Iain M. Banks, RIP

Posted on 2013-06-10 by jcs

We knew this was coming but damn!

Posted in General | 1 Comment

Obsessed

Posted on 2013-06-10 by jcs

I’ve been completely obsessed with the unfolding NSA scandal all day (Sunday). I spent most of the day reading various news articles and posts on it. I’m too angry to write about that so here’s a cheerful tweet on the astounding world we live in instead.

Posted in General | 4 Comments

Dropbox and the NSA

Posted on 2013-06-09 by jcs

I’ve written many, many, many, many times that if you are using Dropbox for private information that you don’t want others to have access to you better be encrypting it. And if you’re not, you have only yourself to blame when (not if) if it gets published on the Internet.

Now we learn that the US government is planning to add Dropbox to its Prism providers. As I write this there is some question as to what this means: are the providers willingly giving the NSA access to their users data or is the NSA intercepting the data outside of the providers’ servers. In the end, it doesn’t matter. You should assume that the US government has access to any data you store on Dropbox. If that data is securely encrypted, you are probably secure—at least if your encryption key isn’t passowrd—but if you’re depending on Dropbox to keep your secrets, you’re screwed. DON’T DO THAT!

If there’s anything we can learn from the Prism scandal it’s that you absolutely can’t store sensitive data in the cloud without encrypting it with STRONG crypto. I’m using Dropbox as an exemplar here but the same principals apply to any other cloud storage. Dropbox is probably one of the most reliable providers but even it is not immune to deep packet inspection of its traffic within the Internet nor warrants, no matter how specious.

Posted in General | Tagged | 1 Comment

Where Are My Torrents?

Posted on 2013-06-08 by jcs

Matt Might wonders why he can’t find a torrent for a BBC show.

Posted in General | Tagged , | Leave a comment

Magit Tutorial

Posted on 2013-06-07 by jcs

John Stevenson over at jr0cket has a nice Magit tutorial up. If you’re using Emacs and Git then you definitely need to check out Magit. I get mine from Melpa but the link above leads to the Git repository if you prefer.

Stevenson’s tutorial takes us through setting up an new project. After the initial files are created, Johnson starts things rolling with 【Meta+xmagit-init and then walks us through staging and committing files and, finally, creating an external repository. All this can be done from within Magit so there is little reason to fallback to the command line for most operations.

Happily, Johnson promises to write about some of more advanced features of Magit in later posts. I hope he follows through; based on the first in the series, it promises to be a useful introduction to Magit. There’s always the video and the manual, of course, but Johnson’s tutorial is a useful way to get up to speed easily.

Posted in General | Tagged , | 1 Comment

SBCL 1.1.8 Is Out

Posted on 2013-06-06 by jcs

I just updated my Common Lisp system, SBCL, to the latest version, 1.1.8. Between now and the last update, I had upgraded OS X to Mountain Lion. That, of course, meant that I had to reload GCC and the other command line utilities. I wrote about that the last time I had this problem. That’s fortunate because I didn’t remember how to do it.

After that, everything worked well. The compilation and tests ran without mishap. This is a big release. There’s a ton of bug fixes and enhancements that are all cataloged on the NEWS page. Paul Khuong has a nice post of one of those enhancements, SSE Intrinsics.

I say this every time I update but it bears repeating. If you’re looking for an excellent Common Lisp system, I can recommend SBCL without hesitation.

Posted in Programming | Tagged , | Leave a comment

VimGolf in Emacs

Posted on 2013-06-05 by jcs

It’s been a while since we Emacs enthusiasts have locked horns with the users of that other editor. Here’s a simple VimGolf challenge to warm us up. Starting with the buffer 

one two
three

end up with 

(one) (two)
(three)

The best Vim score was 12 keystrokes. I did it in 7 without trying very hard; I just did the first thing that came into my head. So the challenge for Irreal readers is to do better than 7. I have no doubt that one of you will do significantly better.

Posted in General | Tagged | 22 Comments

Tail Call Optimization in Elisp

Posted on 2013-06-04 by jcs

If you’ve got a Lisp background—especially a Scheme background—you may have internalized recursion as a looping mechanism and general programming strategy. That doesn’t work with Elisp, of course, because each recursive invocation allocates a stack frame. Not to worry, though, Wilfred Hughes has got you covered.

His tco.el provides a macro and some trampoline code that allow you to define a function that can be called tail recursively without worrying about exhausting memory with stack frame allocations. This isn’t something you’ll want to do that often in Elisp but there’s been a couple times when the natural solution to an Emacs project I was working on called for tail recursion and I missed having it. Even if you don’t worship at the church of recursion, you’ll have to admit that it’s a nice hack.

Posted in Programming | Tagged , | 2 Comments

Elisp for Common Lisp Programmers

Posted on 2013-06-03 by jcs

Jean-Philippe Paradis Tweets a thought about Common Lisp programmers learning Elisp that seems to me to be exactly right. I’ve expressed the same idea myself but not nearly as succinctly or neatly.

Posted in General | Tagged , | Leave a comment

Responsible Disclosure

Posted on 2013-06-02 by jcs

Most Irreal readers are familiar with the concept of responsible disclosure: the idea that if you discover an exploitable flaw in a site or piece of software, you should contact and inform the folks responsible for the site or software before publishing your findings. That gives the developer or admin a chance to fix the problem before tipping off the bad guys. This week, there were two interesting articles posted about responsible disclosure.

The first was by Troy Hunt. Hunt is a security expert whose work we’ve discussed many times on Irreal. He illustrates the challenges of responsible disclosure with two stories. In the first, he publishes a story about a fairly innocuous vulnerability concerning a mall’s car location service. The story was picked up by the local press and the mall management immediately suspended the service and contacted Hunt asking for advice on how to resolve the problem. Result: a potential problem is resolved quickly and efficiently even though Hunt didn’t give official notification.

Hunt’s second story involves a serious problem (user names and passwords publicly exposed) with a Black & Decker web site. Hunt does everything according to protocol. He attempts to notify B&D but is unable to get any response. He tries contacting B&D in the U.S. (Hunt is an Australian) and still can’t find anyone to talk to him. Finally, a Microsoft contact, who has a relationship with B&D, gives him a contact. The story just goes on and on. Four and a half days later the problem is finally fixed. The story illustrates how resistant some corporations can be to acknowledging and fixing vulnerabilities.

The second post is from the Google Blog. In it Google announces its new policy concerning responsible disclosure. The salient feature is that they will support researchers disclosing critical vulnerabilities seven days after notifying those responsible if no patch or advisory is issued. They hold themselves to the same standard so we know they’re serious.

Google’s policy may seem harsh but all they ask is that vendors acknowledge problems and issue an advisory expeditiously. In an age where many vendors prefer to ignore problems, this seems reasonable to me. What do you think?

Posted in General | Tagged | Leave a comment