Suramya's Blog : Welcome to my crazy life…

February 6, 2025

A Linux Distribution which runs directly within a PDF file

There is a semi-serious joke in the IT industry that anything that can compute is eventually used to play Doom and then run Linux. Now you can do both from inside a PDF file. Since the PDF specification supports Javascript a highschool student who goes by the handle ‘ading2210’ has implemented a RISC-V emulator in it which can run a barebones Linux distribution within the PDF file itself. This builds on top of the work done to get Doom to run inside the PDF file.

The full specfication for the JS in PDFs was only ever implemented by Adobe Acrobat, and it contains some ridiculous things like the ability to do 3D rendering, make HTTP requests, and detect every monitor connected to the user’s system. However, on Chromium and other browsers, only a tiny subset of this API was ever implemented, due to obvious security concerns. With this, we can do whatever computation we want, just with some very limited IO.

C code can be compiled to run within a PDF using an old version of Emscripten that targets asm.js instead of WebAssembly. With this, I can compile a modified version of the TinyEMU RISC-V emulator to asm.js, which can be run within the PDF. For the input and output, I reused the same display code that I used for DoomPDF. It works by using a separate text field for each row of pixels in the screen, whose contents are set to various ASCII characters. For inputs, there is a virtual keyboard implemented with a bunch of buttons, and a text box you can type in to send keystrokes to the VM.

The largest problem here is with the emulator’s performance. For example, the Linux kernel takes about 30-60 seconds to boot up within the PDF, which over 100x slower than normal. Unfortunately, there’s no way to fix this, since the version of V8 that Chrome’s PDF engine uses has its JIT compiler disabled, destroying its performance.

For the root filesystem, there are both 64 and 32 bit versions possible. The default is a 32 bit buildroot system (which was prebuilt and taken from the original TinyEMU examples), and also a 64 bit Alpine Linux system. The 64 bit emulator is about twice as slow however, so it’s normally not used.

You can try out the implementation of LinuxPDF here. More details of the project and the code used to create it is available on the project’s GitHub page.

– Suramya

January 3, 2025

Playing Doom to solve a CAPTCHA

Filed under: Computer Software,Interesting Sites — Suramya @ 10:48 AM

I guess traditional CAPTCHA’s are getting too easy for LLM’s and humans to solve so Guillermo Rauch decided to create a CAPTCHA that lets you play DOOM® to prove that you’re human.

The project works by leveraging Emscripten to compile a minimal port of Doom to WebAssembly and enable intercommunication between the C-based game runloop (g_game.c) and the JavaScript-based CAPTCHA UI.

Some extensions were made to the game to introduce relevant events needed for its usage in the context of a CAPTCHA.

It is actually a fun implementation of the game and while I doubt it will gain widespread usage it is an interesting proof of concept.

– Suramya

August 31, 2024

NASA has a site that uses LandSat images to spell a given name

Filed under: Astronomy / Space,Interesting Sites,My Thoughts — Suramya @ 8:30 PM

NASA satellites take a lot of photos of earth and they are available online to view but that doesn’t make it fun to look at them. So they have a site that spells out your name using landsat imagery. Which is a pretty cool way to showcase the images. You can try it out at the You Name in Landsat site.

Here’s how my name looks:

Suramya: Spelled using landsat images
Suramya: Spelled using landsat images

Hovering the cursor on each image gives you the name and location of the geological/geographical image used.

Source: Mastodon.world: @davidho

– Suramya

June 27, 2024

What’s the Difference Between Mastodon, Bluesky, and Threads?

Filed under: Interesting Sites,My Thoughts,Tech Related — Suramya @ 11:39 PM

When Twitter was taken over by Musk a lot of us folks moved to alternatives because of the change in the quality and tone of Twitter. In the early days many alternatives were created but now the field has narrowed down quite a bit and the main alternatives are: Mastodon, Bluesky, and Threads. I have accounts on both Mastodon and Bluesky but primarily use Mastodon as most of the security and Tech experts migrated to Mastodon. Some interesting folks are there on Bluesky as well but for some reason I don’t find it as interesting to scroll the feed over there.

