overview for LibreMonk

1

Generating reference numbers in bash or sqlite that do not appear sequential (like shuffling a deck of cards) (linkage.ds8.zone)

submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/[email protected]

0 comments fedilink

TL;DR → The main problem is coming up with a way to reorder an array non-randomly but without introducing bulky code. Like the effect of shuffling a deck of cards in a deterministic cheating way.

Full background:

I would like to generate reference numbers for letters sent via postal mail. An sqlite db is used to track the sequence numbers (but not the reference numbers). This is the bash code I have so far:

typeset -a symbolset=(a b c d e f g h   j k   m n   p q r s t u v w x y z     2 3 4 5 6 7 8 9)
ln_symbolset=${#symbolset[@]}; # 41 is the answer, not 42
itemseq=$(sqlite3 ltr_tracking.db "select max(counter) from $tbl;")
printf '%s\n' "next letter reference number is: $(date +%Y)-${symbolset[$((itemseq / ln_symbolset))]}${symbolset[$((itemseq % ln_symbolset))]}"

An array is defined with alphanumeric symbols, taking care to eliminate symbols that humans struggle to distinguish (e.g. 1l0o). Then integer div and mod operations produce a two character number which is then prefixed with the year. So e.g. 2024-aa. Just two chars gives more numbers than would ever be generated in one calandar year.

This code mostly satisfies the need. But there’s a problem: a recipient who receives two letters can easily realise how many letters were sent in the time span of the two letters they receive. Most numbers will start with “a” “b” or “c”.

I do not need or want a cryptographic level of security which then leads to ungodly 16 byte numbers. Simplicity¹ is far more important than confidentiality. Just a small tweak to stifle the most trivial analysis would be useful.

One temptation is to simply manually mix up the order of chars in the symbolset array, hard-coded. But then that makes the code less readible. So I probably need to create a 2nd array “symbolseq” which arbitrarily unorders the symbolset array. I say arbitrary and not random because the sequence must be deterministic and static from one execution to the next.

An associative array is one idea:

typeset -A symbolset_lookup_table=(
[a]=k
[b]=3
[c]=s
…

I’m just slightly put off by the fact that it’s not readily evident that the RHS values are all used from the same set as the LHS keys exactly once.

I should probably encode the year as well. This would give a two char year:

printf '%s ' "$(((2024/41) % 41))" "$((2024 % 41))" "→ ${symbolset[$(((2024 / 41) % 41))]}" "${symbolset[$((2024 % 41))]}"

output:
8 15 → j s

(edit)
All the calculations must be easily reversible so a ref number can be converted back into a sequence number for DB queries.

¹ simplicity in both the code and in the numbers generated.

☠ lemmy.sdfeu.org ~~has died~~ is back up, but communities gone in c/[email protected]

[–] [email protected] 1 points 4 months ago* (last edited 4 months ago)

Your client would make a difference. What you are probably seeing is the mirrored version of [email protected] on lemm.ee. You cannot possibly be interacting with a non-existent community. If I post to https://linkage.ds8.zone/c/[email protected], then I don’t suppose you would see it on https://lemm.ee/c/[email protected].

(edit) just saw your test msg. Well, that’s interesting. Even though [email protected] no longer exists, it seems the mirrored versions of it can still collaborate. I’m not sure how that works.

the JavaScript problem: a conflict of interest in c/[email protected]

[–] [email protected] -1 points 4 months ago* (last edited 4 months ago)

If i build a shitty house and it collapses, I own it, I don’t write a manifesto about how it’s all lumber’s fault.

If you sell the house in a high-pressure sales tactic way (“buy in the next 5 min or deal is off the table”) and deny inspection to the buyer before it collapses, that would be as close as this stupid analogy can get to the JS scenario.

As does FOSS C

Nonsense. As you were told, C is not dynamically fetched and spontaneously executed upon visiting a website.

do you install linux from the source tree and build everything yourself? no, you download an .iso, so you are bound to the whims of the OS maintainer,

Nonsense. Have a look at gentoo. You absolutely can build everything from source. You can inspect it and you can also benefit from the inspection of others. Also, look into “reproduceable builds”.

Literally every JS package I’ve ever used does this.

Nonsense. The web is unavoidably littered with unpublished JS that’s dynamically fetched every time you visit the page.

the JavaScript problem: a conflict of interest in c/[email protected]

[–] [email protected] -1 points 4 months ago* (last edited 4 months ago) (2 children)

they attribute buggy sites to the company, not the underlying language (rightly so)

Precisely my point. Recall what I wrote about conflict of interest. I’m not talking about a problem of the language syntax and semantics. I’m talking about JavaScript products (in the mathematical sense of a product not in the commercial sense; the code artifacts, iow).

JS runs client side and you can see what scripts are downloaded and running

That does nothing to remedy the conflict of interest. They can also push obfuscated JS but that’s beside the point. The problem is users are not going to review that code even the first time they visit a site, much less every single time due to the nature of dynamically re-fetching the code every single time you visit a page. Even if some OCD nutty user had that level of motivation, they do not benefit from the reviews of others because the code is not being reviewed from a static centralised space. Your idea that software freedom will somehow escape the conflict of interest problem is nonsense. A site admin can do whatever they want to the code to serve themselves and you end up with users running code that is designed to serve someone else.

So open source projects written in C benefit the user, but open source projects written in JS do not?

FOSS C projects hard and fast benefit the user because of the distribution of the code. We do not fetch a dynamically changing version of unreviewable unverified C code every time we visit a website. Distribution of C code is more controlled than that.

