Random Thoughts by Fabien Penso


This previous article explains how to read ChaCha20-Poly encrypted data using Ruby or Python. My first goal is to ensure other languages can read data encrypted within Beam, but the end goal is to decrypt it within your browser, using client-side HTML and Javascript. Sadly, WebCrypto omits ChaCha20-Poly, and I had to move to AES-GCM instead.

This extensive documentation says to use additionalData for the tag part, but that never worked on my code, and I had to do that manually.

Use the following in Xcode Playground to encrypt a string:

import UIKit
import CryptoKit

let str = "Hello, playground"
let strData = str.data(using: .utf8)!

let key = SymmetricKey(size: .bits256)
let keyString = key.withUnsafeBytes { Data($0) }.base64EncodedString()

let sealbox = try! AES.GCM.seal(strData, using: key)

print("Key: \(keyString)")
print("Combined: \(sealbox.combined!.base64EncodedString())")

The output when running it on my computer (you obviously will get a different result):

Key: lQ4F/9K45Ym9K8Qv9CkVrozkTsGij7/OErhzMmhb8Ec=
Combined: NYsQV/IXJDyZgSY3hb/AQapynEBSIDXlO4TdMC+6F6DHmUBOnXEPcE/+sVrz

I spent days figuring out how to decrypt ChaChaPoly encrypted data with Swift CryptoKit using other languages. What should have taken me minutes took me hours. As a time savior, here is how you can decrypt it using Ruby or Python. I ended up reading the source code of swift-crypto to understand what’s the combined sealbox was doing.

Use the following in Xcode Playground to encrypt a string:

import UIKit
import CryptoKit

let str = "Hello, playground"
let strData = str.data(using: .utf8)!

let key = SymmetricKey(size: .bits256)
let keyString = key.withUnsafeBytes { Data($0) }.base64EncodedString()

do {
    let sealbox = try ChaChaPoly.seal(strData, using: key)

    print("Key: \(keyString)")
    print("Combined: \(sealbox.combined.base64EncodedString())")
} catch { }

The output when running it on my computer (you obviously will get a different result):

Key: j6tifPZTjUtGoz+1RJkO8dOMlu48MUUSlwACw/fCBw0=
Combined: OWFsadrLrBc6ak+6TiYhAI6JKvoQzVMpnRdJ6iE5vEiAhadrCu6EcEQiAs7G

You can decrypt it using Ruby with:


After Apple’s announcement, I ordered an M1 Mac Mini and canceled it when I noticed the non-upgradable RAM. I then reordered it (16G/1T), and it has just arrived today :grin:

You’ve probably seen many online reviews (I watched tons of them on youtube) and what everyone says is true. It’s fast! Pretty stable, and I can’t hear the fan even while compiling.

Looking at my geekbench you’ll see it’s the fastest machine I own, CPU wise, even more than my MBP 16” 2020. On the compute GPU level, it’s slower, but that was expected from a Mac Mini. I’m glad I got rid of the Hackintosh…

Using @gmail.com for your email address is like living at someone’s house without rent and potentially being kicked out any day without warning. All your belongings inside, without any access.

One of my first jobs around 1997 was being a sysadmin and managing email servers, writing sendmail.cf configuration files without M4, and I should have known better.

Someone who used Gmail for over 10 years recently got locked out without explanation. When all services you use, tools, and all your life are connected to your @gmail.com address, you can imagine how much of a nightmare scenario this is.

I started working on Heritage in 2012 to have a place for film analog photographers to show and tell about their work. To enforce quality and consistency over the site, I put an invitation system in place, and existing members had to invite you if you wanted to upload photos. It also allowed you to have your gallery on your domain, a feature still used as of today by some of you.

Years going, other projects got me very busy, and I never invested enough energy for Heritage to take off. My last code contribution is over five years old; some libraries are outdated, not maintained, or even have known bugs. If I had to redo Heritage today, I would do it very differently. But upgrading the existing code would take too much effort, and let’s also be honest, there are now better ways to show your work than what I did.

Since then, more options became available for photographers to easily publish their work, Adobe Portfolio, Squarespace, Format, Exposure or even Medium and WordPress. Many photographers are simply using Instagram.

After Apple’s announcement, I ordered an M1 Mini only to cancel it when I noticed the 16G non-upgradable RAM. I just reordered it, and I plan to retire my seven years old Hackintosh. It served me well, but after spending the whole weekend trying to upgrade it, having issues with Clover, OpenCore, and find later than Big Sur might not run on it, I decided it was time to move on. The last nail in the coffin was when I remember I had to fix iCloud after moving to OpenCore. When using a Hackintosh, you have to find a matching working serial that Apple servers will accept. After giving a try with ten random ones without luck, I also remembered you might be locked out of Apple services for security reasons, with the only solution to call them to unlock your account. I can only imagine the explanation I’d have to give to the Apple support.

I am way more dependant on my Apple account than before, mobile apps and the AppStore, iCloud storage through many Mac apps, sync between devices, iCloud files, Keychain sync, etc. Being locked out of it would suck.

