wedge” is translated into ಮಂಗ ಮತ್ತು ಗೂಡು. ಗೂಡು in Kannada means nest. Wedge translates to ಗೂಟ or ಬೆಣೆ.

  

  And the phrase comes to grief is translated to ದುಃಖಕ್ಕೆ ಬರುವನು. It’s literally translated. It’s not entirely incorrect, but it’s unusual and odd. In Kannada, we don’t use such a phrase. ಖಂಡಿತವಾಗಿಯೂ ದುಃಖಿತನಾಗುತ್ತಾನೆ is closer to what one would use.

  I also, for fun, did a translation of a prayer/poem that Lead, kindly Light. Its below. IRL it’s translated by ಬಿ.ಎಂ.ಶ್ರೀ. The translation by Sarvam Translation is not great, but it is good enough to understand the poem.

  

  Below, I have the translation of Kuvempu’s Wikipedia page from English to Kannada. It’s good. Some minor changes would make it much better. But it’s not good.

  

  Therefore, for prose and straightforward textual content, such as Wikipedia, I would use it and then perform a quick manual check. For others, such as stories, I would use it, but only as a reference.

  Note that it’s not a small model. It’s built by fine-tuning Gemma3-4B-IT. It’s pretty large to run locally, though not impossible. I used their cloud service. This is a very personal evaluation, and in this case, Google Translate performed a bit better. I am not going to post that results of Google Translate here.

  Additionally, this is not how they typically test translation models in large-scale evaluations.. However, I think human testing is a good addition to it, as translation is inherently subjective and supposed to be consumed by humans. I also want to create a set of my test cases to evaluate them. So I can do this repeatedly. I will write about it in another post

  Final note: You can use it, but with quite a bit of care for now. I am guessing it only improves over time.

  ---

  You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

  Subscribe

  The post First Impressions of Sarvam Indic Translate Model first appeared on Thejesh GN.

---

June 06, 2025

• Thejeshgn GN Weekly Notes 23/2025

  It’s that time of the year again. I am IITM/Chennai for Paradox 2025. I reached today. I will be there till Monday. If you’re around, we can grab a coffee. You already know how to reach me.

  

  • We, along with our siblings and niblings, went to Mysore for a Zoo visit. Uma loves animals, and it was the last weekend before school started for niblings. Uma had fun; we all enjoyed a drive after a long time, and our stay at Southern Star, Mysore, was comfortable.
  • For adults, we visited several cafes, including SIHI – Patisserie and Boulangerie, Sapa Bakery, and Minimal Roasters. I loved Minimal for its coffee, SIHI food and setup, and Sapa for its location and environment. All three of them were good in their way.
  • Work has been hectic but good. It’s been a lot of R&D ( more like read, code, write, delete, and rewrite) recently. Hopefully, I will have enough things to blog soon.
  • The pain was manageable this week. I drove to Mysore without discomfort. The past two weeks of physiotherapy focused on slowly building strength, and they’ve helped a lot. I feel more confident doing physical activities I used to avoid, though I’m still taking it slow to prevent any relapse. I am in Chennai now. I clearly remember the last time (WN 04/2025) I was in Chennai when the pain started. I ignored it and continued with my hectic travel schedule, which only made things worse for me. It’s almost five months now that this has been troubling me. Hopefully, in a month, I will be completely free of pain.
  • I wrote a blog post about how I plan to get music recommendations from all over the world despite listening to music from my local server. My music listening profile is public if you’re interested in such things.
  • Bad news from Builder.ai isn’t great for the AI/ML industry, which is trying to build credibility and, in general, the Indian startup industry.
  • Created a Weekly Notes Planet. It pulls the latest notes from all the feeds and makes a list for you to browse. I haven’t added all the feeds yet, but you can bookmark the link for future reference. It refreshes once per day.
  • Glitch is closing down. It used to have a fun and helpful community. It’s sad to see it go. The easy alternative is val.town. But I have lost hope on these platforms. I wish there were an easy way to self-host functions ( FAAS but simple). Currently, I have a personal Flask App, where each controller is in its file (which works as a function for me) and exposes many as labs.thejeshgn.com/pub/<end_point> or /pvt/<end_point>. They are all stateless. Deployed as a docker image, currently to Fly, but can use GCP/CloudRun or any other provider that accepts a docker image. The first one to move is IMD Warnings. There are a bunch of simple AWS lambdas as well. I am slowly moving them here, too. In most cases, scaling is not an issue, as I am the only user.

  

  

  

  ---

  You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

  Subscribe

  The post Weekly Notes 23/2025 first appeared on Thejesh GN.

---

June 03, 2025

• Thejeshgn GN Local Music, Global Discovery

  I listen to Music from my homelab server using Navindrome and several client apps. It works both when I am online and offline. But one of the things that you miss when you listen to local Music is discoverability. It’s not easy to find new, interesting Music unless you’re on one of those streaming providers.

  But I found a way that works for me. It’s a very old-school way: I scrobble my listens to a provider that I trust, ListenBrainz, and look for suggestions from there onward. I have used MusicBrainz Picard to tag my MP3s before uploading them to Navindrome. So the choice was quite obvious.

  

  My Navindrome installation was quite old. It worked, so why change? However, I had to get a new version for scrobbling. So, I pulled the latest image, reset the container, added a new environment variable ND_LISTENBRAINZ_ENABLED, and started it.

  

  With that, when I went to personal settings, I selected Scrobble to ListenBrainz and entered the User Toke from ListenBrainz. And that’s it. Now, wherever I play the Music, It reaches the ListenBrainz.

  I also use Web Scorbbler Addon on my desktop to scrobble from Bandcamp,  Earth.fm, ScrobbleRadio, etc. Web Scrobbler Addon is an excellent piece of plumbing software. I love it. All MusicBrainz projects are also FOSS, Open Data, and Open Format friendly.

  
  In a way, now I can own the data, which I can refer to later or remember to buy new Music. My profile is public; you might have to wait a couple of days to get a sense of my music taste. But feel free to send music recommendations.

  Other related interesting links

  • ListenBrainz APIs
  • Maloja – Self-hosted music scrobble database to create personal listening statistics and charts
  • Multi Scrobbler – Scrobble plays from multiple sources to multiple clients.
  • Pano Scrobbler – FOSS Scrobbler for phones, TVs, tablets, and Android desktops. It can scrobble to ListenBrainz or similar systems, but it can also save it as a CSV or JSON file locally. It can also listen to the songs being played on other devices and scrobble them if you want.
  • JSPF – JSON version of XSPF. An open format for playlists.

  ---

  You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

  Subscribe

  The post Local Music, Global Discovery first appeared on Thejesh GN.

---

May 30, 2025

• Thejeshgn GN Weekly Notes 22/2025

  I met WeeklyNotes/Blogring friends in real life (IRL) this week. On Thursday, I had coffee with Mihir and Nidhi at KAARA. They were passing through Bengaluru on their way to a workshop in Coonoor and had some time before catching their bus. It’s fun to meet online folks in real life when you know so much about them; you feel like you’re meeting old friends, even though you’re meeting them for the first time. It reminded me of the early blogger meetups and tweetups—no agenda, just coffee, conversation, and a few good memories.

  

  • My pain has reduced significantly, thanks to Physiotherapy and exercises. I have also not driven in the last six weeks. I will try and drive this weekend to see how it goes. It’s an automatic and on a highway, so it shouldn’t be a problem. But we will see.
  • I stopped having breakfast in 2020, during the COVID-19 lockdowns, except on rare occasions, such as when I met friends for breakfast, etc. Now, I am starting it again; it’s also something to do with Uma: nothing grand, just two eggs with coffee. I hadn’t stopped for coffee, so it’s just eggs.
  • I wrote a quick blog post (with many screenshots) about a tool I use frequently – Speech Note (also known as dsnote).
  • I continue to explore weather alerts in India. This week, I spent some time exploring CAP and its usage in India. Previously: Simple IMD Alerts.
  • I created a print, cut, and fold ezine for Surveillance in Bengaluru (PDF) contributors’ manual and Paper Games (PDF) zine. You can use browser print (zero margins, fit-to-page, and landscape mode) to print them. All magic is in the CSS by Rowan. Also, now that Glitch project hosting is closing down, back up your projects. As you can see, these static HTML files are hosted in WordPress Media Folder. Hosting HTML/JS files has downsides, like XSS risks (same domain, shared cookies) and the lack of easy updates without manual overwrites. But with care, these can be managed. The upside is that everything stays in one place, making it easy to embed as an iframe, and backing up is simpler.
  • By the way, if you are looking for a decent hotel in the south of south Bengaluru (beyond Electronics City, in Bommasandra), the Holiday Inn Express is decent. It could be a good hotel if you want to stay just outside Bengaluru and plan to make an early start towards Tamil Nadu or Kerala.
  • I have 49364 media items in WordPress, including images, PDFs, and other static files. Only in the last couple of years have I started assigning categories and providing detailed descriptions. This also means I have no real good way to find old images other than browsing by date. I have started a small side project to update them one month at a time. Hopefully, I complete them before reaching 50K.
  • JWT is ten years old. Today, it’s hard to imagine a web service without them. At its 10th anniversary, the OAuth Working Group has updated the best current practices. It’s worth taking a look, even if you are just a user of JWTs.
  • So, almost everyone thinks MCP ( Model Context Protocol) is probably the way to go – Kailash, Anil Dash, and Jon Udell.
  • For me, productivity is about accomplishing many things within the 50-hour workweek bandwidth.
  • What’s so dystopian? Robots are asking me to prove I am human, and all the AI innovations are used to sell me one more credit card.
  • We were at the SBI Bank home loans division because they had messed up a standard instruction for EMIs. And no one in their branch knew how SBI Max Gain works.
  • I have been using Old Roll App to take some pictures. Its fun. Interesting fact: this is the first time my Weekly Notes has more than one picture.

