Ken's blog: 2020.05

Sunday, May 31, 2020

[mcybbfcw] Some Cunningham chains

Let f(x)=(x-1)/2 . Below are some numbers p such that p, f(p), f(f(p)), f(f(f(p))),... are prime. The first offset is the first prime after 2^n. The second offset is the first safe prime after 2^n. The third offset has p, f(p), and f(f(p)) all prime, and so forth.

These searches could be sped up by some analysis of remainders, but we do not do these optimizations in the code below.

Not sure what these primes might be useful for. Even the safe primes are too small to use for secure cryptography (discrete logarithm).

primelevel(p)=my(l=0) ; while(p>=2 , if(ispseudoprime(p) , l+=1 ; p=(p-1)/2 , break)) ; l

? start=2^64 ; best=0 ; for(i=start , +oo , v=primelevel(i) ; if(v>best , best=v ; print(v," ",i-start)))

2^64 +13 +3103 +20911 +7391983 +29472223 +1161518143 +25033718143

2^128 +51 +12451 +531511 +48965743 +311484703

2^256 +297 +230191 +8333983 +894039583 +96241401343

We also investigated starting from zero. The sequence begins 2 5 11 23 47 2879 71850239 2444789759 21981381119. Not sure about the last entry because we only searched among x mod 480 = 479. This sequence is almost the same as OEIS A110056, but we don't require Cunningham chains to be complete (not able to be extended in either direction). Tangentially, A110056 is currently not in sync with A005602. Assuming A005602 is correct, A110056 is missing an additional term 1484656016727504358932479.

Saturday, May 30, 2020

[gpugvdak] Not Maria

Compose a song that has the same meaning and feel as Maria (West Side Story) but for a name with a different number of syllables or syllable stress pattern.

Compose enough variations to cover most names.

Friday, May 29, 2020

[ejunhxxz] Isotropic cellular automaton

Here is a generic way to design isotropic cellular automata. First, pick a fixed ordering of the cells in the rule neighborhood, for example, clockwise starting from North.

When evaluating the cellular automaton, for each cell, consider all rotations and reflections of its neighbors that affect it. For each transformation, write the states of the neighbors in the chosen fixed order, producing a string for each transformation. Sort the neighbor strings, picking the lexicographically smallest to be the canonical one. Compute the cell's next state from this canonicalized neighborhood.

Monday, May 25, 2020

[usdmtero] Despacito slowly

Play or perform Despacito slowly, possibly as a joke.

Sunday, May 24, 2020

[esdctggg] Mushroom pizza

There are many types of mushrooms. Only one type gets commonly used on pizza. Try others.

Saturday, May 23, 2020

[idsxlcqd] Hexagonal rectangle

Consider 3 congruent rectangles each with aspect ratio sqrt(3), i.e., 1.73 to 1. Overlap two of them so that exactly two of their vertices and the diagonal between them coincide. Overlap the third rectangle the same way. This forms a regular hexagon. Equivalently, cover a regular hexagon with three rectangles with short rectangle edges coinciding with hexagon edges.

The rectangle looks like (and is) a typical rectangle with 90 degree angles but has a secret gateway to the world of regular hexagons and equilateral triangles with 120 and 60 degree angles.

Starting with US letter paper, 8.5 by 11 inches, remove 2.15 inches to yield 6.35 by 11, the desired aspect ratio. Also, this rectangle can be cut into 3, yielding three 6.35 by 3.67 rectangles which are interestingly themselves of the desired aspect ratio, ready to overlap into a regular hexagon. (sqrt 3)/3 = 1/(sqrt 3).

Using the square root of an integer as an aspect ratio is reminiscent of A4 paper (and A series paper in general), which uses sqrt 2.

Explore further this construction technique of overlapping the diagonals of rectangles. For what aspect ratio will 4 copies of such a rectangle cover a regular octagon? A regular 2n-gon? These should be easy.

Friday, May 22, 2020

[mgfxwxzr] Bases with good representations of fractions

These are the numbers less than 1000 whose reciprocals have decimal expansions which terminate or repeat with period 1 or 2. Such decimal expansions are desirable because the eye can quickly detect low-period repetitions.

? base=10 ; print1(base , ":") ; for(q=2 , 1000 , p=q/gcd(q , base^99) ; success=0 ; for(n=1 , 2 , if(0==(base^n-1)%p || 0==(base^n)%p , success=1)) ; if(1==success , print1(" " , q)))
10: 2 3 4 5 6 8 9 10 11 12 15 16 18 20 22 24 25 30 32 33 36 40 44 45 48 50 55 60 64 66 72 75 80 88 90 96 99 100 110 120 125 128 132 144 150 160 165 176 180 192 198 200 220 225 240 250 256 264 275 288 300 320 330 352 360 375 384 396 400 440 450 480 495 500 512 528 550 576 600 625 640 660 704 720 750 768 792 800 825 880 900 960 990 1000

We repeat for a few other bases.

6: 2 3 4 5 6 7 8 9 10 12 14 15 16 18 20 21 24 27 28 30 32 35 36 40 42 45 48 54 56 60 63 64 70 72 80 81 84 90 96 105 108 112 120 126 128 135 140 144 160 162 168 180 189 192 210 216 224 240 243 252 256 270 280 288 315 320 324 336 360 378 384 405 420 432 448 480 486 504 512 540 560 567 576 630 640 648 672 720 729 756 768 810 840 864 896 945 960 972

12: 2 3 4 6 8 9 11 12 13 16 18 22 24 26 27 32 33 36 39 44 48 52 54 64 66 72 78 81 88 96 99 104 108 117 128 132 143 144 156 162 176 192 198 208 216 234 243 256 264 286 288 297 312 324 351 352 384 396 416 429 432 468 486 512 528 572 576 594 624 648 702 704 729 768 792 832 858 864 891 936 972

21: 2 3 4 5 6 7 8 9 10 11 12 14 15 18 20 21 22 24 27 28 30 33 35 36 40 42 44 45 49 54 55 56 60 63 66 70 72 77 81 84 88 90 98 99 105 108 110 120 126 132 135 140 147 154 162 165 168 180 189 196 198 210 216 220 231 243 245 252 264 270 280 294 297 308 315 324 330 343 360 378 385 392 396 405 420 440 441 462 486 490 495 504 539 540 567 588 594 616 630 648 660 686 693 729 735 756 770 792 810 840 882 891 924 945 972 980 990

30: 2 3 4 5 6 8 9 10 12 15 16 18 20 24 25 27 29 30 31 32 36 40 45 48 50 54 58 60 62 64 72 75 80 81 87 90 93 96 100 108 116 120 124 125 128 135 144 145 150 155 160 162 174 180 186 192 200 216 225 232 240 243 248 250 256 261 270 279 288 290 300 310 320 324 348 360 372 375 384 400 405 432 435 450 464 465 480 486 496 500 512 522 540 558 576 580 600 620 625 640 648 675 696 720 725 729 744 750 768 775 783 800 810 837 864 870 899 900 928 930 960 972 992 1000

60: 2 3 4 5 6 8 9 10 12 15 16 18 20 24 25 27 30 32 36 40 45 48 50 54 59 60 61 64 72 75 80 81 90 96 100 108 118 120 122 125 128 135 144 150 160 162 177 180 183 192 200 216 225 236 240 243 244 250 256 270 288 295 300 305 320 324 354 360 366 375 384 400 405 432 450 472 480 486 488 500 512 531 540 549 576 590 600 610 625 640 648 675 708 720 729 732 750 768 800 810 864 885 900 915 944 960 972 976 1000

Base 6 works on all denominators up to and including 1/12, except for 1/11.
Base 21 works on all denominators up to and including 1/15, except for 1/13.
Base 55 works on all denominators up to and including 1/16, except for 1/13.
Base 120 works on all denominators up to and including 1/18, except for 1/13.
Base 351 works on all denominators up to and including 1/16 (no internal exceptions).
Base 441 works on all denominators up to and including 1/22, except for 1/19.
Base 714 works on all denominators up to and including 1/24, except for 1/19.

? factor(714)
[ 2 1]
[ 3 1]
[ 7 1]
[17 1]

? factor(714^2-1)
[ 5 1]
[11 1]
[13 1]
[23 1]
[31 1]

Base 2001 works on all denominators up to and including 1/30, except for 1/17 and 1/19.

This code looks for bases which have no exceptions:

? for(pmax=2 , +oo , for(base=2 , +oo , fails=0 ; for(q=2 , pmax , p=q/gcd(q , base^99) ; success=0 ; for(n=1 , 2 , if(0==(base^n-1)%p || 0==(base^n)%p , success=1)) ; if(0==success , fails++)) ; if(fails<=0 , print(pmax , " " , base) ; break)))
2 2
3 2
4 2
5 4
6 4
7 6
8 6
9 6
10 6
11 21
12 21
13 351
14 351
15 351
16 351
17 441
18 441
19 7734
20 7734
21 7734
22 7734
23 52326
24 52326
25 52326
26 52326
27 52326
28 52326
29 671670

This code looks for bases which have one exception:

? for(pmax=2 , +oo , for(base=2 , +oo , fails=0 ; for(q=2 , pmax , p=q/gcd(q , base^99) ; success=0 ; for(n=1 , 2 , if(0==(base^n-1)%p || 0==(base^n)%p , success=1)) ; if(0==success , fails++)) ; if(fails<=1 , print(pmax , " " , base) ; break)))
2 2
3 2
4 2
5 2
6 2
7 4
8 4
9 6
10 6
11 6
12 6
13 21
14 21
15 21
16 55
17 120
18 120
19 441
20 441
21 441
22 441
23 714
24 714
25 10374
26 10374
27 10374
28 10374
29 52326
30 52326
31 671670

Thursday, May 21, 2020

[wyaxtpfi] 24-hour sun clock

Consider a clock with only one hand. The hand makes one revolution per day. We describe locations on the clock dial as if it were a compass rose, with North at the top. Place a picture of the sun at the tip of the hand; we will call our hand the sun hand. At 6:00 AM, the sun hand points East. The hand turns counter-clockwise. At noon, the sun hand points straight up (North). The hand continues counter-clockwise. At 6:00 PM, the sun hand points West. This simulates the sun going from east to west in the sky over the course of the day.

Paint the upper half of the clock face white (corresponding to day) and the lower half black (corresponding to night). The sun hand travels counter-clockwise through the bottom half of the dial over the course of the night. Midnight is South.

Far more fancy would be to have the white-black horizon or terminator on the clock face automatically shift according to the actual times of sunrise and sunset on each day. This would be challenging to do mechanically but not too difficult if everything is a digital animation. Various things cause the horizon not to be horizontal: where you are in your time zone, daylight savings time. Or, instead of a terminator line from sunrise to sunset on the clock dial, it could be a pie chart.

