This is BrainLog, a blog by Dan Sanderson. Older entries, from October 1999 through September 2010, are preserved for posterity, but are no longer maintained. See the front page and newer entries.

January 2008 Archives

January 31, 2008

Bruce Schneier keeps his wireless access point open. This little essay turned out to be quite controversial, and Bruce links to some of the many responses both for and against, and also has quite a collection of comments on his blog.

I don't have much new to add, except a commonplace personal anecdote: I ran my WAP open for a period while we were having problems with one of our devices using WPA security. Several months later, we got phone calls from Speakeasy telling us spam was coming from our IP address, and that it was likely from running an open WAP. That made me wonder, what are the chances that someone within 50 feet of my house is intentionally using my Internet access to send spam?

Only then did it occur to me that the chances could be close to nil and still have this happen: A neighbor doesn't have to be a spammer, just a Windows user. I'm convinced that there exists spambot malware that uses nearby open wireless Internet access instead of using the compromised host's own access to send spam. Several of the responses to Bruce's article conjecture about the possibility of open WAPs being a conduit for the transmission of malware or spam, but I don't see many people confirming the existence of malware that uses open WAPs for spamming or other nefarious purposes. But it seems like a more likely explanation than my neighbor being a willing spammer.

So I wonder: Could compromised machines be used to record and crack encrypted wireless traffic? My neighbor's p0wned Windows box could record my encrypted packets off the air, then it and a network of other compromised hosts (or other remote computing resource) could attempt to break the encryption. I don't know if a long-running analysis of some WPA-encrypted packets could produce my WPA password (I would hope not), but I wonder if it'd be enough to get to the content of the recorded packets. If the quality of the security is measured in the number of seconds it takes a single machine to use brute force to break it, does access to a bot network tip the scale?

This latter question is orthogonal to the issue of leaving your WAP open. Bruce's point is that he has to secure his traffic for transmission over open networks anyway, so he might as well do that at home and leave his WAP open for others to use as a courtesy. But it's sobering to realize that there doesn't have to be a bad actor in my neighborhood for such a courtesy to be exploited. And then I wonder what else a remote bad actor could do with a compromised wireless antenna in my neighborhood...

January 30, 2008

Chain Factor. Game.

January 29, 2008

.Mac (dot-Mac) syncing works so poorly for 1Password in Leopard, Agile implemented their own web service (invitation only at the moment). I started a trial .Mac account just for 1Password, and was very disappointed that I could not get the 1Password keychain to sync correctly. I was all set to enjoy the benefits of a .Mac account that don't by themselves justify $99/year for me (syncing bookmarks, keychains, Yojimbo; iDisk; web gallery; Back to My Mac), but if I can't get 1Password syncing, I may have to back down.

Incidentally, Yojimbo syncing does work with .Mac and Leopard. It seems like 1Password could register itself as a separate .Mac sync service and it'd work. Right now, all it does is assume that anything in ~/Library/Keychains gets sync'd with Keychains. That's not necessarily a false assumption, though: I managed to accidentally wipe my full 1Password keychain when an empty, newer keychain on another Mac sync'd to .Mac, then back to my primary machine. (I had a backup.) I just couldn't get the full keychain up to .Mac and onto other computers, not even by forcing .Mac syncing in the appropriate directions.

Thankfully, it's trivial to copy around the 1Password keychain file, so while it's more of a hassle than automatic .Mac syncing, I can at least use 1Password the way I had hoped, even without .Mac.

January 28, 2008

43 Folders links to a NYT Magazine article on creating writing apps, and another from Slate on "zenware". (Linking to 43 Folders for the commentary.) See also Merlin's review of Scrivener from January '07, and Scrivener itself.

Ars Technica Infinite Loop: iTunes movie rentals: What you need to know.

Engadget's hands-on review of the MacBook Air. While their conclusions match most everyone's premonitions and conjectures, I dismiss the conjectures and declare Engadget's the first honest review, because they touched the thing and took pictures.