  

  

  ---

  You can read this blog using RSS Feed. But if you are the person who loves getting emails, then you can join my readers by signing up.

  Subscribe

  The post Weekly Notes 22/2025 first appeared on Thejesh GN.

---

May 27, 2025

• Ravi Dwivedi Singapore Visa Process

  In November 2024, Badri and I applied for a Singapore visa to visit the country. To apply for a Singapore visa, you need to visit an authorized travel agent listed by the Singapore High Commission on their website. Unlike the Schengen visa (where only VFS can process applications), the Singapore visa has many authorized travel agents to choose from. I remember that the list mentioned as many as 25 authorized agents in Chennai. For my application, I randomly selected Ria International in Karol Bagh, New Delhi from the list.

  Further, you need to apply not more than a month before your travel dates. As our travel dates were in December, we applied in the month of November.

  For your reference, I submitted the following documents:

  • Passport
  • My photograph (35 mm x 45 mm)
  • Visa application form (Form 14A)
  • Cover letter to the Singapore High Commission, New Delhi
  • Proof of employment
  • Hotel booking
  • Flight ticket (reservations are sufficient)
  • Bank account statement for the last 6 months

  I didn’t have my photograph in the specified dimensions, so the travel agent took my photo on the spot. The visa application was ₹2,567. Furthermore, I submitted my application on a Saturday and received a call from the travel agent on Tuesday informing me that they had received my visa from the Singapore High Commission.

  The next day, I visit the travel agent’s office and picked up my passport and a black and white copy of my e-visa. Later, I downloaded a PDF of my visa from the website mentioned on it, and took a colored printout myself.

  Singapore granted me a multiple-entry visa for 2 months, even though I had applied for a 4-day single-entry visa. We were planning to add more countries to this trip; therefore, a multiple-entry visa would be helpful in case we wanted to use Singapore Airport, as it has good connectivity. However, it turned out that flights from Kuala Lumpur were much cheaper than those from Singapore, so we didn’t enter Singapore again after leaving.

  Badri also did the same process but entirely remotely—he posted the documents to the visa agency in Chennai, and got his e-visa in a few days followed by his original passport which was delivered by courier.

  He got his photo taken in the same dimensions mentioned above, and printed as matte finish as instructed. However, the visa agents asked why his photo was looking so faded. We don’t know if they thought the matte finish was faded or what. To rectify this, Badri emailed them a digital copy of the photo to them (both the cropped version and the original) and they handled the reprinting on their end (which he never got to see).

  Before entering Singapore, we had to fill an arrival card - an online form asking a few details about our trip - within 72 hours of our arrival in Singapore.

  That’s it for now. Meet you in the next post.

  Thanks to Badri for reviewing the draft.

---

May 23, 2025

• S. Badri Towards a Password-Mukt XMPP

  These days, a password is, more often than not, a single-use affair. One hurriedly settles upon a password while signing up to some new account or other. By the time one needs to sign in again, the password almost invariably eludes the memory, resurfacing only after the password reset process has been completed.

  This poses something of a problem in XMPP-land. In an attempt to keep data collection to a bare minimum, many servers ask only for a preferred username and password. With no further information, how can they verify it's really you in order to reset your password? And if you don't go through the motions of resetting your password, what hope does your memory have of retrieving the old one?

  ---

  To prevent their users from being locked out of their accounts, some XMPP providers allow you to set a recovery email address, to which password reset details may be forwarded when the occasion arises. Allowing for the privacy-minded, this recovery email is often made optional: a good thing, though unfortunate for those optimists who think they will remember their passwords without fail, until they realise they actually don't.

  A bigger drawback with this setup is that, as of now, such extra fields are not supported in the in-app registration process. Server operators usually make custom HTTP pages for registration, which can collect all the additional information. This works effectively, but it means the user has to leave the app and (manually) open a web browser to complete registration before coming back to the app and (again, manually) entering their newly acquired login details. Perhaps not a major inconvenience on the scale of things, but certainly so on the scale of "hyper-polished corporate-backed apps that make it so easy to sign up you could almost do it by accident"!

  As an aside, sending the user to an HTTP page to sign up is not necessarily a bad thing: it does let the server operator show off a bit more of their website and potentially highlight the fact that theirs is a service run by people, not merely some faceless corporation.

  That said, I think it would be nice if, having taken the trouble to download and install an app, users could get started without having to leave it again.

  ---

  To better blend in with the faceless corporations, Quicksy and Prav have reasoned thus: if people are going to reset their passwords almost every time they log in, why not use the password reset process as the default way to log in?

  This is possible because Quicksy and Prav control both the client and the server of their respective services. Their "signing in" process involves entering a phone number to receive a one-time code on it, which can then be entered to authenticate the session. Internally, this is the point at which a new, randomly generated password is set for your client to use in future communications.

  As you can see, it is, quite literally, nothing but a password reset process.

  A problem with this is that signing in on a secod device will change the password, rendering the account inaccessible to your first device. A workaround is to directly view or set the password on your first device, and enter that password on all subsequent devices to sign in the "normal" way. Of course, that means you lose out on the "passwordless" part and are back in the whole password routine.

  Fortunately, the future seems to hold ways in which we can not only go passwordless, but also remain so.

  ---

  When a client connects to a server for the first time, it usually has to authenticate itself—whether by a password or through some other means. But what about after the first time? That's where XEP-0484 or Fast Authentication Streamlining Tokens (FAST) comes in.

  Once a connection is made, FAST lets the server give a special token to the client, which the client can then use for future authentications. Practically, it's almost like the current Quicksy and Prav routine of setting a new password each time—except that the "password" is client-specific and doesn't affect the ability of the other clients to continue logging in.

  FAST tokens have an expiry date, but one that can be automatically extended—so while your client that has been offline for two months may need re-authentication, the one that has been logging in every day for two months won't.

  ---

  FAST solves the problem of "having to set a password after authentication" but what about the authentication process itself? This is a problem in two parts, because there are two different situations in which you'd want to log in to your account: the first time, and every time that comes after.

  ---

  The first time you want to use XMPP, you don't have an account yet: you have to sign up or "register" one. The ubiquitous XEP-0077 In-Band Registration (IBR) defines a standardised way to do just that...but with a username and password, and, worse, with only a username and password. XMPP providers that want to collect more fields, such as an email address, or use something other than a password to authenticate, like a phone number, have to either host an external HTTP page or customise the client itself.

  Or, they could use something like the experimental XEP-0389 Extensible In-Band Registration (nicknamed IBR2 or extensible IBR). This XEP replaces the single "username and password" form of IBR with a series of "challenges" and "responses", where a "challenge" can be simply "what's your preferred username and password?" but could also be "check your SMSes and enter the code we sent you there" or "enter the numbers in reverse order to prove you're not a robot". Like the original IBR, the extensible version is backed by XEP-0004 Data Forms, making it truly extensible to anything you want it to be.

  For the HTTP-happy, there is "out of band" registration which automatically opening up a web browser and reads the response when done. This means server operators can potentially keep their existing web-based signup pages, but allow them to be seamlessly opened and closed by the app itself—possibly the best of both worlds.

  ---

  Once you have an XMPP account, the current standard way to sign in is to negotiate an SASL connection, which decides the security features of your "stream"—the XMPP connection—but usually also involves your client passing in your username and password at some point.

  Similar to extensible IBR, XEP-0388 Extensible SASL Profile builds upon the normal SASL negotiation process to let you add other options to the mix. The XEP gives an example of second-factor authentication through TOTP, but one can imagine using a challenge mechanism similar to extensible IBR to make a one-time code the only factor, rather than the second one.

  Taking things a step further, perhaps we could handle new users by merely adding a "challenge" of "what username would your prefer?" thereby eliminating the need for "registration" altogether? Is there really that much difference, after all, between logging in for the first time and loggin in every other time?

  ---

  The standards-minded reader would have noted, with some alarm, that by blithely using "authentication through SMSed code" we are replacing a truly independent and decentralised authentication mechanism—the password—with a rather more centralised one.

  Fortunately, SMS is only one example. The same authentication code could just as easily be delivered by some other means, such as through email via SMTP, within an existing webapp, on a different messaging network like IRC...

  ...or through XMPP itself, to an already connected client of the user's. This would allow a user to sign in with a new XMPP client by authorising it using an already existing one.

  ---

  While there is no XEP yet for "sign in to a new client by authorising with an existing one", there are a few bits and pieces that could be put together.

  The simplest option is, of course, to do what we do on other networks and simply send an ordinary XMPP message saying "your password is so-and-so".

  More interesting in XEP-0070 Verifying HTTP Requests via XMPP. THe original purpose of this XEP is to let an XMPP client authorise access to an HTTP client such as a web browser. When your web browser tries to load a page, the HTTP server forwards the request to your XMPP server, which passes it on to your client. On your end, you'll see a popup saying something like "Hey, should we allow browser with code so-and-so to access this page of yours?"

