Even The New York Times Is Getting A Clue

Posted on 2012-08-08 by jcs

The New York Times Sunday Review has an interesting article on piracy. They invoke the common metaphor of Whac-A-Mole and conclude that Internet piracy is not going away and that the content industry is fooling themselves to believe otherwise. They suggest that maybe it’s time to move on and find a new business model.

None of this is news to Irreal readers, of course, but it’s significant because the very epicenter of the establishment media is promulgating these views. Perhaps there’s hope after all.

Even though you won’t find any new ideas, I urge you to read the article if only because it’s so satisfying to hear these things from the content establishment.

Posted in General | Tagged | Leave a comment

The Emacs Configuration File

Posted on 2012-08-07 by jcs

Xah Lee has an interesting post on organizing your emacs init file in which he advocates breaking your .emacs or init.el file into several subfiles. Generally when people do this they organize the subfiles by category or function—all the items concerned with processing C files, for example, would be in their own subfile—and Lee is in favor of this approach. But even more, he says it’s a win to just arbitrarily break your .emacs or init.el into equal parts based simply on length.

I understand the urge to segregate individual functionality into separate files but I’ve never been able to warm up to the idea. My init.el file is a little over 800 lines, probably making it of medium length in the universe of such files. According to Lee and others who like to break their configuration files up, this makes me a prime candidate for using subfiles.

I sort of do that by organizing my init.el into subsections within the single file but I don’t see the case for multiple files. It seems to me that it’s just harder to find things that way and because I’m always tweaking my init.el I almost always have it open it Emacs. That would be more of a pain if I had to keep several subfiles open all the time. Still, I recognize that this is largely a matter of preference and don’t insist that my way is right or better; it’s just my way.

The really interesting thing about Lee’s post is a bit of Elisp that he gives to automatically byte compile your .emacs or init.el file when it’s saved after being changed. The code checks to see if a .elc exists and if so recompiles the init file. I’ve seen other solutions that do the same sort of thing but they all fell just a little bit short. The nice thing about Lee’s solution is that you can easily modify it to do exactly what you need.

Regardless of your position on multiple Emacs init files, Lee’s solution for automatically compiling this file or files makes his post worth a read.

Posted in General | Tagged | 8 Comments

The Dropbox Breakin

Posted on 2012-08-06 by jcs

Much is being made of the supposed Dropbox break in. Several users reported that they started receiving spam at email addresses that were only used with their Dropbox accounts. Dropbox, to their credit, immediately launched an investigation and brought in outside investigators to aid in their analysis.

The results of that investigation pretty much boil down to:

  • Most of the accounts were compromised because users had used the same passwords at other sites that were later compromised, and
  • A Dropbox employee, whose account was compromised in the same way, had stored an internal Dropbox document in the system that contained further email addresses.

The press, of course, was quick to compare this to the LinkedIn exploit that resulted from very poor security practices on LinkedIn’s part. But how, exactly, is Dropbox to blame for this? Yes, they have an employee who did an extremely stupid thing but how are they supposed to guard against users reusing their credentials? All in all, Dropbox was taking security seriously and doing everything right. They have since started offering optional two-factor authentication and a page that allows users to track logins to their accounts.

To my mind, the real blame belongs with the users who couldn’t be bothered to use unique passwords. This does include the Dropbox employee who, one hopes, had been admonished, terminated, or otherwise suffered the application of the clue bat. As I wrote recently, password reuse is endemic and those who are guilty of it deserve no sympathy when the real world exacts its revenge.

And, by the way, let me say again: if you store sensitive data in the cloud you better encrypt it. Dropbox is, of course, responsible for the action of their employees and one hopes that this incident will encourage them to make sure these employees aren’t doing things that endanger their customers. Still, the user is ultimately responsible for safeguarding their data. That means that they should assume that screw ups will happen and should therefore take actions to ensure they aren’t affected when they do.

Posted in General | Tagged | Leave a comment

Tips for Using Emacs Lisp

Posted on 2012-08-05 by jcs

Nic Ferrier has a nice post entitled Tips on Emacs Lisp programming. The post has been mentioned by many of the Emacs aggregators but it’s a nice post and worth a shout out.

Ferrier takes the position that Elisp is a nice programming language and useful in many situations that are separate from driving the editing environment. That’s a position that I certainly agree with. Emacs provide a rich environment that can make many disparate tasks easy to accomplish.

Ferrier’s tips are not concerned with the minutiae of actually writing Elisp in the way that, say, Xah Lee’s Elisp tutorial is. Rather, he deals with might be called “meta-issues.” How to find example code; how to name your functions and variables in the absence of a module system; autoloads; tests; documentation; writing scripts; and EIEIO for objects.

As I said, this is a nice post and if you (even occasionally) write in Emacs Lisp it’s worth a few minutes of your time. I heartily recommend it.

Posted in Programming | Tagged , | Leave a comment

Prompting for User Input with Elisp

Posted on 2012-08-04 by jcs

Xah Lee has a nice tutorial on getting user input with Emacs Lisp. Most Elisp programmers are aware of the interactive control strings for this purpose and most of us probably use that for most occasions requiring user input:

(defun test-input-func (msg)
  (interactive "sEnter Message: ")
  (message "Your message was: %s" msg))

The interactive form supports the input of many type of data as documented in the built-in info documentation and also the Emacs Lisp Reference Manual.

