Documentation is good, so therefore more documentation must be better, right? A few examples where things may have gotten out of control.

more...

Why don’t unix commands have any vowels in the name? cp and mv are obviously devoweled standins for copy and move. But they’re less intuitive for new users. The user wants to copy a file. Why shouldn’t the name of the command be exactly the operation the user wants to perform?

What exactly does the user want to do? Instead of copying files, maybe I want to link two files. What does that mean? In unix, we have hard links and symbolic links. If I replace the “original” file, do I want the link to refer to the original file or the replacement? Or maybe what I mean by link two files is to combine two object files into an executable. Do we call that loading instead? ln is the name of a command, but link is the name of a concept. And sometimes the concept evolves over time. The linker is called ld because it used to be the loader. (I think.)

grep is a remarkably useful tool, but with a most unintuitive name. Why not call it find like Windows does? I want to find some text, I run find. So obvious. But some users may want to find files in the filesystem, not strings in a file. What command do they run? Probably locate.

There may be a great deal of historical accident in the names of commands (what if the inventors of awk had different initials?), but that doesn’t mean we can’t recognize the value of unique and precise identifiers.

Lots of kernel patches yesterday. Several of them, as reported by NCC, involved similar integer truncation issues. Actually, they involved very similar modern 64 bit code meeting classic 32 bit code. The NCC Group report describes the bugs, but not the history of the code. (Some of the other bugs like usermount aren’t interesting. The unp bug is kind of interesting, but not part of the NCC set. Also doesn’t involve integers. Another time.)

more...

Strolling through the book store, among the new titles on display in the politics section was Ratfucked by David Daley. What could this be about? The subtitle, The True Story Behind the Secret Plan to Steal America’s Democracy, conjured up images of telepathic lizard men so I passed it by. A little while later, though, I saw the New Yorker’s review and summary which sounds a lot better. It describes a plan to target particular districts in local elections, win control of the state, then aggressively gerrymander the map to ensure future victories as well. Of particular interest, the summary focused on some local Pennsylvania elections and the damned Arlen Specter library. Sounds great, this is worth a read. In fact, the cover image subtitle for the Kindle version, How the Democrats Won the Presidency But Lost America, is much more accurate and less sensational. (The book title is actually stylized Ratf**ked because the author is a pussy.)

more...

Finally got a chromebook. I was interested in the HP Chromebook 13 since it was first announced as a kind of cheaper Pixel. But then it spent several months on HP’s out of stock list. Now it’s back.

more...

Some quotes pulled from recent New Yorker article on the history of presidential nominations. Who said it and when?

“The Republican National Convention at Cleveland next week promises to be a very dull show.”

“Have no influence in the election on the score of the Negroes.”

“Free the delegates.”

“Americans must rule America.”

“This is strictly a white man’s party.”

“I wish I could slay a Mexican.”

“We stand for the segregation of the races and the racial integrity of each race.”

“In this bright new century, let me ask you to win to your side the women of the United States.”

“Women will decide the outcome of this election.”

“Are the American people fit to govern themselves?”

“The will of the people is crap.”

Source.

The book was better. Watched the SyFy series The Magicians. A short review of the book series.

more...

Here’s a proposal for a new voting system that solves the problems of day after regret and “I didn’t think it mattered” common to current voting systems. Over the course of seven days, seven independent elections are held, each with the same ballots. The results of each election are calculated separately, and the ultimate winner is the best of seven, or four. As an added wrinkle, each voter will be restricted to voting three times, although they may choose any three of the seven to participate in.

First, this solves the problem of voter regret. If, after your first vote, you realize you hung the wrong chad, casting the balance of the two remaining votes in opposition will effectively reverse it.

Second, it allows apathetic voters to see which way the wind is blowing. If the first few votes turn out to be very close, then newly interested voters will have the opportunity to express their opinion in the later elections. Turn out the vote campaigns will be freshly energized by demonstrating how important each vote is. On the other hand, if the results can be decided early, those voters can spend their valuable time playing LoL.

Motivated voters can choose to vote early, in the vanguard, in an effort to establish momentum. Others may choose to hang back deliberately, saving their votes for a knock out in the later rounds.

Additionally, if a voter is unable to vote on a particular day because little Timmy fell down the well, this system provides them with multiple opportunities to cast a makeup vote (barring any last day mishaps).

Sounds like a plan?

The other day cperciva answered why strchr returns a pointer. Many other languages do return an offset, but of course many of those lanuages don’t have pointers. Poor things. I happened to be writing a bunch of code using strchr recently, and needed both pointers and offsets.

more...

libexpat calls rand to obtain a secret hash salt. That’s not good. Actually, as far as vulnerabilities go, it’s pretty chickenshit, but perhaps there’s a lesson to be learned.

2012-03-24 - libexpat 2.1.0 released with a fix for an algorithmic hash table attack (CVE-2012-0876). It uses rand() seeded by srand(time(NULL)) to obtain a hash table salt.

2012-04-01 - libexpat 2.1.0 imported to OpenBSD. The rand calls are replaced with arc4random as spotted by deraadt and nicm. April Fools!

2012-04-05 - A public report that using random may be too predictable.

2013 - Tick tock.

2014 - Tick tock.

2015-02-07 - Redhat bug filed. The complaint is not that rand is a poor choice for secret salts, but that calling srand interferes with the proper malfunctioning of other rand consumers.

2016-06-04 - libexpat is the proud recipient of two more CVE awards. By sheer miraculous luck, OpenBSD is not susceptible. Users of other operating systems need not be alarmed as libexpat has been patched to use getpid as a source of entropy as well.

  const unsigned long entropy =
      gather_time_entropy() ^ getpid() ^ (unsigned long)parser;

Lesson to be learned? Sometimes bad things happen and there’s nothing we can do to prevent them. So it goes.