  While it may matter to you whether the request originated from an HTTP request or it was just your server making things up, your XMPP client doesn't care. All it knows is that the server has sent an XEP-0070 authorisation request, to which you can answer either yea or nay.

  That makes it a small matter for the server to "make up" an authorisation request when you try to sign in from another client. Any client with XEP-0070 support can handle it. It matters not if the original trigger at the other end is the SASL negotiation process for your newly installed chat client, rather than an HTTP request from your not-necessarily-newly-installed web browser.

  Ironically, this setup would be quite helpful for web-based XMPP clients, where people may not be comfortable entering their XMPP passwords. Now, they can just authenticate the webclient via some other client instead! Needless to say, if this becomes a regular feature, it would be a good idea to define it as such in a separate XEP. This would allow for more levels of protection, and perhaps encryption key verification as well.

  ---

  Wait, the security-minded reader may ask: what prevents a malicious server from serving a truly "made-up" authorislation request, allowing a random device to be logged in?

  The answer is: nothing!—but the same goes for a server operator overwriting or reading your password as well. All the authorisation discussed here is between you and your server, or, more specifically, for you to prove your identity to your server. If the server decides to ignore that and let other people in too, there's nothing you can do to stop it at this level. That's why we have an added layer of end-to-end encryption, OMEMO keys, and all that jazz.

  Incidentally, XEP-0070 (or whatever we develop to replace its interesting half) provides a good opportunity to conduct key signing or identity verification as well. The keys could be generated on your device before it attempts to log in, setting the stage for a more secured handshake above the server-mediated one.

  Going a step further, this setup paired with XEP-0450 Automatic Trust Management (ATM) could pave the way for more decentralised logins, where one could log in with different JIDs and different XMPP servers and still be recognised by one's friends (and their XMPP clients) as the same person. But that's venturing into the territory of a whole different topic...

  ---

  The XEP-0070 hack demonstrates that there is, in fact, a difference between logging in for the first time and logging in every other time. We can use it to log into an XMPP client if we already have other logged-in XMPP client, but surely we cannot claim to have "XMPP clients all the way down"!

  So, how would the first XMPP client get authorised? One option is to return a FAST token during in-band registration, so the client can use that as its first connection.

  Better still, if we are able to complete registration during SASL negotiation as I speculated about before, the client would automatically be authorised with a FAST token already! Perhaps we can have "XMPP clients all the way down" after all.

  ---

  We now have a registration system that is not only purely XMPP based, but also entirely passwordless. Before we celebrate though, let's pause to see if we have really covered all our bases.

  When online services require a phone number for registration, its purpose is twofold: to prove your specific identity as an individual, but also to prove, within a reasonable level of tolerance, your identity as a member of the human race. In other words, if you are able to receive SMSes through a standard phone number on the telecom network, chances are you're not a robot. This is necessary to prevent spurious signups from automated bots, who can then proceed to send spam messages across the inter XMPP network.

  Alas! Our new passwordless mechanism accounts for the first problem but not the second.

  Fortunately, this can be readily remedied by making full use of the "extensible" part of extensible IBR. There, we are free to add any other spam-prevention challenges such as additional questions, or if we update the spec accordingly, maybe even a CAPTCHA.

  Another way to address this, using mechanisms that already exist, is based on social trust. The idea is to close off public registration and allow signups only using XEP-0401 Ad-hoc Account Invitation Generation. This XEP allows for account invitation links, that any existing user can generate and pass on to a prospective human user. It's up to them to keep the link to humans, of course.

  Traditionally, invites open up the old password-based registration screen, but as before we can always skip the password part. Since the XEP allows suggesting a username along with the invitation, it would be possible for new users to be registered, authenticated, and signed in automatically—all by merely clicking on a link!

  While this is a nice way to let humans bring other humans into the community, it only scratches the surface of what social trust can do.

  ---

  It is a truth universally acknowledged, that a person in possession of a good authentication mechanism, will inadvertently lock themselves out with it. In our case, that would mean accidentally uninstalling the last logged-in client, or losing the device onto which it was installed.

  This though is no different from doing the same with a password-based account and then forgetting the password. The simple solution is to implement a similar flow based on a second factor like an email or a phone number, which provides a fresh authentication token at the end of it: essentially, a "reset password" flow without the bit at the end where you actually set your password.

  To make things more spicy, the Dark Crystal standard allows for account recovery through social trust. The idea is that your recovery information is broken up into pieces, which you can put back together when the time comes. The "social" part is that each piece is given to a different trusted contact for safekeeping.

  If you ever get locked out, your account information remains safe with friends—or "in the minds of neighbouring families", if you will.

  ---

  There is an assumption these days that every person has at least one personal computing device, which they carry with them wherever they go. More often than not, it is assumed that at least one of these devices is connected to the telecom network, which means it is capable of receiving messages via the SMS protocol.

  Such assumptions have led to people using SMS and its related phone numbers as a proxy for individual identity, which poses something of a problem in situations where a person does not have a phone number, or where multiple people share the same phone number. Examples include multiple family members sharing the same phone, or a child who has not yet been deemed old enough to receive their own phone. The situation cuts both ways: it is likely that children are reciving their first phone number earlier than before precisely because so many authentication mechanisms require one.

  A purely XMPP-based authentication mechanism solves the problem of phone number dependency—but what of the overarching assumption of a separate personal computing device for each person?

  Imagine quickly signing into your friend's laptop to check messages, or borrowing a shared account on the family desktop when nobody else is using it. Such interactions used to be common—and are still easily possible—with basic email. On the messaging side, however, end-to-end encryption has made things harder, and a mandatory "sign in using an already-authenticated device" would make it nigh on impossible.

  The only way to make this work easily is to use a trusted server, paired with an authentication key that can be carried anywhere and activated on any random device you come across. What fits the bill better than the humble password—which is always with you, right inside your head?

  All this goes to show that passwords, though less popular, are far from obsolete—and may never be. However, for those who have trouble with them, there are now feasible alternatives. Thanks to the decentralised nature of XMPP, we don't have to fight between one or the other, rather offering multiple options, the better for each to choose their own.

  ---

  Thanks to discussions with MSavoritias (fae,ve), Kris, edhelas, and others on the JoinJabber dev room for providing some of the ideas and inspiration behind this article.

---

May 13, 2025

• Ravi Dwivedi KDE India Conference 2025

  Last month, I attended the KDE India conference in Gandhinagar, Gujarat from the 4th to the 6th of April. I made my mind to attend when Sahil told me about his plans to attend and giving a talk.

  A day after my talk submission, the organizer Bhushan contacted me on Matrix and informed me that my talk had been accepted. I was also informed that KDE will cover my travel and accommodation expenses. So, I planned to attend the conference at this point. I am a longtime KDE user, so why not ;)

  I arrived in Ahmedabad, the twin city of Gandhinagar, a day before the conference. The first thing that struck me as soon as I came out of the Ahmedabad airport was the heat. I felt as if I was being cooked—exactly how Bhushan put it earlier in the group chat. I took a taxi to get to my hotel, which was close to the conference venue.

  Later that afternoon, I met Bhushan and Joseph. Joseph lived in Germany. Bhushan was taking him to get a SIM card, so I tagged along and got to roam around. Joseph was unsure about where to go after the conference, so I asked him what he wanted out of his trip and had conversations along that line.

  Later, Vishal convinced him to go to Lucknow. Since he was adamant about taking the train, I booked a Tatkal train ticket for him to Lucknow. He was curious about how Tatkal booking works and watched me in amusement while I was booking the ticket.

  The 4th of April marked the first day of the conference, with around 25 attendees. Bhushan started the day with an overview of KDE conferences in India, followed by Vishal, who discussed FOSS United’s activities. After the lunch, Joseph gave an overview of his campaign to help people switch from Windows to GNU/Linux due to environmental and security reasons. He continued his session in detail the next day.

  

  A key takeaway for me from Joseph’s session was the idea pointed out by Adwaith: marketing GNU/Linux as a cheap alternative may not attract as much attention as marketing it as a status symbol. He gave the example of how the Tata Nano didn’t do well in the Indian market due to being perceived as a poor person’s car.

  My talk was scheduled for the evening of the first day. I hadn’t prepared any slides because I wanted to make my session interactive. During my talk, I did an activity with the attendees to demonstrate the federated nature of XMPP messaging, of which Prav is a part. After the talk, I got a lot of questions, signalling engagement. The audience was cooperative (just like Prav ;)), contrary to my expectations (I thought they will be tired and sleepy).

  On the third day, I did a demo on editing OpenStreetMap (referred to as “OSM” in short) using the iD editor. It involved adding points to OSM based on the students’ suggestions. Since my computer didn’t have an HDMI port, I used Subin’s computer, and he logged into his OSM account for my session. Therefore, any mistakes I made will be under Subin’s name. :)

  On the third day, I attended Aaruni’s talk about backing up a GNU/Linux system. This was the talk that resonated with me the most. He suggested formatting the system with the btrfs file system during the installation, which helps in taking snapshots of the system and provides an easy way to roll back to a previous version if, for example, a file is accidentally deleted. I have tried many backup techniques, including this one, but I never tried backing up on the internal disk. I’ll certainly give this a try.

  A conference is not only about the talks, that’s why we had a Prav table as well ;) Just kidding. What I really mean is that a conference is more about interactions than talks. Since the conference was a three-day affair, attendees got plenty of time to bond and share ideas.

  

  

  After the conference, Bhushan took us to Adalaj Stepwell, an attraction near Gandhinagar. Upon entering the complex, we saw a park where there were many langurs. Going further, there were stairs that led down to a well. I guess this is why it is called a stepwell.