Wednesday, May 20, 2020

[mnjetoaj] GDP per life

U.S. GDP is about $20 trillion (20e12) per year, or about $55 billion per day. Assuming that the value (actuarial value) of a life is somewhere between $1 million and $10 million, GDP is equivalent to the value of 5500 to 55,000 people per day.

Current COVID-19 U.S. deaths per day is around 2000 deaths per day, which is of the same order of magnitude.

Baseline rate of deaths per day (2017) in the U.S. was 7700 deaths per day, which is also of the same order of magnitude. Is it just a coincidence that that number is so close to that of GDP expressed in lives? In other words, is it a coincidence that the output of the economy is equal to the value of the lives it consumes?

Inspired by questions of weighing the costs of keeping the economy closed and versus possible additional deaths in reopening. Things should be converted to the same units so they can be compared.

(If the disease is so contagious, or vaccines so ineffective, that 100% of the population is destined to become infected (these are big ifs), then the additional deaths from reopening will be due to hospitals overflowing having to let patients die, for example, due to insufficient ventilators. Such scenarios can be avoided by reopening gradually.)

Sunday, May 17, 2020

[cyejsonm] Gluten-free soy-free soy sauce / tamari

Dissolve monosodium glutamate (MSG) (Ajinomoto) powder and table salt into water. What amounts of each substance should be used to mimic the concentrations of sodium and glutamate present in regular soy sauce?

[znqcsgwy] Best cellular automaton with von Neumann neighborhood

"Best" is of course subjective. We probably want cellular automata supporting stable local structures, but also spaceships for occasional long range interactions (New Kind of Science). (Also previously on "mostly local" cellular automata.)

The von Neumann neighborhood is attractive because it is well defined on manifolds of squares connected through edges in arbitrary ways, for example, the surface of a polycube.

(In contrast, Conway's Game of Life uses the Moore neighborhood of 8 neighboring cells: 4 edge-adjacent orthogonally and 4 vertex-adjacent diagonally. If the manifold is not Euclidean, then there may be cells with a diagonal neighbor missing (e.g., at the corner on the surface of a cube), or they may have more than 1 diagonal neighbor through a vertex (e.g., fit 5 squares around a point in hyperbolic space). How should a cellular automata rule for flat space be adapted for those cells?)

Hypothetically, for a simple hardware implementation, the Moore neighborhood would require crossing wires but von Neumann would not. (But distributing clock and power in von Neumann will require wire crossings.)

We enumerate the number of possible rules.

Assume totalistic (more precisely, outer-totalistic) rules, which are isotropic.

40 2
31 2
22 1

5 possibilities, and state of center square also matters, so 10 rules. Empty cell surrounded by empty neighbors should stay empty, so 9 rules. 2^9=512 possibilities. (This is very similar to counting the number of possible Boolean functions of a given number of inputs.) These have probably all been explored.

Probably other reductions possible: e.g., swap black and white.

Slightly more sophisticated than totalistic: if exactly two neighbors of same color, the same colors can be across from each other (180 degrees apart), or separated by 90 degrees. Then, 6 12 11 yields 2^11 = 2048 possibilities.

We could go even less isotropic: up and down are distinguished but left and right are not. We do not explore this. There will be problems on manifolds where distinguishing directions is not possible.

I suspect a von Neumann neighborhood with 2 states per cell is not enough for anything interesting on par with Conway's Game of Life, because someone would have discovered and publicized it already if it is possible. Therefore, we consider 3 states:

400 3
310 6
220 3
211 3

15 possibilities, plus center cell so 45, then 44. 3^44 possibilities.

If not totalistic but distinguishing splitting versus adjacent: 3+6+6+6=21 63 62 = 3^62 possibilities.

More reduction based on colors definitely possible.

Work by others:

Serizawa, T. (1987) Three-State Neighbor Cellular Automata Capable of Constructing Self-Reproducing Machines. DOI: 10.1002/scj.4690180404.

via the Conway Life Wiki.

Hexagon tiling and triangle tiling also possible.

Thursday, May 14, 2020

[qgugrbcl] Army of One Penis

An army of Over 9000 Penises, all raping children, is built One Penis at a time, one child at a time.

(This is a mashup of Oprah's "Over 9000 Penises", the U.S. Army's ad campaign "Army of One", and the 1995 Okinawa rape incident.)

Wednesday, May 13, 2020

[rjbhnvvl] Great Leap Forward[sic]

The Great Leap Forward is a confusing name for an event that definitely did not move China forward. Therefore, when referring to it in historical context, consider always writing its name as "Great Leap Forward[sic]".

How do you write that in Chinese? That is, what is the Chinese equivalent of [sic]?

Omit [sic] if the context is propaganda (for example, as was originally the case). Or more precisely, the omission of [sic] signals that the work that is making reference to the Great Leap Forward[sic] is itself propaganda. (Of course, the presence of [sic] could also indicate propaganda, e.g., anti-Chinese propaganda. This post could be considered such anti-Chinese propaganda, at least from a pro-Chinese point of view.)

Or, consider using the term more frequently in metaphorical context to mean terrible social policy, so that the ironic meaning of the phrase becomes more widely understood. What other things could be labeled a Great Leap Forward?

There's a bit of difficulty in that any enacted social policy, no matter how terrible, always benefits someone, so it could be unironically a Great Leap Forward for them. Therefore, we probably need to specify who is hurt by the policy, for example: "The Trail of Tears was a Great Leap Forward for Native Americans."

Tuesday, May 12, 2020

[dayepdwu] Cyclotomic primes

Cyclotomic polynomials evaluated at the nonnegative integers probably produce integer sequences each of which include an infinite number of primes within them. This is in contrast to polynomials which have algebraic factorizations: they produce sequences with a finite number of primes, often zero.

Cyclotomic polynomials can be considered a superset of the polynomials a^2^n+1 that define Generalized Fermat primes (Generalized Fermat numbers). This project was inspired by initially investigating primes of the form a^n+1 and noticing that that form always has an algebraic factorization except when the exponent is itself a power of 2. What happens after the algebraic factors are removed?

Cyclotomic polynomials are the quotient after algebraic factors are removed from a^n-1 (note the minus sign). (Future work: what happens if we start from a^n+1?)

We conjecture that each cyclotomic polynomial produces an infinite number of primes. Cyclotomic polynomials are indexed by integers. We verify that polynomials #1 through #1427 each produce at least 3 primes, or 4 if evaluating at 1 produced a prime. (In other words, we approximate infinity with 3.)

(For which polynomials has the above conjecture been proved? The linear polynomials, namely cyclotomic polynomials #1 and #2, each produce all the integers, so proving the conjecture for those two is equivalent to proving that there are an infinite number of primes among all the integers. There are, thanks to Euclid, so the conjecture has at least been proven for cyclotomic polynomials #1 and #2.)

Update: the above conjecture is part of the Bunyakovsky conjecture. Its current status is that only that only the linear polynomials have been proven to contain an infinitude of primes; everything beyond them is unknown.

for(n=1 , +oo , print1(n," :") ; c=0 ; for(x=0 , +oo , p=polcyclo(n,x) ; if(ispseudoprime(p) , print1(" ",x) ; if(x>1,c++); if(3==c , print();break))))

Full log output.

First 10 lines:

1 : 3 4 6
2 : 1 2 4 6
3 : 1 2 3 5
4 : 1 2 4 6
5 : 1 2 7 12
6 : 2 3 4
7 : 1 2 3 5
8 : 1 2 4 6
9 : 1 2 3 8
10 : 2 3 5

For example, the 10th cyclotomic polynomial is (x^10-1) / (x-1) / (x+1) / (x^4+x^3+x^2+x+1) = x^4 - x^3 + x^2 - x + 1 . This polynomial evaluated at 2, 3, and 5 yields primes 11, 61, and 521.

The first column is OEIS A117544.

Last 30 lines:

1398 : 901 1195 1373
1399 : 1 191 935 1673
1400 : 69 185 218
1401 : 342 481 557
1402 : 2 81 327
1403 : 580 929 2584
1404 : 10 229 281
1405 : 1568 1721 1799
1406 : 15 424 576
1407 : 908 1094 1308
1408 : 22 36 671
1409 : 1 115 1199 6536
1410 : 734 880 896
1411 : 873 2218 2959
1412 : 623 1622 2111
1413 : 159 219 778
1414 : 103 299 347
1415 : 295 561 581
1416 : 295 298 1166
1417 : 551 614 1219
1418 : 20 35 42
1419 : 326 348 1230
1420 : 270 280 509
1421 : 250 530 700
1422 : 168 358 1263
1423 : 1 28 1630 1855
1424 : 42 360 722
1425 : 258 922 2619
1426 : 3 10 59
1427 : 1 2118 4288 4349

The largest prime seen was polcyclo(1409,6536) which has size 17846 bits.

Additionally, we also investigated evaluating the cyclotomic polynomials at negative integers. Surprisingly, despite negative inputs, all polynomials of index greater than or equal to 3 seem to produce only positive outputs. (Why?) We verified that each polynomial up to index 1341 produces at least 3 prime numbers from negative inputs (or 4, if -1 produced a prime).

Full log output for negative inputs.

The polcyclo function in Pari/GP is nifty; it seems rather hairy to implement. Its running time for a given index seems hard to predict.

For a cyclotomic prime p, does factoring p-1 tend to be easier than doing the same for a random prime of similar size? Some brief experimentation seems to suggest yes.

Are some cyclotomic polynomials richer in primes than others, beyond that which can be explained by the Prime Number Theorem?

Cyclotomic polynomials define an infinite family of infinite integer sequences. Because they are indexed by integers, it's easy to pick a random one. Unfortunately, they become difficult to compute for large indices (2^22 or larger) and difficult to find primes in them beyond the range or indices investigated in this post.

Monday, May 11, 2020

[sygtrmyz] Fun with the rule of the excluded middle

For all statements P, either P is true or P is false. ("Either ... or" means exclusive or.)

Paradox: let P = "This statement is false." (Or, "this sentence is false.") This causes a problem because P is a statement that is neither true nor false, so violates the rule of the excluded middle, meaning the rule is not always valid. If this axiom is not valid, then lots of mathematics built on top of it break down, for example, proof by contradiction. This is a big problem!

I think the resolution of the paradox is that the rule does not apply to all statements, but only to some subset of "well formed" statements. What is a good definition of well formed for the rule? ("Good" mught be subjective.) Forbidding self-reference is not enough, e.g., Quine's Paradox.

Sunday, May 10, 2020

[goexxmhr] Unprivileged LXC containers on Debian Buster

Our goal is to get working a simple example of unprivileged containers. (Understanding what these steps do and customizing further is an exercise for the reader.)

We start from a fresh install of Debian Buster. Then,

As root:

apt install --no-install-recommends lxc uidmap gnupg dnsmasq-base libpam-cgfs

adduser my_username

Create the following files with the following content:

/etc/default/lxc-net :

USE_LXC_BRIDGE="true"

/etc/lxc/lxc-usernet :

my_username veth lxcbr0 10

/etc/sysctl.d/80-lxc-userns.conf :

kernel.unprivileged_userns_clone=1

Reboot.

