Have you ever wondered what happens to your Android application code when it’s compiled and packaged into an APK? This post takes a deep dive into the Dalvik Executable Format, with a practical example of the structure of a minimal Dex file.

What is a Dex file?

A Dex file contains code which is ultimately executed by the Android Runtime. Every APK has a single classes.dex file, which references any classes or methods used within an app. Essentially, any Activity, Object, or Fragment used within your codebase, will be transformed into bytes within a Dex file that can be run as an Android app.

It can be useful to understand the structure of a Dex file because all these references can take up a lot of space in your application. Using many 3rd party libraries can increase your APK size by megabytes, or worse, lead to the infamous 64k method size limit. And of course, there may come a day where knowledge of Dex files helps you track down unexpected behaviour in your app.

Dexing Process

All the Java source files in an Android project are first compiled to .class files, which consist of bytecode instructions. In a traditional Java application, these instructions would be executed on the JVM. However, Android apps are executed on the Android Runtime, which uses incompatible opcodes, and therefore an additional Dexing step is required, where .class files are converted into a single .dex file.

Because most mobile devices are severely constrained in the amount of memory, processing power, and battery life available, ART offers superior performance to the JVM. One key feature that helps achieve this is that ART performs both Ahead-of-Time and Just-in-Time compilation. This avoids some of the runtime overhead of JIT, while still allowing performance improvements over time as an app is profiled.

How to create a Dex file

A practical example of a Dex file makes this a lot easier to understand. Let’s create a minimal APK that only contains one Application class, as this allows us to understand the file format without being overwhelmed by the thousands of methods that are present in a typical app.

We’ll use Hexfiend to view our Dex file in hexadecimal, as Dex uses some unusual data types to save space. We’ve hidden any null bytes, so empty spaces in the above screenshot actually represent 00.

A Dex file’s Structure

The full structure of our 480-byte Dex file is shown in hexadecimal and UTF-8 below. Some sections are instantly recognisable when interpreted as UTF-8, such as the single BugsnagApp class that we have defined within our source code, and others not so much:

6465780A 30333800 7A44CBBB FB4AE841 0286C06A 8DF19000
3C5DE024 D07326A2 E0010000 70000000 78563412 00000000
00000000 64010000 05000000 70000000 03000000 84000000
01000000 90000000 00000000 00000000 02000000 9C000000
01000000 AC000000 14010000 CC000000 E4000000 EC000000
07010000 2C010000 2F010000 01000000 02000000 03000000
03000000 02000000 00000000 00000000 00000000 01000000
00000000 01000000 01000000 00000000 00000000 FFFFFFFF
00000000 57010000 00000000 01000100 01000000 00000000
04000000 70100000 00000E00 063C696E 69743E00 194C616E
64726F69 642F6170 702F4170 706C6963 6174696F 6E3B0023
4C636F6D 2F627567 736E6167 2F646578 6578616D 706C652F
42756773 6E616741 70703B00 01560026 7E7E4438 7B226D69
6E2D6170 69223A32 362C2276 65727369 6F6E223A 2276302E
312E3134 227D0000 00010001 818004CC 01000000 0A000000
00000000 01000000 00000000 01000000 05000000 70000000
02000000 03000000 84000000 03000000 01000000 90000000
05000000 02000000 9C000000 06000000 01000000 AC000000
01200000 01000000 CC000000 02200000 05000000 E4000000
00200000 01000000 57010000 00100000 01000000 64010000

dex
038zDÀª˚JËAÜ¿jçÒê<]‡$–s&¢‡pxV4dpÑêú¨Ã‰Ï,/ˇˇˇˇWp<init>Landroid/app/Application;
#Lcom/bugsnag/dexexample/BugsnagApp;
V&~~D8{"min-api":26,"version":"v0.1.14"}ÅÄÃ
pÑêú¨ Ã ‰ Wd

At a very high level, Dex files can be thought of as two separate parts. A file header which contains metadata, and a body which contains the majority of the data. A diagram of the file header structure is shown below.

Let’s step through each item in the header sequentially.

Dex File Magic

Many file formats begin with a fixed sequence of bytes that uniquely identify the application used to manipulate them, and Dex is no exception.

6465780A 30333800
dex
038

We can see that the first 8 bytes must contain ‘dex’, and the version number - currently 38 when our targetSdkVersion is API 26.

You may have also noticed that the 4th byte encodes a newline character, and the 8th byte is null. These are validated by the Android Framework to check for file corruption - an APK should refuse to install if this exact sequence isn’t present.

Checksum

The next value is a checksum, which is calculated by applying a function to the contents of the entire file, excluding any bytes preceding the checksum. If a byte within the file was corrupted during download or storage on disk, the calculated checksum won’t match and the Android Framework will refuse to install the APK.

SHA1 signature

FB4AE841 0286C06A 8DF19000 3C5DE024 D07326A2

The header also includes a SHA-1 hash of the file (excluding any preceding bytes). This is used to uniquely identify Dex files, which may be useful in scenarios such as Multidex.

File size

This matches the file size in bytes, and can also be used for validation when reading the Dex file.

The header size should be 112 bytes long.

Therefore we can now highlight all the remaining fields within the header_item.

Endian constant

Dex files support both big endian and little endian encoding. This value equals REVERSE_ENDIAN_CONSTANT, inidicating that this particular Dex file is encoded in little endian, which is the default behaviour.

IDs and Offsets

The remaining values in the file header define the size and location of other data structures which hold identifiers for methods, strings, and other items.

00000000 00000000 64010000 05000000
70000000 03000000 84000000 01000000
90000000 00000000 00000000 02000000
9C000000 01000000 AC000000 14010000
CC000000

These values are summarised in the table below, where size equals the array length, and the offset is the number of bytes from the start of file where this information can be found.

It’s worth noting that link_size and field_ids are both 0, because our app doesn’t statically link any libraries or contain any fields. The map_off structure in the data section largely duplicates this information, in an easier format for Dex file parsing.

As an example, we can see that there are 5 Strings IDs in our Dex file, encoded between bytes 112-132. Each ID at this position also points to an offset within the data section, that encodes the actual value of the String.

Map List

The map_list is a section within the data body which contains similar information to the file header.

With this knowledge, we can use the offsets to resolve the actual information, and determine what our Dex file encodes.

Strings

Enough talk - let’s see something concrete. Let’s find out what the string_ids structure points at.

E4000000 EC000000 07010000 2C010000 2F010000
228,     236,     263,     300,     303

The array encodes 5 integer offsets, which point at the data section.

<init>
Landroid/app/Application;
Lcom/bugsnag/dexexample/BugsnagApp;
V
~~D8{"min-api":26,"version":"v0.1.14"}

If we retrieve these values as UTF-8, we are greeted by a few Java symbols which will look familiar to anyone who has used the JNI before, and also some JSON which indicates D8 created the Dex file. All this business of IDs, offsets, and multiple headers, may seem a bit useless at this point. Why not just encode the string value directly in the header?

Some of the reasoning behind this is that these strings are referenced from multiple points within the Dex file. Providing an ID for each one prevents duplication of information and reduces the overall file size, simplifies parsing as an ID will always be a fixed length, and means values are only accessed when required.

Types

01000000 02000000 03000000
1, 2, 3

Our Dex file defines 3 Java types. Each value here is an index into the previous string_id array - therefore we can determine that the types in our file are as follows:

Landroid/app/Application;
Lcom/bugsnag/dexexample/BugsnagApp;
V

The TypeDescriptor syntax may look somewhat unfamiliar, but the L simply refers to a full class name, and V is the type void. Our types include our custom BugsnagApp class, and the Application class from the Android framework.

Prototypes

03000000 02000000 00000000
3,       2,       0
"V",     V

A method prototype consists of information on the return type of a method, and the number of parameters it takes. The proto_id section uses indices to retrieve the type information, and an offset, which is non-functional in this case as our method doesn’t take any parameters.

Methods

The Method section also uses indices. Each method looks up the class ID where it was defined, the method prototype, and the name of the method from the strings table.

00000000 00000000 01000000 00000000
0,  0,   0,       1,  0,   0

Landroid/app/Application "V" <init>
Lcom/bugsnag/dexexample/BugsnagApp; "V" <init>

The only methods in our Dex file relate to the constructor for BugsnagApp - which is exactly what we’d expect.

Class Defs

This section contains the type, inheritance hierarchy, access metadata, and other class metadata such as annotations and source file indices.

01000000 01000000 00000000 00000000 FFFFFFFF 00000000 57010000 00000000
1,       1,       0,       0,       NO_INDEX,0,       343,     0

This evaluates as a public class Lcom/bugsnag/dexexample/BugsnagApp which inherits from Landroid/app/Application, whose class data is stored from byte 343. The public access modifier is determined from a bit field. Let’s view the class data.

Class Data

The first 4 bytes of our BugsnagApp class data define the number of static and instance fields, along with any direct or virtual methods.

00 00 01 00
0, 0, 1, 0,

01 81 80 04 CC 01 00 00 00
1,          460

Ihere is only one direct method defined in this class. It has an ID of 1, which corresponds to Lcom/bugsnag/dexexample/BugsnagApp; "V" <init>, and a code data offset of 460. If our method was abstract or native, there wouldn’t be a code data offset.

If our class defined fields and other information, more data would be encoded in this section. Incidentally, if the method ID was a value larger than 65,536, we would have encountered the infamous 64k method limit.

Code structure

We’re now analysing the constructor method defined in our class, which has the following structure at the offset of 460:

0100 0000 5701 0000 0010, 0000 01000000 64010000
1,   0,   343, 0,   16,   0    1,       64,1

This corresponds to a register size of 1, 0 incoming arguments, 343 outgoing arguments, and an offset of 16 where debug information is stored.

The most important part however, is the last few bytes. We have an instruction list size of 1, which means that our method has compiled to one opcode: 64010000.

The Dalvik Bytecode table suggests that 64 corresponds to the sget-byte operation on a register, using the field reference index of 1. This seems to match up with our expectation that a singleton BugsnagApp field will be created for our application - but diving deep into Dalvik is a story for another day!

A new Android Compiler - D8

We haven’t touched too much on the compilation process, but our minimal Dex file was created using D8, a new compiler that will be rolled out by default in Android Studio 3.1. It offers performance benefits in the overall file size and build speed, so let’s test those claims.

Benchmarking D8 performance

Let’s create a greenfield app with Android Studio 3.0.1. We’ll add Kotlin Support and a Navigation Drawer, but will otherwise leave all the options as default, generate a signed APK, and view it with the APK Analyzer.

We can retrieve classes.dex from within the APK by unzipping the APK with unzip app-release.apk -d app, then measuring the file size in bytes: stat -f%z app/classes.dex.

Better faster smaller stronger

Our Dex file is approximately 88% of its previous size when compiling with D8. Your mileage may vary, as this is a very simple example project. One other interesting thing to note is that using D8, we appear to have lost the following two method references:

android.view.View#isInEditMode
java.lang.Class#desiredAssertionStatus

These don’t appear to be used at runtime, so could be an optimisation. Please get in touch if you know why these are missing!

Why minification leads to a better app

Enabling minification and obfuscation is the single greatest thing you can do for your app, and now that you’re an expert in the Dex format, you can probably think of some reasons why.

Firstly, stripping out unused Java classes with Proguard will reduce the size of an APK, as the generated Dex file won’t contain unused class definitions and all their associated data which take up space.

Obfuscation will also reduce the Dex file size, as unless you’re the type of developer who names their classes a.a.A and z.z.Z, less characters will be required for each symbol, which will save space overall. Solutions exist for mapping obfuscated stacktraces, which allow you to easily diagnose crashes within your app.

Finally, a smaller Dex file leads to a smaller APK, which means users spend less on mobile data, and are less likely to give up on a download. If you offer an Instant App, then the hard limit of 4Mb means keeping APK size low is a big consideration.

Would you like to know more?

Hopefully this has helped you understand Dex files, which are about to get a lot smaller with the advent of D8. If you have any questions or feedback, please feel free to get in touch.

Bugsnag automatically monitors your applications for harmful errors and alerts you to them, giving you visibility into the stability of your software. You can think of us as mission control for software quality.

Try Bugsnag’s Kotlin exception reporting.