  

  Later that day, we had Gujarati Thali for dinner. It was an all-you-can-eat buffet and was reasonably priced at 300 rupees per plate. Aamras (Mango juice) was the highlight for me. This was the only time we had Gujarati food during this visit. After the dinner, Aaruni dropped Sahil and I off at the airport. The hospitality was superb - for instance, in addition to Aaruni dropping us, Bhushan also picked up some of the attendees from the airport.

  Finally, I would like to thank KDE for sponsoring my travel and accommodation costs.

  Let’s wrap up this post here and meet you in the next one.

  Thanks to contrapunctus and Joseph for proofreading.

---

May 09, 2025

• Abhijith PA Bug squashing party, Kochi

  Last weekend, 4 people (3 DDs and 1 soon to be, hopefully in coming months) sit together for a Bug squashing party in Kochi. We fixed lot of things including my broken autopkgtest setup.

  

  It all began from a discussion in #debian-in of not having any BSPs in the past in India. Then twisted in to hosting a BSP by me. I fixed the dates to 3rd & 4th May to get packages migrate naturally to testing with NMUs before the hard freeze on 15th May.

  Finding a venue was a huge challenge. Unlike other places, we have very limited options on hackerspaces. We also had some company spaces (if we asked), but we may have to follow their office timings and finding accommodation near by was also a challenge.

  Later we decided to go with a rental apartment where could hack all night and sleep. We booked a very bare minimal apartment for 3 nights and 3 days. I updated wiki page and sent announcement.

  Not even Wi-Fi was there in the apartment, so we setup everything by ourselves (DebConf style :p ). I short listed some newbie bugs, just in case if newcomers joined the party. But it was only we 4 people and Kathara who joined remotely.

  We started from May 2nd night, stacked our cabin with snacks, instant noodles and drinks. Arranged beds, tables and started hacking and having discussions. My autopkgtest-lxc setup was broken. I think its related to #1017753, which got fixed magically and now I started using autopkgtest-podman.

  

  I learned

  • reportbug tool can use its own SMTP server by default
  • autoremovals can be extended if we pinged to the bug report.

  On last day, we went to a nice restaurant and had food. There was a church festival nearby, so we were able to watch wonderful procession and fireworks at night.

  

  All in all we managed to touch 46 bugs of which 35 is now fixed/done and 11 is open, some of this get status done when it reaches testing. It was a fun and productive weekend. More importantly we had fun.

---

May 08, 2025

• aktsbot Announcing spb and lil

  Announcing spb and lil

  08 May 2025

  ---

  spb

  simple paste bin had been around for a couple of years. For a long time, spb ran with a mongodb database. Not anymore!

  I updated it to use sqlite3 for its database and modernized the codebase a little bit.

  Improve the source code over at github or see it in the wild over at spb.aktsbot.in.

  lil

  This is my take on a url shortener. The goal with lil was to

  1. Store no user data.
  2. Be usable from the terminal. i.e have a no BS api.
  3. Use zero client side JavaScript.
  4. Be easy to maintain

  Source is at github. See it live on one0.xyz.

  Happy Hacking & have a great day!

---

May 06, 2025

• Bhavani Shankar Why I don't use full disk encryption

  After diving into the rabbit hole of encrypting my entire disk, I decided it is not worth it. These are my reasons:

  • High app launch delay: Cloudflare benchmarked dm-crypt encrypted disks to be 2-7 times slower. It means apps start at snail's pace; imagine a web browser opening in 5s instead of 0.7s.

  • Impact on battery life and RAM: Encrypting, decrypting bytes, and juggling them across the boundaries of disk and RAM is expensive. If you are on a laptop, it eats up battery life.

  • Shortens SSD lifespan: FDE, for security reasons, doesn't enable TRIM by default. It fills the entire disk with random data causing increased wear and tear of your solid state drive.

  • Extremely inefficient: It impartially encrypts everything — even those parts that don't require it like system files — making it harder to fix a broken system.

  Popular methods of full disk encryption

  • TPM, secure boot: Completely transparent to the user because the key is stored on TPM. This variant is good for tamper prevention. Thieves can boot your device and access your data.

  • Passphase based: /boot is not encrypted and is responsible for prompting the password during boot. It leads to bad user experience. If somebody puts a virus in /boot, the next time the user enters the password, it infects the whole system.

  More drawbacks

  • Sleep/Suspend vulnerability: A machine with a fully encrypted disk is secure only when it is off. Data on the RAM is not encrypted and can be extracted.

  • Doesn't stop strong adversaries: It's useless against law enforcement and the mafia because they can force you to unlock your device.

  • Multi-user systems: It doesn't protect your files from other users on your machine.

  A better alternative

  Application level encryption overcomes all these drawbacks.

  Selectively encrypt files and folders

  Encrypt just your private files — it's incredibly fast and secure. You may even use a different password for each file/folder. Multi-user device? No worries. I would suggest to:

  • Encrypt files and folders — including personal pictures, videos, and documents etc with gocryptfs. You can sync encrypted folders across devices with Dropbox and automatically mount on login.

  • Encrypt browser profile (folder) with gocryptfs. It prevents others from accessing your web browsing history, passwords, payment methods, and web subscriptions etc.

  • Set a strong passphrase for ssh and gpg keys to secure your private keys.

  • Use read-only filesystems for system files. Conveniently Nixos has a read-only filesystem and hashed folder names at /nix — where system files are stored — making it resilient to tampering.

  • Make use of deniable encryption with Veracrypt. Create hidden virtual disks inside encrypted file systems. Nobody can even know that they exist.

  • Encrypt files and folders with gocryptfs. You can sync encrypted folders across devices with Dropbox and automatically mount on login.

  • Use Tails OS: When you need as much privacy and anonymity as possible, boot into tails from a USB drive and then shut it down as soon as your work is done.

---

May 05, 2025

• Ravi Dwivedi A visit to Paris

  After attending the 2024 LibreOffice conference in Luxembourg, I visited Paris in October 2024.

  If you are wondering whether I needed another visa to cross the border into France— I didn’t! Further, they are both also EU members, which means you don’t need to go through customs either. Thus, crossing the Luxembourg-France border is no different from crossing Indian state borders - like going from Rajasthan to Uttar Pradesh.

  I took a TGV train from Luxembourg Central Station, which was within walking distance from my hostel. The train took only 2 hours and 20 minutes to cover the 300 km distance to Paris. It departed from Luxembourg at 10:00 AM and reached Paris at 12:20 PM. The ride was smooth and comfortable, arriving on time. It gave me an opportunity to see the countryside of France. I booked the train ticket online a couple of days prior through the Omio website.

  

  I planned the first day with my friend Joenio, whom I met upon arriving in Paris’ Gare de l’Est station, along with his wife Mari. We went to my hostel (which was within walking distance from the station) to store my luggage, but we were informed that we needed to wait for a couple of hours before I could check in. Consequently, we went to an Italian restaurant nearby for lunch, where I ordered pasta. My hostel was unbelievably cheap by French standards (25 euros per night) that Joenio was shocked when he learned about it.

  

  Walking in the city, I noticed it had separate cycling tracks and wide footpaths, just like Luxembourg. The traffic was also organized. For instance, there were traffic lights even for pedestrian crossings, unlike India, where crossing roads can be a nightmare. Car drivers stopping for pedestrians is a big improvement over what I am used to in India. The weather was also pleasant. It was a bit on the cooler side - around 15 degrees Celsius - and I had to wear a jacket.

  

  After lunch, we returned to my hostel for my check-in at around 3 o’clock. Then, we went to the Luxembourg Museum (Musée du Luxembourg in French) as Joenio had booked tickets for an exhibition of paintings by the Brazilian painter Tarsila do Amaral. To reach there, we took a subway train from Gare du Nord station. The Paris subway charges 2.15 euros irrespective of the distance (or number of stations) traveled, as opposed to other metro systems I have used.

  We reached the museum at around 4 o’clock. I found the paintings beautiful, but I would have appreciated them much more if the descriptions were in English.

  

  Afterward, we went to a beautiful garden just behind the museum. It served as a great spot to relax and take pictures. Following this, we walked to the Pantheon - a well-known attraction in the city. It is a church built a couple of centuries ago. It has a dome-shaped structure at the top, recognizable from far away.

  

  

  Then we went to Notre Dame after having evening snacks and coffee at a nearby bakery. The Notre Dame was just over a kilometer from the Pantheon, so we took a walk. We also crossed the beautiful Seine river. On the way, I sampled a crêpe, a signature dish of France. The shop was named Crêperie and had many varieties of Crêpe. I took the one with eggs and Emmental cheese. It was savory and delicious.

  

  

  By the time we reached Notre Dame, it was 07:30 PM. I learned from Joenio that Notre Dame was closed and being renovated due to a fire a couple of years ago, so we just sat around and clicked photos. It is a catholic cathedral built in French Gothic architecture (I read that on Wikipedia ;)). I read on Wikipedia that it is located on an island named Île de la Cité and I didn’t even realize we are on an island.

  At night, we visited the most well-known attraction of Paris, The Eiffel Tower. We again took the subway, alighting at the Bir-Hakeim station, followed by a short walk. We reached the Eiffel Tower at 9 o’clock. It was lit bright yellow. There was not much to do there, so we just clicked photos and hung out. After that, I came back to my hostel.