January 23, 2008

Flaxo, a new Z-machine interpreter implemented as embeddable Flash. Not done yet, but very promising as a new way to share Z-machine games (text adventures) with a large audience.

January 17, 2008

Macworld's article on the iPhone 1.1.3 update mentions a new feature that hasn't been advertised widely: the ability to manually drop content onto the iPhone. Now you can use multiple computers to add content to the iPhone as you can with the iPod. (You cannot copy files in the other direction, however.)

Also: The keyboard now supports two finger typing.

January 15, 2008

The Flip Ultra Video Camera firmware updater is now available for the Mac.

Unrelated to the firmware update: I had been copying files off the camera and deleting them from the computer. The Flip is fine with copying files off in this way, but it doesn't seem to like the deleting part: Deleting videos via the file system doesn't reclaim the space, even though the files are gone after the delete. I'm not sure if this is true for all Flips or just mine, but one of their tech support guys said they recommend deleting from the camera, not the computer. (Their own software also offers a delete-from-computer option. I'm not sure if it does anything other than just deleting the files.)

In any case, I was able to restore it to factory condition by formatting the Flip like any other drive. Mac users can use Disk Utility (Applications, Utilities, Disk Utility): Select the partition, select the Erase tab, make sure the "MS-DOS (FAT)" format is selected, then click the Erase button. I also had to do some scary things with the partition table, but it was pretty straightforward to get it back to its original state even after I thought I had broken it.

Once formatted, you can use the camera right away, but go ahead and download and run the Flip camcorder software installer (v3.1)—which is different from the firmware updater. There are Mac and Windows versions of this installer.

Unrelated to that: I thought I bricked (completely broke) my wife's Flip by accidentally interrupting the firmware update. The firmware updater started reporting that the camera was in an inconsistent state and could not be updated, and to call customer service. But first, it said to try again with the batteries out. That didn't work for me, but after leaving the batteries out overnight, the camera was working again the next morning. So that's something to try.

In general, I'm very impressed and satisfied that the Flip is designed to behave in the simplest possible manner wherever possible. Other than the delete-via-filesystem problem I encountered, even technical procedures like accessing the filesystem, updating the software and resetting the device are all mostly straightforward. (I can also report that their telephone tech support service was easy to use. :) )

Sacha Chua on Emacs Remember for quick out-of-context note taking. Sacha is writing a book about Emacs, and posts regular updates and Emacs articles to her blog.

A reddit thread about Emacs configuration has a few tips in it that were new to me. See also popular .emacs files uploaded to and (which is different, apparently).

January 11, 2008

So far I've been able to resist consumer-grade sub-$1000 digital SLRs. I'm not a very visual person (to my surprise), and I guess I've never believed that I could have an appropriate amount of fun with a nice camera.

Casio has announced the EXILIM Pro EX-F1, a $999 digital SLR that can burst shoot at 60 frames per second for 1 second at full resolution (no flash; 7 fps with flash; 5 fps continuous for 12 seconds), record 1920x1080 HD movies at 60 frames per second, and even higher fps rates at lower resolutions all the way down to 336x96 at 1200 frames per second. Now that's fun.

January 10, 2008

Newbie Emacs tip: Last April I described several ways to customize colors in Emacs. In particular, I mentioned that a blanket setting for a color can be annoying if you use Emacs both in a windowing system and in a color terminal, because the terminal will attempt to approximate the colors you chose carefully from 16 million options from its 16 (period) options. My subtle dark green background (#003344) becomes an unusable bright green in a terminal.

My original solution was to test whether Emacs was running in a window system using an (if ...) block and the (window-system) variable, which is nil (false) when Emacs is running in a terminal. This works great if you run a fresh instance of Emacs in your window system or in your terminal: .emacs loads, does the check, and sets the right things for the environment.

This does not work so well when you use the same instance of Emacs in both the window system and the terminal.