Today I am excited to announce the availability of the 7th generation of the Ubuntu-based XPS 13 developer edition.  Project Sputnik’s latest and greatest system is now simultaneously available in Europe, Canada and the United States.

The new XPS 13 developer edition (9370)features the 8th Generation Intel Quad Core, a brand new chassis, an improved display and smaller borders.

The 9370 is even thinner, lighter and smaller than its already svelte predecessor, the 9360. (Note, the 9370 does not replace the 9360, as the two will coexist.)  If you want more detailed specs, please scroll down dear reader. Before we get to the product details however, here’s a quick Project Sputnik backgrounder.

Project Sputnik, a recap

It all started back in 2012 with the wacky idea of creating a high-end Linux laptop targeted at developers.   An internal innovation fund gave the scrappy project team a little bit of money and six months to see if this idea would fly.

From day one, project Sputnik publically solicited input from the developer community.  It was this input and the tremendous community support that pushed the effort from project to a product.

The initial XPS 13 developer edition, available only as one configuration, debuted on November 29, 2012.  Fast forward five years and not only are we announcing the 7th generation of that initial product but the project itself has now expanded to become a full line of developer-targeted systems.

US and Canadian configurations

In North America, as mentioned above, the new XPS 13 developer edition is available in both the US and Canada.  The following are the available configurations in the two countries (Note: the links below point to the US configurations).

CPU | Memory | Storage | Display

European configurations

As of today, the new XPS 13 developer edition is available online in Europe in the following countries:

UK, Ireland, Germany, Austria, France, Italy, Spain, Switzerland (French and German), Belgium, Netherlands, Sweden, Norway, Denmark.

Beyond the thirteen countries above, there is a much longer list of countries where the 9370 is available offline.  (I’ll be posting this list in the next few days.)

The following configurations are available both online and offline.

CPU | Memory | Storage | Display

• i7 | 16GB |      1TB | UHD touch (3840 x 2160)
• i7 | 16GB | 512GB | UHD touch (3840 x 2160)
• i7 | 16GB | 512GB | FHD non-touch (1920 x 1080)
• i7 |  8GB | 256GB | FHD non-touch (1920 x 1080)

9370 Specifications

Here’s a bit more detail behind the system specs.  These options are available as noted above.

• 8th Generation Intel® Quad Core™, i5 (US and Canada only) and i7 versions
• Memory options: 4GB, 8GB or 16GB Dual Channel SDRAM
• Storage options: 128GB, 256GB, 512GB or 1TB
• Ports
  • 2x Thunderbolt™ 3
  • Noble lock slot
  • Headset jack
  • DC-In & DisplayPort 1x USB-C 3.1
  • MicroSD card reader
• Display options
  • UltraSharp 4K Ultra HD (3840×2160) InfinityEdge touch display
  • FHD (1920 x 1080) InfinityEdge display
• Ubuntu 16.04 LTS preloaded
• 1 year ProSupport

Who’d a thunk it

I gotta admit that five years ago the team and I would never have thought that we would be posting a blog announcing the 7th generation of the XPS 13 developer edition.  The thought of even a third generation would have bogled our minds.

Five years ago, thanks to the support of the community, Project Sputnik reached escape velocity.  This support, input and direction has not only continued but has grown over the last five years, enabling the Sputnik team to stop focusing on survival and instead focus on supporting a broader range of developer needs.

As we go forward, please keep driving us by sharing your input and experiences, be they be good, bad or ugly. 🙂

Thanks!

Barton

Extra-credit reading

• Line up — New XPS 13 developer edition —  (9370)
• Line up — XPS 13 developer edition — (9360)
• Project Sputnik Turns Five! – November 29, 2017
• 2012 — year one

Pau for now…

This entry was posted on Thursday, January 4th, 2018 at 10:54 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

At Thread one of our core beliefs is that technology allows for great change. This is important to our product, but it’s also important to how we work internally.

Because of this way of working, we try to represent everything in data—products, measurements, styles, suppliers, locations in our warehouse, support ticket resolutions, and many more things that you’d never even think about.

All of these data models come with a cost of needing a way for those in the company who use them to maintain the data. This means building editing interfaces, with validation, database design, and front-end work. Often we just don’t have time to do this—new features are higher priority, and besides, a engineer can just update a few data files when needed right?

While this is a much quicker solution in the short term, an engineer will have to context switch out of their work, watch the release go out and make sure nothing goes wrong—that all hurts productivity. Perhaps more importantly though, the person who needs the data updated now no longer has ownership of the whole process and are reliant on someone else’s schedule.

Ultimately this process can be useful to get a feature out of the door quickly, but causes far too much friction to work long term.

A better solution

I remember when GitHub first launched their web editor — I wasn’t impressed. Why would anyone edit code in a web browser? Why would I use an editor that could only change one file per commit? Well years later I’ve realised that I am not the target market for the editor.

At Thread we now regularly teach those outside of the engineering team how to contribute to our codebase via the GitHub web interface, so that they are in control of updating data they need to work effectively.

We have now had more contributors to our main codebase who are in non-technical roles, than all engineers and contractors who have contributed over the years.

Has it worked?

As a engineer on the product team, I’m able to focus my efforts on building features that will benefit our customers and move metrics, rather than on building more CRUD interfaces. I’m also able to ship A/B tests faster as we can often skip the internal tooling for the test version in favour of editing data through data files to begin with. When we get to the delivery phase of a project we can then put the time into the editing interfaces as we’ll not only have an idea of the value of the feature, but also have a better idea of how our internal users would like the interfaces to work.

It’s also not limited to data files; many pages on thread.com are essentially static HTML, pages like our delivery FAQ, returns policy, or terms and conditions. By learning how to use GitHub, our operations team can keep these up-to-date without asking for help. Our talent team are also able to edit our jobs site, reacting on a daily basis to common questions that come up when talking to candidates.

All of this means that our team members outside of the engineering team are able to have much more ownership over their work, and have less friction to make the changes their experience tells them is necessary.

How do we do it?

The first thing we do is run GitHub tutorials every now and again when we have a few new starters to teach. We cover the basics of what a repository is, comparing it to document revision histories on Google Docs, what it means to commit a file, and what a branch is. We only talk about these in high level ways as we don’t cover the command line interface at all in our current tutorial format.

Next up we go through how to edit a file on the GitHub web interface, how to write a commit message, what a pull request is, and what the build status reporting from Jenkins means.

Lastly we ask non-technical contributors to pick an engineer who is available on Slack to hit the merge button once the build is green.

Issues we’ve encountered

On balance we feel this is a huge win for the team as a whole, and we’re planning to continue the training and encourage more contributors as we grow, but we have changed our process slightly as this has evolved.

Firstly, we’ve used GitHub roles and locked branches to prevent accidental commits to master. For someone who isn’t as familiar with version control and branches in particular, the GitHub web interface isn’t particularly clear about when a commit is going on to the master branch or a new branch. At Thread our master branch is continuously deployed with no manual intervention required, which resulted in several commits going out that broke the site and caused downtime.

As for all downtime issues, we ran a blameless 5 Whys and realised that while in hindsight we could have caught these issues with unit tests run before deployment, we likely wouldn’t catch everything and so introducing protected branches to encourage code review was a lightweight way to solve the problem.

Secondly, somewhat in response to this issue, we have started to write some unit tests that just sanity-check the structure of the data in data files, or to check that all of our Django template files successfully parse as valid templates. Particularly in the case of the data files, these wouldn’t normally be something we’d expect to test, but as we now want the files to be editable by people without a knowledge of the code, they can be handy in catching simple mistakes.

Lastly, as we’re typically using Python for our data files, we’ve found that the syntax isn’t particularly intuitive and can take some getting used to. To address this, we’ve written documentation with a little more detail than if it were written for an engineer. This documentation is also in the repo and editable by everyone, so we encourage non-engineers to update and clarify the instructions as they learn, and to teach each other how to edit certain parts of the site.

Moving forward

We consider this experiment to be a success and will be continuing it for the foreseeable future. Where we’re designing data files to be editable, we’re going to try including detailed instructions in the files themselves, possibly including copy/pasteable examples.

We already try to make our test failures have informative error messages with details on how to fix where we can, but due to the complexity of interpreting test output we don’t currently expose Jenkins to non-technical team members, even though they can technically log in with single-sign-on. This is perhaps the next opportunity we have to improve the contribution experience and something we might trial in the next batch of new starters who go through the tutorial.

This is a high level post about algorithms (especially mathematical, scientific, and data analysis algorithms) which I hope can help people who are not researchers or numerical software developers better understand how to choose and evaluate algorithms. When scientists and programmers think about efficiency of algorithms, they tend to think about high level ideas like temporary arrays, choice of language, and parallelism. Or they tend to think about low level ideas like pointer indirection, cache efficiency, and SIMD vectorization. However, while these features matter, most decent implementations of the same algorithm tend to get quite close in efficiency to each other (probably What does my algorithm know about my problem?

Let me highlight one of the biggest success stories in numerical analysis: solving linear systems. The problem is simple, for what values of does ? Most people learn early on in their math career that you solve this via Gaussian elimination which is a very nice algorithm. In fact, as far as we know right now, solving linear systems has the same asymptotic complexity as matrix multiplication which is currently . This grow pretty fast, but is it all a game of who can write the most efficient general linear solver?

Not even close. The algorithm complexity is the worst case scenario, but in most applications you actually aren't in "the worst case". MATLAB's backslash (A\b) operator solves the linear system , but what algorithm does it use? Well, Mathworks describes it with a picture:

(picture credit to Mathworks, this is linked directly to their documentation)

Do you think that's it? If so, then you're wrong. That's only when the matrix is full/dense. If it's a sparse matrix, then there's another algorithm for it:

(picture credit to Mathworks, this is linked directly to their documentation)

Julia's backslash operator is similar, but what's cool is you can actually inspect Julia's source code and see exactly what it's doing. But it's the same idea. This kind of algorithm is known as a polyalgorithm since it's many different algorithms together. The algorithm starts by checking what kind of type the matrix is and then performing a specialized algorithm on that type, and if no specialized algorithm exists, falls back to Gaussian elimination through a pivoted QR-factorization.

Why would you write an algorithm like this? The trivial answer is because it's faster. If you know the matrix is diagonal then the solution is a element-wise division by the diagonal. If you know the matrix is positive-definite then you can use a Cholesky decomposition to solve the equation which takes about half of the operations of Gaussian elimination. However, I think it's better to realize the common thread here. The diagonal method is faster because it knows about properties of diagonal matrices and uses them. The Cholesky decomposition is faster because it utilizes details about positive-definite matrices in order to get rid of possible operations.

These specialized algorithms are fast because they use more "information" about the problem

And that's only the start of this entire field of mathematics known as numerical linear algebra. There are iterative methods which can also be used. (Dense) Matrix factorizations are dense and thus require the same amount of memory as the full matrix itself (though some sparse matrix factorizations similarly need the memory for non-zero elements and maybe some more). Iterative solvers require only the ability to do and thus are much more memory efficient and can scale well on sparse matrices. This also makes them easily to parallelize across large clusters and thus are the method of choice for large solving large sparse systems that arise from things like PDEs. Even then, you can still make it more efficient by choosing a preconditioner, but good choices of preconditioners are dependent on, you guessed it, properties of your or the equation it is derived from.

As you can see, every significant step of this tool chain is about baking more information about the problem into the solution methods. This is why I would suggest that one thinks about the amount of information an algorithm contains about a problem since that's where the true gains are. Let's take another example.

Are neural networks "efficient"?

If there's one area of computational data science that everyone is excited about right now, it's neural networks. The quickest way to explain a neural network is that it is a computationally efficient way to approximate any mapping from inputs to outputs, . The that it creates uses a lot of matrix multiplies which are easy to GPU-parallelize, and the deep in "deep neural networks" simply is the application of more matrix multiplies to get a better approximation of . Movie recommendations are where you take in x = (data about movies the person previously watched) and then y = (the score that you think they'd give to other movies), and you use enough data to get a good enough approximation for the movies they would like and spit out the top few. Classification problems like "does this picture contain a bird?" is just about creating a mapping between x = (a picture represented by its pixel brightness), to y = 1 or 0 (yes or no: it contains a bird). You train this on enough data and it's correct enough of the time. Amazing, right?

