storage – Is there a Yubikey equivalent to “stealing the hard drive”?

Short answer

Where would this data live on the device if not on something like flash storage?

It probably is flash, but it’s put in a chip that’s hard to take apart and examine without destroying the data you’re trying to read. It’s not impossible to do, but it’s really quite difficult and expensive. It’s not like a hard drive or flash drive where you can just remove it and plug it into a new computer.

Long answer

It is stored on a tamper-resistant solid-state chip. Most likely it is flash, but is designed in such a way that it’s difficult to non-destructively remove the IC cover to expose the actual die (a process known as decapping). There are many ways to achieve this, but they can all be bypassed with enough effort. You should assume that anyone with a sufficiently-equipped laboratory will be able to break into it.

The usual way to read data from a poorly-protected IC (such as an 8051 chip with the firmware read-protect bit set) is to decap it with acid and then take a detailed photograph of the die. This makes it possible to reverse engineer the design and find the relevant components that will be storing the data you want. If you know where the data is stored, you can simply read the bits off it by examining the electrical properties of those components. A protected IC (like a TPM or Yubikey) merely attempts to make this more difficult. Many barriers are put in place to slow this down, to obfuscate the location of the secret data, and to increase the chances that the die will be damaged during decapping.

For example, see this discussion on forensic recovery from microcontrollers. It has this to say:

Decapsulating the YK4 and sticking it under an optical microscope reveals, well, not a whole lot. Pretty much every active part of the die apart from the bond pads is shielded by a metal layer that prevents the kind of visual inspection and simple UV tampering I described earlier.

One would have to de-process the device further using more exotic (and dangerous) acids or by wet lapping to reveal the true structure hidden underneath. These are destructive processes that render the circuit non-functional.

That’s not to say these types of defenses can’t be bypassed, but getting around such protections usually requires significant investment. Other types of mitigations focus on the detection of decapsulation by placing light sensors on the die itself to detect when the chips powers up after the molding compound has been removed. SIM cards often include an active mesh layer that can detect when a single trace has been cut.

Another technique to retrieve data is to use glitching attacks, which are made possible when the voltage or clock are controlled externally. If the voltage or clock are varied, it can induce glitches that may result in side-channels that expose secrets from the otherwise “sealed” integrated circuit. A well-designed secure storage system will make this nearly impossible, but new attacks are discovered from time to time. You can never completely rule glitching attacks out, but they may not be easy. If someone is going to decap the chip and expose the die and run it while beaming lasers at individual transistors and traces for fault injection attacks, there’s not much they won’t be able to recover.

Regular passive side-channel attacks (monitoring power usage, heat, sound, or radiation during processing of sensitive material) are easier to protect against. This can be done by using constant-time operations which take the same amount of time regardless of the data being processed, or with “masking”, which ensures that an operation takes the same amount of electrical power regardless of what is being processed. This is very effective and protecting against passive attacks, but glitching attacks as described above may force the system into an undefined state that violates the security guarantees provided by constant-time operations and masking, and could reveal secret data.

Different definitions of equivalent norms

I’m trying to show that the following definitions are equivalent

Two norms over a field F are equivalent if:

  1. there exists two costants A,B such that A|x|_1<|x|_2<B|x|_1 for every x in F
  2. there exists c in Re such that |x|_1^c = |x|_2

na.numerical analysis – Equivalent condition for Pareto criticality


  • $d,k,linmathbb N$;
  • $x^astinmathbb R^d$;
  • $f:mathbb R^dtomathbb R^k$ and $g:mathbb R^dtomathbb R^l$ both be differentiable at $x^ast$;
  • $A:={rm D}f(x^ast)$;
  • $C:={rm D}g(x^ast)$;
  • $S:={gle0}$;
  • $mathcal J:=left{jin{1,ldots,l}:g_j(x^ast)=0right}.$

Assume $x^astin S$ and that $g$ obeys the Kuhn-Tucker constraint qualification at $x^ast$$^1$. Say that $x^ast$ is Pareto critical if$^1$ $$notexists xin S:f(x)<f(x^ast)tag3.$$