If you are not aware of the apps you might wonder what is the difference between them, EFF (Electronic Freedom Foundation) did a great write up on the various alternatives to Twitter and you can check out the article here.

– Suramya

May 24, 2024

OpenSSF launches Siren to provide real-time security warning for Open Source Software

Securing OpenSource software (OSS) can be a bit of a challenge at times and a lot of the Infosec feeds that give information on Security issues in software are commercial paid entities. There are software that scan for OSS vulnerabilities but we can always use more threat intelligence networks.

Open Source Security Foundation (OpenSSF) has launched a new threat intelligence sharing group called ‘OpenSSF Siren‘ that aims to provide real-time security warning bulletins and deliver a community-driven knowledge base to fill the gap between the open-source and enterprise communities.

The OpenSSF Siren is a collaborative effort to aggregate and disseminate threat intelligence specific to open source projects. Hosted by the OpenSSF, this platform provides a secure and transparent environment for sharing Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated with recent cyber attacks. Siren is intended to be a post-disclosure means of keeping the community informed of threats and activities after the initial sharing and coordination.

The Key features of the OpenSSF Siren include:

  • Open Source Threat Intelligence: shared with the community about actively exploited public vulnerabilities and threats.
  • Real-Time Updates: List members receive notifications via email about emerging threats which may be relevant to their projects, enabling swift action to mitigate risks.
  • TLP:CLEAR: To facilitate effective unrestricted transparent communication, the list follows the Traffic Light Protocol (TLP), Clear guidelines for the sharing and handling of intelligence.
  • Community-driven: Contributors from diverse backgrounds collaborate to enrich the intelligence database, fostering a culture of shared responsibility and collective defense.

You can sign up for it here: Siren Sign-Up
Source: OpenSSF sings a Siren song to steer developers away from buggy FOSS

– Suramya

May 12, 2024

A High-Level Technical Overview of Fully Homomorphic Encryption

Homomorphic Encryption is an interesting application of data encryption in that it allows us to encrypt data in a way such that we can perform computations on it without first having to decrypt it. The more formal definition states “Homomorphic encryption is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form. Homomorphic encryption enables complex mathematical operations to be performed on encrypted data without compromising the encryption.”

I have been following the work on Homomorphic Encryption solutions since 2017 onwards, which was when I first became aware of it and have read tons of articles and papers on it. The overview by Jeremy Kun is probably the best one I have seen so far. His post with A High-Level Technical Overview of Fully Homomorphic Encryption goes into enough technical details that you understand it without going so deep that you are lost in the details.

Homomorphic encryption lets you encrypt data in such a way that you can run programs on it without ever decrypting it. This means that the computer running the program has no access to the underlying data while running the program—neither via intermediate computed values, nor even the result. In particular, if a nefarious human had access to the machine’s raw memory, they still could not learn any information about the underlying data (without breaking the cryptography). A user sends the program an encrypted input, and when the program is done, the encrypted result is sent back to the user to decrypt.

Running a program on encrypted data sounds magical. It works by choosing an encryption scheme that is “compatible” with addition and multiplication in the following sense:

Adding ciphertexts gives you an encryption of the sum of the underlying plaintexts.
Multiplying two ciphertexts give you an encryption of the product of the underlying plaintexts.

Given this power, you can encrypt your data bit by bit, express your program as a boolean circuit—an XOR gate is addition and an AND gate is multiplication—and simulate the circuit. Since XOR and AND form a universal basis for boolean logic, you can always decompose a circuit this way.

Check it out if you are curious about Homomorphic Encryption and want to learn more.