The next question people like to ask is, what neural network frameworks are good for these problems? TensorFlow, PyTorch, KNet.jl will all auto-GPU you things for you and in the end all give around the same performance. Of course, package developers will fight over these 2x-5x differences over the next decade, showing that their internal setup is good for these problems, while others will show it's not good for these other problems. But what this doesn't tell you is whether you should be using a neural network in the first place.

(Yes, you can use these computational tools for things other than neural networks, but let's ignore that for now)

If you think about the point of this blog post, it should trigger something in you. I mentioned that neural networks can approximate any function ... so what does the neural network "know" about the problem? Pretty much nothing. The reason why neural networks are popular is because they are a nice hammer that you can use on pretty much any problem, but that doesn't mean it's always good. In fact, because you can use a neural network on any problem it pretty much implies that it won't be great on any problem. That's the fundamental trade off between specificity and generality! My friend Lyndon White displayed this very nicely when he showed 7 different ways to solve a classification problem in Julia. Notice that the neural network method is dead last in efficiency. Neural networks aren't bad, but they just don't know anything about a problem. If the problem is linear, then a linear regression or linear SVM will DDDDOMINATE on the problem! If it's a classification problem, then algorithms which incorporate knowledge about what a classification problem means, more so than "spit out y in [0,1] via sigmoid and say yes if y is greater than some threshold", will do better. For this domain, it includes things like decision trees. For movie recommendation problems, factorization machines more succinctly capture our internal model of how a user's movie ratings should be related, and thus it's no surprise that they tend to win most of the Netflix prize type of competitions.

Note that neural networks can be made problem-specific as well. Convolutional neural networks are successful in image processing because they add an extra constraint about the relations of the data, specifically that small "stencils" of the larger matrix (i.e. groups of nearby pixels) should be interrelated. By adding that kind of information into the structure of the neural network and its optimization algorithms, this then becomes a very efficient tool for tasks where the data has this structure.

So neural networks are not useless even though they are not always efficient. They are extremely useful since they can be applied to pretty much any problem. But the general neural network architectures (like deep feed-forward neural networks) lack knowledge about the specific problems they are approximating, and so they cannot hope to be as efficient as domain-optimized algorithms. How do you make them better? You introduce ideas like "memory" to get recurrent neural networks, and it's no surprise that the research shows that these methods are more efficient on problems which have some memory relation. But the generality of neural networks leads me to my favorite example.

Algorithm specificity for differential equations (okay, this goes into more depth!)

I spend my time developing new methods for (stochastic) differential equations and developing differential equation solving software. There are hundreds and hundreds of different algorithms for finding the function whose derivative satisfies where is the data given by the user starting to and ending at (this is the definition of an ODE BTW. If this is new to you, think I'm given a model which describes how things change and I want to compute where I will be in the future). And again, solving this problem efficiently is all about incorporating more information about the problem into the solver algorithm.

Just as a interesting note, you can solve a differential equation with a neural network, but it's not good. I was hoping that the efficiency gained by using optimized GPU-libraries would be enough to overcome the efficiency lost by not specifying on the problem, but it wasn't even close and the end result was that it was difficult for a deep neural network to solve non-stiff nonlinear problems like the Lotka-Volterra equations which standard differential equations software solve in microseconds. But what's more interesting is why it failed. The neural network simply failed to understand the temporal dependencies of the problem. If you look at the failed solutions on the blog post, you see what happens is that the neural network doesn't know to prioritize the early time points because, well, it's obvious in a temporal model that if you are wrong now then you will be wrong in the future. But the neural network sees each time point as an unconnected matrix and from there the problem becomes much harder. We could try convolutional nets or recurrent nets, or bias the cost function itself, but this is still trying to get around "the information problem" which differential equations don't have.

With a differential equation, we are modeling reality. In many cases, we know things about that reality. We might know that the trajectory of our rocket is smooth (it has all derivatives), and so we can develop high order algorithms which require 9 derivatives of the user's and it's not surprise that these Vern algorithms benchmark really well. But is it the best integrator? No, there's no such thing. First of all, these methods are only for "non-stiff" ODEs, that is an ODE which has a single timescale. If there are multiple timescales, then one can show that these are "unstable" and require a very small time step. So what's the best algorithm?

What I try to highlight in the post on differential equation libraries is that a large choice of methods is essential to actually being efficient. For example, many only have a few integrators, any in many cases this is simply multistep methods (because integrators like LSODE and VODE, provided in ancient Fortran code, have an option to change between stiff and non-stiff problems). But are these actually good methods? That's not a good way to look at it. Instead, look at what these multistep methods mean. The form for the BDF2 method is:

What are the advantages of this algorithm? Well, because it uses two past data points (assume you already know and and want ), you only have to solve an implicit function for the variable . If the cost of evaluating the function is high (as is the case for example with large PDE discretizations), then you want to evaluate it less so this does well! Since this only has a single call per update, that's doing quite well.

However, it made a trade off. In order to decrease the number of function evaluations, it requires more than one previous data point. It also requires that "nothing happened" between those two points. If you have some discontinuity for example, like modeling a ball when it bounces or modeling the amount of chemicals in a patient and you give a dose, then the previous data is invalid. Adaptive order algorithms like LSODE or CVODE go back to the more error prone backwards Euler method

to compute one small step (it has to be small to make the error low since the error is ), then uses that step as the previous step in a BDF2, then goes up to BDF3 etc., where each higher method requires more previous data and has a lower error order. But if you're hitting events quite often (Pk/Pd simulations where a drug dose happens every few hours), notice that this is really really bad. Like, awful: you might as well just have had an implicit Euler scheme!

And not only that, the assumption that this method is efficient requires that is costly. Other methods, like Rosenbrock or (E)SDIRK methods, make the trade off to take more evaluations of to get less error, and in turn use this decreased error to take larger time step (and thus less steps overall). And so it's not surprise that these methods benchmark better on small system and even "medium sized systems", while the BDF method benchmarks as more efficient on larger systems with a more expensive function evaluation (the Rosenbrock methods are things like Rosenbrock23 and Rodas4, and the BDF method is CVODE_BDF). Again, this is nothing more than incorporating more details about the problem into the choice of solution method.

This is why having a wide variety of methods which incorporate different types of problem information is really what matters for efficiency. IMEX methods are a great example of this because instead of the user specifying a single ODE , the user specifies two functions where one of the functions is "stiff" (and thus should be solved implicitly by things like Rosenbrock or BDF methods) while the other is "non-stiff" (and thus should be solved by explicit methods like the Verner method). By specifying this split form, libraries like ARKODE or DifferentialEquations.jl can utilize algorithms which incorporate this information and thus will be more efficient than any of the previously mentioned methods on appropriately split problems. Another example are symplectic integrators which incorporate the mathematics of the underlying symplectic manifold into the solver itself, for problems which have a symplectic manifold. What kinds of problems lie on a symplectic manifold? Well, those arising from second order differential equations and physical Hamiltonians like N-body problems of astrodynamics and molecular dynamics. These methods, by utilizing a fundamental property of the problem specification, can noticeably reduce the amount of drift in the energy and angular momentum of the approximated solution and make the resulting simulations closer to reality. The changes an algorithm choice can make can be orders of magnitude. In the paper I showed earlier on methods for stochastic differential equations, incorporating the idea of time correlation and interpolation of Brownian motion (the Brownian bridge) to build an adaptive method resulted in an average of 100,000x less time steps to compute solutions to the SDE, so much that I couldn't even benchmark how long it would take for algorithms which didn't make use of this because they could not finish! (In my next paper, I am able to estimate that it would take almost 6 years to solve this problem vs the 22 seconds we're at now). Choice of language, cache efficiency, etc. pale in comparison to proper algorithm choice.

The Julia Programming Language

I hope I am getting across the point that the way to evaluate algorithms is by the information they use about the problem. This way of thinking about algorithms extends very far. I show in another blog post that the Julia programming language achieves C/Fortran levels of efficiency because it allows the LLVM compiler to have total type information about your program, as opposed to more dynamic languages like R/MATLAB/Python. Julia is specifically designed so that compilers can at compile-time compute as much type information as possible to essentially build the C code you would have written. When you understand the information that is being optimized on, these performance differences aren't magical anymore: it's just using more information, more specificity, and getting more performance out because of that.

In fact, I have to put a little blurb out here for the Julia programming language as well. Its multiple dispatch and abstract typing system is a very nice way to organize algorithms by their information. Let's take how Julia's linear algebra works. For a standard dense matrix, the backslash operator internally calls factorize(::AbstractMatrix) (and A_ldiv_B!, which is an inplace way of writing A\b) which I showed above is a polyalgorithm. But if you call factorize on some special matrix type, like a Diagonal or Tridiagonal matrix, it uses a specialization of factorize or A_ldiv_B! to perform the most efficient algorithm for that type of matrix. Then in user codes and packages, other people can define a matrix type MyMatrix <: abstractmatrix="" and="" overload="" factorize="" or="" a_ldiv_b="" to="" be="" efficient="" for="" their="" matrix="" type.="" then="" in="" my="" algorithm="" like="" a="" differential="" equation="" solver="" which="" uses="" linear="" algebra="" under="" the="" hood="" i="" can="" simply="" call="" julia="" will="" pick="" most="" form="" based="" on="" type="" that="" currently="" have="" if="" method="" was="" defined="" package="" do="" not="" depend="" this="" means="" generic="" code="" type-insensitive="" code:="" don="" know="" types="" just="" without="" caring="" what="" kind="" of="" it="" is="" made="" more="" by="" user="" specifying="" problem="" information="" dispatches.="" result="" system="" with="" multiple="multiple" dispatch="" doesn="" let="" compilers="" get="" but="" also="" makes="" easy="" developers="" pass="" along="" specializations="" tern="" customize="" other="" solvers.="" so="" your="" may="" rosenbrock23="" gmres="" iterative="" use="" actual="" jacobian="" because="" class="MathJax_Preview"> can be computed directly from a function call (this is quite common in PDEs), and you don't need to re-write your own. Instead you can make my generic Rosenbrock23 algorithm compile a code which does that... even though it was never written to know what kind of method factorize should be. This kind of "opening up of the black box" and being able to optimize pieces of it via information injection for your specific problem is a powerful tool for optimizing numerical algorithms to large scale problems. Given this post I hope it's easy to understand why I think this will (and already has started to) lead to a new generation of efficient implementations. (Okay okay, you can do generic programming with C++ templates, but you can't make me do it! Look at this "gentle introduction" and you'll be in my boat asking for a high-level language designed to have that information in mind, and I'll point you to Julia)

Moral of the story

Getting your perfect caches lined up is small potatoes. BLAS and LAPACK are well-known super fast Fortran linear algebra libraries. They are extremely fast not just because they are bit twiddling with assembly (though they are), but they are super fast because they incorporate information about floating point precision and use that to their advantage. Neural networks, ODE solvers, etc. are all just tools for problems. The more specific they are to the problem you're trying to solve, the more efficient they can be. So next time you're looking to optimize some numerical codes, don't ask "what can I do to make the computation more clean/efficient", ask "what information about the problem is the solution method not using?" That's where the big potatoes come from.

Related

It would be fun to use the Otamatone in a musical piece. But for someone used to keyboard instruments it's not so easy to play cleanly. It has a touch-sensitive (resistive) slider that spans roughly two octaves in just 14 centimeters, which makes it very sensitive to finger placement. And in any case, I'd just like to have a programmable virtual instrument that sounds like the Otamatone.

What options do we have, as hackers? Of course the slider could be replaced with a MIDI interface, so that we could use a piano keyboard to hit the correct frequencies. But what if we could synthesize a similar sound all in software?

Sampling via microphone

We'll have to take a look at the waveform first. The Otamatone has a piercing electronic-sounding tone to it. One is inclined to think the waveform is something quite simple, perhaps a sawtooth wave with some harmonic coloring. Such a primitive signal would be easy to synthesize.

A friend lended me her Otamatone for recording purposes. Turns out the wave is nothing that simple. It's not a sawtooth wave, nor a square wave, no matter how the microphone is placed. But it sounds like one! Why could that be?

I suspect this is because the combination of speaker and air interface filters out the lowest harmonics (and parts of the others as well) of square waves. But the human ear still recognizes the residual features of a more primitive kind of waveform.

We have to get to the source!

