Documentation is good, so therefore more documentation must be better, right? A few examples where things may have gotten out of control.

more...

Why don’t unix commands have any vowels in the name? cp and mv are obviously devoweled standins for copy and move. But they’re less intuitive for new users. The user wants to copy a file. Why shouldn’t the name of the command be exactly the operation the user wants to perform?

What exactly does the user want to do? Instead of copying files, maybe I want to link two files. What does that mean? In unix, we have hard links and symbolic links. If I replace the “original” file, do I want the link to refer to the original file or the replacement? Or maybe what I mean by link two files is to combine two object files into an executable. Do we call that loading instead? ln is the name of a command, but link is the name of a concept. And sometimes the concept evolves over time. The linker is called ld because it used to be the loader. (I think.)

grep is a remarkably useful tool, but with a most unintuitive name. Why not call it find like Windows does? I want to find some text, I run find. So obvious. But some users may want to find files in the filesystem, not strings in a file. What command do they run? Probably locate.

There may be a great deal of historical accident in the names of commands (what if the inventors of awk had different initials?), but that doesn’t mean we can’t recognize the value of unique and precise identifiers.

Some quotes pulled from recent New Yorker article on the history of presidential nominations. Who said it and when?

“The Republican National Convention at Cleveland next week promises to be a very dull show.”

“Have no influence in the election on the score of the Negroes.”

“Free the delegates.”

“Americans must rule America.”

“This is strictly a white man’s party.”

“I wish I could slay a Mexican.”

“We stand for the segregation of the races and the racial integrity of each race.”

“In this bright new century, let me ask you to win to your side the women of the United States.”

“Women will decide the outcome of this election.”

“Are the American people fit to govern themselves?”

“The will of the people is crap.”

Source.

The book was better. Watched the SyFy series The Magicians. A short review of the book series.

more...

Here’s a proposal for a new voting system that solves the problems of day after regret and “I didn’t think it mattered” common to current voting systems. Over the course of seven days, seven independent elections are held, each with the same ballots. The results of each election are calculated separately, and the ultimate winner is the best of seven, or four. As an added wrinkle, each voter will be restricted to voting three times, although they may choose any three of the seven to participate in.

First, this solves the problem of voter regret. If, after your first vote, you realize you hung the wrong chad, casting the balance of the two remaining votes in opposition will effectively reverse it.

Second, it allows apathetic voters to see which way the wind is blowing. If the first few votes turn out to be very close, then newly interested voters will have the opportunity to express their opinion in the later elections. Turn out the vote campaigns will be freshly energized by demonstrating how important each vote is. On the other hand, if the results can be decided early, those voters can spend their valuable time playing LoL.

Motivated voters can choose to vote early, in the vanguard, in an effort to establish momentum. Others may choose to hang back deliberately, saving their votes for a knock out in the later rounds.

Additionally, if a voter is unable to vote on a particular day because little Timmy fell down the well, this system provides them with multiple opportunities to cast a makeup vote (barring any last day mishaps).

Sounds like a plan?

The other day cperciva answered why strchr returns a pointer. Many other languages do return an offset, but of course many of those lanuages don’t have pointers. Poor things. I happened to be writing a bunch of code using strchr recently, and needed both pointers and offsets.

more...

libexpat calls rand to obtain a secret hash salt. That’s not good. Actually, as far as vulnerabilities go, it’s pretty chickenshit, but perhaps there’s a lesson to be learned.

2012-03-24 - libexpat 2.1.0 released with a fix for an algorithmic hash table attack (CVE-2012-0876). It uses rand() seeded by srand(time(NULL)) to obtain a hash table salt.

2012-04-01 - libexpat 2.1.0 imported to OpenBSD. The rand calls are replaced with arc4random as spotted by deraadt and nicm. April Fools!

2012-04-05 - A public report that using random may be too predictable.

2013 - Tick tock.

2014 - Tick tock.

2015-02-07 - Redhat bug filed. The complaint is not that rand is a poor choice for secret salts, but that calling srand interferes with the proper malfunctioning of other rand consumers.

2016-06-04 - libexpat is the proud recipient of two more CVE awards. By sheer miraculous luck, OpenBSD is not susceptible. Users of other operating systems need not be alarmed as libexpat has been patched to use getpid as a source of entropy as well.

  const unsigned long entropy =
      gather_time_entropy() ^ getpid() ^ (unsigned long)parser;

Lesson to be learned? Sometimes bad things happen and there’s nothing we can do to prevent them. So it goes.

At the bottom of the OpenBSD man page for select is a little note. “Internally to the kernel, select() and pselect() work poorly if multiple processes wait on the same file descriptor.” There’s a similar warning in the poll man page. Where does this warning come from and what does it mean?

more...

A continuation, perhaps culmination, of a series that includes rough idling, firefox vs rthreads, and browser ktrace browsing.

more...

Based on the fact that Ars Technica likes to use a MacBook keyboard to illustrate many of their child porn related stories, I conclude that’s pedobear’s preferred computing device.

Don’t be a creeper: use a ThinkPad.