FOSS JS depends on how it’s distributed. Someone can write JS in their basement with no public oversight, license it to pass the LibreJS plugin test, and technically it’s FOSS but because of how it’s reviewed and distributed the benefits are diminishing. If the FOSS JS is in a public repo and statically downloadable (e.g. electronmail), then the conflict of interest is removed and the code is static (not fetched on-the-fly upon every execution which escapes a QA process).

Electronmail demonstrates FOSS JS that avoids the conflict of interest problem but that’s exceptional. That’s not how most JS is distributed. Most JS is distributed from a stakeholder, thus presents a conflict of interest.

1

the JavaScript problem: a conflict of interest (linkage.ds8.zone)

submitted 4 months ago by [email protected] to c/[email protected]

5 comments fedilink

I was thinking about the problem with JavaScript and the misery it brings to people. I think I’ve pinned it down to a conflict of interest.

Software is supposed to serve the user who runs it. That’s the expectation, and rightfully so. It’s not supposed to serve anyone else. Free software is true to this principle, loosely under the FSF “freedom 0” principle.

Non-free software is problematic because the user cannot see the code. The code only has to pretend to serve the user while in reality it serves the real master (the corporation who profits from it).

JavaScript has a similar conflict of interest. It’s distributed by the same entity who operates API services -- a stakeholder. Regardless of whether the JS is free software or not, there is an inherent conflict of interest whereby the JS is produced by a non-user party to the digital transactions. This means the software is not working for the user. It’s only pretending to.

☠ lemmy.sdfeu.org ~~has died~~ is back up, but communities gone in c/[email protected]

[–] [email protected] 1 points 4 months ago (2 children)

I’m not sure what that is. vger.social and voyager.lemmy.ml don’t seem to have anything relevant. But I found [email protected].

1

☠ lemmy.sdfeu.org ~~has died~~ is back up, but communities gone (lemmy.sdfeu.org)

submitted 5 months ago* (last edited 4 months ago) by [email protected] to c/[email protected]

4 comments fedilink

I just started using the LaTeX community ([email protected]). Sad to see it go.

update

Just noticed it’s back up, but there are no communities. That’s bizarre. So if someone not on lemmy.sdfeu.org were to post to [email protected], I guess it’d still be like a ghost node because the post would have nowhere to go on the hosting node.

[pdfcomment] the font option produces PDFs that only render correctly in Adobe Acrobat, not Poppler (xpdf, evince, okular) in c/[email protected]

[–] [email protected] 1 points 7 months ago

After more investigation, muPDF is a FOSS PDF viewer that does not use Poppler libs. I’m told it renders the standard fonts but not the others.

Acrobat is perhaps the only PDF viewer that displays callouts. And the pdfcomment package has a serious defect that has a callout strike through the page.

So much for PDFs being “portable”.

4

[pdfcomment] the font option produces PDFs that only render correctly in Adobe Acrobat, not Poppler (xpdf, evince, okular) (linkage.ds8.zone)

submitted 7 months ago* (last edited 7 months ago) by [email protected] to c/[email protected]

1 comments fedilink

This is the sample code (for LuaTeX or XeTeX):

\documentclass{scrartcl}

\usepackage{pdfcomment}
\usepackage[english]{babel}
%\usepackage[latin1]{inputenc}
\usepackage[T1]{fontenc}
\usepackage{lmodern}
\usepackage{microtype}
\usepackage[svgnames,rgb]{xcolor}
\usepackage[absolute]{textpos}
\usepackage{amssymb,amsmath,array,bm}
\usepackage{courier}
\usepackage{calligra,mathptmx,helvet,concmath}
\usepackage{times}
\usepackage{fontspec} % used to access system fonts like Lucida Fax

\begin{document}

\defineavatar{standard}{height=10mm,width=15cm,type=freetext,color=white,fontsize=20pt,fontcolor=blue}%,voffset=-4.8cm,hoffset=-3.2cm}%

\noindent%
Fonts from the pdfcomment example document:\\[10mm]
\pdffreetextcomment[avatar=standard]{This font is Helvetica (the default)}\\[6mm]
\pdffreetextcomment[avatar=standard,font=LucidaConsole]{This font is LucidaConsole}\\[6mm]
\pdffreetextcomment[avatar=standard,font=Georgia]{This font is Georgia}\\[6mm]
\pdffreetextcomment[avatar=standard,font=PalatinoLinotype]{This font is PalatinoLinotype}\\[6mm]
Fonts considered among the ``14 standard fonts'':\\[10mm]
\pdffreetextcomment[avatar=standard,font=TiRo]{This font is Times-Roman (TiRo)}\\[6mm]
\pdffreetextcomment[avatar=standard,font=Helv]{This font is Helvetica (Helv)}\\[6mm]
\pdffreetextcomment[avatar=standard,font=Cour]{This font is Courier (Cour)}\\[6mm]
\pdffreetextcomment[avatar=standard,font=ZaDb]{This font is ZapfDingbats (ZaDb)}\\[6mm]
\pdffreetextcomment[avatar=standard,font=Symb]{This font is Symbol (Symb)}\\[6mm]
Ad-hoc selection:\\[10mm]
\pdffreetextcomment[avatar=standard,font=lmodern]{This font is Latin Modern}\\[6mm]
\pdffreetextcomment[avatar=standard,font=textcomp]{This font is textcomp}\\[6mm]
\pdffreetextcomment[avatar=standard,font=bogus]{This font is bogus (non-existent yet accepted!)}\\[6mm]
\pdffreetextcomment[avatar=standard,font={Lucida Fax}]{This font is Lucida Fax from fontspec}\\[6mm]
\pdffreetextcomment[avatar=standard,font=calligra]{This font is Calligra}\\[6mm]

\end{document}

The first question is what can be done to make the fonts render correctly in Poppler-based PDF viewers?

The other question: is Poppler the only game in the FOSS town? Or is there a FOSS alternative?

#askfedi #latex