Verify that the bridge is up with ip a
. You should see lxcbr0.

Do grep ^my_username: /etc/sub[gu]id to get the initial and total number of subuids and subgids available for your user. You should see something like this:

/etc/subgid:my_username:100000:65536 /etc/subuid:my_username:100000:65536

Create the following file, making parent directories if necessary. Copy the idmap numbers from /etc/subgid and /etc/subuid above.

~/.config/lxc/default.conf :

lxc.idmap = g 0 100000 65536 lxc.idmap = u 0 100000 65536 lxc.net.0.type = veth lxc.net.0.link = lxcbr0

Check the permissions on ~/.local/share . If the directory does not exist, you are fine; lxc will create it with the right permissions.

ls -ld ~/.local/share

If it exists, make sure it is (at least) group and world executable. If not:

chmod go+x ~/.local/share

(optional) Create the ~/.cache directory if it does not already exist:

mkdir ~/.cache

You should now be all set. Here is a quick test that runs apt update inside a Debian Buster container (that is, this demonstrates a Debian Buster container inside a Debian Buster host). We create log files lxc-create.log and lxc-start.log to which we refer in the additional commentary below. Verbosity in the log files is set to the maximum, "DEBUG".

DOWNLOAD_KEYSERVER=hkp://keyserver.ubuntu.com lxc-create -n mycontainer -o lxc-create.log -l DEBUG -t download -- -d debian -r buster -a amd64

lxc-start -n mycontainer -o lxc-start.log --logpriority=DEBUG

lxc-attach -n mycontainer -- env -i TERM="$TERM" apt update

lxc-stop -n mycontainer

lxc-destroy -n mycontainer

Additional commentary:

In general, LXC feels like it still has a lot of rough edges. The steps needed to get things working are far from obvious. There are inscrutable error messages, weird behavior that needs to be worked around, and lots of gotchas.

Initial set up was Debian Buster 10.3.0 "Buster" - Official amd64 NETINST 20200208-12:07, fresh install, UEFI, no "normal user" account, just root, GPT, ext4 on LVM, select only "standard system utilities" at the "Software selection" step in the installer.

The version of the lxc package was 1:3.1.0+really3.0.3-8 . This corresponds to upstream 3.0.3; the "3.1.0+really" prefix is a workaround for a Debian packaging misstep (9e0999289ae52dd50f915b71724fd3d9d64fd284) in 2019 that we will have to live with for a while, in order to preserve strictly increasing version numbers. This prefix should be ignored. The epoch 1: should also be ignored. (It was introduced at 6e451ce51f0fd632062546a3d6ee8cc72dc59723 in 2014.) These hexadecimal constants are Git commits to the Debian lxc package. (Surprisingly, these constants are not indexed by Google.)

We used the --no-install-recommends flag because we want to demonstrate a minimal set of packages to install.

When creating a new local non-root user, Debian Buster automatically creates entries in /etc/subuid and /etc/subgid , so there was no need to edit them. (Opinionated side note: the default allocation ought to be in blocks of size 100000 or 10000, not 65536. We humans are base-10 creatures.) (Blue sky: rearchitect Linux so that uids and subuids are in different namespaces.)

Future work: demonstrate error if user is not present in /etc/subuid or /etc/subgid .

Future work: demonstrate error if ~/.config/lxc/default.conf does not match /etc/sub?id .

Omitting the idmap lines in ~/.config/lxc/default.conf results in the following error message in lxc-create.log:

lxc-create mycontainer ... ERROR conf - conf.c:chown_mapped_root:3150 - No uid mapping for container root lxc-create mycontainer ... ERROR lxccontainer - lxccontainer.c:do_storage_create:1288 - Error chowning "/home/my_username/.local/share/lxc/mycontainer/rootfs" to container root lxc-create mycontainer ... ERROR conf - conf.c:suggest_default_idmap:4777 - You must either run as root, or define uid mappings lxc-create mycontainer ... ERROR conf - conf.c:suggest_default_idmap:4778 - To pass uid mappings to lxc-create, you could create lxc-create mycontainer ... ERROR conf - conf.c:suggest_default_idmap:4779 - ~/.config/lxc/default.conf: lxc-create mycontainer ... ERROR conf - conf.c:suggest_default_idmap:4780 - lxc.include = /etc/lxc/default.conf lxc-create mycontainer ... ERROR conf - conf.c:suggest_default_idmap:4781 - lxc.idmap = u 0 100000 65536 lxc-create mycontainer ... ERROR conf - conf.c:suggest_default_idmap:4782 - lxc.idmap = g 0 100000 65536 lxc-create mycontainer ... ERROR lxccontainer - lxccontainer.c:do_lxcapi_create:1869 - Failed to create (none) storage for mycontainer lxc-create mycontainer ... ERROR lxc_create - tools/lxc_create.c:main:327 - Failed to create container mycontainer

In LXC 2 (Debian Stretch), the configuration variable was called lxc.id_map , with an underbar. (Opinionated side note: such a cosmetic change in the variable name was silly. The migration experience could have been smoother.) Using the old variable name results in the following error in lxc-create.log:

lxc-create mycontainer ... ERROR confile - confile.c:parse_line:2312 - Unknown configuration key "lxc.id_map" lxc-create mycontainer ... ERROR parse - parse.c:lxc_file_for_each_line_mmap:142 - Failed to parse config file "/home/my_username/.config/lxc/default.conf" at line "lxc.id_map = u 0 100000 65536"

The LXC 2 variables lxc.network.type and lxc.network.link also have new names in LXC 3, lxc.net.0.type and lxc.net.0.link . Future work: demonstrate errors if one uses those LXC 2 variables in LXC 3.

Omitting the uidmap package, or not creating /etc/sysctl.d/80-lxc-userns.conf , or not rebooting result in the error messages in lxc-create.log which may look like some of the following. There is a bug in lxc-create that causes these "lxc-usernsexec" error messages to be broken in 3 simultaneous ways. They are (1) interleaved, (2) truncated, and (3) non-deterministic about which error message you will see. It would have been nice if, in addition to "No such file or directory", it printed what file or directory it was trying to access.

lxc-create mycontainer ... ERROR conf - conf.c:chown_mapped_root:3250 - lxc-usernsexec failed: No such file or directory - Failed to open ttyNo such file or directory - Failed to open ttyOperation not permitted - Failed to unshare mount and user namespac

lxc-create mycontainer ... ERROR conf - conf.c:chown_mapped_root:3250 - lxc-usernsexec failed: No such file or directory - Failed to open tt lxc-create mycontainer ... ERROR lxc_create - tools/lxc_create.c:main:327 - Failed to create container mycontainer

You can check whether the kernel variable has been set properly (in /etc/sysctl.d/80-lxc-userns.conf) with the command /usr/sbin/sysctl kernel.unprivileged_userns_clone . This command does not require root, but /usr/sbin is not in the PATH by default. It should print the following:

kernel.unprivileged_userns_clone = 1

Omitting the gnupg package results in the following error message only on the console after the lxc-create command. This error does not show up in the log file. Bizarrely, you cannot even redirect this error to a file as you normally can by doing 2> file.log . It just disappears if you try.

ERROR: Missing recommended tool: gpg You can workaround this by using --no-validate lxc-create: mycontainer: lxccontainer.c: create_run_template: 1617 Failed to create container from template lxc-create: mycontainer: tools/lxc_create.c: main: 327 Failed to create container mycontainer

The log file lxc-create.log is completely useless in this situation, but we give it below to make some additional commentary.

lxc-create mycontainer ... INFO confile - confile.c:set_config_idmaps:1605 - Read uid map: type u nsid 0 hostid 100000 range 65536 lxc-create mycontainer ... INFO confile - confile.c:set_config_idmaps:1605 - Read uid map: type g nsid 0 hostid 100000 range 65536 lxc-create mycontainer ... DEBUG conf - conf.c:chown_mapped_root:3190 - trying to chown "/home/my_username/.local/share/lxc/mycontainer" to 1000 lxc-create mycontainer ... DEBUG conf - conf.c:chown_mapped_root:3190 - trying to chown "/home/my_username/.local/share/lxc/mycontainer/rootfs" to 1000 lxc-create mycontainer ... DEBUG conf - conf.c:chown_mapped_root:3190 - trying to chown "/home/my_username/.local/share/lxc/mycontainer" to 1000 lxc-create mycontainer ... INFO confile - confile.c:set_config_idmaps:1605 - Read uid map: type u nsid 0 hostid 100000 range 65536 lxc-create mycontainer ... INFO confile - confile.c:set_config_idmaps:1605 - Read uid map: type g nsid 0 hostid 100000 range 65536 lxc-create mycontainer ... DEBUG storage - storage/storage.c:get_storage_by_name:231 - Detected rootfs type "dir" lxc-create mycontainer ... ERROR lxccontainer - lxccontainer.c:create_run_template:1617 - Failed to create container from template lxc-create mycontainer ... DEBUG conf - conf.c:idmaptool_on_path_and_privileged:2860 - The binary "/usr/bin/newuidmap" does have the setuid bit set lxc-create mycontainer ... DEBUG conf - conf.c:idmaptool_on_path_and_privileged:2860 - The binary "/usr/bin/newgidmap" does have the setuid bit set lxc-create mycontainer ... DEBUG conf - conf.c:lxc_map_ids:2952 - Functional newuidmap and newgidmap binary found lxc-create mycontainer ... DEBUG storage - storage/storage.c:get_storage_by_name:231 - Detected rootfs type "dir" lxc-create mycontainer ... INFO lxccontainer - lxccontainer.c:container_destroy:2977 - Destroyed rootfs for mycontainer lxc-create mycontainer ... DEBUG conf - conf.c:idmaptool_on_path_and_privileged:2860 - The binary "/usr/bin/newuidmap" does have the setuid bit set lxc-create mycontainer ... DEBUG conf - conf.c:idmaptool_on_path_and_privileged:2860 - The binary "/usr/bin/newgidmap" does have the setuid bit set lxc-create mycontainer ... DEBUG conf - conf.c:lxc_map_ids:2952 - Functional newuidmap and newgidmap binary found lxc-create mycontainer ... INFO lxccontainer - lxccontainer.c:container_destroy:3042 - Destroyed directory "/home/my_username/.local/share/lxc/mycontainer" for "mycontainer" lxc-create mycontainer ... ERROR lxc_create - tools/lxc_create.c:main:327 - Failed to create container mycontainer

With the uidmap package properly installed, we get message "Functional newuidmap and newgidmap binary found" as seen above. It sure would have been helpful if an error indicating the opposite were reported if the uidmap package is not installed! Then, we would have had a clue of what to look for (e.g., apt-file search newuidmap). When debugging the problem of missing uidmap, the big breakthrough was finding this comment https://github.com/lxc/lxc/issues/2764#issuecomment-450339282.

(At this point, lxc-create runs successfully.)