  

  Next day, I roamed around the city by walking mostly. France is known for its bakeries, so I checked out a couple of local bakeries. I had espresso a couple of times and sampled croissant, pain au chocolat and lemon meringue tartlet.

  

  Here are some random shots:

  

  

  

  

  

  On the third day, I had my flight for India. Thus, I checked out of the hostel early in the morning, took an RR train from Gare du Nord station to reach the airport. It costs 11.8 euros.

  I heard some of my friends had bad experiences in France. Thus, I had the impression that I would not feel welcomed. Furthermore, I have encountered language problems in my previous Europe trip to Albania and Kosovo. Likewise, I learned a couple of French words, like how to say thank you and good morning, which went a long way.

  However, I didn’t have bad experiences in Paris, except for one instance in which I asked my hostel’s reception about my misplaced watch and the person at the reception asked me to be “polite” by being rude. She said, “Excuse me! You don’t know how to say Good Morning?”

  Overall, I enjoyed my time in Paris and would like to thank Joenio and Mari for joining me. I would also like to thank Sophie for giving me a map of Paris, which was handy.

  Let’s end this post here. I’ll meet you in the next one!

  Credits: Thanks to contrapunctus for reviewing this post before publishing

---

• KhubsuratInsaan The Gradual Encroachment of Capitalistic Tendencies

  As an OpenStreetMapper, I love adding things which are supposed to be more or less guaranteed to persist for more than 10 years, such as parks and addresses. The act of seeing my parks on the map with their striking green colour gives me immense joy, and I get a similar joy from seeing the cute house numbers displayed on a series of nice rectangles.

  So, it was obvious to me that addresses would be among one of my first contributions. I started looking out for areas with “nice” regular buildings who have clearly displayed their addresses in front of their houses.

  My friend’s house was one such building. On a sunny day when (say) A and I were strolling, I told them about my plan to add their street to OSM. I was expecting, at the worst, some casual indifference about that whole affair. However, their response surprised me. They told me that ’the address is their private property’ just like ’the part of the street in front of their house is their private property.'

  First of all, both of those statements are false. As is often the case, the street where my friend live is owned by the government, and all of its addresses are in public domain. I could, of course, have ignored this stupidity. However, I decided to reflect a little on this thing. What would a private system of addresses entail?

  A private system of address would mean that the address is owned by the house owners. To prevent any intelligent guessing, these house numbers would have to be random, and can be appended with brand names to generate extra money for the house owners (like “SBI 1675343204892384123809323”). A government agency can be given the task of ensuring that the addresses remain private.

  Now comes the difficult part, we have to make these addresses excludable and rivalrous. To ensure excludability we can generate a new address every time it is accessed by someone. So, if A visits SBI 1675343204892384123809323 (by paying a fee to the government agency which transfers the money to the house owner) and connects it to a coordinate, then the owner can change the address to a new one, ensuring that the next person would also have to pay the fee. This has the obvious disadvantage that once B’s personal data is revealed, A can instead connect the coordinates to B’s personal data and then sell it in the underground market. To avoid this problem, B can try to hide their personal data as much as possible, going as far as to change their personal data after a “leak.” To make the “good” rivalrous, the owner can impose a monthly limit on the number of access.

  I have to admit, the above framework is pretty flaky. However, it is an OK starting point to think about monetisation of addresses. I am very happy that the above system is not practical, and so mapping addresses is still a useful endeavour. For now.

---

April 29, 2025

• Karthik Contributing to Movim Again!

  Last week, I got one more opportunity to contribute to movim’s CI/CD setup, which is in same scope as my previous contribution.

  As the movim project dropped support for MySQL database, starting with v0.30.1, The developers wanted to test app setup with mariabd along with the existing postgres based setup job in the CI pipeline. Hence i got involved to support it.

  It was relatively easy, as i just have to swap out one of the previous job steps involving postgres with mariabd. But, it took me some time to figure out a working mariadb github action out of available options.

  Related PR: https://github.com/movim/movim/pull/1431

---

April 21, 2025

• KhubsuratInsaan Lonely: Part 1

  I often feel lonely, and I don’t have many friends. This blog series documents my journey towards ending this state of deprivation which has been plaguing my work since months.

  For a quick start, I decided to join some local communities in Delhi. I am already a part of OpenStreetMap Delhi, but their meetups happen only once a month, which makes it very difficult to nurture the connections I make there (if I am able to create them in the first place). I have searched a little and have now found some other communities where I should be able to find new people.

  The first one is HochPoch Delhi, which is a group of 2 people organizing meetups every Wednesday. They hangout in art galleries, museums, and cafes. They seem pretty chill, and I hope to meet some cool people there.

  The second one is Lodhi Reads, who meet every Saturday at Lodhi Gardens to read books in silence. This seriously sounds like heaven to me.

  I will write about my experience at these two places in Part 2.

---

April 18, 2025

• Bhavani Shankar A weird algorithm for sharing coins

  Here's a memorable problem from Project Euler:

  There are 7 ways to separate 5 coins into piles (as shown). How about 100 coins?

  OOOOO
  OOOO   O
  OOO   OO
  OOO   O   O
  OO   OO   O
  OO   O   O   O
  O   O   O   O   O 
  

  Solution

  In number theory, it is known as the partition function: $p(k)$. So $p(5) = 7$. A simple formula for $p(n)$ is currently unknown but, we can calculate it recursively. The key insight is how we break $p(n)$ into smaller problems.

  Let $p(n, k)$ be the number of ways to arrange of $n$ coins into piles allowing up to $k$ coins per pile. For example, $p(4, 2)$ is:

  OO   OO
  OO   O   O 
  O    O   O   O
  

  Let's build the recurrence.

  • If $k = 1$, we can only put 1 coin in each of the $n$ piles; if $n=1$, there's only one coin. There's only one arrangement in either case. Therefore,

  $$p(n, 1) = p(1, k) = 1$$

  • The possible arrangements for $n, k$ can be segregated into two categories:
    1. Those that only use smaller piles of $k-1$ coins or less.
    2. And the rest — with a pile of $k$ coins. If we remove it, we are left with all possible ways to arrange $n-k$ coins.

  $$p(n, k) = p(n, k-1) + p(n-k, k)$$

  A concrete example

  To be certain that we understand, let's divide $p(5, 3)$ into these two groups. The first group $p(n, k - 1)$ has all arrangements with piles of size $k - 1 = 2$ or less.

  OO   OO   O
  OO   O   O   O
  O   O   O   O   O 
  

  The 2nd group contains one pile of size 3. If we remove it, we are left with $p(2, 2)$.

  000   OO
  000   O   O
  

  Adding these two counts, we can see that $p(5, 3) = 5$. Let's calculate $p(5, 3)$ recursively now.

  What if $n \leq 0$?

  We missed a base case; $p(0, 2)$ came from $p(2, 2)$ after making a common pile of 2 coins; we need one arrangement to put the common pile. Though it seems a bit counterintuitive, we need to set:

  $$p(0, k) = 1$$

  During recursion, we will encounter calls like $p(2, 3)$. Blindly expanding will result in negative values for $n$:

  $$p(2, 3) = p(2, 2) + p(-1, 3)$$

  We can add a maximum of $n$ coins to a pile. So we can set $k$ to $n$ when $k > n$.

  $$p(2, 4) = p(2, 2)$$

  Writing the code

  Let's write an implementation of our 4 base cases and the recurrence and use it to compute $p(100, 100)$.

  fn partitions(n: usize) -> usize {
      fn partitions_helper(n: usize, k: usize) -> usize {
          if k > n {
              partitions_helper(n, n)
          } else if n == 0 || n == 1 || k == 1 {
              1
          } else {
              partitions_helper(n, k - 1) + partitions_helper(n - k, k)
          }
      }
      partitions_helper(n, n)
  }
  
  fn main() {
      println!("{}", partitions(100));
  }
  

  After about a second, we are greeted with the answer.

  190569292
  

  Speeding it up

  A lot of values are computed again and again. For instance,

  If we continue expanding the first 2 terms, we will encounter $p(2, 2)$ twice. It makes sense to use caching a.k.a memoization with crates like cached. With caching, this problem goes from exponential to quadratic time complexity i.e $O(e^{n})$ to $O(n^2)$ — a gap so huge that calculating $p(1000)$ would shrink from days to under a second.

  use cached::proc_macro::cached;
  ...
      // Just add this proc macro to above code. That's it!
      #[cached]
      fn partitions_helper(n: isize, k: isize) -> isize {
      ...
  

  Bottom-up approach

  Instead of caching previously computed recursive calls, we can avoid the stack overhead by just starting from the base and building up higher and higher until we reach the answer. This approach is cleaner and faster.

  fn partitions_bottom_up(n: usize) -> usize {
      let mut partitions = vec![vec![0; n + 1]; n + 1];
  
      // fill all the base cases
      for i in 0..=n {
          partitions[0][i] = 1;
          partitions[1][i] = 1;
          partitions[i][1] = 1;
      }
  
      // build up the rest of the n, k values
      for i in 2..=n {
          for j in 2..=n {
              partitions[i][j] = partitions[i][j - 1];
              if i >= j {
                  partitions[i][j] += partitions[i - j][j];
              }
          }
      }
  
      partitions[n][n]
  }
  

---

April 17, 2025

• Bhavani Shankar Sudoku solver in 100 lines of Rust

  Sudoku is an addictive number placement puzzle that is logic-based. To win, you should fill the missing cells such that all rows, columns and each of the nine 3x3 boxes contain all numbers from 1 to 9. A well-posed Sudoku has only one solution.

