Why don’t unix commands have any vowels in the name? cp and mv are obviously devoweled standins for copy and move. But they’re less intuitive for new users. The user wants to copy a file. Why shouldn’t the name of the command be exactly the operation the user wants to perform?

What exactly does the user want to do? Instead of copying files, maybe I want to link two files. What does that mean? In unix, we have hard links and symbolic links. If I replace the “original” file, do I want the link to refer to the original file or the replacement? Or maybe what I mean by link two files is to combine two object files into an executable. Do we call that loading instead? ln is the name of a command, but link is the name of a concept. And sometimes the concept evolves over time. The linker is called ld because it used to be the loader. (I think.)

grep is a remarkably useful tool, but with a most unintuitive name. Why not call it find like Windows does? I want to find some text, I run find. So obvious. But some users may want to find files in the filesystem, not strings in a file. What command do they run? Probably locate.

There may be a great deal of historical accident in the names of commands (what if the inventors of awk had different initials?), but that doesn’t mean we can’t recognize the value of unique and precise identifiers.

In addition to earbuds, I have a tendency to lose padlocks. As a result, I tend to go through more of them than I should. Note to locker designers: place the loop on the inside frame instead of on the outside of the door so that after I open the door, I have somewhere to hang the lock where I won’t forget it.

Cheap combo locks have never been that secure, but since things have gone from bad to worse, I figured I’d try a new lock. Enter the Master Lock Speed Dial.

Instead of numbers, the combination is a sequence of cardinal directions. The packaging promises I can pick any combination of any length, though I doubt they have really invented an infinite data storage device. The default sequence length is only four inputs, which is far too short for my comfort and they should recommend at least eight. 4^8 combinations just tops the 40^3 of a very precisely machined 40 digit combo lock (to say nothing of less precise models). Despite the length, with very little practice it’s easy to enter the combo quickly and accurately. Trying to spin a dial too fast I would frequently over rotate and have to start again. The speed dial can be consistently unlocked one handed in about five seconds.

Programming the lock is a little weird and error prone. The sequence of unlocking, resetting, and locking must be performed in exactly the correct order or you get a lock with the wrong combo. Or no combo! Fortunately, this video explains two common mistakes, which I definitely experienced first hand.

For a look at the insides of the lock, this video reveals a little more about how it works. Also a toool.nl PDF.

Initially, the lock was very stiff to open. I couldn’t tell if I’d done the combination right or not (pretty important right after purchasing), but after some use it pulls open much more readily. On the downside, the casing is rather large and won’t fit everywhere that a smaller lock is expected to.

There’s a widespread belief that validating user input prevents security vulnerabilities. This is true as far as it goes, but doesn’t tell the whole story. Consider the following example, distilled from any number of real world examples.

    if (!valid_input(buffer)) {
        free(buffer);
        error = BADSTUFF;
        goto ungood;
    }
    error = process_input(buffer);
ungood:
    free(buffer);
    return error;

A not uncommon mistake. A vulnerability report may, quite accurately, say something like “Invalid inputs may result in remote code execution.” However, further input validation won’t fix this bug, nor will tweeting “This is why you always validate your inputs!” prevent future occurrences.

Lots of problems may share similar or even identical descriptions without sharing fixes. It’s a small point, really, but no less important. And of course, hardly limited to the field of security.

There hasn’t been a lot of noise coming out of the LibreSSL camp recently. Mostly there’s not much to report, so any talks or presentations will recover a lot of the same material. But it’s an election year, and in that spirit, we can look back at some promises previously made and hopefully make a few new ones.

more...

There’s already a few other posts about the perils of complex software. Features are faults is one. The more we ask a program (or any system) to do, the more likely something will go wrong. This post is about various time saving features that backfire, when some feature promises to save me time but ends up costing more. Or in short, when the smart feature is really stupid.

more...

In the future, the Internet becomes The Nether, a fully immersive virtual reality and the setting for a play by Jennifer Haley. The play alternates scenes between a real space interrogation room and flashbacks to events in the nether. A detective demands that the proprietor of a particular realm, one that specializes in adult-child relationships, reveal the location of the hosting server.

more...

Mistakes were made, but not by me.

more...

Because I am old, sometimes instead of watching new original content, I want to watch old preexisting content which is not available on Netflix or any other streaming service. Fortunately, there is a solution. Netflix also has a service which will mail me plastic circles that I can watch by putting them in my plastic circle player. I can manage the queue of such circles by using my browser. Ah, the wonders of technology.

more...

Hulk Hogan’s lawsuit against Gawker is underway. The basic facts, that Gawker published excerpts from a video showing Hogan having sex with a wife that was not his own, are not in dispute. Hogan alleges that publication of the video of his intimate affair is a violation of privacy. Alas for Hogan, he can’t make a copyright claim because the video was recorded by the home security camera of the cuckolded husband, Bubba the Love Sponge.

Gawker is making the expected First Amendment defense. Or, in their words, “Because the Internet has made it easier for all of us to be shameless voyeurs and deviants, we love to watch famous people have sex.” See? Public interest.

Meanwhile, hundreds of miles away in another courtroom, the jury returned a verdict in favor of Erin Andrews in her lawsuit against a hotel that allowed a peeper to record a naked video of her. Before posting the videos publicly, he had attempted to sell them to TMZ, who declined. Apparently the so called journalists at TMZ don’t care about the public interest.

(For the record, I’ve always loved Hulk Hogan, or at least the character that is Hulk Hogan. I’ve never been quite as impressed with Gawker’s character.)