Sampling the input voltage to the Otamatone's speaker could reveal the original signal. Also, by recording both the speaker input and the audio recorded via microphone, we could perhaps devise a software filter to simulate the speaker and head resonance. Then our synthesizer would simplify into a simple generator and filter. But this would require opening up the instrument and soldering a couple of leads in, to make a Line Out connector. I'm not doing this to my friend's Otamatone, so I bought one of my own. I named it TÄMÄ.

I soldered the left channel and ground to the same pads the speaker is connected to. I had no idea about the voltage range in advance, but fortunately it just happens to fit line level and not destroy my sound card. As you can see in the background, we've recorded a signal that seems to be a square wave with a low duty cycle.

This square wave seems to be superimposed with a much quieter sinusoidal "ring" at 584 Hz that gradually fades out in 30 milliseconds.

Next we need to map out the effect the finger position on the slider has on this signal. It seems to not only change the frequency but the duty cycle as well. This happens a bit differently depending on which one of the three octave settings (LO, MID, or HI) is selected.

The Otamatone has a huge musical range of over 6 octaves:

In frequency terms this means roughly 55 to 3800 Hz.

The duty cycle changes according to where we are on the slider: from 33 % in the lowest notes to 5 % in the highest ones, on every octave setting. The frequency of the ring doesn't change, it's always at around 580 Hz, but it doesn't seem to appear at all on the HI setting.

So I had my Perl-based software synth generate a square wave whose duty cycle and frequency change according to given MIDI notes.

FIR filter 1: not so good

Raw audio generated this way doesn't sound right; it needs to be filtered to simulate the effects of the little speaker and other parts.

Ideally, I'd like to simulate the speaker and head resonances as an impulse response, by feeding well-known impulses into the speaker. The generated square wave could then be convolved with this response. But I thought a simpler way would be to create a custom FIR frequency response in REAPER, by visually comparing the speaker input and microphone capture spectra. When their spectra are laid on top of each other, we can read the required frequency response as the difference between harmonic powers, using the cursor in baudline. No problem, it's just 70 harmonics until we're outside hearing range!

I then subtracted one spectrum from another and manually created a ReaFir filter based on the extrema of the resulting graph.

Because the Otamatone's mouth can be twisted to make slightly different wovels I recorded two spectra, one with the mouth fully closed and the other one as open as possible.

But this method didn't quite give the sound the piercing nasalness I was hoping for.

FIR filter 2: better

After all that work I realized the line connection works in both directions! I can just feed any signal and the Otamatone will sound it via the speaker. So I generated a square wave in Audacity, set its frequency to 35 Hz to accommodate 30 milliseconds of response, played it via one sound card and recorded via another one:

The waveform below is called the step response. The simplest way to get a FIR convolution kernel is to just copy-paste one of the repetitions. Strictly, to get an impulse response would require us to sound a unit impulse, i.e. just a single sample at maximum amplitude, not a square wave. But I'm not redoing that since recording this was hard enough already. For instance, I had to turn off the fridge to minimize background noise. I forgot to turn it back on, and now I have a box of melted ice cream and a freezer that smells like salmon. The step response gives pretty good results.

One of my favorite audio tools, sox, can do FFT convolution with an impulse response. You'll have to save the impulse response as a whitespace-separated list of plaintext sample values, and then run sox original.wav convolved.wav fir response.csv.

Or one could use a VST plugin like FogConvolver:

A little organic touch

There's more to an instrument's sound than its frequency spectrum. The way the note begins and ends, the so-called attack and release, are very important cues for the listener.

The width of a player's finger on the Otamatone causes the pressure to be distributed unevenly at first, resulting in a slight glide in frequency. This also happens at note-off. The exact amount of Hertz to glide depends on the octave, and by experimentation I stuck with a slide-up of 5 % of the target frequency in 0.1 seconds.

It is also very difficult to hit the correct note, so we could add some kind of random tuning error. But turns out this is would be too much; I want the music to at least be in tune.

Glides (glissando) are possible with the virtual instrument by playing a note before releasing the previous one. This glissando also happens in 100 milliseconds. I think it sounds pretty good when used in moderation.

I read somewhere (Wikipedia?) that vibrato is also possible with Otamatone. I didn't write a vibratio feature in the code itself, but it can be added using a VST plugin in REAPER (I use MVibrato from MAudioPlugins). I also added a slight flanger with inter-channel phase difference in the sample below, to make the sound just a little bit easier on the ears (but not too much).

Sometimes the Otamatone makes a short popping sound, perhaps when finger pressure is not firm enough. I added a few of these randomly after note-off.

Working with MIDI

We're getting on a side track, but anyway. Working with MIDI used to be straightforward on the Mac. But GarageBand, the tool I currently use to write music, amazingly doesn't have a MIDI export function. However, you can "File -> Add Region To Loop Library", then find the AIFF file in the loop library folder, and use a tool called GB2MIDI to extract MIDI data from it.

I used mididump from python-midi to read MIDI files.

Tyna Wind - lucid future vector

Here's TÄMÄ's beautiful synthesized voice singing us a song.

Over the years we’ve seen customers do some very exciting things with preemptible resources: everything from solving problems in satellite image analysis, financial services, questions in quantum physics, computational mathematics and drug screening.

"Preemptible GPU instances from GCP give us the best combination of affordable pricing, easy access and sufficient scalability. In our drug discovery programs, cheaper computing means we can look at more molecules, thereby increasing our chances of finding promising drug candidates. Preemptible GPU instances have advantages over the other discounted cloud offerings we have explored, such as consistent pricing and transparent terms. This greatly improves our ability to plan large simulations, control costs and ensure we get the throughput needed to make decisions that impact our projects in a timely fashion." 

— Woody Sherman, CSO, Silicon Therapeutics 

For more details on Preemptible GPU resources, please check out the preemptible documentation, GPU documentation and best practices. For more pricing information, take a look at our Compute Engine pricing page or try out our pricing calculator. If you have questions or feedback, please visit our Getting Help page.

To get started using Preemptible GPUs today; sign up for Google Cloud Platform and get $300 in credits to try out Preemptible GPUs.

Eero, the mesh Wi-Fi router startup, has laid off 20 percent of its workforce (about 30 employees), TechCrunch has learned. Eero confirmed about 30 employees were let go but declined to comment on its total workforce size.

“Our goal is to provide perfect WiFi in every home,” an Eero spokesperson said in a statement to TechCrunch. “Over the past year we explored several related projects, and we’ve now made the tough decision to eliminate one new project in favor of greater focus on our core business. We do not take this lightly, and unfortunately this shift means about 30 colleagues will no longer be working at eero. We will continue our work to make eero the most reliable, secure, and easiest home WiFi solution.”

Eero, which first launched in 2015, aims to change the way we think about wireless routers. Last year, Eero unveiled two new hardware products, a next-generation Eero with triband WiFi and the Eero Beacon, which plugs directly into wall sockets in places where it’s inconvenient to have a corded product.

In July, Eero acqui-hired startup Thington, a home management app founded by Dopplr founder Matt Biddulph and former Yahoo Brickhouse Head of Product Tom Coates.

Eero has raised $90 million from First Round Capital, Menlo Ventures, AME Cloud Ventures, Initialized Capital, Homebrew Ventures and others. Its most recent round came in May 2016 with $50 million in funding.

README.md

v2.auth.eyJkYXRhIjoidGhpcyBpcyBhIHNpZ25lZCBtZXNzYWdlIiwiZXhwIjoiMjAzOS0wMS0wMVQwMDowMDowMCJ9VpWy4KU60YnKUzTkixFi9foXhXKTHbcDBtpg7oWllm8

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ 

{"alg": "HS256","typ": "JWT"
}

{"sub": "1234567890","name": "John Doe","admin": true
}

TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

Introduction

Want to design embroidery pattern files (PES, DST, etc) using free, open source software? Hate all the other options? Try this one.

I received a really wonderful christmas gift for a geeky programmer hacker: an embroidery machine. It’s pretty much a CNC thread-bot… I just had to figure out how to design programs for it. The problem is, all free embroidery design software seemed to be terrible, especially when you add in the requirement of being able to run in Linux, my OS of choice.

So I wrote one.

Okay, not really. I’m pretty terrible at GUIs, but I found this nifty inkscape extension that was created and hacked on by a couple of other folks. It was pretty rudimentary, but it got the job done, and more importantly, it was super hackable. I hacked the hell out of it, and at this point ink/stitch is a viable entry-level machine embroidery design tool.

“Quick” Setup On Ubuntu 16.04 (and derivative Linux distributions)

Download the extension’s archive file and unpack the zip archive. Then, on a terminal, run the installation (and update) script from the archive’s bin directory by first changing into that directory with cd <path_to_the_archive>/inkstitch-master/bin and then entering the command sh install_ink_embroidery_Ubuntu.sh. The script will ask for your password to be able to install new software, remove any Inkscape snap packages that may be installed, and to update Inkscape to the current version. Intermittently, it will require you to confirm a step by hitting Enter, or typing in ‘y’ or ‘yes’. Restart Inkscape after the script has executed to see the changes take effect. You can also run the script again when you later want to update the extension (and Inkscape).

To also install the optional conversion program, run sh install_libembroidery-convert.sh in the same directory. This script will also ask your password in order to be able to install the necessary dependencies.

Not tested with Ubuntu versions other than 16.04. If you try it out, please let us know how it went.

Continue reading in the “Usage” section.

Manual Setup

To use this tool, you’re going to need to set it up. It’s an inkscape extension written as a Python file. Once you get it working, you’ll need to learn how to design vectors in the way that ink/stitch expects, and then you can generate your design files.

Inkscape

First, install Inkscape if you don’t have it. I highly recommend version 0.92 or greater, which has a really key feature: the Objects panel. This gives you a heirarchical list of objects in your SVG file, listed in their stacking order. This is really important because the stacking order dictates the order that the shapes will be sewn in.

Versions 0.92.2 and higher let you bind a key to new commands, “stack up” and “stack down”, which I assign to pageup and pagedown. These let you arbitrarily reorder objects in the SVG file, which lets you directly manipulate which order they stitch in. It works way better than the default “raise” and “lower” commands.

Python Dependencies

A few python modules are needed. In some cases this extension uses features that aren’t available in the versions of the modules pre-packaged in distributions, so I recommend installing them directly with pip:

pip install -r requirements.txt

Extension installation

1. Clone the extension source: git clone https://github.com/lexelby/inkstitch
2. Install it as directed here

I prefer to symbolically link into my git clone, which allows me to hack on the code. Changes to the Python code take effect the next time the extension is run. Changes to the extension description files (*.inx) take effect the next time Inkscape is restarted

Optional: conversion program

The extension can output machine embroidery design files directly in Melco format. I don’t even know what that is, so I don’t use it. I prefer to use the CSV output format which can be consumed by another awesome open source project: Embroidermodder2. In theory, this project was going to be exactly what I wanted. In practice, it never got funded on Kickstarter and it’s largely incomplete.

However, it contains a really awesome core library that knows pretty much every machine embroidery format and how to convert between them. I use it to convert the CSV files that ink/stitch outputs into the PES files that my SE400 uses.

Grab the source: git clone https://github.com/Embroidermodder/Embroidermodder. Build just libembroidery-convert using the instructions in “3)” in the Embroidermodder build docs. You can then use it like this: ./libembroidery-convert your-file.csv your-file.pes.

Since the CSV + libembroidery-convert method is the only method I use, it’s the one I’ll assume from here on. I’m not even sure if the other output formats from ink/stitch still work (or ever worked).

Usage

Basic Usage

First things first: I’m going to assume you know a few embroidery terms like “fill stitch” and “satin”. Look those up if you’re mentally 404ing, then come back here. I’m not going to assume you know some of the more advanced terms, because I had to learn all that when I started this project, so I might as well teach you too.

1. Open up Inkscape and create a rectangle.
2. Make sure it has both a stroke and a fill.
3. Convert it to a path using Path -> Object to Path (because ink/stitch doesn’t understand rectangles, circles, and the like, and ignores them).
4. Run Extensions -> Embroidery -> Embroider. Use the default settings.

