New security vulnerability! As seen on Bruce Schneier's Blog: Human's aren't secure. Ha!

Link to story

Technorati tags for this post: programming humor security

I had always hoped that Supreme Court Justices where choosen in the following manner:

@candidates      = find_all_legal_professionals();
@qualified       = sort_by_qualifications(@candidates);
@partisans       = filter_by_political_necessity(@qualified);
$final_candidate = most_confirmable(@partisans);

The nomination of Harriet Miers appeared to follow this algorithm:

$final_candidate = find_lawyer_in_radius("10 feet");

Without commenting on the actual qualifications of Ms. Miers, I would suggest that the 2nd algorihtm is somewhat less likely to find a quality candidate, much less a confirmable one.

Technorati tags for this post: politics perl programming

I use Vim Outliner for note-taking. It is an extremely useful tool. However, my files can get long. Vim's folding features are a great way to deal with that: I simply fold up all the irrelevant sections.

What I really wanted was a way to preserve my folds over editing sessions. I found this gem in the vim help documents:

autocmd BufWinLeave *.otl mkview
autocmd BufWinEnter *.otl silent loadview

This automatically executes mkview on leaving a buffer and loadview on entering a buffer -- but only for outline (*.otl) files.

Ah, the joys of a industrial strength text editor!

Technorati tags for this post: Tech vim programming gtd

Why doesn't GNU libc have strlcpy and strlcat?

Link to story

Technorati tags for this post: Tech programming c

Tools, tools and more tools for the codemonkey! Here's a little summary of some of the tools I've been using lately.

SCM and Web Tools:

• ViewCvs: We all love doing "cvs log file.C | more" and then "cvs diff -r1.12 -r1.13 file.C", but I admit that it's really nice to be able to browse the history of your project online. Viewcvs works with cvs and subversion and is used by no less an authority than sourceforge.net.
• Enscript: I discovered this as it is used by viewcvs to syntax highlight and color code for online viewing. I tend to use it like "encript --language=html --highlight --color=1 -t 'Logger.C' -p Logger.html Logger.C".
• eSVN: a really nice looking GUI frontend for subversion.
• GraphViv defines a little language for describing graphs (DAG's and the like). There are utilities for converting the descriptions to beautiful images. See the gallery for examples. GraphViz is so pretty I'll be on the lookout for interesting datasets just so I can graph them.

Code Auditing Tools:

• Flawfinder and Splint are static program checkers that flag uses of "unsafe" functions (like strcpy). I wish the use of tools like this would become common during development.
• http://www.daemonkitty.net/lurene/papers/Audit.pdf: OpenBSD continuously audits its codebase, fixing bugs. When a new bug, or class of bugs is found, the entire code base gets re-audited looking for other instances of the bug. There's wisdom in that! We all know about buffer overflows and string format bugs, but what else have the OpenBSD team been fixing? Certainly you could review the security patches they've issued, or watch the changes to the HEAD of their CVS repo. The paper above is a shortcut: it lists the major flaws found in OpenBSD software.

Technorati tags for this post: Tech programming subversion security

I found an excellent python quick reference today. Its licensed under a Creative Commons "Attribution-NonCommercial-ShareAlike 2.0" deed so I've mirrored it locally.

Thanks The Tao of Mac!

Link to story

Technorati tags for this post: Tech programming python