Tag: ticket

AES-GCM-SIV

在「AES-GCM-SIV: Specification and Analysis」這邊看到 AES-GCM-SIV 的作者自己投稿上去的資料,是個已經被放進 BoringSSL 並且在 QUIC 上使用的演算法:

We remark that AES-GCM-SIV is already integrated into Google's BoringSSL library \cite{BoringSSL}, and its deployment for ticket encryption in QUIC \cite{QUIC} is underway.

在 RFC 上的說明解釋了這個演算法的目的是希望當 nonce 沒有被正確實作時仍然可以有比 AES-GCM 強的保護:

This memo specifies two authenticated encryption algorithms that are nonce misuse-resistant - that is that they do not fail catastrophically if a nonce is repeated.

在 128 bits 的情況下,加密的速度大約是 AES-GCM 的 2/3 (在都有硬體加速的情況下),但解密的速度則與 AES-GCM 相當:

For encryption, it is slower than AES-GCM, because achieving nonce-misuse resistance requires, by definition, two (serialized) passes over the data. Nevertheless, optimized implementations run GCM-SIV (for 128-bit keys) at less than one cycle per byte on modern processors (roughly 2/3 of the speed of nonce-respecting AES-GCM). On the other hand, GCM-SIV decryption runs at almost the same speed as AES-GCM.

不過這就是 trade-off 了,如果 nonce 有正確被實作的話,其實不需要這個...

在 Trac 裡把參與者自動加到 cc list 裡面的 plugin

之前在 Trac 裡會想要達成「當使用者參與這張票時,自動加到 cc list 讓他收到後續的更新」這樣的功能。之前沒有仔細研究要怎麼在 Trac 裡面實踐,就直接在 template (也就是 site.html) 裡面用 javascript 在 client 做掉...

先拉出 authname

<script>
(function() {
    window.authname = "${authname}";
})();
</script>

然後再攔截網址裡有 /ticket/ 的頁面,當 form 符合條件時攔截 submit 事件,在 cc list 裡面沒有自己時把自己加進去:

// Add myself into cc list, if I am not in cc list now.
(function() {
    if (-1 === document.location.href.indexOf('/ticket/')) {
        return;
    }
    var cc_list = jQuery('input[name="field_cc"]').val().split(/[ ,]+/);
    for (var i in cc_list) {
        if (window.authname === cc_list[i]) {
            return;
        }
    }

    jQuery(function() {
        jQuery('form#propertyform').submit(function() {
            var cc = jQuery('input[name="field_cc"]');
            cc.val(cc.val() + ',' + window.authname);
        });
    });
})();

這樣是可以達成目的啦,但有種惡搞的感覺... 所以這次還是寫了個 Trac plugin 來解決,這樣不用擔心當網頁界面改版時會產生問題:「104corp/trac-addtocc-plugin」。

19 歲的英國寫了個機器人程式產生上訴文件,半年成功消滅了一億的罰單

看起來是用 template 加上一些問題組合成的:「A 19-year-old made a free robot lawyer that has appealed $3 million in parking tickets」、「A teenager has saved motorists over £2 million by creating a website to appeal parking fines」。

會問一些問題,然後產生一份文件讓你上訴:

Once you sign in, a chat screen pops up. To learn about your case, the bot asks questions like "Were you the one driving?" and "Was it hard to understand the parking signs?" It then spits out an appeal letter, which you mail to the court. If the robot is completely confused, it tells you how to contact Browder directly.

網站名稱叫做 www.donotpay.co.uk 也很清楚目的 XDDD