Omitting the libpam-cgfs package results in the following error message in lxc-start.log. This also happens if you have installed libpam-cgfs but have not rebooted. The error message is (again) completely useless for figuring out how to fix it. It might have been helpful if "No such file or directory" reported what file or directory it had tried to access.

lxc-start mycontainer ... DEBUG terminal - terminal.c:lxc_terminal_peer_default:707 - No such device - The process does not have a controlling terminal lxc-start mycontainer ... DEBUG conf - conf.c:chown_mapped_root:3190 - trying to chown "/dev/pts/0" to 1000 lxc-start mycontainer ... INFO start - start.c:lxc_init:904 - Container "mycontainer" is initialized lxc-start mycontainer ... DEBUG lxccontainer - lxccontainer.c:wait_on_daemonized_start:830 - First child 1306 exited lxc-start mycontainer ... ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:833 - No such file or directory - Failed to receive the container state lxc-start mycontainer ... ERROR lxc_start - tools/lxc_start.c:main:330 - The container failed to start lxc-start mycontainer ... ERROR lxc_start - tools/lxc_start.c:main:333 - To get more details, run the container in foreground mode lxc-start mycontainer ... ERROR lxc_start - tools/lxc_start.c:main:336 - Additional information can be obtained by setting the --logfile and --logpriority options

Additional information cannot be obtained by setting the --logfile and --logpriority options; we are already using those options!

We check, and change if necessary, the permissions of ~/.local/share to work around the following problem. The "nano" command may be first to create ~/.local/share/ in the process of creating ~/.local/share/nano/ . This can happen if you used the sudoedit command to create files in /etc , or if you used nano to create ~/.config/lxc/default.conf . nano creates that directory with permissions too strict, namely 0700, for lxc. lxc puts the filesystems of its containers in ~/.local/share/lxc , so subuids need to be able to access it. It's curious that nano creates ~/.local/share with 0700 permissions but it creates ~/.local with 0755. This is probably a bug in nano.

If permissions of ~/.local/share are too strict, one will get the following error message in lxc-start.log.

lxc-start mycontainer ... ERROR start - start.c:print_top_failing_dir:125 - Permission denied - Could not access /home/my_username/.local/share. Please grant it x access, or add an ACL for the container root lxc-start mycontainer ... ERROR sync - sync.c:__sync_wait:62 - An error occurred in another process (expected sequence number 3) lxc-start mycontainer ... DEBUG network - network.c:lxc_delete_network:3180 - Deleted network devices lxc-start mycontainer ... ERROR start - start.c:__lxc_start:1951 - Failed to spawn container "mycontainer" lxc-start mycontainer ... DEBUG lxccontainer - lxccontainer.c:wait_on_daemonized_start:830 - First child 834 exited lxc-start mycontainer ... ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:842 - Received container state "ABORTING" instead of "RUNNING" lxc-start mycontainer ... ERROR lxc_start - tools/lxc_start.c:main:330 - The container failed to start lxc-start mycontainer ... ERROR lxc_start - tools/lxc_start.c:main:333 - To get more details, run the container in foreground mode lxc-start mycontainer ... ERROR lxc_start - tools/lxc_start.c:main:336 - Additional information can be obtained by setting the --logfile and --logpriority options

The Debian Wiki suggests the setfacl command (which is part of the "acl" package) as an alternative to chmod to make ~/.local/share accessible to unprivileged containers. Although it does work, it seems that, in order to do it correctly, you needs to individually add all your subuids, typically 65536 of them, to the ACL of that directory. Though I have yet to see lxc use more than 1 subuid, even if creating multiple containers. Non-root users inside the container use more UIDs, e.g., starting with 101000, but the container still works without those UIDs on the ACL for ~/.local/share .

Future work: what happens if you have an insufficient number of subuids or subgids?

Not creating and populating /etc/lxc/lxc-usernet results in the following error message in lxc-start.log :

lxc-start mycontainer ... WARN start - start.c:lxc_spawn:1758 - Operation not permitted - Failed to allocate new network namespace id lxc-start mycontainer ... INFO network - network.c:lxc_create_network_unpriv_exec:2150 - Execing lxc-user-nic create /home/my_username/.local/share/lxc mycontainer 893 veth lxcbr0 (null) lxc-start mycontainer ... ERROR network - network.c:lxc_create_network_unpriv_exec:2178 - lxc-user-nic failed to configure requested network: No such file or directory - Failed to open "/etc/lxc/lxc-usernet" cmd/lxc_user_nic.c: 1296: main: Quota reached lxc-start mycontainer ... ERROR start - start.c:lxc_spawn:1777 - Failed to create the configured network lxc-start mycontainer ... DEBUG network - network.c:lxc_delete_network:3180 - Deleted network devices lxc-start mycontainer ... DEBUG lxccontainer - lxccontainer.c:wait_on_daemonized_start:830 - First child 884 exited lxc-start mycontainer ... ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:842 - Received container state "ABORTING" instead of "RUNNING" lxc-start mycontainer ... ERROR start - start.c:__lxc_start:1951 - Failed to spawn container "mycontainer" lxc-start mycontainer ... DEBUG conf - conf.c:idmaptool_on_path_and_privileged:2860 - The binary "/usr/bin/newuidmap" does have the setuid bit set lxc-start mycontainer ... DEBUG conf - conf.c:idmaptool_on_path_and_privileged:2860 - The binary "/usr/bin/newgidmap" does have the setuid bit set lxc-start mycontainer ... DEBUG conf - conf.c:lxc_map_ids:2952 - Functional newuidmap and newgidmap binary found lxc-start mycontainer ... ERROR lxc_start - tools/lxc_start.c:main:330 - The container failed to start lxc-start mycontainer ... ERROR lxc_start - tools/lxc_start.c:main:333 - To get more details, run the container in foreground mode lxc-start mycontainer ... ERROR lxc_start - tools/lxc_start.c:main:336 - Additional information can be obtained by setting the --logfile and --logpriority options

If the network bridge is not properly set up, one gets the following error message in lxc-start.log :

lxc-start mycontainer ... WARN start - start.c:lxc_spawn:1758 - Operation not permitted - Failed to allocate new network namespace id lxc-start mycontainer ... INFO network - network.c:lxc_create_network_unpriv_exec:2150 - Execing lxc-user-nic create /home/my_username/.local/share/lxc mycontainer 697 veth lxcbr0 (null) lxc-start mycontainer ... ERROR network - network.c:lxc_create_network_unpriv_exec:2178 - lxc-user-nic failed to configure requested network: cmd/lxc_user_nic.c: 576: create_nic: Error attaching vethKL4MYM to lxcbr0 lxc-start mycontainer ... ERROR start - start.c:lxc_spawn:1777 - Failed to create the configured network lxc-start mycontainer ... DEBUG network - network.c:lxc_delete_network:3180 - Deleted network devices lxc-start mycontainer ... DEBUG lxccontainer - lxccontainer.c:wait_on_daemonized_start:830 - First child 688 exited lxc-start mycontainer ... ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:842 - Received container state "ABORTING" instead of "RUNNING" lxc-start mycontainer ... ERROR lxc_start - tools/lxc_start.c:main:330 - The container failed to start lxc-start mycontainer ... ERROR start - start.c:__lxc_start:1951 - Failed to spawn container "mycontainer" lxc-start mycontainer ... ERROR lxc_start - tools/lxc_start.c:main:333 - To get more details, run the container in foreground mode lxc-start mycontainer ... ERROR lxc_start - tools/lxc_start.c:main:336 - Additional information can be obtained by setting the --logfile and --logpriority options lxc-start mycontainer ... DEBUG conf - conf.c:idmaptool_on_path_and_privileged:2860 - The binary "/usr/bin/newuidmap" does have the setuid bit set lxc-start mycontainer ... DEBUG conf - conf.c:idmaptool_on_path_and_privileged:2860 - The binary "/usr/bin/newgidmap" does have the setuid bit set lxc-start mycontainer ... DEBUG conf - conf.c:lxc_map_ids:2952 - Functional newuidmap and newgidmap binary found

The type of networking we set up is called "independent bridge (masqueraded bridge)" at LXC/SimpleBridge on the Debian Wiki . Essentially it puts the container behind a NAT. (This means you will not be able to access the container from outside the host. Consider instead a Host-Shared Bridge, described on the same page, if you want your container to be visible to others on your network.)

You can check whether the network bridge is set up with the ip a command. If the bridge is set up, you should see an entry for lxcbr0. If not, become root, and use the command journalctl -u lxc-net to see error messages.

Not creating and populating the file /etc/default/lxc-net causes the following in journalctl -u lxc-net . It seems to have no errors despite not setting up the bridge.

... systemd[1]: Starting LXC network bridge setup... ... systemd[1]: Started LXC network bridge setup.

Here is what is should look like with /etc/default/lxc-net populated:

... systemd[1]: Starting LXC network bridge setup... ... dnsmasq[550]: started, version 2.80 cachesize 150 ... dnsmasq[550]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfile ... dnsmasq-dhcp[550]: DHCP, IP range 10.0.3.2 -- 10.0.3.254, lease time 1h ... dnsmasq-dhcp[550]: DHCP, sockets bound exclusively to interface lxcbr0 ... dnsmasq[550]: reading /etc/resolv.conf ... dnsmasq[550]: using nameserver (...)#53 ... dnsmasq[550]: read /etc/hosts - 5 addresses ... systemd[1]: Started LXC network bridge setup. ... dnsmasq[550]: reading /etc/resolv.conf ... dnsmasq[550]: using nameserver (...)#53

Omitting the dnsmasq-base package results in the following error message in journalctl -u lxc-net

... lxc-net[510]: /usr/lib/x86_64-linux-gnu/lxc/lxc-net: 136: /usr/lib/x86_64-linux-gnu/lxc/lxc-net: dnsmasq: not found ... lxc-net[510]: Failed to setup lxc-net. ... lxc-net[510]: Failed to setup lxc-net. ... systemd[1]: lxc-net.service: Main process exited, code=exited, status=1/FAILURE ... systemd[1]: lxc-net.service: Failed with result 'exit-code'. ... systemd[1]: Failed to start LXC network bridge setup.

Although the error message "dnsmasq: not found" might suggest installing the dnsmasq package instead of dnsmasq-base, that results in the following error message in journalctl -u lxc-net

... systemd[1]: Starting LXC network bridge setup... ... lxc-net[528]: dnsmasq: failed to create listening socket for 10.0.3.1: Address already in use ... lxc-net[528]: Failed to setup lxc-net. ... lxc-net[528]: Failed to setup lxc-net. ... systemd[1]: lxc-net.service: Main process exited, code=exited, status=1/FAILURE ... systemd[1]: lxc-net.service: Failed with result 'exit-code'. ... systemd[1]: Failed to start LXC network bridge setup.

I don't know what you are supposed to do if you actually need the dnsmasq package installed for other reasons.