We can show the following:

Lemma 1: If $x^ast$ is Pareto critical, then $notexists vinmathbb R^d$ with begin{align}forall iin{1,ldots,k}&:langle v,nabla f_i(x^ast)rangle<0\forall jinmathcal J&:leftlangle v,nabla g_j(x^ast)rightranglele 0.tag4end{align}

Note that $(4)$ is equivalent to begin{align}Av&<0\pi_{mathcal J}Cv&le0tag5,end{align} where $pi_{mathcal J}$ is the canonical projection of $mathbb R^l$ onto $mathbb R^{mathcal J}$.

Now I would like to show the following:

Theorem 2: $x^ast$ is Pareto critical iff $exists(lambda,mu)in(0,infty)^ktimes(0,infty)^l$ with begin{align}overbrace{sum_{i=1}^klambda_inabla f_i(x^ast)+sum_{j=1}^lmu_jnabla g_j(x^ast)}^{=:A^astlambda:+:C^astmu}&=0\sum_{i=1}^klambda_i&=1\forall jin{1,ldots,l}:mu_jg_j(x^ast)&=0tag6end{align}

Using Lemma 1, it is straight forward to show “$Rightarrow$“, but I really struggle to show the other direction.

Maybe (but I’m not sure and we would need to prove this), we can show that necessary condition in Lemma 1 is sufficient as well and hence we could assume that $x^ast$ is not Pareto critical and infer that there is a $vinmathbb R^d$ with $(5)$.

However, even then I’m not able to conclude: By $(6)$ there is a $lambda_ast$ with $lambda_{i_ast}>0$. By $(5)$ and $(6)$, $$langleunderbrace{Av}_{=::a},lambdaranglele a_{i_ast}lambda_{i_ast}<0tag7.$$ Now let $c:=Cv$. If it would hold that $$langle c,muranglele0tag8,$$ we could conclude, since we would obtain by $(6)$ that $$0=langle v,underbrace{A^astlambda+C^astmu}_{=:0}rangle=underbrace{langle a,vrangle}_{<:0}+underbrace{langle c,murangle}_{le:0}<0tag9;$$ which is clearly impossible.

The problem is that we only know that $$leftlanglepi_{mathcal J}c,murightranglele0tag{10}$$. And, again, we would still need to show that $v$ as claimed exists at all. But if it does, maybe we can even show that it does not hold $(10)$, but even $(8)$.

$^1$ , i.e. if $vinmathbb R^d$ with $$forall jinmathcal J:leftlangle v,nabla g_j(x^ast)rightranglele0tag1,$$ then begin{align}gamma(0)&=x^ast;\gamma'(0)&=alpha v;\gcircgamma&le0tag2end{align} for some $gamma:(0,1)tomathbb R^d$ differentiable at $0$ and some $alphage0$.

$^1$ componently-wisely strictly smaller.

Windows 10 equivalent of Mac Command+Control+Space

On Mac versioin Maverics onwards there is an emoji shortcut of Command+Control+Space. Is there an equivalent of emoji shortcut for Windows 10?


processing – Mathf.PingPong equivalent in Java

Unity has open sourced their C# runtime to be used as a reference, so you can go checkout how the function is implemented and reimplement it in Java:

In case the link dies, here is the gist of the implementation you’d need to translate to Java:

public static float Repeat(float t, float length)
    return Clamp(t - Mathf.Floor(t / length) * length, 0.0f, length);

public static float PingPong(float t, float length)
    t = Repeat(t, length * 2F);
    return length - Mathf.Abs(t - length);

dnd 5e – Can I enchant a necklace with the equivalent of a healing potion?

Exact Match

There’s no core magic items that match exactly what you’re asking for. However, 5E has optional rules for crafting magic items, and a little tiny bit of guidance for DMs on how to design them. That said, you’re firmly in homebrew territory if you go this route.