The rectangle you made will disappear and be replaced with some stripes and zig-zags. ink/stitch has hidden all of your layers and created a new one called Embroidery, in which it has palced a visual representation of the stitch plan it created. It has interpreted your shape as two instructions: Fill and Stroke. Fill is implemented using fill stitching, and Stroke is implemented by running satin stitching along the outline.

Select the horizontal lines using the “Edit Paths by Nodes” tool. Zoom in a bit and you’ll see that the lines are actually made up of lots of points. Each point represents one stitch – one needle penetration and interlocking of the top thread with the bobbin thread. Notice how the points all line up nicely in diagonals. This will give the fill stitching a nice, orderly visual appearance.

Now look at the zig-zags. These are the satin stitches. Note that the corners look pretty ugly. This is because satin stitches generated from a shape’s stroke are pretty rudimentary and aren’t implemented intelligently. You can exert much greater control over satin stitching using a Satin Column, described later.

The stitching preview you’re looking at just now isn’t intended to be permanent. I usually immediately undo it (ctrl-Z) after I’ve looked at the stitches. The actual work that ink/stitch does is to output a design file.

Stitching Out the Design

Where’d the design file go? One of the parameters you were able to specify in the filter settings dialog was the output directory. By default, the directory used is the place where you installed the extension’s Python files. I output mine to ~/Documents/embroidery/output.

ink/stitch will create a file named something.csv, where something is the name of your svg file (e.g. something.svg). If something.csv already existed, it will be renamed to something.csv.1, and something.csv.1 will be renamed to something.csv.2, etc, up to 5 backup copies. When you’ve got the design the way you like it, save off a copy of something.csv.

Next, convert it to your machine’s format using libembroidery-convert (as described above). Send it to your machine in whatever way one does that for your machine, and try stitching it out!

Ordering

Copy your rectangle and paste it elsewhere on your canvas. Deselect any shapes (Edit -> Deselect), re-run the extension, and look at the output. You’ll see that both regions have been stitched, and there will be a line connecting them. That’s a jump-stitch, where the machine will move a long distance between stitching the sections.

If you’re like me, your machine can’t automatically cut the thread between stitching sections, so you’ll need to minimize jump stitches as much as possible through careful planning of your stitch path. If your machine can do thread cuts, congratulations! But you’ll need to modify ink/stitch to allow you to specify a thread cut, because there’s no way to do that right now.

However, note that ink/stitch pays attention to the colors you use for objects. If you change colors from one object to the next, ink/stitch will include a color-change instruction using the color you’ve set for the object. My machine cuts the thread and waits for me to switch to the new thread color.

Reordering

Use the Objects panel to view the stacking order of the objects in your SVG file. ink/stitch will stitch them in their stacking order, from lowest to highest. You can reorder them in the normal way in inkscape to affect the stitching order.

You can also use the Reorder extension. Hold shift and select the objects you’d like to reorder, one at a time, in the order you’d like them to end up in (lowest to highest). Run Embroidery -> Reorder. This extension will pull all of the selected objects out of wherever they were in the stacking order and insert them in order at the same place as the first object you selected. This can save you a ton of time. NOTE: this stopped working in more recent versions of inkscape, which no longer tell the extension what order you selected objects in.

Seeing the stitch plan for selected objects

If you have one or more objects selected when you run the Embroider extension, only those objects will be embroidered. This can be useful to help you fine-tune just one small section of your design.

Embroidery Parameters

When you run Embroider, you’ll have the option to specify a few parameters like stitch length, fill stitch row spacing, etc. These are used as defaults for all objects in your design. You can override these parameters and set many more using the Embroidery -> Params extension.

This extension gives you an interface to control many aspects of the stitching of each object individually. To use it, first select one or more objects. Parameters will be applied to them all as a group. If the selected objects already have parameters set, these settings will be pre-loaded into the interface.

Parameters are stored in your SVG file as additional attributes on the XML objects. You can view these attributes using Inkscape’s built-in XML editor panel, but you shouldn’t actually need to do this during normal usage. Inkscape ignores attributes that it doesn’t know, so these attributes will be saved right along with your SVG file. Note that other SVG programs may not retain these attributes, so be careful!

I recommend avoiding dependence on the default settings specified in the Embroider extension’s settings window. In fact, I bypass it entirely by binding a keystroke (ctrl+e) to “Embroider (no preferences)” in Inkscape’s settings. This way, I can quickly see the stitch plan just by pressing the keystroke. I also bind a keystroke to Params so that I can quickly view and change settings for each object.

Sidenote on extensions

Params is a bit weird, in that the dialog is produced by an entirely separate program (the extension) rather than Inkscape itself. This is due to the way Inkscape structures extensions. I wish ink/stitch could have deeper integration into Inkscape’s user interface, but it’s currently not possible. This is the price we pay for not having to write an entire vector graphics editor program :)

Another issue is that Inkscape has a memory leak related to extensions. The more times you run an extension, the more memory Inkscape uses and the slower it gets. I periodically save my SVG file, close Inkscape, and restart it to work around this issue. See above re: putting up with this kind of hassle so as not to have a to implement an entire vector graphics editor. Hopefully they’ll fix this bug soon.

AutoFill

AutoFill is the default method for generating fill stitching. To use it, create a closed path in Inskcape and add a fill color. This algorithm works for complex shapes with or without holes.

ink/stitch will break the shape up into sections that it can embroider at once using back-and-forth rows of stitches. It then adds straight-stitching between sections until it’s filled in the entire design. The staggered pattern of stitches is continued seamlessly between sections, so the end result doesn’t appear to have any breaks. When moving from one section to the next, it generates running stitching along the border of the shape.

AutoFill parameters

Using the Params extension, you can set these parameters:

• angle: The angle of the rows of stitches, in degrees. 0 is horizontal, and the angle increases in a counter-clockwise direction. Negative angles are allowed.
• row spacing: distance between rows of stitches
• maximum stitch length: the length of each stitch in a row. “Max” is because a shorter stitch may be used at the start or end of a row.
• running stitch length: length of stitches around the outline of the fill region used when moving from section to section
• staggers: stitches are staggered so that neighboring rows of stitches don’t all fall in the same column (which would create a distracting valley effect). Setting this dictates how many rows apart the stitches will be before they fall in the same column position.

AutoFill Underlay

By default, AutoFill will cover the shape with one layer of stitches. In almost all cases, this won’t look any good. The individual stitches will sink into the fabric (even if it’s thin) and the fill will appear sparse. The fabric may even stick up between rows.

To solve this, you need underlay: an initial layer of stitches that hold up the final stitches. Underlay for fill stitch it’s usually comprised of fill stitching 90 degrees offset from the final fill (called “top stitching”). The row spacing should be much wider than in the top stitching. The goal is to flatten out the fabric and give the top stitches “rails” to sit on.

In Params, you’ll see an underlay tab next to the AutoFill tab. Enable it by checking the box. The default settings should be good enough for most cases: 90 degrees offset and row spacing 3x the spacing of the top stitching.

Manual Fill

Manual Fill is the old mode from before I figured out how to implement automatic fill routing. In some cases, AutoFill may not be an option, such as when the running stitches between sections are not acceptable for your design. Usually, fill region edges are covered over by satin, but not always.

In manual fill, the extension will still break up the shape into sections, each of which can be embroidered in one go. Then these sections will be fill-stitched one at a time, jumping directly between sections. You’ll almost certainly want to break your shape up into smaller shapes and connect then using running stitches (described below). It’s a painstaking process, made moreso because you’ll need to do it twice: once for the underlay and again for the top stitching.

The flip option can help you with routing your stitch path. When you enable flip, stitching goes from right-to-left instead of left-to-right. Using flip and rotating 180 additional degrees (by adding or subtracting 180 from angle), you can cause fill stitching for a given shape to start from any of the four possible corners.

Running Stitch

Running stitch can be created by setting a dashed stroke on a path. Any kind of dashes will do the job, and the stroke width is irrelevant. ink/stitch will create stitches along the path using the stroke width you specify.

In order to avoid rounding corners, ash extra stitch will be added at the point of any sharp corners.

The repeats parameter says how many times time run down and back song the path. An odd number of repeats means that the stitches will end at the end of the path, while an even number means that stitching will return to the start of the path. The default is one repeat; that is, just traveling once from the start to the end of the path.

If an object consists of multiple paths, they will be stitched in order with a jump between each.

Simple Satin

A line without dashes will result in satin stitching. The width of the satin will be dictated by the stroke width. (For historical reasons, a stroke width less than 0.5 pixels will result in running stitch instead).

This is “simple satin”: Embroider will plot zig-zags to the left and right of the line from start to end, but it won’t do anything special around curves and corners. Sharper curves and corners will result in sparse stitching around the outside of the curve and dense stitching around the i. T

This won’t look good and may even poke holes in the insides of corners. I avoid using plain satin entirely; it’s just kept in for backward compatibility. It’ll probably work fine for straight lines.

Satin Column

Satin Column mode gives you much greater control over how the satin is generated. You define a satin column using a shape made of two mostly-parallel lines. Embroider will draw zig-zags back and forth between the two lines. You can vary the thickness of the column as you like.

The two paths must have the same number of points. This means that each path will be made up of an equal number of Bezier curves. Each pair of points acts as a “checkpoint”: Embroider will ensure that a “zag” ends up going from one point to the other.

Embroider considers each pair of Bezier curves, one at a time. It picks the longest if the two and determines how many zig-zags will be necessary to satisfy the zig-zag spacing setting. This makes it so that the outside of a curve will never have sparse stitching like with simple satin.

However, this does mean that the inside of a curve will have a higher stitch density than you specified. Be careful how you design sharp curves, because stitching at too high a density may poke a hole in the fabric!

To avoid this issue, transition your stitching to go around the corner at an angle, like this:

Some embroidery design programs solve this problem differently. They modify the satin such that some stitches on the inside corner don’t go all the way to the edge, to avoid having the make penetrate the fabric too many times in the same spot. I haven’t gotten around to implementing that yet. Pull requests welcome!

Satin Column supports these settings:

• zig-zag spacing: the peak-to-peak distance between zig-zags.
• pull compensation: Satin stitches pull the fabric together, resulting in a column narrower than you draw in Inkscape. This setting expands each pair of needle penetrations outward from the center of the satin column. You’ll have to determine experimentally how much compensation you need for your combination of fabric, thread, and stabilizer.

Satin Column also supports three kinds of underlay, of which you can use any or all simultaneously. I use the terms defined in this excellent article on satin column design.

Center Walk Underlay

This is a row of running stitch down the center of the column and back. This may be all you need for thin satin columns. You can also use it as a base for more elaborate underlay.

Contour Underlay

This is a row of running stitch up one side of the column and back down the other. The rows are set in from the edge of the column by an amount you specify. For small or medium width satin, this may serve well enough by itself.

Zig-Zag Underlay

This is essentially a lower-density satin stitch sewn to the end of the column and back to the start. Added with contour underlay, you get the “German Underlay” mentioned in the article linked above. For wide columns or challenging fabrics, you can use all three underlay types together.

Workflow

Here’s how I use ink/stitch to design embroidery patterns.

Pixels Per Millimeter

My embroidery machine (a Brother SE400) can handle patterns up to 10cm x 10cm (about 4in x 4in). Most machine embroidery design advice articles I’ve read talk in terms of millimeters, so that’s what I work in.

My machine can (theoretically) position the needle with an accuracy of a tenth of a millimeter. The Brother PES format cannot encode a position any more precisely than this. In practice, even if a machine had finer accuracy than this, the realities of sewing on real fabric, even with the best stabilizer, mean that you can’t get any more accurate than this (and you shouldn’t bother trying).

I set the Inkscape’s default document size to 1000 x 1000 pixels and set the “Pixels Per Millimeter” setting in Embroider to ten. This means that every “pixel” in Inkscape is worth a tenth of a millimeter. Practically speaking, there’s no reason I couldn’t choose to have one “pixel” equal one millimeter, because pixels don’t really have much meaning in vector graphics.

Step 1: Sketch design or use an image

First, I get an idea for what I want my finished product to look like. If I’m basing my design off an existing picture or graphic, I load it into Inkscape in its own layer. Some graphics are amenable to Inkscape’s auto-tracing feature, especially if I simplify the image in GIMP first.

After auto-tracing, I clean up the vector shapes, using “Simplify” and deleting nodes by hand when possible. My goal is to use as few Bezier curves as reasonably possible to represent the image.

