Oathtool
06 OATH Options and Oathtool
The OATH standard has several options.
You need to know which OATH options the site you wish to log into uses in order to use OATH.
07 Options - TOTP versus HOTP
There are two different types of OATH one time passwords, HOTP and TOTP.
HOTP uses a counter.
I won't go into more detail on HOTP as I haven't come across anyone using it.
TOTP uses the current time instead of a counter.
The time is fed into the OATH algorithm along with the shared secret to generate a new password on both ends of the connection.
All the instances of OATH that I am familiar with use TOTP.
08 TOTP Mode
Totp has different "modes".
These modes are hash encoding algorithms such as SHA1, SHA256, or SHA512.
The correct mode must be selected in order to log in using OATH with TOTP.
09 Encoding - Hex versus Base32
Both ends of the connection must be initialized with a shared secret or key which is required as part of the OATH algorithm.
This key could be encoded in one of two forms, either hexadecimal or base32.
Web sites often do not document which encoding method they are using.
If you cannot determine the encoding of the key by simply looking at it you may need to use trial and error during your first OATH log in attempts to see which type of key has been used.
10 Github and Pypi Options
Github and Pypi are two of the most prominent web sites using OATH.
Both use the same options, TOTP with SHA1 mode, and base32 encoding.
11 Using Oathtool
oathtool is a simple command line application which generates one time passwords for use with OATH.
It can be run in a terminal.
However, can also be turned into a simple GUI application using Zenity. Will discuss this in more detail later.
By default oathtool uses hotp and hex encoding.
To use totp and base32 encoding you must specify these on the command line.
To specify base32 encoding for use with for example Github, pass the "-b" or "--base32" argument on the command line.
To specify TOTP, pass the "--totp" argument on the command line.
By default, oathtool uses SHA1 with totp, so you don't need to specify that if you require SHA1.
If you need a different TOTP mode, you specify that as part of the TOTP argument separated by an "=" character. For example "--totp=SHA256".
12 Oathtool Example
Here is a simple example of using oathtool to create a one time password to use with Github or Pypi.
Open a terminal and type the following.
oathtool -b --totp SOMEBIGBASE32SECRETCODE
The one time password will be printed out in the terminal.
You can try this out without using a valid key so long as it is a valid base32 string.
When used with a valid key you then enter that one time password into Github, Pypi, or other web site where it asks for the one time password.
Note that I have not covered in the above how to store and retrieve the key securely, as that is too big of a topic to cover here.
13 Zenity Example
Oathtool is a command line application, but if you are using Linux it is simple to convert it into a GUI application by using "Zenity".
Zenity is a simple to use package that creates GUI windows on the command line or in a shell script.
There are two steps to the proceess.
First create the OTP from the key by using oathtool and save it in a variable.
Next, call a Zenity "info" window wit
All content for Hacker Public Radio is the property of Hacker Public Radio and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Oathtool
06 OATH Options and Oathtool
The OATH standard has several options.
You need to know which OATH options the site you wish to log into uses in order to use OATH.
07 Options - TOTP versus HOTP
There are two different types of OATH one time passwords, HOTP and TOTP.
HOTP uses a counter.
I won't go into more detail on HOTP as I haven't come across anyone using it.
TOTP uses the current time instead of a counter.
The time is fed into the OATH algorithm along with the shared secret to generate a new password on both ends of the connection.
All the instances of OATH that I am familiar with use TOTP.
08 TOTP Mode
Totp has different "modes".
These modes are hash encoding algorithms such as SHA1, SHA256, or SHA512.
The correct mode must be selected in order to log in using OATH with TOTP.
09 Encoding - Hex versus Base32
Both ends of the connection must be initialized with a shared secret or key which is required as part of the OATH algorithm.
This key could be encoded in one of two forms, either hexadecimal or base32.
Web sites often do not document which encoding method they are using.
If you cannot determine the encoding of the key by simply looking at it you may need to use trial and error during your first OATH log in attempts to see which type of key has been used.
10 Github and Pypi Options
Github and Pypi are two of the most prominent web sites using OATH.
Both use the same options, TOTP with SHA1 mode, and base32 encoding.
11 Using Oathtool
oathtool is a simple command line application which generates one time passwords for use with OATH.
It can be run in a terminal.
However, can also be turned into a simple GUI application using Zenity. Will discuss this in more detail later.
By default oathtool uses hotp and hex encoding.
To use totp and base32 encoding you must specify these on the command line.
To specify base32 encoding for use with for example Github, pass the "-b" or "--base32" argument on the command line.
To specify TOTP, pass the "--totp" argument on the command line.
By default, oathtool uses SHA1 with totp, so you don't need to specify that if you require SHA1.
If you need a different TOTP mode, you specify that as part of the TOTP argument separated by an "=" character. For example "--totp=SHA256".