A tiny bit of guidance…
Now, as for what that would look like, the healing spell alone–you can get away with Cure Wounds a 1st level spell. Per this table in the DMG, a once per day 1st level spell could be a Common magic item.

However, the ‘auto-cast’ feature of it is, essentially, a Contingency spell. “If I hit 0hp, cast Cure Wounds on self.” And that’s a 6th level spell…which would (again, per that very vague table) put us up in Rare territory.

If you go with the DMG’s rules for this crafting, you’re looking at a 5,000gp expenditure and 200 man-days of effort.

If you go with XGtE’s rules, you’re looking at 10 workweeks of effort and 2,000gp, plus some ingredient pulled off a CR 9-12 creature.

This is just spitballing the effect here…homebrewing magic items is a very touchy affair and it’s really left up to the DM on what it’s going to look like, what its rarity would be, and how much it’s going to take to create it.

But, for reference, the only other “Auto Healing” item I can find in the core rules is the Ring of Regeneration, which is a Very Rare item. (though it heals constantly, not limited per day)

Close Match

Periapt of Wound Closure: Uncommon

While you wear this pendant, you stabilize whenever you are dying at the start of your turn. In addition, whenever you roll a Hit Die to regain hit points, double the number of hit points it restores.

It doesn’t directly heal you, but it means that if you’re at 0HP, you don’t have to worry about death saves unless enemies start wailing on you while you’re down. And it doubles the value of your Hit Dice…so a character who gets beat up a lot can recover from it, without magical healing, more effectively.

Were I DMing for this player, this is what I’d suggest they go for.

dnd 5e – Can I enchant a necklace with the equivalent of a healing potion? (DnD 5e)

I know nothing of magic items really, especially custom ones, so I’m just going to describe an ideal scenario and I’d love some help in how something like it could be achieved, please!
Am looking for some way to enchant a necklace with the ability to give some HP to the wearer. In an ideal world this would be triggered if the wearer hits 0HP, and would be rechargeable in some way.
My player is not a spell caster, so I would be looking for a merchant or someone in town who could do this for her, if you have any advice on how much this might cost, up front and for each recharge or something. (For flavour reasons, she already has a specific necklace she’d like to enchant)
If anything like this is possible, I’d love some help! Thanks!

lo.logic – Is there an equivalent of the incompleteness theorems/halting problem in category theory?

Taking the doctrine of computational trinitarianism ( ), if one understands the incompleteness theorems as the “logic” version, and the answer to the halting problem as the “language theory” version, is there a known expression of this “pair of abstract computational theorems” in category theory ? Or applied category theory ? Something along the lines of “there exists no category of all categories” or “there exists no generalized mathematical model encompassing all applied mathematical models” maybe ? (IIRC, Cat is only the category of locally small categories.)

python sphinx – Exact docutils equivalent for :ref:

The following ReStructuredText contains the :ref: role, which is a Sphinx-extension:

Read more in :ref:`section-target`.

.. _section-target:

Section Title
Text body.

Where :ref:“section-target is parsed to the following doctree:

<reference internal="True" refid="section-target"><inline classes="std std-ref">Section Title</inline></reference>

which is typically parsed as <a href="#section-target">Section Title</a>, thus with name “Section Title” and hyperlink to “section-target”.

Is there an equivalent that I can use to generate this exact same doctree that only uses docutils restructuredtext? (Thus no Sphinx-specific roles or directives). I don’t care about readability, since this will be machine-parsed only.

So far, the closest I got was:

`Section Title <section-target>`_

which resulted in:

<reference name="Section Title" refuri="section-target">Section Title</reference>

That’s close, but it defines a refuri, not a refid.

Regretfully, the documentation of the reference doctree is missing.

Are these two scripts equivalent?

I wonder whether


has the exact same behavior as


which is

1 if no items
0 if any number of items

I’m asking because the first script is used and I’m not sure if there is any justification for that. It’s very likely that they took the simple approach but I need to make sure about that since I want to squeeze the largest number of bytes out of script.