  

  After conquering basic algorithms, a Sudoku solver feels like a rite of passage to be a good coder. So, let's write a program that can solve any Sudoku puzzle in less than a second, starting from scratch.

  Algorithm

  To solve any problem, we should begin by designing an algorithm. Let's see -

  1. Check if the Sudoku puzzle is valid.

  2. Find an empty cell and guess a number.

  3. Continue with (1) until either:

     a. No empty cells are left - we found a solution!

     b. We cannot proceed - We made wrong guesses. Then, we should step back and try and continue (1) with a different guess.

  This backtracking algorithm will enumerate all solutions. If you are familiar with graphs, you will notice it is identical to depth-first search.

  

  Each circle is an intermediate solution. You jump to the bottom circles by making a valid guess (arrow) and when you reached the bottom, you take a step back and explore other possibilities.

  Encoding

  To achieve a compact representation, we can write down a Sudoku row by row as an array of numbers. Empty cells are indicated with 0. Then, the above puzzle becomes:

  000000005000075060715000002074031006100706003600520970300000859020980000400000000

  Validating a region

  With this representation in mind, we can begin by writing a check for all Sudoku constraints - all rows, columns and 3x3 boxes should contain 1 to 9 exactly once. Let's call each one of them regions. A region can be one particular row or a column or a box.

  fn is_valid_region(region: [u8; 9]) -> bool {
      let mut seen = [false; 10];
  
      for n in region {
          if n != 0 && seen[n as usize] {
              return false;
          }
          seen[n as usize] = true;
      }
  
      true
  }
  

  The function is_valid_region checks if the numbers 1-9 occur only once.

  Extracting regions

  Fetching the nth row of a Sudoku is straightforward. In our representation, the 1st row is 0, 1, 2, ..., 8. The 2nd row is 9, 10, 11, ..., 17 and so on. So, the nth row is:

  With a similar approach, we can deduce the patterns for nth column and the nth box. To keep the code simple, I hard coded the 1st box and the offsets to get the other boxes.

     // Get nth row of a sudoku
     fn get_row(sudoku: [u8; 81], row_index: usize) -> [u8; 9] {
         let mut row = [0; 9];
         for i in 0..9 {
             row[i] = sudoku[i + row_index * 9];
         }
         row
     }
       // Get nth column of a sudoku
     fn get_column(sudoku: [u8; 81], column_index: usize) -> [u8; 9] {
         let mut column = [0; 9];
         for i in 0..9 {
             column[i] = sudoku[i * 9 + column_index];
         }
         column
     }
       // Get nth box of a sudoku
     fn get_box(sudoku: [u8; 81], box_index: usize) -> [u8; 9] {
         let mut box_region = [0; 9];
         let first_box = [0, 1, 2, 9, 10, 11, 18, 19, 20];
         let box_offsets = [
             0,
             3,
             6,
             9 * 3,
             9 * 3 + 3,
             9 * 3 + 6,
             9 * 6,
             9 * 6 + 3,
             9 * 6 + 6,
         ];
      
         for i in 0..9 {
             box_region[i] = sudoku[first_box[i] + box_offsets[box_index]];
         }
         box_region
     }
  

  Validating Sudoku

  To check if a Sudoku is valid, we just need to extract all 27 regions and verify that they are consistent.

  // Returns true if a sudoku is valid.
  fn is_valid_sudoku(sudoku: [u8; 81]) -> bool {
      for i in 0..9 {
          if !(is_valid_region(get_row(sudoku, i))
              && is_valid_region(get_column(sudoku, i))
              && is_valid_region(get_box(sudoku, i)))
          {
              return false;
          }
      }
      true
  }
  

  Solving

  The backtracking algorithm that we designed looks like this in Rust:

  /// Recursively enumerates all solutions of a sudoku puzzle
  pub fn solve_sudoku(sudoku: [u8; 81]) -> Vec<[u8; 81]> {
      let mut solutions = Vec::new();
   
      fn solver(solution: [u8; 81], solutions: &mut Vec<[u8; 81]>) {
          let mut empty_cell_found = false;
       
          for i in 0..81 {
              if solution[i] == 0 {
                  empty_cell_found = true;
               
                  for n in 1..10 {
                      let mut new_solution = solution;
                      new_solution[i] = n;
                      if is_valid_sudoku(new_solution) {
                          solver(new_solution, solutions);
                      }
                  }
                  break;
              }
          }
       
          if !empty_cell_found {
              solutions.push(solution);
          }
      }
   
      solver(sudoku, &mut solutions);
      solutions
  }
  

  We find an empty cell, make a valid guess and call solver recursively. We keep exploring deeper and deeper until we cannot proceed further. If all the cells are filled up, then it's a solution. We add it to our list. We continue searching the remaining paths in this graph.

  This worked beautifully. It printed out the solution to the above puzzle in 0.0s.

  534678912672195348198342567859761423426853791713924856961537284287419635345286179

  Here's another example:

  let sudoku = [
      6, 4, 5, 9, 0, 0, 0, 0, 0,
      0, 7, 3, 1, 0, 0, 0, 5, 0,
      2, 0, 0, 0, 5, 0, 0, 0, 0,
      5, 9, 0, 0, 3, 7, 6, 0, 0,
      0, 0, 0, 0, 0, 0, 0, 0, 0,
      0, 0, 4, 5, 8, 0, 0, 3, 9,
      0, 0, 0, 0, 7, 0, 0, 0, 3,
      0, 3, 0, 0, 0, 4, 1, 9, 0,
      0, 0, 0, 0, 0, 1, 8, 2, 7,
  ];
  
  let solutions: Vec<[u8; 81]> = vec![
      [
          6, 4, 5, 9, 2, 8, 3, 7, 1,
          9, 7, 3, 1, 4, 6, 2, 5, 8,
          2, 8, 1, 7, 5, 3, 9, 4, 6,
          5, 9, 8, 4, 3, 7, 6, 1, 2,
          3, 2, 7, 6, 1, 9, 5, 8, 4,
          1, 6, 4, 5, 8, 2, 7, 3, 9,
          8, 1, 9, 2, 7, 5, 4, 6, 3,
          7, 3, 2, 8, 6, 4, 1, 9, 5,
          4, 5, 6, 3, 9, 1, 8, 2, 7,
  ]];
  
  assert_eq!(solve_sudoku(sudoku), solutions);
  

---

April 12, 2025

• Bhavani Shankar Self-existing objects of time travel

  Jinn particle is a mind boggling yet simple concept from theoretical physics that has been explored in fiction. To understand what it is, imagine meeting an old man who gifts you a book. Leaving, he says

  "Do not open the book until you know who I am."

  Decades pass by and you forget the book in the corner of a closet. Looking in the mirror, one day, you realize that you are starting to appear exactly like that old visitor — maybe you are him? You open the book and find schematics of a time machine. Over the next few years, you digest its contents and construct a time machine. Then, you return the book to the past.

  The origins of this book is a perplexing mystery — without a beginning or an end — it just exists in this time loop. But if time travel is real, these self-existing items must exist.

  Jinn particles over time

  Ordinary books wear out with time; the paper turns yellow, wrinkly, and torn; the print fades. In physics, we call it entropy. To return the book to your past self in exactly the form that you received, either:

  1. The book always remains in the exact same condition — time has no effect on it.
  2. It reverts to the younger form during time travel. The entropy accumulated by the book is dissipated into the environment.

  A human jinn particle

  You meet a time traveler at 10 am, today and have a lovely conversation with her. At 10:15 am, she says it's time to go. As she is leaving, you peek inside the time machine and your jaw drops. She has set the destination to 10 am, today — the precise moment she arrived.

  This person has changed over the course of the conversation. Her brain formed new connections and memories; her body aged for 15 minutes; she has accumulated entropy. As a jinn particle, she will shed memories of this brief conversation and aging before she arrives.

  Implications of their existence

  Part of the spookiness of a jinn particle is how certain actions become necessary — you have to return the book to the past. You cannot destroy it. Either the thought itself cannot occur or you refrain from acting on it — perhaps due to a fear of destroying reality. Maybe all your attempts fail due to coincidences or the book simply turns out to be indestructible.

  More interestingly, you destroy the book but the schematics of the time machine form in your mind. You write the book and give it to your past self. Then it's not a jinn particle anymore.

  Whatever ends up happening, if jinn particles exist, certain events will be predestined. This leaves the notions of free will and non-determinism in jeopardy.

---

April 10, 2025

• KhubsuratInsaan A Rude Girl

  Last Saturday a girl messaged me. She was one of my opponents in a Chess tournament I played a long time ago. (After the tournament, she asked for my mobile number; and I was surprised to see her use it after such a long time.) I was, of course, pleased to talk to her after such a long time.

  After some chatting, she asked if she can call me. Me being an introvert, the idea of the voice call quickly overwhelmed me. After some thinking, I gave a lazy excuse of college assignments and we decided to talk on a call on Monday.

  So, on Monday I started texting her about the call. And she started ignoring me, leaving my texts on “seen.” Meanwhile she was playing at Lichess! I didn’t get even a simple “I am busy” (which would take 15 seconds to type).

  After 2 days, I blocked her. I am not going to deal with a person who lacks basic communication decency. Chivalry is seriously dead!

---

April 07, 2025

• Bhavani Shankar A puzzle led me to a curious world of numbers

  A seemingly simple puzzle took me down a rabbit hole.

