Dear Lazyweb,

How do I style an INPUT element so that its contents behave like a DIV, wrapping text and expanding height to fit?

I have a page that has an "edit' mode where I've got a bunch of populated form elements, and in non-edit mode, those are styled to just look like normal text. It looks a little like the following. I want the thing on the left to look like the thing on the right when the box is un-checked.





A. All work and no play makes Jack a dull boy.

C. All work and no play makes Jack a dull boy.

D. All work and no play makes Jack a dull boy.


I realize I could accomplish this by having a separate DIV that shadows the content of the INPUT elements and selectively exposing one or the other, but that's more of a hassle. This feels like it should be achievable with CSS.

Previously, previously, previously, previously.

Posted Sat Sep 23 03:19:22 2023 Tags:

This July in the US was the hottest month ever, and it caused unprecedented damage to US food production, covering land and sea.

Posted Fri Sep 22 21:50:26 2023 Tags:

Australian elected officials are putting pressure on the US to drop charges against Julian Assange.

Posted Fri Sep 22 06:50:47 2023 Tags:

Richard Stallman will be speaking at the GNU 40th anniversary event in Switzerland on September 27th.

Celebration and Free/Libre Software Developer meeting in Biel/Bienne

40 years ago the GNU Project — to develop the GNU operating system — was launched and gave birth to the Free Software movement, and Free Software has since become the cornerstone of modern computing. The GNU Project is celebrating its fortieth anniversary with a hacker meeting at the Volkshaus in Biel/Bienne, which will feature presentations about various GNU packages, Free Software philosophy, and the development process.

  • When? The event runs September 27, 2023, 9:00–22:00 CEST
  • When is this keynote address? On September 27th at 14:00h
  • Where? Volkshaus in Biel/Bienne, Switzerland
  • Link: <>

Posted Fri Sep 22 06:50:47 2023 Tags:

Modi is accused of a series of assassinations of Sikh separatists.

I do not support that separatist cause, and it is legitimate for Indian leaders to oppose it. But not by assassination of exiles. Is Modi taking after Putin as well as after the bullshitter?

Posted Fri Sep 22 06:50:47 2023 Tags:

The Putin forces have kidnapped over 18,000 Ukrainian children from occupied areas and sent them to Russia. Some of them have been taken to Belarus by Lukashenko's agents.

Posted Fri Sep 22 06:50:47 2023 Tags:

Robert Reich: *Strikes aren’t bad for the US economy. They’re the best thing that could happen.*

Previous waves of strikes gave America the large middle class that has now been mostly eliminated by the power of the rich.

Posted Fri Sep 22 06:50:47 2023 Tags:

Azerbaijan heavily attacked the Armenian enclave of Nagorno-Karabakh.

Posted Fri Sep 22 02:30:51 2023 Tags:

US citizens: call on Congress to reject Republican plans to cut Medicaid, Medicare, and Social Security.

Rich people do not have a "right" to keep all the money they alter our laws to direct to them!

If you are invited to phone your representative, that is an effective thing to do. But you don't need to do this by texting from a snoop-phone. You can simply phone 202-224-3121.

If you phone, please spread the word!

Posted Fri Sep 22 02:30:51 2023 Tags:

US citizens: call on Congress to renew funding for child care before it expires on September 30.

The Capitol Switchboard numbers are +1-202-224-3121, +1-888-818-6641 and +1-888-355-3588.

If you phone, please spread the word!

Posted Thu Sep 21 10:32:23 2023 Tags:

US citizens: call on the Biden Administration to stay firm against corporate lobbyists, and tax billion-dollar corporations.

The White House comments lines are +1-202-456-1111 and (TTY/TDD) +1-202-456-6213.

If you phone, please spread the word!

Posted Thu Sep 21 10:32:23 2023 Tags:
Dear Armchair Epidemiologists,

(And I can't believe I'm asking this, but I have found no straight answers.)

Let's hypothesize a future, several weeks from now, where three vaccines are available: Pfizer, Moderna and Novovax. For someone without weird allergies or phobias, is there any reason to believe that one is better than the other? (Citations, please.)

