A Bit More On Lavabit

Posted on 2013-08-11 by jcs

Forbes has a bit more information on the closing of Lavabit. They provide additional clues that Ladar Levison of Lavabit was indeed asked to monitor users’ logins in order to capture their keys.

Among other things, we learn that Levison has complied with “two dozen” individual warrants in the 10 years that he has run Lavabit. He says explicitly that the reason he shut down Lavabit was not because of a request for a single user’s data but to protect all his users. That’s a bit ambiguous, I suppose, but a fair interpretation is that the government wanted him to do something that could potentially affect more than a single targeted user.

I’ll leave you with this quote from Levison explaining why he is stepping away from email:

If you knew what I know about email, you might not use it either.

Posted in General | Tagged | Leave a comment

A Lisp Bookshelf

Posted on 2013-08-10 by jcs

Mozart Reina has a post up about his Lisp bookshelf. It’s a nice collection of books that anyone wanting to master Lisp should read. My favorite, SICP, is there as is Lisp in Small Pieces a book I very much want to read but not at $106.

If you’re looking for some books on Lisp, this is a good, representative list. Many are available for free on the Web so even if you’re a starving student or otherwise short of funds, you can get an excellent start on the road to Lisp. It’s a journey well worth taking.

Posted in General | Tagged , | 1 Comment

The Price of Integrity

Posted on 2013-08-09 by jcs

Those of you who who follow Irreal daily know that I recently migrated the email that was going to my Gmail account to Lavabit. All of that mail was from technical mailing lists so it didn’t really matter much except as a statement of principle. Now Ladar Levison, the owner and operator of Lavabit, shows us what principle is really about.

Levison announced Thursday that for reasons he is legally barred from disclosing he is shutting down Lavabit. He says that it was a hard decision to walk away from 10 years work but that he could not be complicit in crimes against the American people. In as much as Lavabit has previously complied with specific warrants issued with reasonable probable cause, it seems a safe inference that he was being asked to provide a more wide-ranging access to users’ accounts.

Because of the way Lavabit works, this would mean either monitoring users’ logins to capture their passwords or making copies of emails before they were encrypted. Either of these would break faith with Lavabit’s users so Levison apparently felt he had no choice but to close his business. A business, let me say again, that he spent 10 years building.

Friday brought the news that Silent Circle was closing its email service as well. Silent Circle says that they weren’t approached by the government but that in light of Lavabit’s experience they felt it was likely and rather than put their users at risk they preemptively closed the service and destroyed the server it ran on.

Years of hard work and doubtlessly many jobs were lost with the two closings. All this so that no Americans could keep their emails private. Google, Microsoft, Apple, and the others who have willingly collaborated with this illegal government spying may not care but they should. The Technology and Innovation Foundation reported this week that US cloud computing companies could lose between $21 billion and $35 billion because of their ties to the NSA. As Edward Snowden remarked about the Lavabit closing,

The President, Congress, and the Courts have forgotten that the costs
of bad policy are always borne by ordinary citizens, and it is our job
to remind them that there are limits to what we will pay.

Perhaps it’s time for one of the big boys to take a lesson on integrity from Lavabit. Imagine what would happen, for example, if Google threatened to shut down Gmail.

Update: Those who you → Those of you who

Posted in General | Tagged | Leave a comment

No Exceptions

Posted on 2013-08-08 by jcs

Personally, I think the only thing to do is to go back to the original
sense of the Fourth Amendment and say, no warrantless wiretapping, no
general warrants, no surveillance without specific probable cause, no
exceptions, ever. There shouldn’t even be something like FISA to allow
exceptions for special cases.

Commenter Petréa Mitchell in response to the excellent post by Bruce Schneier on how to restore trust in government after the NSA revelations.

Posted in General | Tagged | Leave a comment

Open Access: A Tipping Point

Posted on 2013-08-07 by jcs

For some time now there’s been a movement within academia for open access to their research results. Many professors, especially those in Mathematics, have pledged not to publish in closed journals. The paid journals, of course, hate this and have been fighting the trend in any way possible including lobbying the government to make open access journals illegal. Some would say that the fight reached its inevitable conclusion with the Aaron Swartz affair (although JSTOR, to its credit, refused to participate in the prosecution). If you don’t know about the open access movement, let the incomparable Jorge Cham explain it to you.

Now, in what could well be a tipping point in the fight, The University of California has instituted an open access policy. The new policy requires that all research from all 10 campuses of the UC system be available to the public without charge via the campus Website eScholarship. You can read the UC announcement here. I’m confident that we’ll soon see other universities following suit.

