The History of UTF-8

Via the Programming subredit I was led this History of UTF-8 by Rob Pike. I already knew some of that history (such as Ken Thompson and Rob Pike designing UTF-8 on a paper placemat at a diner) but much of the story is new to me. Pike felt compelled to set the record straight because of a persistent story that UTF-8 was designed by IBM and then first implemented in Plan 9.

In fact, the IBM folks had called Pike to vet a design of theirs but Pike didn’t like it because their scheme couldn’t synchronize a byte stream with less than one character being consumed. So Pike and Thompson went to dinner where Thompson sketched out the encoding on the famous placemat. They returned from dinner and while Thompson banged out the packing and unpacking code, Pike started working on the graphics library. The code was done the next day and in another day they had it running in Plan 9.

This is a great story and if you have any interest in Unix (or Plan 9) history, it’s well worth a read. The story comes complete with the code that Thompson wrote that first night as well as some subsequent code, which is, apparently, pretty much what is running in Plan 9 today.

Posted in General | Leave a comment

Two Interviews

Recently Ken Thompson and Dennis Ritchie sat down for interviews: Thompson with Dr. Dobb’s and Ritchie with IEEE Spectrum. Ritchie talks mostly about he and Ken inventing Unix—the occasion for both interviews was Thompson and Ritchie winning the Japan Prize for their work on Unix—and the early efforts to make it portable.

Thompson talks about developing Unix, Dennis Ritchie, and the Go language. The best line in either interview, as far as I’m concerned, was Thompson saying that he, Rob Pike, and Robert Griesemer started the Go project because they all hated C++. That’s sure to ruffle some feathers but it’s a sentiment that many can identify with.

Both interview are short and leave you wishing for more but they’re interesting talks with two of the giants in Computer Science.

Posted in General | Leave a comment

Scrolling The Other Window

Trawling through the old Emacs COTWD twitter entries I came across something I didn’t know. In some situations, such as help screens, Emacs will open another window but keep the focus in the current window. When this happens, Emacs will tell you that you can scroll the other window down with C-M-v but it doesn’t tell you how to scroll the other window up. I long ago discovered that you can do that with C-M-- C-M-v but it’s annoying to have to type the two chorded keys. Today’s discovery was that the correct way of doing this is to type C-M-S-v. That’s a lot more convenient because it’s easier to scroll up several pages. Of course, this works no matter what’s in the other window so it can be helpful to quickly check documentation or code in the other window without leaving the window you’re working in.

Posted in General | Tagged | Leave a comment

The Hits Keep On Coming

It appears that kicking the hornet’s nest worked out better for Lisbeth Salander than it has for Sony. The “hacker group” LulzSec has again embarrassed Sony by compromising SonyPictures.com and exposing user data for over one million users. Fortunately for Sony, the group did not have enough computer resources to download the whole database although it did take about 51,000 user records. Unfortunately for Sony, LulzSec has demonstrated once again how clueless Sony is about even rudimentary security. You can read LulzSec’s announcement on Pastebin here.

Consider this:

  • The compromise was by an elementary SQL injection attack. How is this possible today? How is it possible especially for Sony who, one would think, would be on the alert after the PSN and subsequent disasters?
  • The stolen data included passwords, email addresses, birthdates, and whatever opt-in data, such as telephone numbers, the users included.
  • None of this data was encrypted.

All of this suggests that if Sony wants to sue and prosecute people for modding the PlayStation console, they better attend to their security first. Of course, it’s already too late for that. I wonder how many of those users who had their personal information exposed are already talking to lawyers. Sony is very likely to discover that those who live by the lawsuit, die by the lawsuit.

Posted in General | Leave a comment

Pharen

I don’t know what to think of Pharen. It’s a little compiler that compiles a Lisp-like language into PHP. PHP seems to be almost as universally reviled as it is universally used, so perhaps this is a useful thing as well as a nice hack. Still, a little voice in the back of my mind keeps repeating, “If you want PHP go use PHP.”

On the other hand, Aubrey Jaffer the author of SLIB and SCM, the Scheme implementation on which Guile was originally based does this sort of thing all the time. After making the same off-by-one mistake in C too many times Jaffer started coding in Scheme. As he put it, “Periodically, a manager will mandate that I perform my work using some particular language or technique (buzzword). I usually comply by writing (adapting) a translator from SCM to that language.” I’ve always admired his approach to this (he’s even written device drivers in Scheme and used his schlep compiler to translate the Scheme code to C.

So perhaps Pharen is a good thing. What do you think?

Posted in Programming | Leave a comment

Magic Trackpad

My main machine, at the moment, is a 27 inch iMac. It came with the Magic Mouse, which is an optical mouse that has a multi-touch surface on its top shell. It’s a great mouse and I really like it but I have a glass desk which means that I need to use a mouse pad for the optical tracking to work. That’s a problem because with that giant screen I was always running off the edge of the mouse pad and would have to pick up the mouse to reposition it.

So last weekend I bought a Magic Trackpad. Until I got my MacBook Pro I had always hated trackpads. For some reason the designers of every laptop I had ever used before the MacBook thought it was a great idea to have a tap on the trackpad represent a click. It’s one of those things that sounds good and natural but is terrible in practice. Terrible because it’s very easy to accidently trip the click simulation and yank focus away from whatever window you were working in. Say what you like about Apple but they think about stuff like this so their trackpad implementation was intelligently done. My MacBook is an older model so the trackpad had only limited gestures: a two-finger swipe was a scroll and, of course, the scrolls were inertial to make it easy to move large distances. The Magic Mouse added a gesture that would page forward and backwards in Safari and photos.