Novovax's marketing seems to be saying, "We're the vaccine for people who don't want RNA in their bodies", so that's not super compelling.

Posted Tue Sep 19 03:53:46 2023 Tags:

The standard approach to supporting real Poker (generally meaning Hold’em) on a blockchain is to use a bunch of zero knowledge stuff to get a secret permutation. A much more practical albeit unpleasant approach is to play hands out as normal and simply cancel any hand which has a duplicate card. You can make that much less unpleasant by doing a 2-party computation beforehand to figure out if there will be any duplicate cards and ‘pre-cancel’ the hand, resulting in a much better practical play experience and very low on-chain cost but with possibly impractical computational requirements of the machines involved. I’ve done some digging into this now and the indications aren’t encouraging but I’ll put my thoughts together here.

For context, here’s what the on-chain protocol looks like:

  1. Alice and Bob commit to their 5th images (if you don’t want the 2-party computation you can optimize out half of this step but that’s no big difference.)

  2. Alice and Bob reveal their 4th images. Alice calculated her two hole cards from Bob’s 4th image and her preimage and Bob calculates his two hole cards from Alice’s 4th image and his preimage

  3. Alice and Bob reveal their 3rd images, used to calculate the 3 flop cards

  4. Alice and Bob reveal their 2nd images, used to calculate the turn card

  5. Alice and Bob reveal their 1st images used to calculate the river card

  6. Alice and Bob reveal their preimages

That’s about 20 sha256 hashes at about depth 6. For my specific case a secure hash function based off BLS12-381 groups could also be used.

It appears to be that a semi-honest protocol can be used as follows: The output of the circuit is Alice’s 5th image (her commit), Bob’s 5th image (his commit), whether a duplicate card happens, and the hash of a combination of Alice and Bob’s preimages, used preventing chicanery. The protocol is run twice, once for Alice to do the calculations and once for Bob. After the calculations are done Alice and Bob send each other MAC challenges about that final value and if the other side isn’t able to generate a good response the hand is cancelled.

Whether this is a reasonable/safe use of semi-honest computation I’m unclear. There’s no harm done if either side can sniff some information as long as it results in cancellation of the hand, and even if one side is able to sniff, say, a single bit of the input of the other side’s preimage that doesn’t help cheating because the whole thing is hashed anyway. If a controlled bit of information from inside the circuit can be sniffed that’s much more of a problem. Feedback on this welcome.

As for benchmarks which need to be met, here are some teetering-on-the-edge benchmarks which need to be met for a Poker protocol to be practical. If all of these are met the protocol is on the edge. If they’re all exceeded by an order of magnitude you’re on easy street:

  • No more than 10 seconds of computation time on a standard desktop

  • No more than 100 round trips

  • No more than 100 megabytes of data transferred each way

Initial digging indicates that number of round trips can be met by selecting the right protocol (assuming semi-honest is okay) but the other two are off by a few orders of magnitude. Again feedback from experts would be welcome.

Thanks for reading Bram’s Thoughts! Subscribe for free to receive new posts and support my work.

Posted Mon Sep 18 21:12:01 2023 Tags:
This just in from NTSB: yesterday afternoon a rapid unscheduled disassembly event was experienced by our rooftop intake fan:

The real tragedy here is that we didn't get video of the event. Our neighbor across the street described the sound as a washing machine falling down the stairs. It lifted itself off its mount and tried to go airborne:

You can see some photos of this fan when it was in the first flush of youth in my photos from 2001, during its first flight.

Our regular HVAC guy is out of town, so if you have any recommendations...

Posted Mon Sep 18 16:45:06 2023 Tags:
Absolute table-flip badassery:

The comic book property called Fables, including all related Fables spin-offs and characters, is now in the public domain. What was once wholly owned by Bill Willingham is now owned by everyone, for all time. It's done, and as most experts will tell you, once done it cannot be undone. Take-backs are neither contemplated nor possible. [...]