  Find a number that grows exactly $\frac{3}{2}$ times when the first digit becomes the last digit.

  For example, turning first digit into the last digit looks like this: 1234 → 2341. For brevity, let's call it rotating the number.

  Solving with Brute force

  The first idea that comes to mind. After all, the computer can check millions of numbers a second; if the solution is small enough, it will work. I began by writing a function to rotate a number.

  use num_bigint::BigInt;
  
  fn rotate_number(n: BigInt) -> BigInt {
      let digit_count: usize = n.to_string().len() - 1;
      let closest_pow = BigInt::from(10).pow(digit_count.try_into().unwrap());
      let first_digit = n.clone() / closest_pow.clone();
      let rest = n % closest_pow;
      rest * 10u32 + first_digit
  }
  

  Who knows how big a solution might be? So I chose the bignum library for arbitrary precision integers. It is a bit awkward to get the first digit and the rest of the number. We can also count the number of digits using logarithms.

  And then, let's check all numbers until 100 million.

  fn main() {
      for n in 1..100_000_000 {
          if rotate_number(n) * 2 == 3 * n {
              print(n)
          }
      }
  }
  

  The code failed to find an answer. After trying even larger limits, I gave up; it's time to try a different approach.

  Some observations

  After thinking about this number, I deduced that the answer has these properties:

  • The number has to be divisible by 6. We are dividing n by 2 - so it has to be even. Similarly, the rotated number is divisible by 3 because the divisibility test for 3 is sum of digits. So the original number is a multiple of 3 too.

  • The number has a prefix with 2 or more unique digits in ascending order. E.g. 35 or 117. This ensures that the rotated number is larger.

  Maybe we can use these properties to speed up our brute force algorithm? But first, it might be prudent to look at numbers that almost work.

  Finding approximate answers

  We are looking for a number $n$ which has the property:

  To find a number that almost satisfies this condition, we should minimize the result instead of setting it to zero.

  $$|2R(n) - 3n| < \epsilon$$

  Where $R(n)$ is the rotated number and $\epsilon$ is a small number.

  fn measured_error(n: BigInt) -> BigInt {
      let mut error = 2u32 * rotate_number(n.clone()) - 3u32 * n;
  
      // calculate absolute value
      if error < BigInt::from(0) {
          error = -error;
      }
      error
  }
  
  fn find_approximates(limit: u32, eps: u8) -> Vec<BigInt> {
      let mut result = Vec::new();
  
      for n in 10..limit {
          let mut abs_error = measured_error(BigInt::from(n));
          if abs_error < BigInt::from(eps) {
              result.push(BigInt::from(n));
          }
      }
  
      result
  }
  

  Setting $\epsilon = 50$, we find quite a few approximate answers below 100 million.

  35
  58
  235
  470
  3529
  5882
  23529
  35294
  58823
  117647
  235294
  352941
  470588
  2352941
  4705882
  11764706
  47058823
  58823529
  

  They are very close. Maybe we can tweak them by adding digits to obtain an exact solution? $$117647 \times \frac{3}{2} = 176470.5 \neq 176471$$

  A greedy search

  These numbers share a prefix and seem to converging to a solution. This gave me an idea. We can grow a solution by adding digits one at a time while keeping the error bounded. We might reach an exact solution in a finite steps or stumble upon an infinite sequence; So, we should limit the size of a guess.

  Let's write a function next_guesses that grows the current guess by a digit while keeping the error less than $\epsilon$. For example: next_guesses(11) might output [116, 117, 118]. Then we explore the next guesses of these 3 like a tree.

  

  fn next_guesses(n: BigInt, eps: u8) -> Vec<BigInt> {
      let mut guesses = Vec::new();
  
      for d in 0..10 {
          let next_guess: BigInt = 10 * n.clone() + d;
          let mut abs_error = measured_error(next_guess.clone());
          if abs_error < BigInt::from(eps) {
              guesses.push(next_guess);
          }
      }
      guesses
  }
  
  fn search(seed: BigInt, depth: u16, max_depth: u16, eps: u8) {
      for guess in next_guesses(seed, eps) {
          if measured_error(guess.clone()) == BigInt::from(0) {
              println!("{}", guess);
          } else if depth < max_depth {
              search(guess, depth + 1, max_depth, eps);
          }
      }
  }
  
  fn main() {
      search(BigInt::from(0), 0, 100, 50);
  }
  

  Running this code, we are greeted with some solutions.

  0
  1176470588235294
  2352941176470588
  3529411764705882
  4705882352941176
  5882352941176470
  

  We even found the number 2352941176470588. When rotated, it produces another answer! I don't remember where I found this puzzle but I really enjoyed it. I looked up these numbers online and found cyclic and transposable numbers.

---

April 06, 2025

• Bhavani Shankar Unexpected life lessons near the Tibet border

  What I saw passing through a military guarded area, will stay with me to the end.

  The incident

  A short middle-aged man, wearing muddy, torn clothes was throwing stones at the army officers. His facial features indicated down's syndrome. Clearly, he had the intelligence of a child.

  His flings were weak. Most stones missed and a few landed near their boots. A young officer furious, held his neck tight and slapped him with a heavy hand. "Never do it again!" he screamed pointing a finger at him. The teary-eyed man ran away while hurling more pebbles.

  Contemplating the aftermath

  The man likely didn't connect the dots that his behavior led to punishment. His beliefs about these hostile beings with a dress code were reinforced. His resentment and hatred have been aggravated. He will continue the behavior while trying harder to not get caught.

  The army officer, from his place of power thought he was teaching a lesson. He was completely oblivious to the man's intellect and the consequences. Unwittingly, he caused more suffering by ensuring that the man will be beaten up again - the exact opposite of what he intended.

  It's so common in India to beat a child to "discipline" them. The parents may even recite with pride, misinformed quotes like:

  "Spare the rod, spoil the child."

  Well congratulations. You made a conforming child but it is dead inside. It will grow up to be a dysfunctional adult suffering from great torment, mental disorders. Many will abuse drugs and indulge in crimes.

  Spread kindness and happiness instead

  Aghast by this incident, I asked myself "What would I have done?". Then, it came to me.

  I would have treated the man a meal with my buddies. After establishing safety and a connection, and satisfying his hunger, I would gently explain that throwing rocks is bad. From then on, each time I see him on good behavior, I would reinforce it.

  This goes in the face of our cultural conditioning. But, it is the only idea with a chance of actually working.

---

April 01, 2025

• Bhavani Shankar Four stories for honing mental toughness

  If you suffer from difficult emotions like me, this post can help. After exploring pragmatic beliefs, I long to share these four stories. These tales are a refuge during turbulent times. So, they are close to my heart. Most of these are extracted from discourses given by the Buddha.

  Ruminations of a dying king

  A king goes hunting in a forest and is shot with a poisoned arrow. His men rush him to the nearest village. The herbal doctor lays him down on a bed and starts dressing up his wound and offers an antidote. The king refuses the medicine and starts saying

  "I can't take the medicine until I know who shot me and why. Is he an enemy from a neighboring kingdom? What metal and wood is the arrow made of? Why did he shoot me there but not deeper in the jungle? ..."

  The doctor replies "If you don't take the medicine, not only will your questions remain unanswered, you will die".

  In the face of hardships that are beyond our control, we tend to sit in a corner and cry. Drowned in victim mindset, we ruminate over questions that lead nowhere — just like the king. Let go, and take the medicine.

  Two arrows of hurt

  Being hit by two arrows hurts much worse than just one. Buddha said the first arrow is what life throws at us — including pain, diseases, death of loved ones, disagreements, famine, and unfulfilled desires etc. This first arrow is unavoidable. It's a law of nature that we will be shot every once in a while.

  The 2nd arrow is us lamenting our fate and yearning for things to be different. This arrow hurts worse and lasts much longer. It is self inflicted — a conditioned response of our mind. Buddha says we can train our mind to diminish its effects until it no longer exists. Therefore, accept everything life gives us.

  Cow with a rare disease

  Imagine a cow that has no skin due to a rare genetic condition. As it grazes along the banks of a river, leeches, maggots, insects, and all kinds of parasites grasp onto its bare flesh and start feeding on it.

  Buddha says an untrained mind is like this cow. All kinds of filth gets into our minds through our senses like billboards, notifications, ads, gossip, criticism and cravings etc and rock it like a boat in a storm. This causes great suffering. Don't consume mindlessly. Use mindfulness as a sentinel that guards our senses and stills the mind.

  An absurdly tough ankle noose

  An elephant was captured when it was a baby. To keep it from escaping, the captor tied one of its ankles to a banana tree. The elephant struggled with all of its might to get loose. It kept trying for hours and realized it was of no use. Years passed by and the elephant grew into an adult. Every day the human would take the elephant for logging and at the end of the day, tie its ankle to the same banana tree with the same rope. The elephant can now easily break the rope or uproot the tree. But, it never tried to escape — not even once.

  Just like the elephant, we are carrying mountains of baggage — false beliefs and habits that limit us. Maybe something as simple as believing we are bad at math, social skills, and sports or being a hoarder due to growing up in poverty or suffering from a paralyzing fear of heights. We can recognize and unlearn everything. Meticulously question each belief, study your behavior, and cultivate an open mind.

---

March 29, 2025

• Bhavani Shankar A simple setup for distraction free writing

  I am at peace after purging Instagram, WhatsApp, and YouTube. Life is slower and incredibly mindful. I am settling comfortably into books, the small web and crafting this blog.