If you've installed everything except uidmap and have rebooted, you do not need to reboot after installing uidmap.

At some point, I think I got in a state in which I seemed to need to add to ~/.config/lxc/default.conf :

lxc.apparmor.profile=unconfined

However, I was unable to replicate this problem.

If lxc-create is the first process to create the ~/.cache directory, it creates it with the owner and group of a subuid / subgid instead of your username and group.

$ ls -ld .cache/ drwxr-xr-x 1 100000 100000 6 Feb 14 12:10 .cache/

This may eventually cause problems down the line (e.g., other applications which use ~/.cache), but we didn't see any in brief testing. Nevertheless, this is why we recommended manually creating the .cache directory.

The Debian wiki directs adding this to ~/.config/lxc/default.conf:

# "Secure" mounting lxc.mount.auto = proc:mixed sys:ro cgroup:mixed

and it gives as justification: "Warning: Bad settings with lxc.mount.auto option can lead to security risk and data loss!"

Is there more explanation of this security risk? My understanding of unprivileged containers, in fact, the point of unprivileged containers, is that they cannot break the host system beyond how much an unprivileged user can break the host system. Maybe the "security risk" is the container messing with the non-root user running the container, or non-root users within the container gaining root within the container. For the purposes of demonstrating a minimal setup that just gets things working, we have omitted this line and disregarded the warning.

We use env -i in lxc-attach so that environment variables such as HOME, USER, LOGNAME, and MAIL inside the container do not inherit values from outside. We pass TERM so we can potentially use applications which do terminal manipulation, e.g., use ncurses.

An alternative to env -i TERM=$TERM bash to get a root shell in the container is

lxc-attach -n mycontainer -- su -

This results in the following message before getting a root shell prompt:

mesg: ttyname failed: No such device

This message comes from mesg n in /root/.profile and can be ignored. I don't know why it happens or the best way to prevent it.

I typically modify the entry for the ethernet device (e.g., eno1) in /etc/network/interfaces on the host from "allow-hotplug" to "auto". This forces the boot process to wait until internet is working before continuing, so avoids potential weirdness of creating a bridge, or a container, before host networking is up. Future work: investigate what happens if things happen in the wrong order.

In the instructions given above, it was not necessary to modify /etc/lxc/default.conf , which is nice, because that avoids potential conflicts with future Debian package upgrades.

The instructions above require a reboot. I have not investigated how to get LXC unprivileged containers working without a reboot.

Update (2021-07): The DOWNLOAD_KEYSERVER variable is for /usr/share/lxc/templates/lxc-download . The value was taken from the fix in upstream LXC. The old value hkp://pool.sks-keyservers.net is no longer being maintained (RIP Web Of Trust due to attacks) and now returns a certificate error causing downloads to fail.

To try lxc many times under many different settings for the preparation of this document, to see which things caused and fixed which errors, we used LVM snapshots. This avoided having to having to repeatedly reinstall Debian from scratch.

Some useful websites:
https://wiki.debian.org/LXC
https://wiki.debian.org/LXC/SimpleBridge

Finally, below are logs of successful lxc-create and lxc-start. These are the messages that are ignorable. The lxc-start log also includes messages produced by lxc-stop.

~/lxc-create.log :

~/lxc-start.log :

lxc-start mycontainer ... INFO confile - confile.c:set_config_idmaps:1605 - Read uid map: type u nsid 0 hostid 100000 range 65536 lxc-start mycontainer ... INFO confile - confile.c:set_config_idmaps:1605 - Read uid map: type g nsid 0 hostid 100000 range 65536 lxc-start mycontainer ... INFO lxccontainer - lxccontainer.c:do_lxcapi_start:961 - Set process title to [lxc monitor] /home/my_username/.local/share/lxc mycontainer lxc-start mycontainer ... INFO lsm - lsm/lsm.c:lsm_init:50 - LSM security driver AppArmor lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "reject_force_umount # comment this to allow umount -f; not recommended" lxc-start mycontainer ... INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for reject_force_umount action 0(kill) lxc-start mycontainer ... INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill) lxc-start mycontainer ... INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill) lxc-start mycontainer ... INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "[all]" lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "kexec_load errno 1" lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for kexec_load action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for kexec_load action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "open_by_handle_at errno 1" lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for open_by_handle_at action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "init_module errno 1" lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for init_module action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for init_module action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for init_module action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for init_module action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "finit_module errno 1" lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for finit_module action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for finit_module action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for finit_module action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for finit_module action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "delete_module errno 1" lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for delete_module action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for delete_module action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for delete_module action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for delete_module action 327681(errno) lxc-start mycontainer ... INFO seccomp - seccomp.c:parse_config_v2:970 - Merging compat seccomp contexts into main context lxc-start mycontainer ... DEBUG terminal - terminal.c:lxc_terminal_peer_default:707 - No such device - The process does not have a controlling terminal lxc-start mycontainer ... DEBUG conf - conf.c:chown_mapped_root:3190 - trying to chown "/dev/pts/0" to 1000 lxc-start mycontainer ... INFO start - start.c:lxc_init:904 - Container "mycontainer" is initialized lxc-start mycontainer ... INFO start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWUSER lxc-start mycontainer ... INFO start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWNS lxc-start mycontainer ... INFO start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWPID lxc-start mycontainer ... INFO start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWUTS lxc-start mycontainer ... INFO start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWIPC lxc-start mycontainer ... DEBUG start - start.c:lxc_try_preserve_namespaces:196 - Preserved user namespace via fd 14 lxc-start mycontainer ... DEBUG start - start.c:lxc_try_preserve_namespaces:196 - Preserved mnt namespace via fd 15 lxc-start mycontainer ... DEBUG start - start.c:lxc_try_preserve_namespaces:196 - Preserved pid namespace via fd 16 lxc-start mycontainer ... DEBUG start - start.c:lxc_try_preserve_namespaces:196 - Preserved uts namespace via fd 17 lxc-start mycontainer ... DEBUG start - start.c:lxc_try_preserve_namespaces:196 - Preserved ipc namespace via fd 18 lxc-start mycontainer ... DEBUG conf - conf.c:idmaptool_on_path_and_privileged:2860 - The binary "/usr/bin/newuidmap" does have the setuid bit set lxc-start mycontainer ... DEBUG conf - conf.c:idmaptool_on_path_and_privileged:2860 - The binary "/usr/bin/newgidmap" does have the setuid bit set lxc-start mycontainer ... DEBUG conf - conf.c:lxc_map_ids:2952 - Functional newuidmap and newgidmap binary found lxc-start mycontainer ... INFO start - start.c:do_start:1148 - Unshared CLONE_NEWNET lxc-start mycontainer ... DEBUG conf - conf.c:idmaptool_on_path_and_privileged:2860 - The binary "/usr/bin/newuidmap" does have the setuid bit set lxc-start mycontainer ... DEBUG conf - conf.c:idmaptool_on_path_and_privileged:2860 - The binary "/usr/bin/newgidmap" does have the setuid bit set lxc-start mycontainer ... DEBUG conf - conf.c:lxc_map_ids:2952 - Functional newuidmap and newgidmap binary found lxc-start mycontainer ... DEBUG start - start.c:lxc_spawn:1754 - Preserved net namespace via fd 10 lxc-start mycontainer ... WARN start - start.c:lxc_spawn:1758 - Operation not permitted - Failed to allocate new network namespace id lxc-start mycontainer ... INFO network - network.c:lxc_create_network_unpriv_exec:2150 - Execing lxc-user-nic create /home/my_username/.local/share/lxc mycontainer 628 veth lxcbr0 (null) lxc-start mycontainer ... NOTICE utils - utils.c:lxc_switch_uid_gid:1378 - Switched to gid 0 lxc-start mycontainer ... NOTICE utils - utils.c:lxc_switch_uid_gid:1387 - Switched to uid 0 lxc-start mycontainer ... NOTICE utils - utils.c:lxc_setgroups:1400 - Dropped additional groups lxc-start mycontainer ... INFO start - start.c:do_start:1254 - Unshared CLONE_NEWCGROUP lxc-start mycontainer ... DEBUG storage - storage/storage.c:get_storage_by_name:231 - Detected rootfs type "dir" lxc-start mycontainer ... DEBUG conf - conf.c:lxc_mount_rootfs:1332 - Mounted rootfs "/home/my_username/.local/share/lxc/mycontainer/rootfs" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs" with options "(null)" lxc-start mycontainer ... INFO conf - conf.c:setup_utsname:791 - Set hostname to "mycontainer" lxc-start mycontainer ... DEBUG network - network.c:lxc_setup_netdev_in_child_namespaces:3032 - Network device "eth0" has been setup lxc-start mycontainer ... INFO network - network.c:lxc_setup_network_in_child_namespaces:3053 - network has been setup lxc-start mycontainer ... INFO conf - conf.c:mount_autodev:1118 - Preparing "/dev" lxc-start mycontainer ... INFO conf - conf.c:mount_autodev:1165 - Prepared "/dev" lxc-start mycontainer ... INFO conf - conf.c:lxc_fill_autodev:1209 - Populating "/dev" lxc-start mycontainer ... DEBUG conf - conf.c:lxc_fill_autodev:1282 - Bind mounted host device node "/dev/full" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/full" lxc-start mycontainer ... DEBUG conf - conf.c:lxc_fill_autodev:1282 - Bind mounted host device node "/dev/null" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/null" lxc-start mycontainer ... DEBUG conf - conf.c:lxc_fill_autodev:1282 - Bind mounted host device node "/dev/random" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/random" lxc-start mycontainer ... DEBUG conf - conf.c:lxc_fill_autodev:1282 - Bind mounted host device node "/dev/tty" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/tty" lxc-start mycontainer ... DEBUG conf - conf.c:lxc_fill_autodev:1282 - Bind mounted host device node "/dev/urandom" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/urandom" lxc-start mycontainer ... DEBUG conf - conf.c:lxc_fill_autodev:1282 - Bind mounted host device node "/dev/zero" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/zero" lxc-start mycontainer ... INFO conf - conf.c:lxc_fill_autodev:1286 - Populated "/dev" lxc-start mycontainer ... INFO conf - conf.c:mount_entry:2014 - No such file or directory - Failed to mount "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" (optional) lxc-start mycontainer ... INFO conf - conf.c:mount_file_entries:2333 - Finished setting up mounts lxc-start mycontainer ... DEBUG conf - conf.c:lxc_setup_dev_console:1771 - Mounted pts device "/dev/pts/0" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/console" lxc-start mycontainer ... INFO utils - utils.c:lxc_mount_proc_if_needed:1231 - I am 1, /proc/self points to "1" lxc-start mycontainer ... WARN conf - conf.c:lxc_setup_devpts:1616 - Invalid argument - Failed to unmount old devpts instance lxc-start mycontainer ... DEBUG conf - conf.c:lxc_setup_devpts:1653 - Mount new devpts instance with options "gid=5,newinstance,ptmxmode=0666,mode=0620,max=1024" lxc-start mycontainer ... DEBUG conf - conf.c:lxc_setup_devpts:1672 - Created dummy "/dev/ptmx" file as bind mount target lxc-start mycontainer ... DEBUG conf - conf.c:lxc_setup_devpts:1677 - Bind mounted "/dev/pts/ptmx" to "/dev/ptmx" lxc-start mycontainer ... DEBUG conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/0" with master fd 11 and slave fd 14 lxc-start mycontainer ... DEBUG conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/1" with master fd 15 and slave fd 16 lxc-start mycontainer ... DEBUG conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/2" with master fd 17 and slave fd 18 lxc-start mycontainer ... DEBUG conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/3" with master fd 19 and slave fd 20 lxc-start mycontainer ... INFO conf - conf.c:lxc_allocate_ttys:1005 - Finished creating 4 tty devices lxc-start mycontainer ... DEBUG conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/0" onto "/dev/tty1" lxc-start mycontainer ... DEBUG conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/1" onto "/dev/tty2" lxc-start mycontainer ... DEBUG conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/2" onto "/dev/tty3" lxc-start mycontainer ... DEBUG conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/3" onto "/dev/tty4" lxc-start mycontainer ... INFO conf - conf.c:lxc_setup_ttys:949 - Finished setting up 4 /dev/tty<N> device(s) lxc-start mycontainer ... INFO conf - conf.c:setup_personality:1716 - Set personality to "0x0" lxc-start mycontainer ... DEBUG conf - conf.c:setup_caps:2529 - Capabilities have been setup lxc-start mycontainer ... NOTICE conf - conf.c:lxc_setup:3716 - The container "mycontainer" is set up lxc-start mycontainer ... INFO lsm - lsm/lsm.c:lsm_process_label_set_at:178 - Set AppArmor label to "lxc-container-default-cgns" lxc-start mycontainer ... INFO apparmor - lsm/apparmor.c:apparmor_process_label_set:1101 - Changed AppArmor profile to lxc-container-default-cgns lxc-start mycontainer ... DEBUG start - start.c:lxc_spawn:1829 - Preserved cgroup namespace via fd 19 lxc-start mycontainer ... NOTICE start - start.c:start:2037 - Exec'ing "/sbin/init" lxc-start mycontainer ... NOTICE start - start.c:post_start:2048 - Started "/sbin/init" with pid "628" lxc-start mycontainer ... DEBUG lxccontainer - lxccontainer.c:wait_on_daemonized_start:830 - First child 619 exited lxc-start mycontainer ... NOTICE start - start.c:signal_handler:430 - Received 17 from pid 621 instead of container init 628 lxc-start mycontainer ... DEBUG start - start.c:signal_handler:447 - Container init process 628 exited lxc-start mycontainer ... DEBUG start - start.c:__lxc_start:1984 - Container "mycontainer" is halting lxc-start mycontainer ... INFO error - error.c:lxc_error_set_and_log:54 - Child <628> ended on signal (2) lxc-start mycontainer ... DEBUG network - network.c:lxc_delete_network:3180 - Deleted network devices lxc-start mycontainer ... DEBUG conf - conf.c:idmaptool_on_path_and_privileged:2860 - The binary "/usr/bin/newuidmap" does have the setuid bit set lxc-start mycontainer ... DEBUG conf - conf.c:idmaptool_on_path_and_privileged:2860 - The binary "/usr/bin/newgidmap" does have the setuid bit set lxc-start mycontainer ... DEBUG conf - conf.c:lxc_map_ids:2952 - Functional newuidmap and newgidmap binary found