12 Oathtool Example
Here is a simple example of using oathtool to create a one time password to use with Github or Pypi.
Open a terminal and type the following.
oathtool -b --totp SOMEBIGBASE32SECRETCODE
The one time password will be printed out in the terminal.
You can try this out without using a valid key so long as it is a valid base32 string.
When used with a valid key you then enter that one time password into Github, Pypi, or other web site where it asks for the one time password.
Note that I have not covered in the above how to store and retrieve the key securely, as that is too big of a topic to cover here.
13 Zenity Example
Oathtool is a command line application, but if you are using Linux it is simple to convert it into a GUI application by using "Zenity".
Zenity is a simple to use package that creates GUI windows on the command line or in a shell script.
There are two steps to the proceess.
First create the OTP from the key by using oathtool and save it in a variable.
Next, call a Zenity "info" window wit
Oathtool
06 OATH Options and Oathtool
The OATH standard has several options.
You need to know which OATH options the site you wish to log into uses in order to use OATH.
07 Options - TOTP versus HOTP
There are two different types of OATH one time passwords, HOTP and TOTP.
HOTP uses a counter.
I won't go into more detail on HOTP as I haven't come across anyone using it.
TOTP uses the current time instead of a counter.
The time is fed into the OATH algorithm along with the shared secret to generate a new password on both ends of the connection.
All the instances of OATH that I am familiar with use TOTP.
08 TOTP Mode
Totp has different "modes".
These modes are hash encoding algorithms such as SHA1, SHA256, or SHA512.
The correct mode must be selected in order to log in using OATH with TOTP.
09 Encoding - Hex versus Base32
Both ends of the connection must be initialized with a shared secret or key which is required as part of the OATH algorithm.
This key could be encoded in one of two forms, either hexadecimal or base32.
Web sites often do not document which encoding method they are using.
If you cannot determine the encoding of the key by simply looking at it you may need to use trial and error during your first OATH log in attempts to see which type of key has been used.
10 Github and Pypi Options
Github and Pypi are two of the most prominent web sites using OATH.
Both use the same options, TOTP with SHA1 mode, and base32 encoding.
11 Using Oathtool
oathtool is a simple command line application which generates one time passwords for use with OATH.
It can be run in a terminal.
However, can also be turned into a simple GUI application using Zenity. Will discuss this in more detail later.
By default oathtool uses hotp and hex encoding.
To use totp and base32 encoding you must specify these on the command line.
To specify base32 encoding for use with for example Github, pass the "-b" or "--base32" argument on the command line.
To specify TOTP, pass the "--totp" argument on the command line.
By default, oathtool uses SHA1 with totp, so you don't need to specify that if you require SHA1.
If you need a different TOTP mode, you specify that as part of the TOTP argument separated by an "=" character. For example "--totp=SHA256".
12 Oathtool Example
Here is a simple example of using oathtool to create a one time password to use with Github or Pypi.
Open a terminal and type the following.
oathtool -b --totp SOMEBIGBASE32SECRETCODE
The one time password will be printed out in the terminal.
You can try this out without using a valid key so long as it is a valid base32 string.
When used with a valid key you then enter that one time password into Github, Pypi, or other web site where it asks for the one time password.
Note that I have not covered in the above how to store and retrieve the key securely, as that is too big of a topic to cover here.
13 Zenity Example
Oathtool is a command line application, but if you are using Linux it is simple to convert it into a GUI application by using "Zenity".
Zenity is a simple to use package that creates GUI windows on the command line or in a shell script.
There are two steps to the proceess.
First create the OTP from the key by using oathtool and save it in a variable.
Next, call a Zenity "info" window wit
Hello, again. This is Trey.
Welcome to part 3 in my Cheap Yellow Display (CYD) Project series. You can find Part 1 in episode 4472 and Part 2 in episode 4488.
We previously left our handy hero searching for a solution to an amateur radio signal propagation dilemma, while he is trying to become proficient with Morse code. The CYD technology is simmering in the back of his brain – an answer in search of a problem.
Hah! I love trying to create the feel of a vintage radio or television series with the intro and outro for these episodes. But I am by no means the hero. I am simply Trey – a grumpy old man and tinkerer. Instead, the real hero in this episode is Keith
VE3SVQ-THE SHAKY KEY
on YouTube.
