The Coding Standard From Hell

Posted on 2013-05-19 by jcs

You say you hate your organization’s coding standards? You say they make the code harder to understand and maintain? You say they could only have been devised by a particularly moronic version of the pointy haired boss? Stop your whining and let John Graham-Cumming show you what a real coding standard from hell looks like.

Really, it’s hard to see what they could have been thinking. I understand the need of some people to have a detailed plan before starting to cut code but jeez! It makes you wonder (in a staring at a train wreck sort of way) what the rest of the standard looked like. But, of course, it was the government.

Posted in Programming | Leave a comment

Password Myths

Posted on 2013-05-18 by jcs

As you all know too well, I am very interested in password technology. Certainly, passwords aren’t, by themselves, the answer to security but they can help if people pick them sensibly and Web sites handle them is a secure manner.

Brent Jensen, over at Stormpath has an informative article on the 5 Myths of Password Security. It’s written with the password user—rather than the Website—in mind. It offers some reasonable suggestions for picking passwords and disabuses users of beliefs in some silly notions like big Websites can be trusted to store your password safely.

Most Irreal readers are probably familiar with this material but it’s worth taking a look just to see if there’s some little nugget you didn’t know. Be careful of the comments, though. There’s some misinformation there.

Posted in General | Tagged | Leave a comment

Key-Chord Mode

Posted on 2013-05-17 by jcs

One of my favorite Emacs Rocks! videos is #7, Mind Exploded, in which Sveen talks about key-chord mode. Right after I saw the video, I loaded key-chord-mode, wrote about it, and have been using it ever since. I’m mentioning it again because Eric Ritz recently posted about it.

Ritz’s post is an exhortation for Emacs users to give key-chord-mode a try. He mentions how he uses it and suggests some strategies for picking chords. You may or may not find his use cases and suggested chords compelling but you’re almost sure to find the mode itself very useful. You can see my own use cases and chords in my previous post about it and, of course, you should watch the Emacs Rocks! video for some more.

Although some Emacs users apparently are put off by the idea of key chords, I find the idea a huge win. I originally mapped jump-char-forward to 【Hyper+f】 and still maintain that mapping but after Sveen’s video I also mapped it to 【f g】, the chord he suggested. I can’t remember the last time I used 【Hyper+f】 because the chord is so much easier, faster, and natural.

Posted in General | Tagged | Leave a comment

StrongBox

Posted on 2013-05-16 by jcs

Two years ago I wrote about WSJ SafeHouse, an effort on the part of the Wall Street Journal to start their own version of Wikileaks. The idea was that prospective whistle blowers would have a safe way to send documents to the WSJ, which would, in turn, vet and edit them with an eye to publishing the results in the Journal. Sadly, the effort was stillborn. First, the Journal would not guarantee the whistle blowers anonymity and required that they certify they had the legal authority to upload the documents they were revealing. Second, the site itself was not secure. You can read the details at the link above.

Now The New Yorker is setting up a similar facility under the name Strongbox. Unlike the Journal, they appear to have gotten things right1. Whistle blowers connect to a private segregated server through the Tor network. The New Yorker does not log their IP addresses (which would be useless anyway with Tor) or set cookies on their machines. Each user is given a random ID to serve as a name so that no one at The New Yorker knows their actual identity. If the New Yorker needs to communicate with the user, they leave a message on the server under the user’s ID; the user is responsible for checking for responses. The New Yorker has no other way of communicating with the user. The actual protocol The New Yorker uses takes additional steps to insure the user’s anonymity.

The software that Strongbox uses is called DeadDrop and has an interesting backstory described by Kevin Poulsen. Its chief designer and coder was Aaron Swartz, long a champion of open government as well as open data. DeadDrop is open source software made available under the GPL. If Strongbox and other future DeadDrop sites prosper and help turn over the rocks hiding corruption, it will be another fitting legacy for a man who gave everything for his belief in our right to know.

Footnotes:

1 The anonymity protocol that Strongbox uses appears quite strong to me. I haven’t yet looked at the code that runs on the Strongbox server so I can’t comment on that but given its provenance, as described in the body of the post, it’s reasonable to assume it’s well done.

Posted in General | Tagged | Leave a comment

Emacs Hash Tables

Posted on 2013-05-15 by jcs

One of the most useful data structures in Computer Science is the hash table. I’ve been using them for my entire career and have implemented close to a hundred instances in several languages. That’s not as necessary these days as most modern languages—and some not so modern languages such as Lisp—have them as a built-in data type.