Since I can't afford to sue DC, to force them to live up to the letter and the spirit of our long-time agreements; since even winning such a suit would take ridiculous amounts of money out of my pocket and years out of my life (I'm 67 years old, and don't have the years to spare), I've decided to take a different approach, and fight them in a different arena, inspired by the principles of asymmetric warfare. The one thing in our contract the DC lawyers can't contest, or reinterpret to their own benefit, is that I am the sole owner of the intellectual property. I can sell it or give it away to whomever I want.

I chose to give it away to everyone. If I couldn't prevent Fables from falling into bad hands, at least this is a way I can arrange that it also falls into many good hands. Since I truly believe there are still more good people in the world than bad ones, I count it as a form of victory.

Previously, previously, previously.

Posted Fri Sep 15 03:13:30 2023 Tags:
Me on WebP twelve years ago: "Google drops another turd in the punchbowl."

Everyone on WebP today: "Well this fucking sucks. What the fuck."

Just days after Apple released iOS 16.6.1 to secure iPhones and iPads against a critical zero-day exploit involving ImageIO, Google has rushed out an emergency security update for Chrome users for a zero-day threat impacting the WebP image format. [...]

Any software that uses the libwebp library is affected by this vulnerability, including Electron-based applications such as 1Password and Signal.

Previously, previously, previously, previously, previously.

Posted Fri Sep 15 02:58:02 2023 Tags:
A New Antidemocracy Tool:

Don't let the "AI" in the name fool you. There's nothing intelligent about EagleAI, which appears to be no more than a system that performs data matches based on a database of public voter data amassed by a web scraper. Its own proponents describe it as "Excel on steroids." [...]

EagleAI takes from sources including the National Change of Address database, criminal justice records, and tax property data to create massive lists of voters. From there, it highlights names of potentially ineligible voters using criteria that are at best unreliable and at worst irrelevant, such as matching names on voter lists with change-of-address forms or felony convictions, or even just registration at nursing homes (baselessly implying that nursing home residents are somehow not competent to vote). Amateur investigators take the highlighted names and look for purported evidence of voter ineligibility, like a social media posting from out of state. They can then use EagleAI to auto-prepare challenge forms in a couple of clicks. It's no more than a clearinghouse for election deniers to compile mass challenges.

Voting rights activists sound alarms over private tool that could lead to cancelling voter registrations:

EagleAI NETwork's founder, Dr. John W. "Rick" Richards Jr. [...] presented the software in March to the conservative Election Integrity Network, a group organized by attorney Cleta Mitchell, who took part in Trump's phone call in which he asked Georgia's secretary of state to "find" enough votes for him to win the state's electors in 2020.

During the presentation, Mitchell called the software "amazing" and said she wanted to "get a plan together" to share the platform with other groups and states that have withdrawn from ERIC.

"The left will hate this ... but we love it," Mitchell said at the meeting. [...]

The scrutiny of EagleAI NETwork comes after nine Republican-led states withdrew from the Electronic Registration Information Center, known as ERIC -- a once-obscure consortium that was founded a little more than a decade ago as a way for states to share government data to update voter registration rolls in an effort to prevent fraud. [...]

ERIC has been the target of criticism by Trump and conservative activists, who have cast it as swelling voter registration rolls because member states must send out information encouraging eligible residents to register to vote.

Previously, previously, previously, previously, previously, previously.

Posted Thu Sep 14 20:27:59 2023 Tags:

At least two people have contacted me concerning the 2 BTC bounty:

2 BTC for a human-readable bolt 12 offer generator feature integrated into a popular iOS or android bitcoin wallet. “Human-readable” means something that can be used on feature phone without QR or copy/paste ability. For example, something that looks like LN address.

This, of course, is asking to solve Zooko’s Triangle, so one of decentralizationm, human readability, or security needs to compromise! Fortunately, the reference to LN address gives a hint on how we might proceed.

The scenario, presumably, is Bob wants to pay Alice, where Alice shows Bob a “Human Readable Offer” and Bob types it into his phone. Each one runs Phoenix, Greenlight, or (if their phone is too low-end) uses some hosted service, but any new third party trust should be minimized.