When reading this seven-year-old post, I remember I used to have a mini before because the current MacPro had not been upgraded for years. The then-new MacPro didn’t fit my need (lots of internal storage), so I moved to Hackintosh as it was way cheaper, and I thought upgradable. Since then, the only upgrade I did was upgrading the GPU (the new OS didn’t support my old GTX 760 graphic card) and adding more SSD disks.

All those steps I thought were transitional, not meaning to last long. They all lasted way longer than expected, and I feel the new M1 mini might last longer than expected as well. Looking at my geekbenchs you’ll see my Hackintosh (listed as iMac14,2) was doing 3719 Multi-core. My new 2020 MBP16” is already twice faster, but the M1 mini beats them all.

However the 2008 MacPro I bought was a great machine, still used to its maximum by a friend I sold it to a decade later. So I’m very much looking forward to the next iMac and MacPro with the new Apple chip.

So long, my dear Hackintosh.

John Gruber writes:

Steve Jobs was on medical leave for the first half of 2009. When he returned in early summer, he devoted most of his attention and time to crafting and launching the original iPad, which was unveiled in April 2010. After that, he had meetings scheduled with teams throughout the company. One such meeting was about MacBooks. Big picture agenda. Where does Steve see the future of Mac portables? That sort of thing. My source for the story was someone on that team, in that meeting. The team prepared a veritable binder full of ideas large and small. They were ready to impress. Jobs comes in carrying a then-brand-new iPad and sets it down next to a MacBook the team had ready for demos. “Look at this.” He presses the home button on the iPad: it instantly wakes up. He does it again. The iPad instantly wakes up. Jobs points to the MacBook, “This doesn’t do that. I want you to make this” — he points to the MacBook — “do that” — he points to the iPad. Then he picks up the iPad and walks out of the meeting.

The story is fascinating: how Steve Jobs was focused on what matters and didn’t waste any time to be politically correct. The whole article about the M1 is interesting. As always, John Gruber is right on point about Apple moving forward.

Jeffrey Paul writes:

It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. (…)

This means that Apple knows when you’re at home. When you’re at work. What apps you open there, and how often.

Apple has complete control over its software, and while I trust them more than Google about my privacy, I don’t understand the purpose of knowing what app I run on my computer. The finding raised by yesterday’s issue when everyone upgraded Big Sur is disappointing.

Joe Biden, in an email to supporters:

“I am honored and humbled by the trust the American people have placed in me and in Vice President-elect Harris. In the face of unprecedented obstacles, a record number of Americans voted. Proving once again, that democracy beats deep in the heart of America.

With the campaign over, it’s time to put the anger and the harsh rhetoric behind us and come together as a nation.

It’s time for America to unite. And to heal. We are the United States of America. And there’s nothing we can’t do, if we do it together. I’m going to speak to the nation tonight and I’d love for you to watch.”

Biden didn’t really win, most people I talked to didn’t vote for him, they voted against Trump. 2020 election shows just how divided America remains, and Trump’s legacy will last for years. He also received more votes in 2020 than in 2016.

I expect Trump to run for re-election in 2024.

Like most people who used the Internet for a long time, I tried and used many, many different online services. Over the years, it means I published content on websites like Flickr, Medium, Instagram, Facebook pages, Twitter, etc. The list is so long I can’t remember it all. Some are still online, some disappeared with my content, some I lost interest in.

When looking at where I published content, the biggest regret I have is when I published it outside my domain name, preventing me from building a brand over time. It’s even worse when using a tool or service not giving me the freedom to leave with an export feature, including my audience details. They say if something is free you are the product. More than being the product, you’re also investing time and money on a service that will make money on your back and your viewers. And remember when those services close, you have no way to get your content back and your only last hope is in the Wayback machine.

I am as guilty as others. I’ve been online since about 1995, involved in creating Internet projects since 1998, blogged since 2003 and I wish I had spent more time publishing on my platform instead of being lazy. For keeping in touch with readers, I should have left a newsletter option instead of adding a link to a Facebook page, including its useless vanity like button showing off with “11.8k people like this”. Facebook will then make you pay to contact them…

The newsletter box I left at the bottom of my photography website only has a few hundred subscribers, but a friend who also uses heritage for his website has close to 10k. Connecting directly with your audience matters…

A fantastic example is John Gruber who’s publishing regularly on his website for almost 2 decades. You can’t expect to have the same success and consistency, but even if you’re a very irregular writer I highly recommend you invest in buying your Internet domain, and only use tools you can easily move away from including your audience and your social graph. You have plenty of tools to choose from, I use Jekyll but you could use a hosted Wordpress as long as you only communicate on your domain.

  1. Buy your domain name, a few options: AWS, Gandi, Google, OVH. Once it’s registered, you can transfer it to another registrar.
  2. Use your own CMS, a few options: Jekyll, Hugo, Next, Gatsby, WordPress.
  3. Find a host, Netlify or S3.
  4. Always publish content under this domain name.

The unit of Internet space ownership is the domain name.