## Comments on the Thompson Hack

I’ve written several times (1, 2, 3) about Ken Thompson’s beautiful if terrifying hack that invisibly inserted a back door into all programs generated with the C compiler. “Invisibly” here means that there’s nothing in the C compiler’s source code that indicates what’s happening.

The other day I came across this interesting discussion of the Thompson Hack that makes it clear, in a way that Thompson’s paper did not, just how devastating the hack is. It’s a nice discussion and anyone serious about programming or security should take a look at it. Of course, as I’ve said before, you’ll never trust your tools again.

## Emacs as a C/C++ IDE

This is another of a series of posts on how to use Emacs as a C/C++ IDE. I’m always seeing queries about how to do that so it’s worth another post on the subject. This time, I want to discuss a series of videos by Baris Yuksel.

There are four videos. The first two cover the usual subjects of completion, yasnippets, iedit, flymake, and even google-cpplint. Most active developers probably have all that installed already (with the possible exception of google-cpplint). Still, if you’re starting from scratch, Yuksel shows what these do and why you might want to install them. These two videos cover the same ground—but in a different way—as Mike Zamasky’s C++ video.

The second two videos are the most interesting. They cover how to give Emacs semantic knowledge of C++. The third video illustrates this with cedit and the fourth shows how to do the same thing with irony/sarcasm if you’re a clang user. Either of these two methods give Emacs intellisence capabilities and you should definitely take a look if you do a lot of C/C++ programming.

The first 3 videos are all together in a panel with the first video. The fourth is separate but can be found here. The videos are all 6 to 8 minutes long so it’s easy to find time to watch them. The videos are from 2014 so they discuss previous versions of Emacs and the packages but most if not all of the material still applies today.

## Emacser Defined

There’s a lot of truth in that, of course, but we’re planning on saving that 1 keypress millions of times.

Posted in General | Tagged | 3 Comments

## Ediff Files from Dired

The prolific abo-abo has a nice bit of Elisp that you will find useful if you like to use dired for your file operations and find yourself diffing a lot of files. His snippet allows you to mark two file in dired, press e, and call ediff on the two marked files.

The code tries to put the newest file second so that ediff will display the changes in a logical way. That is, if you add “new stuff” to the original file, you want ediff to show the change as an addition of “new stuff” rather than as a deletion of it.

## Flash, FedEx? Really?

I like FedEx and I use them all the time to send packages and even important papers that need to be there the next day. I’ve always assumed that like UPS they are a technically sophisticated operation. That illusion was shattered today by this tweet pointed to by Kontra.

If you want to sign on to the FedEx Office site to, say, order up a print job, this is what you get. They even has extensive directions for how to install Flash in case you want to add a serious and well known security risk to your computer.

I don’t understand how a large, presumably clueful, corporation like FedEx could still be using Flash and even encouraging it customers to install it. The word that comes to mind is “malfeasance.” It’s hard enough to get average users to protect their computers from being recruited into a BOT net. We don’t need FedEx asking them to make it easier.

## A Beautiful On-line Version of SICP

If, like me, you’re a lover of SICP (Structure and Interpretation of Computer Programs) you’ll be happy to know that there’s a beautiful on-line version of it available. Years ago, MIT generously put up a version but some of the figures were hard to read and the typography was pretty much what you’d expect from an automatic rendering of the $\LaTeX$ from that era.

This text is rendered in HTML5 and the figures drawn in vector graphics. You can read about the evolution of this project in the UTF Introduction in the book. A lot of loving work went into this and it shows. The introduction says that this was completed in 2014 but I am just now seeing it. If you’re interested in the source or an epub version, the project’s web page has an an announcement of this version along with links to the source and other renderings of it. Take a look and see if you don’t agree that it’s a beautiful rendering of one of the most important books in CS.