If I need to trace an image by hand, I usually use the freehand drawing tool. This tool creates paths with a lot of Bezier nodes, so again, I’ll simplify the curves as much as possible.

Working with an existing SVG image can save a ton of time, so consider using Google image search with the filter set to SVG.

For text, choose a font carefully. It’s quite hard to make satin look good when it’s 1mm wide or narrower. Sans-serif fonts tend to be the easiest. For text smaller than 4mm tall, you’ll have a very difficult time making lowercase letters look good, so consider block-caps. Cursive/script fonts can work well, but it’s not going to be as easy as you think. I find that I spend the most time on text by far.

Step 2: Plan stitch path and color changes

At this point, you’ll have a vector graphic representation of your image. The next thing to do is to convert your vectors into the kind that Embroider understands and put them in the right order.

When you’re designing for embroidery machines that can’t cut the thread mid-sew or switch colors automatically, you’re going to want to optimize your stitch path to reduce or hide jump stitches and make minimal color changes. I also try to avoid stitching over jump stitches when possible, because it’s a total pain to trim them by hand when you do.

The order of stitching also affects how the fabric pulls and pushes. Each stitch will distort the fabric, and you’ll need to take this into account and compensate accordingly. Look for articles on machine embroidery distortion for more info on this.

Step 3: create the embroidery vectors

I make heavy use of layers and groups at this point. If I’ve traced an image, I’ll leave it as the lowest layer and set it invisible in the Layers or Objects palette. Any layer, group, or vector shape that is set invisible will be ignored by Embroider.

I keep my initial traced vectors in their own layer and use them as a reference when designing embroidery vectors. I copy and paste then as necessary into a higher layer and work with the copies.

I use only AutoFill and Satin Columns in my designs. I begin converting filled areas to AutoFill regions. Each time I create an AutoFill shape, I set its parameters using Params. Then I select it and run Embroider, which will cause it to show a stitch plan for just the selected object(s).

I examine the resulting stitch plan using the node editor tool. Each vertex is a single stitch; the needle will penetrate the fabric and interlock with the bobbin thread at this point. Once I’m done examining the stitch plan, I Undo the Embroider operation to remove the stitch plan and make my vectors visible again. Then I make any changes necessary, re-run Embroider, and repeat until it looks right.

At this point, I save my SVG file. If Inkscape is starting to become sluggish (due to the memory leak described above), I’ll restart it before continuing.

Next, I work on Satins. Remember that a Satin Column is defined by two lines that run along the edges of the column. It’s usually a good idea to run satin along the outside border of a fill region. Inkscape makes this easy. I copy and paste the shape from the traced vectors, then disable Fill and enable Stroke. I set the stroke width to my desired satin width. Finally, I use the “Stroke to Path” option to convert just the stroke into its own path.

At this point, it’s necessary to cut the paths so that they aren’t a continuous loop. The cut will also tell Embroider where to start stitching from. Add a point at the desired cut location by double-clicking on the path with the Node Editor tool active. Cut at this point by selecting at and pressing shift+b. Repeat for the second path.

Now you’ve got an object made of two paths. They need to be going on the same direction for Satin Column to work. You can tell what direction the path goes in by enabling direction indicators in Inkscape’s preferences. To reverse one of the paths, select one of its points and choose “Reverse Path”. I bind this to ctrl+r in Inkscape’s preferences.

By now, it’s likely that the two paths in the object have an unequal number of nodes. As described above, a Satin Column is made of consecutive pairs of points on the two paths. You have a couple of techniques available to make your nodes line up in pairs:

• simplify the shape (control+L)
• delete extra nodes
• add more nodes
• joining nodes

I usually Simplify first if necessary to reduce the path to a manageable number of nodes. Remember that machine embroidery is fairly imprecise and your final product will not have the incredibly fine details that you see on your screen, so simplifying can often be acceptable even if it changes the path.

Next, I try to delete nodes or join. Inkscape will attempt to manipulate the neighboring nodes as necessary to keep the path the same, but I find that it’s not particularly good at this. Instead of deleting a troublesome point, it can often work better to simply add a matching point on the other path.

Finally, I run Embroider with the path selected and examine the output. I add, remove, and adjust points as necessary to make my satin look nice.

You may find that you get the dreaded error, “object has two paths with an unequal number of points". This can be confusing because it may _look_ like your paths have the same number of points. Usually this is because of duplicate points: multiple points with the exact same coordinates or very similar coordinates. To find them, I drag-select each point in turn, examining the bottom status bar. It will tell me how many points I've selected. If it looks like I've selected just one but Inkscape says I've selected 3, then it's likely that I've found my culprit.

Often just pressing shift+J (join nodes) will eliminate the extra points without modifying the shape. Sometimes it won’t, and in cases like that, I’ve had luck with adding extra points on either side of the “cluster”, then delete the “cluster”. The extra points anchor the shape and disallow Inkscape from messing it up. Then it may be possible to delete the added points, or I just add points to the other path to match with them.

Step 4: Ordering

Once I’ve created all of my vectors and test-embroidered them individually, it’s time to put everything in the right order. This is where the Objects tool from the latest development version of Inkscape (described above) comes in useful. Because my embroidery machine can neither trim threads nor switch colors mid-sew, I optimize my order to minimize color changes and reduce or hide jump-stitches.

Embroider will stitch objects in exactly the order they appear in your SVG document, from lowest to highest in stacking order. If the distance between two objects is long, Embroider will add a jump-stitch between them automatically. It uses the color of the object to determine thread color, so changes in color from one object to the next will result in a thread-change instruction being added to the embroidery output file.

Inkscape gives you the ability to raise and lower objects in the stacking order using the PageUp and PageDown keys. However, it seems to be unwilling to give the user complete control over the stacking order. I think this has to do with whether objects overlap: if A and B don’t overlap, Inkscape doesn’t care how they’re stacked in the SVG file and it sometimes won’t let you reorder them.

To solve this, I created the Reorder extension. To use it, hold down the shift key and select objects one at a time in the order you’d like them to appear in the SVG file and run Reorder. Reorder will remove the selected objects from the SVG XML tree and then re-add them at the location of the first-selected object, in the order you selected them.

You can also manually manipulate the underlying SVG XML structure by using Inkscape’s XML Editor pane. Its “Raise” and “Lower” buttons directly manipulate the order of XML tags in the SVG file and are not subject to the same limitations as PageUp and PageDown. Note that the ordering of XML tags in the XML Editor tool is the reverse of the order of objects in the Objects tool.

Step 4: Render to CSV

Once I’ve got everything in the right order, I deselect all objects and run Embroider again. This will embroider all visible objects in the document. As described in the Setup section above, I render my embroidery file in CSV format and convert it with EmbroiderModder’s libembroidery-convert utility.

Embroider will create a file in the specified output directory named after your SVG file, but with the extension changed to .csv. It will back up any existing file there, storing up to 5 old copies of each file.

Step 5: Convert to PES and upload

My sewing machine uses the PES format, so I convert the CSV file into a .PES and send it over to my sewing machine. My Brother SE400 acts like a (very small!) USB flash drive. I use a script to do the CSV and upload steps all at once.

Step 6: Test-sew

I’ve never gotten an embroidery file correct on the first try. There’s always room for improvement! To test out my design, I prepare a test piece of fabric that matches my final fabric as closely as possible. I use the same stabilizer and the exact same fabric if possible. For t-shirts, I try to find a similar fabric (usually knit). Knits need a lot of stabilization.

I sew out the design, watching the machine to make sure that there aren’t any surprises. I’m watching for gaps that indicate that the fabric has been distorted. I’m also watching for areas where stitches are piling up too closely and the machine is having trouble sewing, which indicates that the stitch density is too high. Finally, of course, I’m watching in giddy anticipation to see my design for the first time! :)

Step 7+: iterate

Then I go back and tweak my design. Hopefully it only takes a few tries to get it how I want it. Once I’m done, I copy the CSV file from my output directory, just to avoid accidentally overwriting it in the future.

We've been archiving a bunch of old Xerox Alto disk packs from the 1970s. A few of them turned out to be password-protected, so I needed to figure out how to get around the password protection. I've developed a way to disable password protection, as well as a program to find the password instantly. (This attack is called XeroDay, based on a suggestion by msla.)

The Alto was a revolutionary computer designed at Xerox PARC in 1973 to investigate personal computing. In the photo above, the Alto computer itself is in the lower cabinet. The Diablo disk drive (in 1970s orange, below the keyboard) takes a removable 14 inch disk pack that stores 2.5 megabytes of data. (A bunch of disk packs are visible behind the Alto and in the photo below.) I've been restoring a Xerox Alto, along with Marc Verdiell, Luca Severini and Carl Claunch. (The full set of Alto posts is here and Marc's videos are here.)

Now that we have the Alto running, one project is to archive a bunch of disks that have been sitting at Xerox PARC for decades, and find out if there are any interesting treasures among the disks. We can archive disks by running the Copydisk program on the Alto, and copying them over Ethernet to a PC server. (Ethernet was invented by Xerox for the Alto.) However, it's considerably faster to read the data directly off the disk drive, bypassing the computer. Carl created an FPGA-based disk controller (below) that connects to the Diablo disk drive, speeding up the archiving process.1

Before reading each disk, we open up the pack and carefully clean the surface. After storage for decades, these disks have some grime, dust, and the occasional bug (of the dead insect variety), so we need to clean them to reduce the chance of a head crash.

Most of the archived disks can be booted on the Alto or the ContrAlto simulator. But a few disks only booted to a password prompt (see below), and we couldn't use the disk without the password. So I decided to hack my way into the password-protected disks.

The Alto documentation discusses password protection, explaining how a password can be associated with a disk. It only promises "a modest level of security", which turns out to be true. It also says if you forget the password, "you will need an expert to get access to anything on your disk." But could I break in without finding an expert?

A bit about passwords

Storing passwords in plain text is a very bad idea, since anyone who can access the file can see the password.9 Most systems use a solution invented by Roger Needham in 1967. Instead of storing the password, you hash the password through a cryptographic one-way function and store the hash. When the user inputs a password, you hash it through the same function and compare the hashes. If they match, the passwords match. And if anyone sees the hash, there's no easy way to get the password back.

One problem with hashed passwords is if two users have the same hash, then you know they have the same password. A solution (invented in Unix) is to hash some random bytes (called salt) along with the password to yield the stored hash. Since different users will have different salt, the hashes will be different even if the passwords are the same. (Of course you need to store the salt along with the hash in order to check passwords.)2 Like Unix, the Alto used salted and hashed passwords.

The Alto's hash algorithm

The source code for the Alto's password algorithm reveals how the password hashing is implemented.3 The Alto uses four words of salt with the password (two words based on the password creation time and two words based on the user name). The password hash is 4 words (64 bits) long. The Alto's password hash algorithm is pretty simple:4

Hash c = -a*x*x + b*y

where a is the time salt and b is the user name salt. x is a one-word value generated from the password string and y is a two-word value from the password string, both generated by concatenating characters from the password.5

Disabling the password

There's a way to disable the password on disk, gaining access to the file system.6 The Alto boots from disk by running the file sys.boot; this file decides if a password is required for boot, based on the 9-word password vector stored inside the file. The first word is a flag indicating if the disk is password protected. If the password flag is set, the boot program requires a password before proceeding. The next four words are the salt, and the final four words are the password hash itself.

The password protection can be disabled by clearing the flag word inside sys.boot, which is the 128th word in the second block of sys.boot. The tricky part is finding where this word is on disk. The file system stores a directory as the name of each file along with the disk address of the file's first block. By reading the directory as raw data and interpreting it, we can find the location of sys.boot. In the Alto file system, each disk block has pointers to the previous and next block. So once we've found the first block, we can follow the pointer to find the second block. (Basically I re-implemented a subset of the Alto file system using the raw disk.) Erasing the password flag in this block makes the disk bootable without the password.

After implementing this, I realized there's a short cut. The writers of the disk bootstrap code didn't want to re-implement the file system either, so the Alto simply copies the first block of sys.boot to the first disk sector. This makes it trivial to find the file, without needing to scan the directory. Once I have the first block, I can find the second block from the pointer, access the block, and clear the password flag, disabling the security.7

I made a simple Python program to update the disk image file and clear the password flag (link). After running this program, I was able to access the protected disks. The password-protected disks didn't have any super-secret treasures. However, one disk contained an implementation of APL in Mesa, which was interesting. (APL is a cool programming language known for its extremely terse notation and strange character set.Mesa is a high-level language developed at Xerox PARC; it influenced Java.) We haven't gotten Mesa running on the Alto yet, but this looks like an interesting thing to try out.