The nice thing about Lees tutorial is that he mentions the rarer but sometimes useful functions that also accept user input. These are handy when you need to get data from within a function that is not (necessarily) an input parameter. These functions are:

 
Function Use
read-string Read input as a string
read-file-name Read input as a file name
read-regexp Read input as a regular expression

An additional benefit of these functions is that they support the history mechanism and that read-regexp doesn’t need the escaping that representing regular expressions as strings usually require.

Head on over to Lee’s tutorial for all the details. If you do anything other than very simple Elisp, this is stuff you need to know.

Posted in Programming | Tagged , | Leave a comment

A New PDF Version of SICP

Posted on 2012-08-03 by jcs

Long time readers know of my love affair with Abelson & Sussman’s Structure and Interpretation of Computer Programs. I regard it as certainly one of the best and arguably the best computer science books ever written. MIT Press, in a gesture of public service long before such things were common, made the book publicly available and, along with the video lectures that Abelson and Sussman gave at HP, it serves as an invaluable resource to anyone with the wit and energy to take advantage of it.

Now, thanks to the efforts of Lytha Ayth and Neil Van Dyke, a new PDF of the book has been derived from the original HTML sources that MIT Press made available. Take a look at this announcement from the SICP site to see what a difference real typesetting makes. For a concrete example of the difference, take a look at Exercise 1.2 from the original HTML source and the new PDF version. The HTML source is unreadable while the PDF is perfect.

It’s really great that this wonderful resource continues to be made available in better and better formats. We all owe those who brought it to us a huge load of thanks.

Posted in General | Tagged | Leave a comment

Building ELPA Packages

Posted on 2012-08-02 by jcs

I’ve written about ELPA from the user’s viewpoint a couple of times. If you’re an Elisp developer and want to get your project into ELPA or Marmalade, Nic Ferrier has a nice post that details the steps. This is a good resource with details that I haven’t seen anywhere else.

Well worth a look if you’re considering contributing some Elisp code and want to turn it into an ELPA package. I expect that this will become more and more important as people start using the ELPA facility. I know that I’m already trying to get all my add-ons through ELPA and I predict that more and more folks will be doing the same.

Posted in General | Tagged | 1 Comment

Twenty Years of Vim

Posted on 2012-08-01 by jcs

Ars Technica has a nice article on the twentieth anniversary of that other editor. Worth a read even if you aren’t a vi(m) enthusiast. One fact that I didn’t know—even after years and years of being a vi/vim user—is that the hjkl keys were chosen for cursor navigation because the ADM-3A terminal on which Bill Joy developed vi had arrows on those keys. The fact that they turned out to be an excellent choice for efficiency reason turns out to be an accident of history.

Even though I’ve moved on to the one-true-editor, I was a vi user for a long time and vim was certainly the best of the vi siblings.

Posted in General | Leave a comment

Scheduled Outage

Posted on 2012-07-31 by jcs

Irreal’s hosting provider has notified me that the site will be down for scheduled maintenance on August 4th, from 12:01am to 4:00am EDT (UTC-0400).

Posted in Administrivia | Leave a comment

Malware Prophylaxis

Posted on 2012-07-30 by jcs

After last week’s malware outbreak at Irreal I’ve been thinking about ways to prevent another episode. For those who haven’t been following along, someone managed to add a line of obfuscated PHP to the index.php file that gets things going when someone visits the Irreal blog. For the technically inclined, the details are in my Anatomy of an Exploit post.

The number one thing I’ve resolved to do is keep WordPress up to date. Although I can’t be sure, I suspect that the attacker gained access to index.php through a WP vulnerability so it makes sense to keep up with the latest patches. I’d been lax about that because irrational paranoia requires me to back up the database whenever I do an upgrade and that’s a bit of a pain with my setup. It’s not, however, nearly as big a pain as trying to get the site clean and convincing Google that they should stop flagging it as a malware purveyor.

One of the difficulties I had when scrubbing the site was looking for infected files. As it turns out, only index.php had been affected but I couldn’t be sure of that until I’d done a thorough survey of the site looking for the injector signature. To make that easy if I have occasion to do it again, I have a backup of the entire irreal.org site. Most of the files will be static so it should suffice to look for changed files. Most of those will be log files so checking only changed files should simplify things considerably.

There used to be a Linux utility that went through the file system and took an MD5 signature of each file so that you could check for corruption on a regular basis. Following that idea, I can periodically pull a snapshot of the site back to my local network, generate MD5 signatures on it and the my original backup, and diff the results to find files that need examination.

I thought of writing some Elisp to do this but that’s really overkill. All I really need to do is

Ctrl+u Meta+!find -P . -type f -exec md5 {} \;

to get a list of all the files and their MD5 signatures into an Emacs buffer. Then I can compare this against the saved list using Ediff right from Emacs.

I’d be interested in any other idea that readers have to help me keep things secure. Irreal runs on a hosting service so I don’t have much control over site security other than using strong passwords and keeping WordPress up to date. If you’ve got any other ideas, please leave a comment.

Posted in General | Tagged , | 5 Comments