  Chosen tools for writing

  Worn down by configuration fatigue induced by abusing Emacs, Vim, and window managers for years, I am in search for simple tools that get things done. They have to be:

  1. Zero config - should have sane defaults and batteries included.
  2. Offline and privacy friendly - should not transmit my prose to privacy nightmares like Grammarly or OpenAI.
  3. Lightweight, fast - should run on tiny devices and give real-time feedback. LanguageTool (Java) and Electron based bloatware are out.

  Writing is fun in Helix

  Seduced by its minimalism, speed, and modal editing approach, I switched to the post-modern text editor - Helix. Here are the other packages I utilize for writing:

  1. Harper - a tiny grammar and spell checker
  2. Prettier - formats text and code snippets
  3. Zola - for generating websites and taking notes.

  To integrate these tools into helix, and enable text wrapping for prose, append the following into ~/.config/helix/languages.toml.

  # Check grammar with harper
  [language-server.harper-ls]
  command = "harper-ls"
  args = ["--stdio"]
  
  [[language]]
  name = "markdown"
  language-servers = [
    { name = "harper-ls" }
  ]
  
  # Enable soft wrapping of text
  soft-wrap.enable = true
  text-width = 80
  soft-wrap.wrap-at-text-width = true
  
  # Format markdown and code snippets with prettier
  formatter = { command = 'prettierd', args = [
    "--parser",
    "markdown",
    "--prose-wrap",
    "never",
  ] }
  auto-format = true
  

  Zola for note taking

  You may have noticed that some posts like "why start another blog?" link back to this page. That's because Zola can automatically show backlinks - making it a powerful knowledge management system like Obsidian. We just have to tweak its config.toml.

  bottom_footnotes = true # adds footnote backreference
  

  Use the internal linking format (that begins with @). Then, we can use this snippet in the footer template to display all backlinks.

  {% if page.backlinks %}
  <div class="backlinks">
  <h4>Links to this page</h4>
  <div>
  {% for bl in page.backlinks %}
    <div>
      <a href={{ bl.permalink }}>{{ bl.title }}</a>
    </div>
  {% endfor %}
  </div>
  </div>
  {% endif %}
  

  Bonus: clean reading without ads or spam

  I don't use my email to subscribe to newsletters. Now, I am all into RSS feeds and I don't take websites without it seriously. There is plenty of quality content and feeds to discover on Feedle and in the Fediverse. My favorite rss readers are:

  • Capyreader (Android)
  • Rssguard (Linux, Windows, MacOS)
  • Feedbro (Addon for Firefox, Chrome, and edge.)

  In this way, you can write freely and avoid brain damaging ads and social media.

---

March 26, 2025

• Bhavani Shankar CSS tips: Gentle image filters for dark mode

  Viewing images in dark mode can hurt your eyes. This is because, while text is optimised for reading in low light reading automatically, images are often neglected. So, a bright image in the middle of prose causes discomfort. I mulled over this issue. Here are some solutions I came up with:

  Illustrations

  Diagrams, illustrations, comics, cartoons etc whose colors aren't constrained by reality fall in this category. We can just invert them and reduce some brightness.

  @media (prefers-color-scheme: dark) {
    .image-invertible {
      filter: invert(1) brightness(0.67);
    }
  }
  

  See it in action in my recursive universes post. Try toggling the theme using the button at the top and observe how the diagrams change.

  Photos

  Images captured by a camera look terrible when inverted. Reducing the brightness is the only thing we can do.

  @media (prefers-color-scheme: dark) {
    .image-non-invertible {
      filter: brightness(0.67);
    }
  }
  

  I used this method in my about me page. With tiny tweaks like this one, we can make huge leaps towards delighting our readers.

---

March 20, 2025

• Bhavani Shankar Strange paradoxes of recursive universes

  I couldn't believe my own answer to this puzzle. After thinking hard to disprove it, I finally understood it.

  Imagine being in a large box with your box lying on the floor beside you. Your box contains a smaller copy of you and a smaller box inside and so on ad infinitum. You reach your hand into your box and pull out the smaller box. As you do this, you see a bigger hand coming from above and taking your box. Note that all the infinite copies of you have done the same. The boxes and the hands can pass through each other. So, there are no collisions.

  Then, you put the box in your hand on the floor where the old box was. Where is your box now?

  

  In this picture, your box is colored. The box that you pulled out is shown with a thick border. Dots indicate that the pattern continues forever.

  The solution

  As insane as this sounds, your box is now infinitely far away.

  Let's derive the answer. To keep track, we will assign numbers to the boxes. Your box is 0. The boxes inside will be labeled 1, 2, 3, 4, .... You are inside the box -1. We label the outer boxes -2, -3, -4, .... Here's what it looks like:

  

  Let's use a simple notation to indicate that we can grab box 2 through box 1 (or that 2 is inside 1)

  [1] -> [2]

  Then, the original configuration of the boxes looks like the following.

  ... [-2] -> [-1] -> [0] -> [1] -> [2] -> [3] -> [4] -> [5] ...

  You pulled box 1 into -1, 0 was pulled into -2, -1 was pulled into -3, -2 was pulled into -4 and so on. We can observe the emergence of two chains - one for odd numbers and one for even numbers.

  ... [-5] -> [-3] -> [-1] -> [1] -> [3] -> [5] ... (odd numbers)

  ... [-6] -> [-4] -> [-2] -> [0] -> [2] -> [4] ... (even numbers)

  And this is the final result. From your perspective, the even numbered boxes including your box are nowhere to be seen!

  

  We are left with a rather disturbing mystery. Are half of the boxes really gone and when exactly? Can't we just reverse our actions to get them back?

  Resolving the mystery

  Being a recursive arrangement of boxes within boxes, the connections between boxes were constrained. To reach an inner box, you have to go through the boxes in the middle. So, if one of the boxes in the middle cannot be reached, you lose access to all the boxes inside it - exactly what has happened here. The moment you placed the smaller box on the floor and let it go, you ended up creating two parallel universes. By going inside or outside a box you cannot jump into the other universe.

  This concept is often encountered in data structures like linked lists. A linked list is a chain of nodes. Each node contains a number and the address of the next number. If you remember the starting node, you can keep jumping to the next node's address and see all the numbers. But, if you cut the linked list in the middle or take alternate nodes and link them together into 2 linked lists (like above), you cannot reach all nodes starting from any one node.

  Simpler example

  Sometimes it helps to look at a smaller (finite) example. Imagine there are just 8 boxes.

  [-4] -> [-3] -> [-2] -> [-1] -> [0] -> [1] -> [2] -> [3]

  The first 2 boxes (-4, -3) are not moved. Both -2 and -3 will be inside -4. -2 has all the even boxes inside and -3 has all the odd boxes inside.

  [-4] -> [-2]  -> [0]  -> [2]
    ↓  
  [-3] -> [-1] -> [1] -> [3]
  

  Aha! The largest box still connects the odd and even numbered boxes. But, that connection was pushed away to infinity in our puzzle.

  This is a modified version of a puzzle created by Michael Savage.

---

March 16, 2025

• Bhavani Shankar Moving my family to conversations (XMPP)

  Conversations is really awesome. It is a secure, private and decentralized chat app. There is no privacy invading ads company like meta running the service. I was sold and wanted to try it out with my family. Only one small issue - conversations costs ₹550 in the play store. People don't like paying for software in our country. They would say:

  "I can eat for a week with 500 rupees. Let meta have my data and give me WhatsApp for free."

  I have lost this argument many times. Fine, we need not pay for it right now. So, I told my brother about F-Droid - an app store with only free apps. Since our parents cannot install the app by themselves, he would set up their accounts too. I live away. So, I had to guide him through each step on the phone. Little did I know that this would turn out to be much harder than I had anticipated.

  Installing F-Droid

  My brother opened Chrome in his phone and searched for F-Droid. He found the website and clicked "download apk". He told me it had disappeared. That's weird. I told him to download it again. This time, it asked "Do you want to download this file again?". Huh. Maybe it was already downloaded, so we went searching for it in files. We found it after some digging. I then got him to "allow unknown sources" and to install it. It was buried in the ginormous list of bloatware apps that came with his phone.

  Installing conversations

  F-Droid greeted us with an empty list of apps. We pressed the refresh - nothing. After waiting for 5 minutes, we hung up the phone. I called him back after a couple of hours. The repository has synced by then. We were elated to finally see a list of apps and install conversations.

  Setting up accounts

  My brother comes home every Sunday. So, we had to do this today. He created 3 accounts - one for each of their phones. But, he made our parents accounts on the wrong phones by mistake. So, he had to log out the account from each of their phones and login to the right accounts. But there was catch:

  He forgot their passwords. He wrote the passwords down on a piece of paper, but our mom locked it away for safety and went out.

  I could have killed myself here, but I restrained. We decided to update the profile names instead. I couldn't see their updated names until I deleted their contacts and added them back.

  Conclusion

  I later found Quicksy in the play store. It is the same as Conversations, but with the convenience of registering an account with a phone number - no need of user IDs and passwords. Instead of going through all this trouble, I should have asked them to install Quicksy. Sending SMS is costly. Then, why is this app free but not conversations? Why don't they have just one app that lets you register using both options?

  I now understand the UX barrier to open source technologies a bit better. Open source needs to invest in design and simplify user onboarding. Otherwise, the unethical counterparts will keep winning.

---