– Suramya

April 16, 2024

Creating a Tic-Tac-Toe game using a single printf statement in a loop

Filed under: Computer Software,Interesting Sites,My Thoughts,Tech Related — Suramya @ 12:19 PM

The printf statement in C/C++ (and other languages) is a fairly innocuous command that prints information to the screen (or any other output stream). Reading over JWZ’s blog post (The Turing Police say “X Wins”) I found that I was mistaken as it is much more powerful than that. In fact, a single printf statement in a loop can be used to create a full interactive game of tic-tac-toe and this is demo’d by Nicholas Carlini, who has implemented this and you can view the code over at their GitHub Repo: tic-tac-toe in a single call to printf.

Apparently, this was inspired by the International Obfuscated C Code Contest. The repo has an explanation on how this works and I am still going through it to wrap my head around how it works and understand it fully. Check it out if you have some time.

– Suramya

March 26, 2024

Sharpshooters bugs catapult their urine out into the world faster than expected

Filed under: Interesting Sites,Science Related — Suramya @ 11:38 PM

Nature is awesome and we are still trying to figure out how a lot of the things common in nature work and how to artificially create the same. So far most of our efforts have been poor copies of what is there in nature.

A bug called sharpshooter has the ability to catapult their urine out into the world from a special liquid-shooter in their butts. Interestingly the water being expelled is faster than the speed at which it was launched which has implications on rocket science, fluid dynamics and many other areas.

“The sharpshooter gets all its nutrition from the thin, watery liquid inside a plant, called xylem sap, which it sucks out with this tube-shaped stylet. That sap has so little nutrition that sharpshooters need to guzzle nonstop. Taking all that liquid in presents a problem – how to move it out. The sharpshooter has evolved the perfect tool for the job: an anal stylus — or butt flicker. Here’s something incredible: Each drop of pee actually travels faster than the speed at which the butt flicker launched it. Learn about this incredible creature’s super-propulsive pee in this video!”

Source: boingboing.netSharpshooters are bugs that catapult their urine out into the world

– Suramya

March 8, 2024

alphaXiv – Forum to discuss any papers posted on ArXiv

Filed under: Interesting Sites,Science Related — Suramya @ 4:40 PM

Research papers can be hard to understand and sometimes you don’t have people or a community around where you can discuss a given paper and collaborate. In Bangalore we have a community called ‘Papers we love’ which did something similar but for a single paper every week as an in-person event.

There is a site called alphaxiv.org/ that I found out about recently. It is an interactive forum for anyone to comment line-by-line on arXiv papers. This allows you to collaborate and discuss the paper with others who find it interesting as well. One thing to keep in mind is that ArXiv papers can be pre-published versions which are not fully peer reviewed yet.

To start using the site, you need to create an account with them. If you don’t have an educational institute email address then you will have to verify your phone no as well in the near future. As of now you don’t need to do that. I guess they are doing this to prevent automated spam. Once you have an account and are logged in using the site is quite easy. You can browse for currently trending topics or search for a specific paper. If you are reading a paper on arXiv, you can change “arxiv.org” to “alphaxiv.org” in your URL search bar, and you will automatically be redirected to the forum for that paper.

Check it out when you get a chance as it is quite interesting.

– Suramya

October 29, 2023

What Happens to a Werewolf if they are on the Moon?

Filed under: Interesting Sites,My Thoughts — Suramya @ 12:15 AM

@SpeakerToManagers shared a very interesting link on Mastodon where Scientific American’s researchers talk about What Happens to a Werewolf on the Moon? assuming a reality where Werewolves are real.

On the other paw, shortly after the monthly sunrise, the entire landscape surrounding our future lycanaut will be lit by the sun, which could then trigger the change; from their view, the entire moon would be illuminated, so it would be, by some definition, full. This could mean that the danger would be hugely amplified because the transformation wouldn’t last a mere terrestrial night but an entire lunar day, which is two weeks in duration. The carnage would be literally unearthly.

The questions raised where quite fun and it is an interesting what if question.

– Suramya

Older Posts »

Powered by WordPress