That’s a good thing. Whatever you think about paid journals and their place in research, it’s hard to argue with the notion that when the public pays for research (as they do for most research) they should be able to see the results without paying exorbitant fees to a publisher.

Posted in General | Leave a comment

Elisp Namespaces

Posted on 2013-08-06 by jcs

Nic Ferrier has posted an interesting proposal to bring namespaces to Emacs Lisp. His ideas seem both reasonable and doable. One of Elisp’s big problems is the lack of a namespace system. We end up with a bunch of nasty looking identifiers such as jcs/fill-buffer-with-zeros or jcs-make-new-entry to avoid identifier conflicts.

Ferrier’s proposal, which you should read, mostly avoids all that without doing much violence to existing code and packages. It’s worth discussing and I hope that the entire Emacs community will read it and contribute ideas and criticism. Having a decent namespace system would make all our lives easier and, at the same time, give Elisp detractors one less thing to complain about.

Posted in Programming | Tagged , | Leave a comment

An Emacs Timeline

Posted on 2013-08-05 by jcs

Jamie Zawinski has an interesting old post on Emacs history. It’s a timeline of Emacs versions from Stallman’s, Moon’s, and Steele’s original merger of TECMAC and TMACS in 1976 to Gnu Emacs 22.1 and XEmacs 21.4.21 in 2007.

His original timeline was written in 1999 and then updated in 2007. I wish he would update it again, although the history since Emacs 22 probably isn’t that interesting. In any event, if you enjoy exploring the history of our field and Emacs in particular, you should give this post a look.

Posted in General | Tagged | 5 Comments

Fred Brooks on Computer Science

Posted on 2013-08-04 by jcs

Someone posted an old address by Fred Brooks, author of the celebrated The Mythical Man-Month, given on the occasion of his acceptance of the ACM Allen Newell Award in 1994. It’s an interesting talk and one that I hadn’t read before.

Brooks posits the idea that Computer Science isn’t a science. Instead it should be viewed as an engineering discipline and in particular that what we are really doing is toolsmithing. Some may chafe at that definition but Brooks makes a good case for it. He says that our value is in the tools that we build for others to solve their problems with.

He illustrates this by describing the work of his laboratory at the University of North Carolina at Chapel Hill. The laboratory takes an interdisciplinary approach and collaborates closely with colleagues in Physics and Biology. He describes some of the tools that they built during those collaborations and how both sides of the collaboration were better off in the end.

It’s a nice talk and well worth a read. You may find yourself persuaded that his definition of “Computer Science” is the correct one.

Update: Nick Higham points out that I neglected to add a link to Brooks’ talk. Silly me. Here it is.

Posted in General | 2 Comments

Troy Hunt on SQL Injection

Posted on 2013-08-03 by jcs

The invaluable Troy Hunt has an excellent post on SQL injection attacks. We all know the basic ideas behind SQL injection but Hunt shows how attackers actually mount the attacks and why they work. It’s extraordinary that these attacks still work but as Hunt points out they are still the number one exploit in the OWASP Top Ten.

This post is about the SQL injection itself rather than its mitigation. There’s a link to mitigation strategies in the post1 for those who are looking to protect themselves from these attacks.

If you’re writing server side code that interfaces to a database, you should take a look at this post. At the very least, you’ll get an idea of what you’re up against.

Footnotes:

1

The mitigation post is primary aimed at .NET developers but contains good advice for everyone.

Posted in General | Tagged | Leave a comment

Updating to Org Mode 8

Posted on 2013-08-02 by jcs

I just upgraded Org mode to version 8.0.6. I’ve been holding off waiting for org2blog to fix some incompatibilities. Mostly, the transition went smoothly. By following the commentary in the release notes and the new installation instructions I had everything working reasonably quickly. I thought.

Everything was fine until I tried to rebuilt my agenda. The first time I tried it I got a message saying that org-agenda-archives-mode had a void value. I turned to the manual to see what I needed to do but I could find no mention of this variable in the index or any of the appropriate areas in the body of the manual. Nor could I find anything in the release notes. What to do?

Well, of course, Emacs is famously self documenting so I just looked up the variable with 【Ctrl+h v】 and saw that I could set it to nil and get the behavior I wanted. I tried to build the agenda again and got another error message. This time I just went directly to the built-in manual to figure out the right value. This happened a total of 3 times but after the first I was able to resolve the problems quickly. The TL;DR is that I just added 

(setq org-agenda-archives-mode nil)
(setq org-agenda-skip-comment-trees nil)
(setq org-agenda-skip-function nil)

to my init.el and everything was fine.

It’s sometimes easy to forget the power of the built-in documentation. Instead of wasting time looking at the Org manual, all I had to do was look up the problem variables.

Posted in General | Tagged | 8 Comments