[mwuzwpqq] Difficult (small) SAT

Consider a satisfiable Boolean formula in conjunctive normal form (CNF). There may be multiple solutions, i.e., multiple interpretations that satisfy it.

Define a path to a solution as a sequence of following:

Pick a variable and assign a value to it. The assigned value must be one that leads to a satisfying interpretation.
Do unit propagation to get more assignments to variables (and simplification of the formula).
Repeat steps 1 and 2 until all variables are assigned.

Define the cost of a path as follows. Start at zero cost. Each time we assign a variable in step 1, consider the variables that had already been assigned at that point, then, if the latest variable had only one possible correct value, add 1 to the cost. On the other hand, if both true and false can lead to satisfying interpretations, then add 0. That is, arbitrary choices are free. (This tends to penalize formulae with multiple satisfying interpretations.) The unit propagation of step 2 is also always free.

Find a formula whose minimum cost path to a satisfying interpretation has relatively high cost.

I suspect that if we ask to maximize minimum cost, it will result in formulae that have a very regular structure, and, knowing that structure, the problem will be very easy to solve. So, aim for high cost but not too high.

Intended application is SAT puzzles for humans to solve. Such puzzles are small enough that for a given puzzle, finding the minimum cost path with a computer is feasible (e.g., with A* search).

What is the next most powerful tool after unit propagation? Probably eliminating a possible value for a variable because that value leads, via one round of unit propagation, to invalidity. Consider adding this as a free step in the path as well.

Dual problem: given an invalid (unsatisfiable) formula, produce a short proof of its unsatisfiability. We seek formulae whose shortest proofs are relatively long. Unlike the satisfiable case, proofs are trees, not paths, so the cost is the size of the tree. There will not be the "arbitrary" assignments which can be assigned zero cost, because both assignments always have to be considered. There are probably other proof gadgets which ought to have zero cost, e.g., permutation of variables.

[kkxtlmli] Thermal generator

Thanks to the first or second law of thermodynamics (which one?), any machine can be described truthfully as a thermal generator. (Perhaps for a situation in which you need to be vague about its actual function.)

Not to be confused with a thermal detonator.

Saturday, May 09, 2020

[fjojmrbw] COVID-19 alignment chart

LAWFUL GOOD: I am making ventilators and masks.

NEUTRAL GOOD: Video games and porn, alone in my mom's basement, same as always.

CHAOTIC GOOD: Let's fight this epidemic by violating civil rights! Let's deploy the military to enforce lockdowns: shoot to kill!

LAWFUL NEUTRAL: I am making 140-proof distilled alcohol.

TRUE NEUTRAL: Different people and jurisdictions doing different actions and policies is fine, because it lets us compare their differing effects and learn things from them.

CHAOTIC NEUTRAL: Let's play politics with this epidemic. Let's deepen and exacerbate social divisions.

LAWFUL EVIL: I am making caskets.

NEUTRAL EVIL: Beaches are still open, so the spring break trip is still on!

CHAOTIC EVIL: Do you know what would be great right now, what all the cool pandemics have had? War. The Black Death had the Mongol invasions; the 1918 flu had World War I. What the world needs now is huge migrations of refugees and densely packed refugee camps, soldiers deployed to, and returning from, battlefields all over the world, and actual resource shortages to bring out the worst in desperate people and governments. Also, this time, let's add lots of radiation poisoning (it knocks out the immune system!) to the pandemic-and-war mix, because we can.

Note: This is humor, inspired by Dungeons and Dragons. Real people and institutions are more complicated than a 3x3 grid.

Other things considered for squares: "Profit is more important than the health of my employees." "I have no choice but to do what I am ordered to do." "Pandemic is a platform to spread hate."

Friday, May 08, 2020

[zqjjihpf] More compact CNF

Consider the following alternative way of expressing conjunctive normal form. Omission of an operator indicates plus (disjunction). Multiplication (conjunction) has weaker precedence.

ac̄e * ēgm̄ * mnā = (a OR not c OR e) AND (not e OR g OR not m) AND (m OR n OR not a)

(We use letters without ascenders acegmnopqrsuvwxyz as variables so there is space for the macron indicating negation.)

Conjunctive Normal Form, which is where all the fun is for Satisfiability, is a situation in which we wish the order of operations between plus and times, between OR and AND, had been established the other way.

This was inspired by "intelligence" tests which test the order of operations (operator precedence) for arithmetic. We typically don't question why operator precedence is the way that it is, nor wonder if things could be better if precedence were different.

Thursday, May 07, 2020

[kusjjkrg] Use of Commercial Disinfectants to Treat Novel Coronavirus (Covid-19) through Oral Administration or Subdermal Injection

Do not inject toxins into your body! Do not inject chemicals into your body! Listen to the anti-vaxxers on this one! (Don't listen to Trump!)

Jenny McCarthy, as the nation's foremost medical authority, please be the hero we need right now and tell people this, because your medical advice is the advice people trust!

☠️ ☠️ IT! CAUSES! LIGMA!!! ☠️ ☠️

Wednesday, May 06, 2020

[vjuknduu] Base 30

Base 30 is attractive because 30 can divided evenly in a bunch of ways. The most straightforward digits for base 30 are 0..9, a..t, so uvwxyz are not used.

However, we could vote off the island a different set of 6 letters:

Gg because it looks like 6, 9, or 8.

Ii because it looks like 1.

Ll because it looks like 1.

Oo because it looks like 0.

Ss because it looks like 5.

Zz because it looks like 2, 3, or 7.

This leaves 0123456789abcdefhjkmnpqrtuvwxy.

Possible others:

Bb because it looks like 8 or 6.

Qq because it looks like 2 or 9.

Previously, on creating a character set from scratch from binary.

Tuesday, May 05, 2020

[ixgizccl] Hiroshima, Nagasaki, ________

Which city will be the next large city to be nuclear bombed? Place your bets, inspired by the Deadpool.

Karachi
Lahore
Delhi
Mumbai
Gaza
Tehran
Cairo
Jerusalem
Tel Aviv
Riyadh
Baghdad
Damascas
Moscow
Kiev
Tblisi
Berlin
Strasbourg
Paris
Brussels
Dublin
Edinburgh
London
Beijing
Shanghai
Hong Kong - Guangzhou (is this just one metropolitan area for the purposes of nuclear bombing?)
Taipei
Pyongyang
Seoul
Tokyo
Mexico City
Havana
Caracas
New York
Washington
Hiroshima
Nagasaki
Lawrence

Perhaps this is a good bucket list of cities to visit while they still exist, because any one of them have good chances of being obliterated at any moment.

Somewhat likely as the next nuclear bomb target is not a city in the normal sense but instead a large refugee camp (which might not exist yet) with population comparable to a city. The bomber wants their enemy to die, not to escape, to prevent the enemy from counterattacking in the future, perhaps after making alliances.

Super optimistically, nuclear war might be so far off in the future that the next city to be bombed might not even exist yet. Or that could be super pessimistic: something else (e.g., climate change) might devastate civilization down to a technology level where it becomes unable to use or build nuclear weapons for a long time, with our current stockpile degrading to unusability.

The cities chosen for inclusion on this list are large or important cities associated with regions of geopolitical tension in which at least one party has nuclear weapons. One party having nuclear weapons often induces other parties to seek them as well, perhaps indirectly via an alliance with another nuclear power. Are there other cities which meet this criterion which should be on this list?