To explain that last sentence, let's consider another Emacs feature briefly. Emacs Client lets you invoke an already running instance of Emacs from another program for the purposes of visiting a file. This is especially useful for programs that try to open an editor to let you edit configuration or enter a paragraph of data, such as crontab -e or svn. Instead of opening a fresh instance of Emacs and waiting for all of your .emacs to load, it just tells the already running Emacs to visit the given file. Close the session, and control goes back to the calling application.

In Emacs, type M-x server-start to start the server. (To start the server every time Emacs starts, add the line (server-start) to your .emacs file.) With the server running, open a shell in a terminal window, find a file to edit, then type the following command:

emacsclient filename

Emacs visits the file, and the terminal reports it is waiting for Emacs. Switch to Emacs, edit and save the file if you like, then type C-x # (control-x shift-3). The buffer goes away, and control returns to the terminal.

There are a handful of standard things to say about Emacs Client, such as how to get it to open Emacs (or something else) when Emacs isn't running, how to tweak its behavior to open a new frame for the new file instead of reusing an existing one, and so forth. I'm going to skip those for now, so see the Emacs wiki article on Emacs Client for more. (That page needs some updates, so I might do a newbie tip on this later.)

When Emacs is running in a window system, Emacs Client uses windowed frames (existing ones by default). When Emacs is running in a terminal, Emacs Client uses that terminal "frame." So how do you use one instance of Emacs to open both a windowed frame and a terminal frame?

Why would you want to? Well, say you leave Emacs running all the time on your favorite machine, with all your favorite libraries loaded and all your project files open in dozens of buffers. If you're not where your favorite machine is (at work, at home), you might access your machine remotely with a terminal (hopefully via ssh). Normally, doing so leaves you stranded from your Emacs instance. By itself, Emacs Client doesn't help you here: If you're running a windowed Emacs, all emacsclient can do is visit files in windowed buffers, inaccessible from your terminal.

Enter MultiTTY, a new feature destined for Emacs 23. MultiTTY adds a flag to emacsclient that tells it to create a terminal frame for the file you're visiting, even if Emacs is running in a window system. It's the same Emacs instance, and you can access all of the open buffers from the terminal frame. Best of all, it opens instantaneously, because it doesn't have to load libraries and configuration.

Running the latest experimental version of Emacs is pretty straightforward. It's not a "newbie" level task, but I recommend it as a next step once you're comfortable with managing files and command paths for your shell. In addition to letting you play with the latest features, it gives you more control over how Emacs is set up, regardless of whether or not you have administrator access to the machine you're using.

I mentioned how to build the latest experimental Emacs for Mac OS X back in 2006 because at the time Emacs 22 had not yet been released, but its spiffy Mac OS X support was already implemented. I won't go into any more detail on how to check out and build Emacs, but see that article for the commands. Non-Mac users, remove the --enable-carbon-app flag. If you don't have administrator access to the machine you're on, use the --prefix option to change the installation directory (e.g. --prefix=~/apps/emacs), then adjust your shell's command execution paths accordingly once it is installed.

Why did I start this tip with a discussion of color settings? Now that we're using a windowed Emacs for everything including our terminal-based sessions, our (window-system) test no longer does the right thing. Emacs starts up windowed, sets the default colors for new frames, then keeps on running. A MultiTTY frame is just a new frame, and so it uses the defaults—including a nice bright green background.

What we really want is code that executes for each new frame, checks whether the frame is windowed or terminal'd, then sets the colors. Naturally, there's a hook for that: 'after-make-frame-functions The following code defines a function that sets colors for a frame depending on whether or not the frame is windowed, then adds that function to this hook:

(defun my-set-display-for-windowed-frames (frame)
  "Set display parameters for the current frame the way I like them."
  (select-frame frame)
  (if (window-system frame)
	(set-background-color "#003344")
	(set-foreground-color "white")
	(set-cursor-color "red"))))
(add-hook 'after-make-frame-functions 'my-set-display-for-windowed-frames)

We need to do one more thing to complete the picture: This code is sufficient to get all frames created after the add-hook to get configured by the function. However, the first frame Emacs opens when it first starts up is opened before .emacs is evaluated, so it doesn't get the colors. Thankfully, the frame settings are wrapped in a function, so we merely need to call it on the already-opened frame:

(my-set-display-for-windowed-frames (selected-frame))

* * *

One more thing about MultiTTY and Emacs Client: If you already have Emacs Client set up and you have configured it to open a new frame when it starts and delete the opened frame when it stops, you might want to reconsider: emacsclient -t ... handles the opening and closing of the terminal frame automatically. If you have a server-done-hook that calls (delete-frame) without verifying that the frame it's deleting is the one you want deleted, emacsclient -t ... will delete one of your other frames on its way out the door. Emacs won't let it delete the last frame, but it can still cause headaches. Similar behavior that accounts for emacsclient -t ... shouldn't be too difficult to implement, but I don't yet have something to share.

Ryan McGuire has neat scripts for running the main Emacs instance hidden inside a screen session, then using emacsclient -t ... for everything. Of course, run in this way, Emacs starts up without a window system, and to my knowledge there is no way to open windowed frames from a non-windowed Emacs instance, so this is only useful for running Emacs only in terminals. But windows are overrated.

January 9, 2008

Cursor*10, a short but challenging puzzle game [Flash]. Run your cursor up flights of stairs (click on stairs), then run the same sequence of time again using a second cursor that plays alongside the first. Some puzzles require cursors from previous plays to do the right thing to allow the later cursor to succeed.

In case it helps anyone to know this, while the Flip Ultra camera firmware updater only comes in a Windows version and not a Mac version yet, I can report that the Windows version does run successfully in Windows XP inside Parallels. It takes a while, but it works. (Part of the time is spent backing up the contents of your camera, which is nice.)

Pure Digital's site still says they'll have a Mac version sometime this month.

January 8, 2008

1Passwd, a password manager and automatic form manager for Mac OS X. Supports secure password generation, multiple browsers, syncing with .Mac, and more. Consider this a reminder to get your passwords in order for the new year.

I still have the problem of needing to access important sites from multiple terminals, and I don't have a .Mac account, may not be willing to use .Mac with some Macs, or some terminals may not be Macs. But if the alternative is to have horrendously insecure passwords on my bank accounts, I wonder if it's worth just giving up the ability to log in to some sites from lots of different computers. I also wonder if "security questions" and other such nonsense make secure passwords a moot point for thieves.

But 1Passwd can really shine for unimportant sites that require passwords, sites I don't need to use from just anywhere, sites I'll probably never use again after the first time, sites that may be run by small outfits with less than desirable security measures in place to protect my raw password which may or may not reveal how to access my accounts on other sites unimportant to me that might become important someday like Facebook. Using secure, complex, random, unguessable and unique passwords for the unimportant sites and a utility to manage them ensures that the stuff for which I'm not willing to put in the effort of picking a good password won't someday bite me in the ass.

January 7, 2008

Peggle, a new Mac game from PopCap that will most assuredly have you paying the $19.95 registration fee at the end of the free 60 minute demo. Despite a simple physics model, it's somewhat random, but stellar graphics, sound, music and good design make most random or otherwise unexpected behaviors very rewarding.

The Easiest Hard Problem, by Brian Hayes for American Scientist.

Utility Mill hosts small Python web utilities for free. Use their utility creator to define input fields and the Python code that take those inputs and produces output. Users see a simple web form to submit inputs, and a text box containing the output of the script. All utilities also get a "REST" interface. And any registered user can edit the code of any utility, wiki-style. Cute!

January 5, 2008

SAG actors will not cross the WGA picket line to attend the Golden Globe awards ceremony on January 13th. NBC is still planning to go ahead with the event, and hopes to announce a deal that will allow the awards to proceed with actors present. Go WGA!

January 4, 2008

How to enable secret features in Mac OS X Leopard's screen sharing application. Control remotely or observe only, allow remote system to be locally controlled or lock it out, allow remote system's monitor to show what's going on or lock it out, remote screen capture, full screen mode, quality vs. speed control, ability to run screen sharing as a launchable application instead of from a Finder window.