So.... Let's see. Where were we? Oh yes. I have been trying to learn Morse code
-.-. --.- -.-. --.- (CQ CQ)
That was me, tapping out "CQ CQ" in Morse code using the practice set I keep on my desk. This consists of a set of code paddles, connected to an Arduino Nano, which I built several years ago based what I learned watching
Code Practice Oscillator; Aka: The Three Arduinos
on Jmhrvy1947's YouTube Channel, and based on the code from
his GitHub
https://github.com/jmharvey1/ArduinoCPO
. I did need to make modifications, both to support the Ardunio Nano on which I chose to run it, and for my own sanity, as the way that I learned to write code for Ardunio is very different. I focus on readability and flexibility. You can see these changes on
my own GitHub
(
https://github.com/jttrey3/PracticeOscillator/blob/main/PracticeOscillator.ino
)
Anyway, I have been studying. I have been watching videos. I have been practicing. I might actually be learning some of this stuff. If you are interested in more details about the resources I am using, leave a comment for this episode, or drop me an email using the address in my profile, and I may record an episode about it.
The result is that I have been learning. But also, the google and YouTube algorithms have bee
New hosts Welcome to our new hosts: Kirbotica, Thibaut, candycanearter. Last Month's Shows Id Day Date Title Host 4478 Wed 2025-10-01 YouTube Subscriptions 2025 #6 Ahuka 4479 Thu 2025-10-02 Who is the Algernon for Whom are the Flowers? Antoine 4480 Fri 2025-10-03 Arthur C. Clarke Becomes Successful Ahuka 4481 Mon 2025-10-06 HPR Community News for September 2025 HPR Volunteers 4482 Tue 2025-10-07 doodoo 4 the double deuce Jezra 4483 Wed 2025-10-08 HPR Beer Garden 3 - Porters Kevie 4484 Thu 2025-10-09 When Your Dentist Uses ChatControl Logic Trollercoaster 4485 Fri 2025-10-10 Git for Github and Gitlab Archer72 4486 Mon 2025-10-13 A code off my mind
This brings us to a look at Arthur C. Clarke's most famous series,
2001: A Space Odyssey and its sequels.
Links:
https://en.wikipedia.org/wiki/2001:_A_Space_Odyssey
https://en.wikipedia.org/wiki/The_Sentinel_(short_story)
https://en.wikipedia.org/wiki/Encounter_in_the_Dawn
https://en.wikipedia.org/wiki/2001:_A_Space_Odyssey_(novel)
https://en.wikipedia.org/wiki/The_Lost_Worlds_of_2001
https://en.wikipedia.org/wiki/2010:_Odyssey_Two
https://en.wikipedia.org/wiki/2010:_The_Year_We_Make_Contact
https://en.wikipedia.org/wiki/2061:_Odyssey_Three
https://en.wikipedia.org/wiki/3001:_The_Final_Odyssey
https://www.palain.com/science-fiction/the-golden-age/arthur-c-clarke-2001-and-sequels/
Greg
Farough and Zoë Kooyman
of the FSF interview Librephone
lead developer Rob
Savoye (DejaGNU, Gnash, GCC) on his work with the new
project to liberate nonfree binary blobs on mobile phones.
Links
https://librephone.fsf.org/
https://www.fsf.org/news/librephone-project
https://www.fsf.org/campaigns/librephone
https://en.wikipedia.org/wiki/Rob_Savoye
https://www.fsf.org/about/staff-and-board#gregf
https://www.fsf.org/about/staff-and-board#zoe
Table of Contents
─────────────────
greetings
links to software
hardware
install
check it works
now the fix
outro
0 greetings
═══════════════════
continuation from episode 4388, review of the book the Arduino
controlled by eforth by dr chen-hanson ting
1 links to software
═══════════════════
https://github.com/PeterForth/DR-TING-OFFETE-SVFIG-MIRROR,
328eforth source code
https://github.com/Ro5bert/avra,
opensource assembler
https://www.engbedded.com/fusecalc/,
configuration fuse calculator
https://github.com/avrdudes/avrdude,
flashing software
https://github.com/oh2aun/flashforth,
terminal shell programs
2 hardware
══════════
programmer, avrisp2 recommended, build your own
https://www.hackerpublicradio.org/eps/hpr2799/index.html
Arduino UNO R3, Arduino Nano
3 install
═════════
download 2159_328eforth.zip unzip that file then cd into it
build assembler file, avra 328eforth220.asm
50+ warnings that avra generates because it pads out the words
with null characters in order to get the write size for each
word
an over view of whats going on in the build process
flashing process from the book,
avrdude -p m328p -c avrisp2 -e -U flash:w:328eforth220.hex:i -U
lfuse:w:0xff:m -U hfuse:w:0xd8:m -U efuse:w:0xfd:m
what i use,
avrdude -p m328p -c avrisp2 -e -U flash:w:328eforth220.hex:i -U
lfuse:w:0xe2:m -U hfuse:w:0xd8:m -U efuse:w:0xfd:m
4 check it works
════════════════
open terminal and plug in board, or reset board you should see,
328eforth v2.20 if you hit the return key you'll get an ok
5 now the fix
═════════════
clues from turnkey
flush+
: flush+ ( -- )
context @ context i!
cp @ cp i!
dp @ dp i!
last @ last i!
flush
;
flush+ at the terminal prompt saves words,updates the memory
pointers
saving words across reboots
now you can save newly defined words across reboots
6 outro
═══════
You're currently going through a difficult transition period
called, "Life."