Absent from the list is the entire southern hemisphere, possibly due to my ignorance. South Africa reportedly no longer has the nuclear weapons that they were explicitly planning to use on their own citizens, a fact that residents of nuclear powers should note well: nuclear weapons don't necessarily make you safer in your own country. Political winds change.

Perhaps the Monroe Doctrine makes the entire Western Hemisphere, including all of South America, potential targets for American nuclear weapons, e.g., to punish a country for not obeying the United States.

We include Hiroshima and Nagasaki on the list because whoever bombs Japan next might deliberately invoke history in choosing their first city to bomb. Perhaps they wish to make a point that they should be considered no more evil than the first nuclear bomber of those cities. The two cities also happen to be two of the closest large Japanese cities to North Korea and to China (though Fukuoka is closer and larger than both).

We include Lawrence as a joke entry because it's been repeatedly nuclear bombed in a movie (The Day After), then a TV show (Jericho), and also nearly laser-obliterated from space in Diamonds Are Forever.

Not included in this list are cities which might suffer because they happen to be close to a military or other strategic site. For example, a bomb targeting Sandia National Laboratory would also hit Albuquerque, or a bomb targeting the Hoover Dam might also hit Las Vegas. We don't include such cities because we are limiting the list to situations in which a nuclear weapon is used for the primary purpose of killing a huge number of civilians, a thing it does well.

This betting pool might be difficult to adjudicate because it is quite realistic that several cities might get bombed simultaneously. Maybe split the pot. However, how realistic is it that bombs go off so close to simultaneously that it's difficult to determine which of them detonated first? Nuclear explosions generate all their energy in a tiny amount of time, so it seems likely that we will know their timings very precisely. Maybe a Skynet-style attack of simultaneous bombs everywhere also destroys such instrumentation and recording.

Unclear what value the money in the betting pool will have after a nuclear attack. For example, the dollar is fiat currency backed by the U.S. Federal Reserve. What if the Fed doesn't exist anymore?

The list above is not actually a good bucket list if one is worried about global thermonuclear war. Everywhere, even if not obliterated, will be profoundly affected by global thermonuclear war. Afterwards, you will not be able to experience any place like it was before Judgement Day. For example, fallout may prevent people from being outside, and many places are defined by their people.

Previously, not descriptively asking which city is likely to be nuked, but asking normatively, which city, chosen by a country's own citizens, should be nuked?

Monday, May 04, 2020

[lrdmhhzy] Extinguishing all life is hard

Theorize that once life arises, say, on a planet, it's hard for all life on the planet to then go extinct.

Theorized mechanism: life, once it arises, expands to many niches via evolution, naturally resulting in biodiversity. (Perhaps this should be the definition of life.) With biodiversity, it's hard for changes in the environment, either exogenous or even caused by life itself, to cause all life to go extinct. Something is always weird enough to survive new weird conditions.

Possible problems: the planet might be very homogenous, resulting in little biodiversity. Astronomical changes in the environment can be very extreme, very violent. It's hard to imagine how biodiversity could win against a supernova or black hole. (Though life probably had escaped earlier.)

More radically, we propose the same theory except not just for life but also for intelligent life. (Others have also proposed this.) Intelligent life can additionally adapt with technology faster than mutation and evolution.

More possible problems: intelligent life might have little biodiversity. Intelligent life is also more capable of doing things to (accidentally) extinct itself.

Should we support our human species fracturing into multiple biologically incompatible species adapted to different ecological niches, for the good of the survival of some intelligent life? It seems this would be a recipe for war and genocide (which we already do enough of). Speciation is probably inevitable once we colonize space, other planets, and other star systems.

Sunday, May 03, 2020

[zgvtcmhj] Radian of a solar day

2pi radianofasolarday = 1 solar day = 24 hour

1 radianofasolarday = 3 hour 49 minute 11 second

1 milliradianofasolarday = 13.75 second

1 hour = 261.8 milliradianofasolarday
1 minute = 4.3 milliradianofasolarday
1 second = 73 microradianofasolarday

We specify solar day assuming angle calculations relative to the sun are the most likely to be useful. radianofasiderealrotationperiod also might be useful. Not sure where radianofasiderealday might be useful.

Note well that the sun's motion around the sky is not quite circular, see analemma.

Similarly:

2pi radianofatropicalyear = 1 tropical year = 365.2421897 day = 31556925.19 second

1 radianofatropicalyear = 58 day

1 second = 31.69 nanoradianofatropicalyear

Note well that Earth's orbital speed around the sun is not constant because Earth's orbit is an ellipse, so the mapping between time and the position in the seasonal cycle is complicated.

For astronomers:

2pi radianofasideralyear = 365.256363004 day = 31558149.7635 second

Note well that Earth's orbital speed around the sun is not constant because Earth's orbit is an ellipse, so the mapping between time and Earth's location in space is complicated.

Saturday, May 02, 2020

[awqwfvfw] WPA2 puzzles

Consider a puzzle with the following 23-character clue:

4lowercase+4digits+gz8L

The clue suggests a brute force attack of trying all strings aaaa0000gz8L through zzzz9999gz8L as possible solutions. (The final 4 characters gz8L were a random salt to thwart precomputation.) There are 26^4 * 10^4 = 4.6e9 possible strings.

Note well that the format is letters followed by digits, with no interleaving. We keep things simple.

The intended application is a puzzle encoded in the name of a wireless access point, with the solution being the password. Wifi access point names must be 32 characters or less. The 23 characters in puzzle above meets this constraint. This page says that a 2017 GPU can try about 400,000 passwords per second to offline-decrypt a captured WPA2 handshake. Therefore, this puzzle would take 4.6e9/400e3 = 11000 seconds = 190 minutes (in the worst case) to solve by brute force or half that, 95 minutes, on average. (This is of course after first sniffing a WPA2 handshake, which might take a while.)

A barrier of 3 hours might be enough to deter casual attackers but let through people deemed worthy, those willing to invest that amount of time and computational effort to get free wifi. Or maybe this is suitable for an escape-the-room style physical puzzle: connecting to the wifi reveals the next part of the puzzle.

(Or, one could troll the nerds by having the solution be completely unrelated to the clue: the clue was a red herring to send people off on a wild goose chase. Then, the rest of this post is a discussion of just how long a chase.)

Previous similar puzzles: factorization and discrete logarithm. The puzzle this time, internally about brute-forcing SHA1, is much easier to set up: it does not require the poser solve the puzzle first. However, brute forcing SHA1 seems a lot less sexy than integer factorization.

Below are some puzzle size parameters and the number of possibilities for those parameters, expressed as a power of 10 for ease of comparison. For example,

10 ^ 9.66 = 26 ^ 4 * 10 ^ 4

indicates that a puzzle of 4 lowercase letters followed by 4 digits has 10^9.66 = 4.6 * 10^9 possibilities. This list below is a guide for choosing puzzle parameters based on how much work you want the attacker to do. (It does require knowing the hardware capability of the attacker to estimate the time it will take an attacker.)

The final puzzle size on the list, 3lowercase+15digits, has over 10^19 possibilities, so it would take 508 days even with a million GPUs. This is doable by a national intelligence agency. Of course, national intelligence agencies typically operate above the law and apply rubber-hose cryptanalysis on you or your loved ones for less than 508 days to extract the answer more quickly.

For even larger puzzles, it is straightforward to increase the number of digits to scale the difficulty of a smaller puzzle by a power of 10. Or, use this Haskell source code to find parameters of a puzzle of desired difficulty. Solutions (WPA2 passwords) must be 63 characters or less, so there remains plenty of room to expand even if just using digits.

Initially, we considered restricting puzzles to just letters or to just numbers, but those result in puzzles that grow in difficulty by factors of 26 or 10, which we felt were too steep of increases between levels of difficulty. Doing letters followed by numbers allows finer gradations of difficulty. For example, we have 8 gradations between 10^8 and 10^9, so difficulty in that range grows by a factor of about 1.33 between gradations. Further along, the gradations (on a log scale) become even finer. What is the growth rate of this sequence? How close can consecutive numbers of this sequence be (important for comparing values for sorting)? How widely separated can consecutive numbers be?

Generating all numbers of the form 26^a * 10^b in sorted order is a classic algorithmic puzzle, which we solve in Haskell by using Data.List.Ordered.union in the data-ordlist package. (Previously on data-ordlist, which is quite handy.) Here is the source code used to generate the list below.

Below is a code excerpt demonstrating the call to Data.List.Ordered.union in the self-recursive nums function. Is there a more elegant way to write the nums function, not having to explicitly index into a list (which we do with the incn function)? (Though elegance is subjective.)

The code is generalized to be able to handle an arbitrary number of character classes of arbitrary sizes (not just our 2 classes of size 26 and 10). To do so, modify the variable bases.

bases :: [Integer]; bases = [26,10];

-- representing the exponents of a single number, e.g., -- N [3,4] represents 26^3 * 10^4 . data N = N [Integer] deriving (Show,Eq);

value :: N -> Integer; value (N x) = product $ zipWith (^) bases x;

instance Ord N where { compare = comparing value; -- OK if the values are not too large. Comparing logs would be faster, though that relies on floating point having enough precision. };

nums :: [N]; nums = N (map (const 0) bases) : foldr Ordered.union [] (do { index <- zipWith const [0..] bases; -- equivalent to [0 .. (length bases -1)] return $ map (incn index) nums; });

-- increment just the nth item in the list incn :: Integer -> N -> N; incn n (N x) = let { (p,q:rest) = List.genericSplitAt n x; } in N $ p ++ (succ q:rest);