Happily, Elisp is one of those languages. If you’re not already familiar with the Emacs implementation of hash tables, you can get the details in the manual (of course) but Xah Lee has an excellent overview that will get you up and running quickly. There’s not much to learn and hash tables are incredibly useful when you need a fast look up data structure so give Lee’s post a look and see if they can be useful to you.

Posted in Programming | Tagged , | Leave a comment

Lexical Status on the Mode Line

Posted on 2013-05-14 by jcs

Those of you who watched Nic Ferrier’s video on the difference between lexical and dynamic scope that I wrote about the other day may have noticed that his buffers indicated whether the buffer had lexical (LEX) or dynamic (DYN) scope. I thought that seemed pretty useful and made a mental note to look into what one needed to do to get it. Happily, Grant Rettke saved me the trouble by posting a link to the ELPA package, lexbind-mode that takes care of the display and also provides a way to toggle the binding mode and open a scratch buffer that is lexically scoped.

If you watch Ferrier’s video again, you can see these additional features being used. It looks like a nice package and installation is a snap since it’s an ELPA package. I’m currently trying it out myself so join the fun if you like.

Posted in General | Tagged | Leave a comment

Emacs Redux Redux

Posted on 2013-05-13 by jcs

I’ve written about Emacs Redux a couple of times before. Bozhidar Batsov continues to post a panoply of really useful Emacs tips. Consider this a reminder to subscribe if you haven’t already.

If you’re looking for a turnkey Emacs configuration, take a look at Batsov’s prelude. It has already implemented many of the suggestion discussed in Emacs Redux.

Posted in General | Tagged | Leave a comment

Surprise!

Posted on 2013-05-12 by jcs

Here’s a surprise. Netflix is offering further proof—if you needed it—that piracy is mostly a phenomenon of the content industry’s own making. Netflix reports that when they enter a new territory, BitTorrent traffic is drastically reduced. This suggests, as we’ve said here many times, that most people are basically honest and will pay for their content when given the opportunity. It’s only when Hollywood refuses to make movies available for streaming or download, that people search it out on pirate sites.

It’s nice to see more verification of this but I’m skeptical that it will make much difference. Hollywood will continue to whine that they can’t make content available because people will pirate it and the cycle will go on and on. Perhaps this study will at least help prevent more moronic legislation although that, too, seems unlikely given that moronic legislation is Washington’s primary product.

One puzzling thing about the article, which has its origin in a story from Stuff, is how Netflix got this data. Netflix says,

“One of the things is we get ISPs to publicise their connection speeds
– and when we launch in a territory the BitTorrent traffic drops as
the Netflix traffic grows.”

That, of course, doesn’t make any sense—unless they’re postulating some relationship between connection speed and a drop off of BitTorrent traffic—so I’m guessing the actual statement got filtered by the entertainment press, which probably doesn’t have much of a grasp on network engineering.

Posted in General | Tagged | Leave a comment

An Interview With Ray Kurzweil

Posted on 2013-05-11 by jcs

I’ve been a big fan of Ray Kurzweil ever since I read The Singularity is Near. Kurzweil is controversial and some scientists dispute his conclusions but he is by no means some crackpot spouting nonsense. He has a proven track record as a scientist and inventor with significant work in OCR, speech synthesis, and musical keyboards. In 1999 President Clinton awarded him the National Medal of Technology and Innovation, America’s highest technology award.

Recently, Kurzweil went to work for Google, the first time he has worked at a company that he didn’t found. Forbes has a nice interview with him in which he talks about his work at Google, why he accepted the job, and what he hopes to accomplish. Whatever your views on the singularity, I think you’ll enjoy this interview.

Posted in General | Leave a comment

What’s in a Logo?

Posted on 2013-05-10 by jcs

Troy Hunt is the world’s greatest lover and he’s got the t-shirt to prove it. That’s his way of making a serious point about those badges you see on many sites certifying that the site is safe and not infected with malware. Hunt, as is his wont, decided to test that. It won’t come as a surprise to Irreal readers that the truth falls short of the claims.

Many sites boasting one or more of those logos have serious security issues. I won’t step on Hunt’s post by rehashing the details but you should definitely go on over and take a look. It’s not pretty. The takeaway is that these badges are basically useless for informing the user of anything more than that the site owners had enough money to buy one.

Posted in General | Tagged | Leave a comment