The Magic Trackpad has a full set of gestures and is much larger than a laptop trackpad as you can see in the picture.

http://irreal.org/blog/wp-content/uploads/2011/06/wpid-magicmouse.jpg

It’s really easy to move around with it and it doesn’t take up as much room as the mouse pad did. All in all, it’s a giant win for me.

Posted in General | Leave a comment

As I Was Saying

No sooner had I pushed my Bad Passwords post than I stumbled on this post by Marc Bevand over at Zorinaq. Bevand reports that VISA’s Verified by VISA authentication system forces users to select weak passwords (this may not be VISA’s fault, see below). Passwords so weak that if they were used on a Windows machine they could be bruteforced in less than two and a half hours. Valid passwords under VISA’s rules must be between 6 and 8 characters long (inclusive) and use only letters and numbers. Thus the key space is 628 + 627 + 626 = 221,918,520,426,688. That may seem a big number but it’s well within bruteforce territory.

It seems there is little hope of having the banks and other financial services enforce a secure password policy. After all, 123456 and password are both valid passwords for Verified by VISA.

All of this is a shame because VISA is, of course, a tempting target and it’s not unreasonable to assume that sooner or later someone will manage to get their password hashes. From there, it’s an easy step to bruteforce them and start looting accounts. It’s also a shame that responsible customers who would like to use secure passwords are prevented from doing so. It’s hard to see any reason for VISA’s password policy other than some PHB assuming the mantle of security expert and just decreeing them out of ignorance.

Just as I was getting ready to publish this, I read some additional comments to Bevand’s post and there are two more points worth mentioning from them.

  1. The password policies for Verified by VISA are set by each VISA card issuer so the culprit in this case is the individual bank. Another commenter reported that Barclay’s doesn’t even hash the passwords, which is truly shocking.
  2. Apparently, (at least some) banks will reset your password given your birth year and month and some card data. This commenter remarked that it hardly matters that the passwords are weak since an attacker could just reset them using data that is reasonably easy to obtain.
Posted in General | Tagged | Leave a comment

Bad Passwords

Alternative title: Good Grief. It’s absolutely incredible how clueless people still are about password security. You would think that anyone using the Web today would be aware of the numerous compromises that involve weak passwords. Apparently not. Over at Naked Security, Graham Cluley has a truly depressing post, entitled The top 50 passwords you should never use, that looks at the passwords compromised as a result of the security breach at Gawker Media last year. The most popular? 123456. Really? 123456? The next most popular is password.

Go take a look at the post and see all 50 of them. One could say, “Well, who cares about some throwaway password on Gizmodo or Gawker?” Probably no one except for the other depressing fact that Cluley reports: one third of Web users use the same password on every Website that requires one. You could take the position that this is Darwin in action but, unfortunately, when these people have their bank accounts hacked it raises the costs for all of us.

The foolish are always with us, of course, so maybe banks and other high profile targets should reject any passwords on that list. Unfortunately, as I wrote on my old blog, banks and other companies don’t appear to be much smarter about password security than those Gawker users.

Posted in General | Tagged | Leave a comment

Sorting With Emacs

Mickey over at Mastering Emacs has a great post on sorting in Emacs. Did you know you can sort by regular expressions? I didn’t. Get over there and read the post; it’s well worth your time. In fact, you might want to add Mastering Emacs to your feed. He doesn’t post often but all his posts are useful.

Posted in General | Tagged | Leave a comment

The Future of Books

Over at Blog Kindle, Matthew has a post that asks if the Kindle is destroying the publishing industry. Matthew’s main point is that books have always been evolving and are continuing to evolve today. The most significant aspect of the current evolution is the move from physical books to ebooks. As Matthew points out, once you take away the paper, the publishers’ model becomes less sustainable.

Publishers and many authors are fond of pointing out that publishers do a whole lot more than “print books” and that, anyway, the cost of producing and delivering the physical book is not a significant part of the price of a book. Authors, they say, simply aren’t equipped to deal with editing, marketing, and fulfillment and therefore they need the publishers and therefore publishing will go on just as it always has.

But then Cory Doctorow ran his With A Little Help experiment to test those assumptions. Among other things, he found that a mere author can run the whole production cycle and that the oft cited fact of the relative insignificance of the cost of the physical book may not be true. A growing number of authors have reached the same conclusions and are choosing to self-publish directly to Amazon or to a print-on-demand service like Lulu.

None of this means that publishers aren’t useful or that they’re doomed but it does suggest that they should take a lesson from the music industry and try to avoid the same mistakes. In particular, they are going to have to rethink their business models. Just because charging a premium price for a new hardcover book and then reducing the price for the paperback edition a year later worked in the past doesn’t mean that it will continue to work with ebooks. And maybe a little sanity is in order for their pricing models. When I go on Amazon and see that the Kindle version of a book costs more than a physical copy of the same book, I’m insulted. I’m insulted that publishers think I’m so stupid that I’d actually pay a premium for something that costs them less to produce and ship. And I’m not alone. I know the arguments for why this happens but I’m not impressed. All I see is that I’m paying more for something that costs less to produce just so that publishers can protect their business models.

As it happens, I think publishers are useful and I wish them well. But they’re going to have to wake up to the reality that things are changing or they’re going to be disintermediated right out of existence. And it won’t be the Kindle’s fault; it will be theirs. As Matthew says, “We’re moving on.”

Posted in General | 1 Comment