I think that last judgment (about SICP being one of the most important CS books) is even more true today since, sadly, the approach taken by SICP is no longer popular. It’s been abandoned—even at MIT, where the whole thing began—in favor of plugging black boxes, in the form of libraries, together to build a program. Perhaps, as even the authors of SICP say, that’s necessary in today’s environment but students are missing out by not being immersed in the view of our profession offered by SICP.

## Query on mbsync for macOS

The wheels grind slowly here at Irreal but they do grind. I’m in the final stages of moving my email to Emacs in my neverending quest to run everything in Emacs. My specific intent is to run mu4e as my client and have mbsync take care of retrieving and syncing emails for my Apple mail account.

Sadly, I can’t get mbsync to connect with the Apple IMAP server. The relevant part of my .mbsyncrc is

IMAPAccount icloud
Host IMAP.mail.me.com
User XXX
Port 993
SSLType IMAPS
SSLVersions TLSv1.2
#CertificateFile /usr/local/share/certs/ca-bundle.crt


when I run this with mbsync -D icloud, I get

...
Logging in...
1 NO [AUTHENTICATIONFAILED] Authentication failed
IMAP command 'LOGIN <user> <pass>' returned an error: NO [AUTHENTICATIONFAILED] Authentication failed


It makes no difference whether or not the CertificateFile line in the configuration is commented out. The security function on the PassCmd line does return my icloud password and even entering the password itself on a PASS line doesn’t work. It makes no difference whether the USER line is just my user name or my full email address.

I’ve consulted DuckDuckGo but I can’t find any examples of setting things up for macOS. If anyone has a working mbsync configuration for talking to Apple’s IMAP server, I’d really like to hear from you. Please leave a comment if you have any wisdom to impart.

UPDATE [2017-03-25 Sat 12:54] Andy Bold figured out the main problem. Since Sierra (I think) introduced two-factor authentication, you need to generate an application specific password for this sort of thing. Once I did that, mbsync connected to the Apple IMAP server without a problem. Now I’m dealing with the notoriously finicky Apple Mail service to get things downloaded. I’ll write up my adventures when I’m done.

Posted in General | Tagged | 7 Comments

## Dired Sorting

If you like to manage your files with Dired and tend to rely on the Dired listing rather than, say, ls, Ben Maughan has an excellent suggestion: dired-quick-sort. Take a look at the Github site to get an idea of what the package can do.

## Reproducible Journalism?

Longtime readers know that we here at Irreal do not generally hold journalists in high regard. Putting the best light on things, they are all too often ignorant and lazy. Still, Irreal is nothing if not dedicated to the scientific method so we’re always interested in contrary evidence. Wilfred Hughes offers this example of such evidence:

For an article entitled Wages rise on California farms. Americans still don’t want the job, the Los Angeles Times performed an analysis of California crop production wages as an IPython notebook. The analysis was done by Ben Welsh of the LA Times Data Desk, which appears to be an internal LA Times group dedicated to such matters. The byline on the article itself was Natalie Kitroeff and Geoffrey Mohan.

I really like this because:

1. Rather than rely on anecdotal evidence, the Times did an actual analysis of the data.
2. The analysis was done in a reproducible research manner. The data source is identified and all the calculations are shown in the notebook.

The article links to the analysis so that any interested readers can see for themselves how the analysis was done. Kudos to the LA Times and their reporters for an excellent example of reproducible research in Journalism and for making the data and the analysis of it public.

Posted in General | Tagged | 1 Comment

## Stein's Emacs Productivity Series

Gregory Stein over at Caches to Caches has a nice series on how he uses Emacs to increase his productivity. I’ve written about a couple of those articles (1, 2) already but it’s useful to see the whole series.

As I’ve said before, Stein is a Ph.D student at MIT and like all such students his time is at a premium. These posts discuss how he leverages Emacs to organize his time and tasks and even optimize his email. There are (currently) four articles and none of them are very long so it’s very much worth your while to take a look if you’d like to make your own workflow at little more frictionless.