Brute-forcing the password

While I could access the disk simply by clearing the password flag, I wondered what the original passwords were. I implemented the password algorithm in C (link), so I could rapidly test passwords. My hope was that testing against a list of top 100,000 passwords would find the passwords, since I didn't expect much in the way of 1970s password security practices. Surprisingly, there were no hits so the passwords weren't common words. My next step was brute-forcing the password by generating all strings of length 1, 2, 3 and so forth.8 Finally at length 8, I cracked the first password with "AATFDAFD". The second disk had password "HGFIHD" and the third had "AAJMAKAY". Apparently random strings were popular passwords back then.

I was a bit suspicious when I saw that both 8-character passwords started with "AA" so I investigated a bit more. It turned out that using "AB" in place of "AA" also worked, as did starting with anything in "{A-Z}{A-G}". Studying the algorithm more closely, I realized that when x and y get too long, the old character bits were just dropped. Thus, when you use a password longer than 6 characters, most of the bits from the first characters are lost. This is a pretty big flaw in the algorithm.

Finding the password with math

It takes half an hour or so to brute force the password; can we do better? Yes, by doing some algebra on the password formula yielding:

y = (c + a*x*x) / b

where x and y are generated from the password string, a and b are salt, and c is the stored password hash. Since x is only 16 bits, we can easily try all the values, finding ones for which the division works. When we find a solution for y, we can recover the original password by chopping x and y into 7-bit characters. Using this technique, the password can be recovered almost instantly. I implemented this in Python here.

Conclusion

The Xerox Alto's disk passwords can be trivially bypassed, and the password can be easily recovered. The password algorithm has multiple flaws that make it weaker than you'd expect (dropping password characters) and easily reversed. Since the system is almost 45 years old, they had to keep the code small and they weren't facing modern threats. After all, Xerox only promised "modest" security with the passwords, and that's what it provided.

Notes and references

Published Date: Jan 4, 2018

I’ve spent the last week with Apple’s new iMac Pro, and in most ways it’s just a faster Mac. It's the first pro Mac desktop in over three years and the fastest Mac yet made, granted, but still entirely familiar. And yet in many ways—some noticeable, some entirely invisible—this new Mac is completely different from all past Mac models.

The iMac Pro may be an outlier today, but in the future we’ll probably look back on it as the start of a new era for the Mac, all because of the Apple-built T2 chip it carries inside. Here’s how the T2 makes this iMac Pro unlike all other Macs.

The power behind the throne

The T2 processor isn’t doing the heavy lifting in the iMac Pro—that’s the Intel Xeon processor with between 8 and 14 processor cores. The T2 is the brain behind that brain, running the subsystems of the iMac Pro from a single piece of Apple-built silicon. The result is a simplified internal design that doesn’t require multiple components from multiple manufacturers.

Apple

On most Macs, there are discrete controllers for audio, system management and disk drives. But the T2 handles all these tasks. The T2 is responsible for controlling the iMac Pro’s stereo speakers, internal microphones, and dual cooling fans, all by itself.

A FaceTime camera like no other

The iMac Pro’s FaceTime camera can capture 1080p video, an upgrade from the 5K iMac’s 720p resolution. But this new FaceTime camera is driven by the T2 processor, which means it’s got intelligence that previous FaceTime cameras lacked. Like its cousin processors that drive the iPhone, the T2 has an Apple-designed image signal processor that detects faces in order to properly set exposure and white balance, dynamically adjusts exposure, and a whole lot more—all in the service of producing a better image, just like what happens when you shoot photos or video with your iPhone.

What flash storage?

The iMac Pro offers between 1TB and 4TB of flash storage, also commonly referred to as an SSD, or “solid-state drive.” This is hardly the first Mac to include SSDs, but it’s a very different approach to storage than previous models.

Most solid-state drives, whether they fit into a drive bay like a spinning hard drive or are reduced to a chip that slides into a slot somewhere, are self-contained—they’re a bank of memory combined with a controller. On the iMac Pro, though, that’s not the case—the SSD that comes with the iMac Pro is actually two banks of NAND memory. (Every iMac Pro has two banks that are “striped” together into a single drive—if you get the 1TB model, your iMac Pro has two 512GB NAND banks; the 4TB model has two 2TB NAND banks.)

Roman Loyola

As for the disk controller? There isn’t one—or more accurately, the disk controller is built into the T2 itself. This gives the T2 complete control over internal storage on the iMac Pro. This has some major benefits in terms of speed and security. Every bit of data stored on an iMac Pro’s SSD is encrypted on the fly by the T2, so that if a nefarious person tried to pull out the storage chips and read them later, they’d be out of luck.

(For additional security, Apple strongly suggests you turn on FileVault, which ties SSD encryption to your password. This provides an additional level of security, because your disk can’t be decrypted without the proper hardware and your password.)

All this encryption happens invisibly, so the SSDs in the iMac Pro still operate at full speed—approximately 3GB per second.

Boot twice for safety

You know you’re a Mac nerd when you have opinions about the keys you need to hold down when rebooting while troubleshooting a problem. But on the iMac Pro, booting and rebooting is different—very different. In essence, it’s a two-stage process, first driven by the T2, then driven by the more traditional system boot process.

When you start up the iMac Pro, the familiar Apple logo appears almost immediately. This is a sign that the T2 is taking control. For security reasons, the T2 is the iMac Pro hardware’s “root of trust,” and it validates the entire boot process when the power comes on. The T2 starts up, checks things out, loads its bootloader, verifies that it’s legitimate and cryptographically signed by Apple, and then moves on to the next part of the boot process.

This new boot process means there’s also a new utility for Mac users to get to know: Startup Security Utility, which you can only access by booting into Recovery mode by holding down Command-R while starting up. Startup Security Utility gives the T2 guidance about just how strict it should be when judging whether it should boot your computer.

By default, security is set to Full, which means that only the current operating system or another OS version signed and trusted by Apple—meaning it hasn’t been tampered with in any way—can be booted by the computer. This version requires a network connection when you attempt to install any OS software updates, because it needs to verify with Apple that the updates are legitimate. You can also set the security level lower, to Medium (which allows older version of macOS to run regardless of Apple’s level of trust), or turn the feature off entirely, emulating the way all other Macs currently start up.

(This goes for Boot Camp, too—the T2 respects Microsoft’s signing authority for Windows 10 beginning with 2017’s Fall Creators Update, so Boot Camp users can reboot into Windows 10 while remaining fully secure.)

A hybrid Mac? Not quite.

Before the iMac Pro was released, there was a lot of speculation that it was part of a trend toward creating a “hybrid Mac” that is driven by both an Intel processor and an Apple-designed ARM chip like those found in other Apple devices. The iMac Pro is definitely a hybrid of a sort, but probably not the one people were expecting. With the T2, Apple is using its chip-design prowess to take more control over parts of the Mac hardware that were previously outsourced to other controllers, and reaping the benefits of integrating them all together.

The iMac Pro isn’t running iOS apps, but it does get to take advantage of most of the work Apple has done to bolster the security of iOS devices and enhance the quality of photos and video taken by iPhone cameras. Apple will almost certainly continue to push this technology into more future Mac models, because it allows Apple to use the work it’s already done on iOS to improve the features and security of the Mac.

SANTA CLARA, Calif., Jan. 4, 2018 — Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from both exploits (referred to as “Spectre” and “Meltdown”) reported by Google Project Zero. Intel and its partners have made significant progress in deploying updates as both software patches and firmware updates.

MORE:Intel Responds to Security Research Findings (Jan. 3, 2018) | Security Exploits and Intel Products (Press Kit) | Facts about The New Security Research Findings and Intel Products (Intel.com)

Intel has already issued updates for the majority of processor products introduced within the past five years. By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years. In addition, many operating system vendors, public cloud service providers, device manufacturers and others have indicated that they have already updated their products and services.

Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time. While on some discrete workloads the performance impact from the software updates may initially be higher, additional post-deployment identification, testing and improvement of the software updates should mitigate that impact.

System updates are made available by system manufacturers, operating system providers and others.

Intel will continue to work with its partners and others to address these issues, and Intel appreciates their support and assistance. Intel encourages computer users worldwide to utilize the automatic update functions of their operating systems and other computer software to ensure their systems are up-to-date.

For information and links to useful resources, visit the security research findings page on Intel.com.

Applying for a Safe Harbor checking account is an invasive procedure. The credit union first tries to learn as much as it can about the company and its owners, beginning with an hourlong interview, followed by the document collection that Behzadzadeh found so aggravating: lists of owners, investors, vendors and customers; financial statements and tax forms; the business’s organizing documents; state licenses; leases, handbooks and more. The documents can multiply quickly, because marijuana businesses are often a web of affiliated companies with overlapping ownership. Each often gets its own bank account.

Once the accounts are opened, Safe Harbor’s bankers inspect the business and its premises as frequently as every three months, to confirm that it hews to all of Colorado’s rules. Treasury’s guidance implies that a bank can’t properly make sure that a client stays on the right side of the Cole memo without a rigorous state licensing and regulatory plan in place, according to McVay, the Seattle lawyer. This, he says, explains why California’s large medical-marijuana sector mostly lacks access to banking services: Local governments oversee the business, and with a very light touch. The state won’t implement comprehensive regulations until later this year at the earliest.

Safe Harbor bankers spend most of their time monitoring client transactions, tying every dollar the bank takes in to a legitimate sale and making sure that no dollar withdrawn disappears into the illicit economy. Each month, they reconcile the account activity to a company’s ledger and the sales it reports, as well as to all the other information they’ve gleaned about a client, such as which companies it normally trades with. The credit union has compiled reams of data about how money moves around the marijuana industry, and bankers regularly compare notes about the transactions they see. When an unusual deposit arrives — larger than typical, say, or from a new source — the banker holds the money until the client can account for it.

Seefried recalls how a banker noticed that one dispensary seemed to have customers with unusually deep pockets: its sales averaged $300 to $400 each, while medical-marijuana patients generally spend less than $100 at dispensaries. The banker interrogated the client and, from the parking lot, even staked out the dispensary and studied its customers. In the end, still mystified by how the dispensary made its money, Safe Harbor closed the account. “You cannot bank what you don’t understand,” Seefried says.

Safe Harbor has closed three other accounts after members broke various credit-union rules, indicating that they weren’t willing to be fully transparent with their bankers. Late last summer, Seefried ejected three more members after bankers, working with money-laundering experts, detected suspicious activity. And another three closed their accounts rather than comply with her increasingly strict requirements, including one that customers deposit 90 percent of their receipts. The rule, she acknowledges, was mainly intended to weed out less-committed clients: Only a business trying to hide its transactions would be put off by it.

Last June, the National Credit Union Association, Partner Colorado’s federal regulator, conducted its annual examination of the credit union’s books and practices, and for the third year in a row, had no complaints about Safe Harbor. Today the program consists of 13 people, including five responsible solely for compliance. Most are women. (Women manage more than half of all credit unions.) When Seefried hires bankers for Partner Colorado, she gravitates toward sociable people. For Safe Harbor, she says she prefers introverts or, at the very least, people who evince precision and curiosity.

This sort of meticulous banking isn’t cheap. For each $100,000 deposited at Safe Harbor, a client pays $450 in fees in the first year and $300 thereafter. (Client companies that serve the marijuana industry but don’t actually sell the drugs, like laboratories, require much less vetting and so pay much lower fees.) Seefried says the Safe Harbor program made a modest profit in its first year — less than $200,000. It became much more lucrative for the credit union in 2016, but Seefried won’t reveal specifics. According to federal data, most of the institution’s sources of income have stayed relatively steady since 2014, but fee income has grown to a projected $5 million in 2017 from nearly $3 million.

