Aaron Burrow


Read this first

quirk in bash security check (privileged mode)

Did you know the name given to bash affects its behavior?

burrows@box:/tmp/priv$ ln -s /bin/bash sh
burrows@box:/tmp/priv$ ln -s /bin/bash ba
burrows@box:/tmp/priv$ ./ba -c "set -o | grep posix"
posix           off
burrows@box:/tmp/priv$ ./sh -c "set -o | grep posix"
posix           on

This is a little odd, but it gets stranger.

Here is a snippet from the bash manpage discussing the -p option.

Turn on privileged mode. In this mode, the $ENV and $BASH_ENV files are not processed, shell functions are not inherited from the environment, and the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE variables, if they appear in the environment, are ignored. If the shell is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, these actions are taken and the effective user id is set to the real user id. If the -p option is supplied at

Continue reading →

manual deployment of extensions in chromium

Chrom(ium) let’s us install an extension (crx file) by putting it into a special directory. The details are discussed on this page.

In particular the page says to use these directories on linux.


However, these directories don’t work with chromium, so presumably they work only in chrome (chromium v chrome). This fact wasn’t documented anywhere that I came across, so it took me a while to figure out.

From src/chrome/common/chrome_paths.cc in the chromium source code.

#if defined(OS_LINUX)
// The path to the external extension <id>.json files.
// /usr/share seems like a good choice, see: http://www.pathname.com/fhs/
const base::FilePath::CharType kFilepathSinglePrefExtensions[] =

Continue reading →

accessing digital cert with javascript

How can we get access to the digital certificate for the page that our browser just loaded using javascript?

It’s not possible in Chrome, but we can do it using an extension in Firefox. This stackoverflow question goes into more details.

The question doesn’t explain how to accomplish the feat. For that, let’s consult the Firefox extension from the CMU Perspectives Project.

The relevant section of code from perspectives/plugin/chrome/content/notaries.js

    // gets current certificate, if it PASSED the browser check
    psv_get_valid_cert: function(ui) {
        try {
            if(!ui.SSLStatus) {
                return null;
            return ui.SSLStatus.serverCert;
        catch (e) {
            Pers_debug.d_print("error", "Perspectives Error: " + e);
            return null;

Continue reading →

universal copy/paste in linux

I’d like to use the same copy/paste keyboard bindings in every application on linux. I spent some time determining if such is possible (spoiler, at best it’s hacky).

Code is available here.

 linux clipboard basics

Linux copy/paste works through an X11 primitive called Selections.

Selections are the primary mechanism X11 defines for clients that want to exchange information with other clients. A selection transfers arbitrary information between two clients. You can think of a selection as a piece of text or graphics that is highlighted in one application and can be pasted into another, though the information transferred can be almost anything. Clients are strongly encouraged to use this mechanism so that there is a uniform procedure in use by all applications.

(Volume One: Xlib Programming Manual/Chapter 12/Selections)

The Inter Client Communications Conventions Manual (ICCCM)

Continue reading →

Calling off with QQ on KXXccc flop

Hero raises in CO with QhQs, Villain (51/13/1.9) limp/calls UTG.

Flop is Kc4cJc, the pot is .58 and the effective stack is 1.31. Villain mindonks and I make it .48 (this cbet may have been too large, but let’s consider what happens next). Villain shoves and we’re getting 2.86 to 1 to call. Hero needs 26% equity against Villain’s range for the call to be profitable.

I don’t expect Villain to have KK, JJ, KJ, AK or KQ because he will usually raise these hands. So, the value hands we’re behind are 44, K4s, J4s and VcWc. How many flush draws does Villain need to shove in order for the call to be profitable?

Villain’s NFDs are flipping with us. We have ~60% equity against FDs that don’t have the Ac.

hand type combos equity
9 made combos 44, K4s, J4s 13.5%
X flush combos VcWc ~2.8%
Y draw combos VcWx > 50%


This linear function says to call the jam when Villain has

Continue reading →

optimal OOP play against a polarized range

Consider this simplified river spot. Hero is OOP with a condensed range against Villain’s polarized range. Hero’s hands can only beat Villain’s bluffs. Let’s also say that each player can only use an unmixed strategy for their entire range: Hero must always check-call or check-fold, Villain must always check or bet.

How does Villain’s EV change as a function of his range composition?

 Hero always calls

When Villain bets his entire range he begins to make money when his value bets outnumber his caught bluffs. Once we consider the money Villain loses from failed bluffs, we see that his EV is equivalent to his equity share.

Furthermore, we can integrate his EV equation from 0 to T and we get PT/2. This is equivalent to multiplying the mean value by total combos, T.

Villain checks his entire range and again his EV is equivalent to his equity.

Now we can compare Villain’s perfect

Continue reading →

Subscribe to Aaron Burrow

Don’t worry; we hate spam with a passion.
You can unsubscribe with one click.