Why don’t unix commands have any vowels in the name? cp and mv are obviously devoweled standins for copy and move. But they’re less intuitive for new users. The user wants to copy a file. Why shouldn’t the name of the command be exactly the operation the user wants to perform?

What exactly does the user want to do? Instead of copying files, maybe I want to link two files. What does that mean? In unix, we have hard links and symbolic links. If I replace the “original” file, do I want the link to refer to the original file or the replacement? Or maybe what I mean by link two files is to combine two object files into an executable. Do we call that loading instead? ln is the name of a command, but link is the name of a concept. And sometimes the concept evolves over time. The linker is called ld because it used to be the loader. (I think.)

grep is a remarkably useful tool, but with a most unintuitive name. Why not call it find like Windows does? I want to find some text, I run find. So obvious. But some users may want to find files in the filesystem, not strings in a file. What command do they run? Probably locate.

There may be a great deal of historical accident in the names of commands (what if the inventors of awk had different initials?), but that doesn’t mean we can’t recognize the value of unique and precise identifiers.

There’s a widespread belief that validating user input prevents security vulnerabilities. This is true as far as it goes, but doesn’t tell the whole story. Consider the following example, distilled from any number of real world examples.

    if (!valid_input(buffer)) {
        free(buffer);
        error = BADSTUFF;
        goto ungood;
    }
    error = process_input(buffer);
ungood:
    free(buffer);
    return error;

A not uncommon mistake. A vulnerability report may, quite accurately, say something like “Invalid inputs may result in remote code execution.” However, further input validation won’t fix this bug, nor will tweeting “This is why you always validate your inputs!” prevent future occurrences.

Lots of problems may share similar or even identical descriptions without sharing fixes. It’s a small point, really, but no less important. And of course, hardly limited to the field of security.

There hasn’t been a lot of noise coming out of the LibreSSL camp recently. Mostly there’s not much to report, so any talks or presentations will recover a lot of the same material. But it’s an election year, and in that spirit, we can look back at some promises previously made and hopefully make a few new ones.

more...

There’s already a few other posts about the perils of complex software. Features are faults is one. The more we ask a program (or any system) to do, the more likely something will go wrong. This post is about various time saving features that backfire, when some feature promises to save me time but ends up costing more. Or in short, when the smart feature is really stupid.

more...

In the future, the Internet becomes The Nether, a fully immersive virtual reality and the setting for a play by Jennifer Haley. The play alternates scenes between a real space interrogation room and flashbacks to events in the nether. A detective demands that the proprietor of a particular realm, one that specializes in adult-child relationships, reveal the location of the hosting server.

more...

Mistakes were made, but not by me.

more...

Because I am old, sometimes instead of watching new original content, I want to watch old preexisting content which is not available on Netflix or any other streaming service. Fortunately, there is a solution. Netflix also has a service which will mail me plastic circles that I can watch by putting them in my plastic circle player. I can manage the queue of such circles by using my browser. Ah, the wonders of technology.

more...

Hulk Hogan’s lawsuit against Gawker is underway. The basic facts, that Gawker published excerpts from a video showing Hogan having sex with a wife that was not his own, are not in dispute. Hogan alleges that publication of the video of his intimate affair is a violation of privacy. Alas for Hogan, he can’t make a copyright claim because the video was recorded by the home security camera of the cuckolded husband, Bubba the Love Sponge.

Gawker is making the expected First Amendment defense. Or, in their words, “Because the Internet has made it easier for all of us to be shameless voyeurs and deviants, we love to watch famous people have sex.” See? Public interest.

Meanwhile, hundreds of miles away in another courtroom, the jury returned a verdict in favor of Erin Andrews in her lawsuit against a hotel that allowed a peeper to record a naked video of her. Before posting the videos publicly, he had attempted to sell them to TMZ, who declined. Apparently the so called journalists at TMZ don’t care about the public interest.

(For the record, I’ve always loved Hulk Hogan, or at least the character that is Hulk Hogan. I’ve never been quite as impressed with Gawker’s character.)

I’m reading Most Secret War by R. V. Jones, an English physicist’s account of his intelligence work in the Air Staff during World War II. I’m only up to the beginning of 1941, but it’s been a terrific read so far, with many enlightening anecdotes. A few dealing with erroneous assumptions were particularly good.

more...