Seefried says that about three-quarters of Safe Harbor’s marijuana-selling clients pay less than $1,000 a month per account, considerably less than they would pay at banks, where monthly account fees are said to start at $1,500. Many observers assume that the opportunity to assess lucrative fees is what entices small banks to take on these risky accounts. Federal data show that at Champion Bank, in suburban Denver, which began explicitly working with marijuana businesses in 2014, annual fee revenue on deposit accounts increased by a factor of 68 from 2013 to 2016, to $752,000 from $11,000, even as its main line of business, providing loans, shrank. At Colorado Bank and Trust in La Junta, fees grew elevenfold to $2.9 million.

For marijuana businesses, engaging with the financial mainstream has kept them mostly free from legal trouble. Safe Harbor has received subpoenas for the bank records of only four of the just over 200 clients it has had. None has yet been indicted. John Walsh can recall prosecuting one case against regulated dispensaries and none against a business serving the industry. But working without a checking account makes even an otherwise law-abiding business look evasive, says Lewis Koski, who served as the first director of the state’s Marijuana Enforcement Division, which collects marijuana taxes and regulates the industry, before he joined Andrew Freedman in a consulting venture. A cash-management technique like personal deposits structured to evade notice can legally amount to money laundering. “Banking,” Koski says, “just provides a really clear picture of where money is coming in and where money is going out.”

On the last Wednesday of last March, Kim Oliver, Partner Colorado’s executive vice president, pulled her old, mud-streaked silver Jetta into Avicenna’s parking lot. She had come from her ranch, east of Denver. She was dressed formally and seemed intently focused on the business at hand. Seefried had reviewed all of Behzadzadeh’s paperwork; now only an inspection stood between him and a bank account. Behzadzadeh gave Oliver a warm welcome, and Elsberg took her ID, signed her in and gave her a visitor badge. Oliver made a mental note: the first small compliance test, passed.

Oliver, who is 59, has worked in credit unions all her adult life. Earlier she had confided to me a lifelong hostility to marijuana and rage when she discovered that her son-in-law, a veteran suffering from PTSD and living in her house, was cultivating a small crop in her basement. But working on Safe Harbor had forced her to reconsider her views on medical marijuana. “I found out that he wasn’t blowing smoke,” she told me. (I couldn’t tell if she intended the pun.) “That was my whole thing: You’re just trying to have an excuse to smoke dope.” She now supplies her arthritic mother with topical creams that contain cannabidiol, a chemical compound in the marijuana flower that doesn’t produce a high but that medical-marijuana advocates believe reduces inflammation.

Oliver sat down with Behzadzadeh and Elsberg at a gray marble table in the kitchenette just inside the employee entrance. She began the formal inspection by going through a checklist: six pages long, scores of questions. The first series delved into Behzadzadeh’s financial practices and the second into business procedures. These were meant to assess Behzadzadeh’s compliance with state regulations. Then she read five or six questions about each of the eight Cole memo priorities. After a response, Oliver made a check — almost always “yes” — and sometimes wrote a little note beside it. “If you had an employee, and they cut a bud off,” she asked at one point, “how would you catch who did that?”

“Cut a bud off” — the phrase in Oliver’s Great Plains twang was disorienting. One of the incongruities in Colorado’s marijuana business is how professionals new to the trade adopt the Mendocino idiom without either irony or any particular reverence, the way their clothes absorb the plant’s scent after a few hours on site. The industry’s brand-builders prefer more sanitized language when talking to the public: “adult use” for “recreational” and “cannabis” for “marijuana.”

Elsberg replied, “That’s the beauty of it — we have cameras on everything.” The questions, and especially the answers, occasionally delved into minutiae, as when Behzadzadeh noted that he had hired a man to drive the perimeter of his two buildings hourly every night. Oliver raised an eyebrow. “He’s legal,” Behzadzadeh said. “I checked his sosh” — Social Security number. “I checked his driver’s license.” He deadpanned, “I sent a copy to Jeff Sessions, too.”

Next, Oliver went about documenting compliance, snapping photos of the cameras, the safes, the locks on cabinets and other equipment, the bars blocking the windows and even the eyewash station. She walked over to a bakery-bun rack and photographed the RFID tag lying next to a brittle sheet of an extract known as shatter. Then she had an employee type the tag number into the state record system to call up that batch’s history. She visited the grow next door (“I’m surprised they have as many cameras that they do,” she remarked approvingly afterward) and then followed Behzadzadeh and Elsberg up to the dispensary in Federal Heights.

The dispensary inspection got off to a rocky start when Oliver noticed the A.T.M. near the entrance. Cash-machine companies often rent them to dispensaries and stores, because so few can accept credit cards, but Behzadzadeh owned his and each week filled it with $2,000 in cash taken from the register. “That’s got to change,” Oliver said matter-of-factly. “The biggest way of laundering money is through the A.T.M.”

Behzadzadeh’s machine was tied to a personal bank account; every time a customer withdrew cash, that account received a credit. But the register money was unaccounted for; it could come from anywhere. Now, Oliver told him, he would have to withdraw money from Safe Harbor and hire an armored car to deliver the cash and fill the A.T.M.; he couldn’t even touch it himself.

A look of incredulity crossed Behzadzadeh’s face. “Wait — I’m not going to give my business to somebody else!” he said. As a start-up entrepreneur, Behzadzadeh nursed a swelling grudge against the contractors and vendors who nickeled and dimed him, he thought, at every turn — maybe even Safe Harbor. The cost of banking was one thing, but the prospect of trading the satchel for an armored car from a company like Blue Line, another niche player that charged a premium in a niche industry, especially galled him. “I have no problem doing business with you guys, and I appreciate the banking, but I’m not going to pay Blue Line to take my money,” he said, his voice rising. “There’s no way.”

Oliver kept pressing. “All they’re doing is loading the machine for you,” she said. “If I wanted to be on the black market, I would come in here and fill this machine all the time to clean the money.”

“Ah,” Behzadzadeh said. Now he understood. He thought out loud: He would bring cash from Avicenna to the dispensary and give it to a courier, who would put different cash, which he had brought with him, into the A.T.M. machine. “While you’re doing that” — Behzadzadeh addressed the imaginary courier — “I’ll make you coffee.”

Behzadzadeh’s dogs were barking ferociously when he and his wife returned home from dinner late one night in September. They didn’t think anything of it, but several hours later, the couple heard noises in their house. Behzadzadeh gathered his wife and children in a bedroom and raced downstairs with a laser-sighted pistol. But the intruders were gone, along with his cellphone — and the satchel.

The robbery could have been a financial disaster. A month earlier, the Denver Fire Department had determined that the extraction room at Avicenna was not sufficiently blastproof, shutting down the factory for two months. “If they had taken $30,000 or $40,000,” Behzadzadeh said, “it would have literally broken my back.” But the satchel held no money that night. Behzadzadeh had opened his bank accounts the morning after the inspection. It had taken him a few months to fully embrace them — Seefried had predicted as much — but now around two-thirds of his trading partners also accept or write checks. What cash remains in Behzadzadeh’s business waits in safes, secured to the floor, for the armored truck.

Yet despite Safe Harbor’s efforts and those of its competitors, bank accounts remain out of reach for many Colorado marijuana companies. The high fees put off smaller businesses at the same time as banks seem to be pulling back. Seefried didn’t want Safe Harbor deposits to swamp the credit union, so last January she reduced the number of new monthly clients from five to three and then closed the door altogether in August after deposits ballooned over the summer. As the state Marijuana Enforcement Division granted licenses to about 220 additional companies last year through November, Safe Harbor’s waiting list swelled to 96 businesses, or two-and-a-half-years’ worth of new clients, before the credit union stopped adding names to it. The five banks have become very stingy about granting new accounts, according to three C.P.A.s who have marijuana-industry clients. The parent company of one of those institutions, Colorado National Bank, declared bankruptcy in November, putting its future as a marijuana banker in doubt.

Marijuana banking has always depended entirely on forbearance from Washington, and the Trump administration seems decidedly less tolerant than its predecessor. In March, Attorney General Jeff Sessions declared before a gathering of law-enforcement officials that marijuana is “only slightly less awful” than heroin. “I reject the idea that America will be a better place if marijuana is sold in every corner store,” he said. A task force assembled in February by the Justice Department to combat violent crime didn’t recommend any changes to the Cole memo when it delivered its initial findings last summer, but the agency is very likely revising it. (The Justice Department wouldn’t comment on its deliberations.) [Update: After this article went to press, the Justice Department rescinded the Cole memo, giving U.S. attorneys more latitude to enforce federal marijuana laws in their districts.]

Seefried had hoped to begin making loans to and processing credit-card transactions for Safe Harbor’s existing clients, but for the foreseeable future, she has put those plans on hold. Until federal law catches up to public sentiment, marijuana banking is unlikely to keep pace with the industry — the vetting is too expensive. Just last month, after a client was caught up in a police investigation, Safe Harbor had to review the account to make sure bankers hadn’t missed any suspicious activity. “It cost me $30,000: $20,000 to bring in investigators for three days and $10,000 for legal fees,” Seefried told me. “That’s one client, with one problem.” She plans to raise fees in the next couple months.

Yet she still hopes to position Safe Harbor as a model for banking the marijuana industry elsewhere. In November, Safe Harbor began licensing its name and protocols to financial institutions nationwide. Six banks and credit unions in six states will begin taking on customers this month, including a credit union in Colorado to serve the customers that Safe Harbor no longer can. Three more will join each quarter. Safe Harbor is also testing a mobile-phone app for buying marijuana in Hawaii’s handful of state-licensed dispensaries.

In June, the National Credit Union Association, Partner Colorado’s regulator, advised Seefried that it would begin examining the institution quarterly rather than yearly, which she attributes to the national expansion. She has hired two full-time employees just to manage the increased compliance. “We are bringing more credit unions to the table, and they don’t want us teaching them incorrectly,” she says.

One industry investment facilitator, the Arcview Group, estimates that legal marijuana sales in the United States will more than double to roughly $21 billion by 2021 from nearly $9 billion last year. Walsh, the former prosecutor, has concluded that the tension between the federal government and liberalizing states is unsustainable. “I came in as U.S. attorney in 2010 assuming that it was my job to enforce the federal marijuana laws regardless of what state legalization efforts would look like,” he says. “The longer I worked on the issue, and we struggled with it, the more I realized that a simple shut-it-down approach was not practical. The notion that you can put this genie back in the bottle today is not realistic.”

Both the OpenWrt and LEDE projects are happy to announce their unification under the OpenWrt name.

After long and sometimes slowly moving discussions about the specifics of the re-merge, with multiple similar proposals but little subsequent action, we’re happy to announce that both projects are about to execute the final steps of the merger.

The new, unified OpenWrt project will be governed under the rules established by the LEDE project. Active members of both the former LEDE and OpenWrt projects will continue working on the unified OpenWrt.

LEDE’s fork and subsequent re-merge into OpenWrt will not alter the overall technical direction taken by the unified project. We will continue to work on improving stability and release maintenance while aiming for frequent minor releases to address critical bugs and security issues like we did with LEDE 17.01 and its four point releases until now.

Old pre-15.05 OpenWrt CC releases will not be supported by the merged project anymore, leaving these releases without any future security or bug fixes. The OpenWrt CC 15.05 release series will receive a limited amount of security and bug fixes, but is not yet fully integrated in our release automation, so binary releases are lacking behind for now.

The LEDE 17.01 release will continue to get full security and bug fix support for both source code and binary releases.
We are planning a new major release under the new name in the next few months.

The merged project will use the code base of the former LEDE project. OpenWrt specific patches not present in the LEDE repository but meeting LEDEs code quality requirements got integrated into the new tree. The source code will be hosted at git.openwrt.org with a continuously synchronized mirror hosted at Github. The original OpenWrt codebase has been archived on Github for future reference.

Yet open pull requests to both the old OpenWrt and LEDE repositories will be closed after a 30 day grace period. We encourage people to open new pull requests at the new repository or re-send still unmerged patches.

The remerged OpenWrt project is legally represented by the Software in the Public Interest (SPI) - an US 501(c)(3) non-profit organization which is managing our OpenWrt trademark, handling our donations and helping us with legal problems.

Infrastructure currently available under the lede-project.org domain will be moved to corresponding openwrt.org subdomains and redirects will be put in place where appropriate.

The merger of the OpenWrt and LEDE forums and wikis is not yet fully decided, so all portals will continue to be available under their respective domains until a definite consensus is reached.