There are three parts we need here:

  1. Bob finds Alice’s node.
  2. Bob requests Alice’s node for invoice.
  3. If she wants, Alice can easily check Bob’s going to pay the right thing.

The Imagined Scenario

Consider the normal offer case: the offer encodes Alice’s nodeid and description (and maybe other info) about what’s on offer. Bob turns this into an invoice_request, sends an onion message to Alice’s node, which returns the (signed) invoice, which Bob pays. We need to encode that nodeid and extra information as compactly as we can.

Part 1: Finding Alice’s Node from a Human Readable Offer

The issue of “finding Alice’s node” has been drafted already for BOLT12, at (but it needs updating!). This means that if you say “” you can get a valid generic offer, either by contacting the webserver at “” or having someone else do it for you (important for privacy!), or even downloading a public list of common receivers.

Note that it’s easier to type * than @ on feature phones, so I suggest allowing both and RUSTY*BLOCKSTREAM.COM.

What’s Needed On The Server

  1. The BOLT 12 Address Format needs to be updated.
  2. It needs to be implemented for some Web server.
  3. Ideally, integrate it into BTC Payserver or the like.

Part 2: Getting the Invoice

Now, presumably, we want a specific invoice: it might be some default “donate to Alice”, but it could be a specific thing “$2 hot dog”. So you really want some (short!) short-code to indicate which invoice you want. I suggest a hash, followed by some randomly chosen alphanumeric string here (case-insensitive!): an implementation may choose to restrict themselves to numbers however, as that’s faster to enter on a feature phone.

What’s Needed On The Server

  1. We can put the short-code in the invreq_payer_note field in BOLT 12 or add a new odd field.
  2. We need to implement (presumably in Core Lightning):
    • A way to specify/assign a short-code for each offer.
    • A way of serving a particular invoice based on this short-code match.

Part 3: Checking the Invoice

So, did you even get the right node id? That’s the insecure part; you’re trusting! Checking the nodeid is hard: someone can grind out a nodeid with the same first 16 digits in a few weeks. But I think you can provide some assurance, by creating a 4-color “flag” using the node id and the latest bitcoin blocks: this will change every new block, and is comparable between Alice and Bob at a glance:

Example nodeid flag for block 807747

This was made using this hacky code which turns my node id 024b9a1fa8e006f1e3937f65f66c408e6da8e1ca728ea43222a7381df1cc449605 into an RGB color (by hashing the nodeid+blockhash).

For a moment, when a new block comes in, one image might be displaced, hence the number, but it’ll only be out by one.

Putting it All Together

What’s Needed On Alice’s Client

  1. Alice needs to configure her BOLT12 Address with some provider when she sets up the phone: it should check that it works!
  2. She should be able to choose an existing offer (may be a “donation” by default), or create a new one on the fly (with a new short code).
  3. Display the BOLT12-ADDRESS # SHORT-CODE, and the current nodeid flag.

What’s Needed On Bob’s Client

  1. It needs to be able to convert BOLT12-ADDRESS into a bolt12 address request:
    • Either via some service (to be implemented!), or by directly query (ideally over Tor).
  2. It needs to be able to produce an offer from the returns bolt12 address response, by putting the SHORT-CODE into the invreq_payer_note.
  3. It needs to be able to fetch an invoice for this offer.
  4. It needs to be able to display the current nodeid flag for the invoice’s node id.
  5. Allow Bob to confirm to send payment.

Is There Anything Else?

There are probably other ways of doing this, but this method has the advantage of driving maturity in several different areas which we want to see in Bitcoin:

  1. bolt12 address to support vendor field validation for offers.
  2. Simple name support for bootstrapping.
  3. Driving Bitcoin to be more accessible to everyone!

Feel free to contact me with questions!

Posted Thu Sep 14 14:30:00 2023 Tags:
Sorry, all out of cake. Supply chain issues. COVID. Ever-Given. Swamp gas.

I think it's fair to say that the official policy of SF Flower Mart is "Jews use side door."

Previously, previously, previously, previously, previously, previously.

Posted Thu Sep 14 06:48:25 2023 Tags:

Planet Debian upstream is hosted by Branchable.