10 ^  0.00 = 26 ^ 0  * 10 ^ 0 
10 ^  1.00 = 26 ^ 0  * 10 ^ 1 
10 ^  1.41 = 26 ^ 1  * 10 ^ 0 
10 ^  2.00 = 26 ^ 0  * 10 ^ 2 
10 ^  2.41 = 26 ^ 1  * 10 ^ 1 
10 ^  2.83 = 26 ^ 2  * 10 ^ 0 
10 ^  3.00 = 26 ^ 0  * 10 ^ 3 
10 ^  3.41 = 26 ^ 1  * 10 ^ 2 
10 ^  3.83 = 26 ^ 2  * 10 ^ 1 
10 ^  4.00 = 26 ^ 0  * 10 ^ 4 
10 ^  4.24 = 26 ^ 3  * 10 ^ 0 
10 ^  4.41 = 26 ^ 1  * 10 ^ 3 
10 ^  4.83 = 26 ^ 2  * 10 ^ 2 
10 ^  5.00 = 26 ^ 0  * 10 ^ 5 
10 ^  5.24 = 26 ^ 3  * 10 ^ 1 
10 ^  5.41 = 26 ^ 1  * 10 ^ 4 
10 ^  5.66 = 26 ^ 4  * 10 ^ 0 
10 ^  5.83 = 26 ^ 2  * 10 ^ 3 
10 ^  6.00 = 26 ^ 0  * 10 ^ 6 
10 ^  6.24 = 26 ^ 3  * 10 ^ 2 
10 ^  6.41 = 26 ^ 1  * 10 ^ 5 
10 ^  6.66 = 26 ^ 4  * 10 ^ 1 
10 ^  6.83 = 26 ^ 2  * 10 ^ 4 
10 ^  7.00 = 26 ^ 0  * 10 ^ 7 
10 ^  7.07 = 26 ^ 5  * 10 ^ 0 
10 ^  7.24 = 26 ^ 3  * 10 ^ 3 
10 ^  7.41 = 26 ^ 1  * 10 ^ 6 
10 ^  7.66 = 26 ^ 4  * 10 ^ 2 
10 ^  7.83 = 26 ^ 2  * 10 ^ 5 
10 ^  8.00 = 26 ^ 0  * 10 ^ 8 
10 ^  8.07 = 26 ^ 5  * 10 ^ 1 
10 ^  8.24 = 26 ^ 3  * 10 ^ 4 
10 ^  8.41 = 26 ^ 1  * 10 ^ 7 
10 ^  8.49 = 26 ^ 6  * 10 ^ 0 
10 ^  8.66 = 26 ^ 4  * 10 ^ 3 
10 ^  8.83 = 26 ^ 2  * 10 ^ 6 
10 ^  9.00 = 26 ^ 0  * 10 ^ 9 
10 ^  9.07 = 26 ^ 5  * 10 ^ 2 
10 ^  9.24 = 26 ^ 3  * 10 ^ 5 
10 ^  9.41 = 26 ^ 1  * 10 ^ 8 
10 ^  9.49 = 26 ^ 6  * 10 ^ 1 
10 ^  9.66 = 26 ^ 4  * 10 ^ 4 
10 ^  9.83 = 26 ^ 2  * 10 ^ 7 
10 ^  9.90 = 26 ^ 7  * 10 ^ 0 
10 ^ 10.00 = 26 ^ 0  * 10 ^ 10
10 ^ 10.07 = 26 ^ 5  * 10 ^ 3 
10 ^ 10.24 = 26 ^ 3  * 10 ^ 6 
10 ^ 10.41 = 26 ^ 1  * 10 ^ 9 
10 ^ 10.49 = 26 ^ 6  * 10 ^ 2 
10 ^ 10.66 = 26 ^ 4  * 10 ^ 5 
10 ^ 10.83 = 26 ^ 2  * 10 ^ 8 
10 ^ 10.90 = 26 ^ 7  * 10 ^ 1 
10 ^ 11.00 = 26 ^ 0  * 10 ^ 11
10 ^ 11.07 = 26 ^ 5  * 10 ^ 4 
10 ^ 11.24 = 26 ^ 3  * 10 ^ 7 
10 ^ 11.32 = 26 ^ 8  * 10 ^ 0 
10 ^ 11.41 = 26 ^ 1  * 10 ^ 10
10 ^ 11.49 = 26 ^ 6  * 10 ^ 3 
10 ^ 11.66 = 26 ^ 4  * 10 ^ 6 
10 ^ 11.83 = 26 ^ 2  * 10 ^ 9 
10 ^ 11.90 = 26 ^ 7  * 10 ^ 2 
10 ^ 12.00 = 26 ^ 0  * 10 ^ 12
10 ^ 12.07 = 26 ^ 5  * 10 ^ 5 
10 ^ 12.24 = 26 ^ 3  * 10 ^ 8 
10 ^ 12.32 = 26 ^ 8  * 10 ^ 1 
10 ^ 12.41 = 26 ^ 1  * 10 ^ 11
10 ^ 12.49 = 26 ^ 6  * 10 ^ 4 
10 ^ 12.66 = 26 ^ 4  * 10 ^ 7 
10 ^ 12.73 = 26 ^ 9  * 10 ^ 0 
10 ^ 12.83 = 26 ^ 2  * 10 ^ 10
10 ^ 12.90 = 26 ^ 7  * 10 ^ 3 
10 ^ 13.00 = 26 ^ 0  * 10 ^ 13
10 ^ 13.07 = 26 ^ 5  * 10 ^ 6 
10 ^ 13.24 = 26 ^ 3  * 10 ^ 9 
10 ^ 13.32 = 26 ^ 8  * 10 ^ 2 
10 ^ 13.41 = 26 ^ 1  * 10 ^ 12
10 ^ 13.49 = 26 ^ 6  * 10 ^ 5 
10 ^ 13.66 = 26 ^ 4  * 10 ^ 8 
10 ^ 13.73 = 26 ^ 9  * 10 ^ 1 
10 ^ 13.83 = 26 ^ 2  * 10 ^ 11
10 ^ 13.90 = 26 ^ 7  * 10 ^ 4 
10 ^ 14.00 = 26 ^ 0  * 10 ^ 14
10 ^ 14.07 = 26 ^ 5  * 10 ^ 7 
10 ^ 14.15 = 26 ^ 10 * 10 ^ 0 
10 ^ 14.24 = 26 ^ 3  * 10 ^ 10
10 ^ 14.32 = 26 ^ 8  * 10 ^ 3 
10 ^ 14.41 = 26 ^ 1  * 10 ^ 13
10 ^ 14.49 = 26 ^ 6  * 10 ^ 6 
10 ^ 14.66 = 26 ^ 4  * 10 ^ 9 
10 ^ 14.73 = 26 ^ 9  * 10 ^ 2 
10 ^ 14.83 = 26 ^ 2  * 10 ^ 12
10 ^ 14.90 = 26 ^ 7  * 10 ^ 5 
10 ^ 15.00 = 26 ^ 0  * 10 ^ 15
10 ^ 15.07 = 26 ^ 5  * 10 ^ 8 
10 ^ 15.15 = 26 ^ 10 * 10 ^ 1 
10 ^ 15.24 = 26 ^ 3  * 10 ^ 11
10 ^ 15.32 = 26 ^ 8  * 10 ^ 4 
10 ^ 15.41 = 26 ^ 1  * 10 ^ 14
10 ^ 15.49 = 26 ^ 6  * 10 ^ 7 
10 ^ 15.56 = 26 ^ 11 * 10 ^ 0 
10 ^ 15.66 = 26 ^ 4  * 10 ^ 10
10 ^ 15.73 = 26 ^ 9  * 10 ^ 3 
10 ^ 15.83 = 26 ^ 2  * 10 ^ 13
10 ^ 15.90 = 26 ^ 7  * 10 ^ 6 
10 ^ 16.00 = 26 ^ 0  * 10 ^ 16
10 ^ 16.07 = 26 ^ 5  * 10 ^ 9 
10 ^ 16.15 = 26 ^ 10 * 10 ^ 2 
10 ^ 16.24 = 26 ^ 3  * 10 ^ 12
10 ^ 16.32 = 26 ^ 8  * 10 ^ 5 
10 ^ 16.41 = 26 ^ 1  * 10 ^ 15
10 ^ 16.49 = 26 ^ 6  * 10 ^ 8 
10 ^ 16.56 = 26 ^ 11 * 10 ^ 1 
10 ^ 16.66 = 26 ^ 4  * 10 ^ 11
10 ^ 16.73 = 26 ^ 9  * 10 ^ 4 
10 ^ 16.83 = 26 ^ 2  * 10 ^ 14
10 ^ 16.90 = 26 ^ 7  * 10 ^ 7 
10 ^ 16.98 = 26 ^ 12 * 10 ^ 0 
10 ^ 17.00 = 26 ^ 0  * 10 ^ 17
10 ^ 17.07 = 26 ^ 5  * 10 ^ 10
10 ^ 17.15 = 26 ^ 10 * 10 ^ 3 
10 ^ 17.24 = 26 ^ 3  * 10 ^ 13
10 ^ 17.32 = 26 ^ 8  * 10 ^ 6 
10 ^ 17.41 = 26 ^ 1  * 10 ^ 16
10 ^ 17.49 = 26 ^ 6  * 10 ^ 9 
10 ^ 17.56 = 26 ^ 11 * 10 ^ 2 
10 ^ 17.66 = 26 ^ 4  * 10 ^ 12
10 ^ 17.73 = 26 ^ 9  * 10 ^ 5 
10 ^ 17.83 = 26 ^ 2  * 10 ^ 15
10 ^ 17.90 = 26 ^ 7  * 10 ^ 8 
10 ^ 17.98 = 26 ^ 12 * 10 ^ 1 
10 ^ 18.00 = 26 ^ 0  * 10 ^ 18
10 ^ 18.07 = 26 ^ 5  * 10 ^ 11
10 ^ 18.15 = 26 ^ 10 * 10 ^ 4 
10 ^ 18.24 = 26 ^ 3  * 10 ^ 14
10 ^ 18.32 = 26 ^ 8  * 10 ^ 7 
10 ^ 18.39 = 26 ^ 13 * 10 ^ 0 
10 ^ 18.41 = 26 ^ 1  * 10 ^ 17
10 ^ 18.49 = 26 ^ 6  * 10 ^ 10
10 ^ 18.56 = 26 ^ 11 * 10 ^ 3 
10 ^ 18.66 = 26 ^ 4  * 10 ^ 13
10 ^ 18.73 = 26 ^ 9  * 10 ^ 6 
10 ^ 18.83 = 26 ^ 2  * 10 ^ 16
10 ^ 18.90 = 26 ^ 7  * 10 ^ 9 
10 ^ 18.98 = 26 ^ 12 * 10 ^ 2 
10 ^ 19.00 = 26 ^ 0  * 10 ^ 19
10 ^ 19.07 = 26 ^ 5  * 10 ^ 12
10 ^ 19.15 = 26 ^ 10 * 10 ^ 5 
10 ^ 19.24 = 26 ^ 3  * 10 ^ 15

[bwyamshn] Base 30 from base 32

Design digit symbols for base 30 based on binary, starting with 2^5 = 32 characters and eliminating two characters.

Perhaps eliminate the two characters which correspond to the all zeroes bitstring and to the all ones bitstring, because they are so sparse or dense that they are difficult to distinguish from light or dark backgrounds.

Or, just eliminate the characters corresponding to 30 and 31. Then the structure of digits could match their value. Perhaps keep the character corresponding to 31 but assign it to zero.

Six-dot and eight-dot Braille already exist in Unicode.

Friday, May 01, 2020

[xlyjjjlp] Fun with d20 dice

Uniformly sample one integer from each of the following inclusive ranges:

0 .. 4
0 .. 6
0 .. 8
0 .. 10
0 .. 12
0 .. 15
0 .. 16
0 .. 18

Using the Chinese remainder theorem, find the smallest number which has the sampled numbers as remainders when divided by 5 7 9 11 13 16 17 19. This uniformly samples a large integer in the range 0 to 232792560-1 ( 24*(19 primorial) - 1 ).

The ranges were chosen to be within the limits of a d20 die, the largest common die.

Not sure what this is useful for. If you want a random large decimal number, just sample digits with a d10 or d20.

Subscribe to: Posts ( Atom )