Utrecht is a province (and city) in the Netherlands - https://en.wikipedia.org/wiki/Utrecht
Amersfoort is a medieval town - https://en.wikipedia.org/wiki/Amersfoort
Stroopwafel is a Dutch sweet treat - https://en.wikipedia.org/wiki/Stroopwafel
Kamp Amersfoort was a concentration camp, now a museum - https://kampamersfoort.nl
Mondriaan House in Amersfoorte shows some of the artists work,
talks about his life and presents modern interpretations inspired
by him - https://www.mondriaanhuis.nl/en/
Speelklok Museum in Utrecht is all about mechanical music - https://www.museumspeelklok.nl
International Road Signs - https://en.wikipedia.org/wiki/Traffic_signs_by_country
Wintergartan makes videos about his mechanical instruments - https://youtube.com/@wintergatan?si=fFTMWz-8pG8Bv1y-
This is more going over what I like about taskwarrior rather than
a comprehensive guide, please check https://taskwarrior.org/docs/start/
for a more comprehensive quickstart.
Taskwarrior is Free and Open Source Software that manages your
TODO list from the command line.
It is flexible, fast, and unobtrusive.
It does its job then gets out of your way.
I formatted my Samsung Galaxy after updating to Android 16. Now I
install my keyboard of choice and talk on HPR while making the
initial configuration as I prefer, with focus on the topics:
Why I prefer FK (pleasant ux and interface, good dose of
personalization, offline)
Select all, copy and paste directly from the keyboard (long
press A, C and V, respectively)
downsides (I think I didn't
say them on the show): not the best swipe-to-type,
voice-to-text and prediction of correction, specially if not in
English
Oathtool
06 OATH Options and Oathtool
The OATH standard has several options.
You need to know which OATH options the site you wish to log into uses in order to use OATH.
07 Options - TOTP versus HOTP
There are two different types of OATH one time passwords, HOTP and TOTP.
HOTP uses a counter.
I won't go into more detail on HOTP as I haven't come across anyone using it.
TOTP uses the current time instead of a counter.
The time is fed into the OATH algorithm along with the shared secret to generate a new password on both ends of the connection.
All the instances of OATH that I am familiar with use TOTP.
08 TOTP Mode
Totp has different "modes".
These modes are hash encoding algorithms such as SHA1, SHA256, or SHA512.
The correct mode must be selected in order to log in using OATH with TOTP.
09 Encoding - Hex versus Base32
Both ends of the connection must be initialized with a shared secret or key which is required as part of the OATH algorithm.
This key could be encoded in one of two forms, either hexadecimal or base32.
Web sites often do not document which encoding method they are using.
If you cannot determine the encoding of the key by simply looking at it you may need to use trial and error during your first OATH log in attempts to see which type of key has been used.
10 Github and Pypi Options
Github and Pypi are two of the most prominent web sites using OATH.
Both use the same options, TOTP with SHA1 mode, and base32 encoding.
11 Using Oathtool
oathtool is a simple command line application which generates one time passwords for use with OATH.
It can be run in a terminal.
However, can also be turned into a simple GUI application using Zenity. Will discuss this in more detail later.
By default oathtool uses hotp and hex encoding.
To use totp and base32 encoding you must specify these on the command line.
To specify base32 encoding for use with for example Github, pass the "-b" or "--base32" argument on the command line.
To specify TOTP, pass the "--totp" argument on the command line.
By default, oathtool uses SHA1 with totp, so you don't need to specify that if you require SHA1.
If you need a different TOTP mode, you specify that as part of the TOTP argument separated by an "=" character. For example "--totp=SHA256".
12 Oathtool Example
Here is a simple example of using oathtool to create a one time password to use with Github or Pypi.
Open a terminal and type the following.
oathtool -b --totp SOMEBIGBASE32SECRETCODE
The one time password will be printed out in the terminal.
You can try this out without using a valid key so long as it is a valid base32 string.
When used with a valid key you then enter that one time password into Github, Pypi, or other web site where it asks for the one time password.
Note that I have not covered in the above how to store and retrieve the key securely, as that is too big of a topic to cover here.
13 Zenity Example
Oathtool is a command line application, but if you are using Linux it is simple to convert it into a GUI application by using "Zenity".
Zenity is a simple to use package that creates GUI windows on the command line or in a shell script.
There are two steps to the proceess.
First create the OTP from the key by using oathtool and save it in a variable.
Next, call a Zenity "info" window wit
