I don’t know a whole lot about typography and fonts, but there’s two things I know about font files. They’re ridiculously complex and their parsers have only just begun to experience life with hostile inputs. In short, I’d put fonts second on my list of files likely to pwn your browser, after Flash (assorted video formats are probably closing in fast, though). Relevant.

To address this concern, I disabled downloadable fonts. But thanks to the hard work of the geniuses in charge of making the web better, now I frequently get shit like this:

Hey, look, my lucky numbers are 26 and 78.

Separation of presentation and content, my ass.

Here’s another great one. WTF does any of this mean? Click here to 0xF029 a new tweet!

Even better, at some point I installed the Ubuntu fonts, which contain a magic ubuntu™ logo glyph. Naturally, Twitter uses this same codepoint for some other icon. Here’s a tweet that only received two 0xF147s, but it’s ubuntu™ approved!

Octicons for everyone! This is going to be spectacular.

Video controls on the NY Times website. Click here to 0xE805 the video!

Easter eggs from the Atlantic! Hovering reveals that each is a link to “#”. How helpful.

Not to be outdone, Medium decided to add a slight rise to their icons, building anticipation for the next story.

Here’s a gem from the Microsoft Store.

One of the things OpenBSD has never done is sign releases, for whatever reasons. But 2014 is a new year, time to make a change. The first thing you need to start signing OS releases (besides the release itself) is a signing tool. Other projects use a variety of tools for this, but unfortunately none of them were invented here. signify is a small tool I wrote to fill that gap. Here’s a few notes about it, working from the top down.

more...

Finished reading the rest of the Dec 16 New Yorker, beyond the State of Deception article.

more...

There’s a new private key format for OpenSSH, thanks to markus and djm. It’s enabled automatically for keys using ed25519 signatures, or also for other algorithms by specifying -o to ssh-keygen. The new format allows for new functionality, the most notable of which may be the addition of support for better key derivation functions (KDF). (Also known as a PBKDF, as in password based.)

more...

Nerds is a live musical comedy. I’d say it was somewhere between awesome and really awesome.

Act One roughly follows a similar track as the movie Pirates of Silicon Valley although with less attention paid to historical accuracy. It’s a comedy, not a biography, but it gets a lot right. Various video screens showing era correct screenshots and logos were a nice touch. Act Two covers events up to today, but without even the pretension of accuracy. (The original script was apparently from 2007; it’s been updated to include the iPhone and death of Steve Jobs.)

Favorite part was probably the unveiling of Windows. Previously, Gates and Allen had tried to introduce DOS with a rap song but with bungled rhymes; e.g., “MS-DOS is lots of fun; we made it for every...body“). Then Jobs and Wozniak introduce the Mac (complete with the 1984 commercial showing on screen, but on stage is Wozniak in a crop top throwing the hammer). Finally, Gates steals all of Jobs’s cool ideas, leading to Windows 95. Gates and Allen run out on stage and launch into a Beastie Boys style number with tons of style.

Least favorite parts were probably the love interests for Gates and Jobs. It felt rather forced, especially the sex crazed band geek style stereotype chasing Gates around. Does every musical need the main character to have a love interest, just because it’s a musical? Allen and Wozniak both stuck around far longer than in real life, but that’s forgivable in the interest of plot streamlining. The love stories, on the other hand, were an unnecessary and awkward complication.

Not really a failing of the email format, but of its contents. Last weekend I ordered a new iPhone for my dad. It was supposed to arrive today. Yesterday, Apple sends me an email that it’s going to ship soon and will arrive next week. That’s no good. I call Apple and talk to a real person on the phone, who confirms the phone is in Apple’s warehouse, they’re going to ship it real soon now, and I should expect it next week. That’s too late, so I cancel the order, but it’s too late for that too, so instead it’s converted to a return request. Today the phone arrived after all. What a waste of time and frustration.

I looked up the tracking number after it arrived. It was shipped UPS ground from a nearby warehouse last night. It’s close by (and presorted, etc.), so even ground shipments arrive in one day. Apparently Apple’s actual shipping logistics program knows this, which is why I was originally promised a delivery date of today. (Or conversely, it explains why the software knew it could meet the promised deadline even with a last minute ground shipment.) But Apple’s email the customer software doesn’t know this.

Instead, I imagine the notifier was triggered when my phone was being taken off the shelf and prepared for shipment. It then looks up my order in the database, sees ground shipping, and then just slaps the usual 3-5 day bracket around the delivery estimate. The problem is the 3-5 day window from the front page of ups.com doesn’t apply to this route. (ups.com even has a shipping calculator which will tell you that this ground shipment only takes one day. I don’t know where Apple’s email notifier gets its misinformation.)

Root cause analysis: don’t use two databases when only one has the correct information.

From The New Yorker, State of Deception covers the development of the NSA domestic spy program, with more of a focus on the history and politics than the technical details.

The article itself starts with James Clapper’s assertion that the NSA doesn’t spy on Americans. One can fault him for lying, but we should consider this came only after Dianne Feinstein instructed her peers not to ask any questions she didn’t want to know the answer to. It’s Clapper’s job to tell the truth when asked, but Feinstein is responsible for extracting and discerning the truth from a potentially uncooperative witness. That is why the Senate Select Committee on Intelligence was created, no? To look into, over, and after the intelligence agencies despite their own reluctance? Checks and balances don’t work when the check abrogates their duty.

A true gem of a quote from Feinstein: “It’s not a surveillance program—it is a data-collection program.” And people wonder how Clapper got away with such shifty answers. (People also probably wonder how Feinstein keeps getting elected. That’s easy. She opposes gun ownership by anyone except herself. No, she’s not my favorite Senator, why do you ask?)

The hero of the article is Senator Ron Wyden from Oregon. A more amusing quote comes from a book by his father about the disastrous Bay of Pigs mission. “Waterloo staged by the Marx Brothers.”

A little while ago I asked is your stack protector working? It was supposed to be a rhetorical question. It wasn’t. In a major failing to consider all the possibilities, I overlooked the fact that I was testing i386 and not amd64. It didn’t take long for Peter Philipp to test amd64. Back to the drawing board.

more...

Looks a lot like Puffy, no?

Inspired by a similar New Old Thing post, Logging the foreground process as it changes, I thought I’d try my hand at a similar tool for X11. (No doubt such a thing already exists, didn’t look.) I’m not interested in the process that’s running on the CPU, which is closer to top’s job, but the name of the window I’m looking at.

The basic structure is pretty similar to the Windows sample program. We ask the X11 server for focus change events and print them out. We also have to ask for window creation events so we can track new windows as they show up. Here’s the source: windowlistener.c

A few other things to note. I spend most of my time in an xterm, so just knowing I switched between three different xterms doesn’t tell me much. Fortunately, it’s pretty easy to give each xterm a title that changes to reflect the current directory or file being edited. OpenBSD’s sample .kshrc file (/etc/ksh.kshrc) sets up aliases for common commands like cd and ssh that reset the xterm title. vim can do the same by adding set title to .vimrc, and then you’ll want to create an alias that resets the title after exiting vim.

Exercises: Add timestamps. Add a timeout and poll the current window title, so that title changes without focus changes (editing a new file) are detected.