Tuesday, August 24, 2010

Human-Readable Dired in Emacs

In emacs, dired defaults to

ls -al

format, but I would prefer

ls -alh

For example, I'd rather see this:

total 200M
drwx------ 2 jdm jdm 20K Mar 24 22:00 .
drwxr-xr-x 9 jdm jdm 52K Mar 21 03:04 ..
-rw------- 1 jdm jdm 520K Mar 24 21:03 252.jpg
-rw------- 1 jdm jdm 1.4M Mar 24 21:04 253.jpg
-rw------- 1 jdm jdm 1.3M Mar 24 21:04 254.jpg
-rw------- 1 jdm jdm 1.3M Mar 24 21:05 255.jpg
-rw------- 1 jdm jdm 1.3M Mar 24 21:05 256.jpg
-rw------- 1 jdm jdm 1.1M Mar 24 21:05 257.jpg
-rw------- 1 jdm jdm 1.1M Mar 24 21:06 258.jpg

as opposed to this:

total 204060
drwx------ 2 jdm jdm 20480 Mar 24 22:00 .
drwxr-xr-x 9 jdm jdm 53248 Mar 21 03:04 ..
-rw------- 1 jdm jdm 532078 Mar 24 21:03 252.jpg
-rw------- 1 jdm jdm 1369711 Mar 24 21:04 253.jpg
-rw------- 1 jdm jdm 1285739 Mar 24 21:04 254.jpg
-rw------- 1 jdm jdm 1320355 Mar 24 21:05 255.jpg
-rw------- 1 jdm jdm 1328517 Mar 24 21:05 256.jpg
-rw------- 1 jdm jdm 1101028 Mar 24 21:05 257.jpg
-rw------- 1 jdm jdm 1077152 Mar 24 21:06 258.jpg

The fix was this line of Lisp added to the end of my .emacs file:

(setq dired-listing-switches "-alh")

Monday, August 23, 2010

Security on the Client Side

Common--and good--advice is to not trust the client. If an organization has no control over the client, as is the case in web-based client-server applications, the client is not trustworthy. The Milwaukee Journal-Sentinel's Packer Insider is a very good low-stakes example of a site that has gotten this wrong. The Packer Insider is intended to be a subscription-only service, but I was reading it for a while, perhaps a long while, before I realized I was reading for-pay content.

If I visit http://www.jsonline.com/sports/packers/ in Firefox I get full access. If I visit it with Opera or Chrome, and click one of the Insider links, I get a login screen. What's the difference?

The difference is NoScript, an indispensable Firefox tool. NoScript is not intended to circumvent security, but rather to enhance client-side security. The idea is that if I let any given web site execute any script it wants on my machine, my personal data and the integrity of my machine are at risk. NoScript also helps me limit more obnoxious advertising by selectively shutting off Flash, JavaScript, Java, etc. NoScript uses a default-deny model, meaning that sites are not allowed to run client-side scripts unless I assent. NoScript is not for everyone because it does cause problems with some sites and it does require some effort on the part of the user, but it does provide a much safer browsing environment.

So, if I disable scripting, I get a much cleaner, more pleasurable view of the Journal Sentinel's Packer pages. As a side effect, I also get access to the Packer Insider materials. This is due entirely to poor security architecture at the Journal Sentinel's site, and, IMHO, strong evidence that the design was not done by an experienced professional. OTOH, there may have been other constraints making this desirable, and they may not actually care. If I were to lose access to these pages, I wouldn't really care because the Green Bay Press Gazette has comparable content that's openly-available.

As an aside, there are those that think it is bad to disable advertisements that support web sites. I have sympathy for this view, but I don't want their scripts running on my machine, eating cycles, providing animations which make it difficult to concentrate on the actual content, and, in extreme cases, making noise or damaging my system. I will aggressively block Flash, animated GIFs, etc., that damage the user experience.

This shows a general advantage of server-side over client-side scripting. Providers have a better idea of what their pages look like on the client side if they use server-side scripting--which is controlled by the provider--rather than client-side scripting, which is controlled by the end user, the browser, malware, etc.

Summary: security must be on the server side.

Sunday, August 22, 2010

BOINC, Social Good, and Energy Consumption

Apropos of nothing, do you have BOINC running on any of your machines? I installed it a day or two ago on my HP and on my work laptop. Already I've made a material contribution to some important projects that can't afford supercomputer time; something to do with a disease I think. Anyway, I'm a member of the World Community Grid and Einstein@Home, but I'm thinking about dropping the space stuff in favor of the terrestrial problems [ ... ].

The real question is, what's your take on this stuff. Am I contributing more to the energy companies than to the advancement of human knowledge?

I used to run SETI@Home on a few systems. I noticed that my laptop was always hot when I ran it, so I stopped using it there and then gradually stopped using it altogether. That may be BOINC-based now. I also tried to donate cycles to some Brit climate project a while back, but they didn't have Linux support.

Even on a non-laptop it does cost you power. Most current CPUs have frequency scaling, and use much less power when running at lower frequencies. Gnome has applets that let you monitor CPU frequency and temperature if your hardware supports it.

I don't know how to weigh energy use vs. benefit to mankind. It will cost more when run in an air-conditioned room since you pay the electric company to heat the machine and then pay the electric company to cool the room containing the machine. OTOH it could save you a tad on heating in the winter (at OSU we had an Intel hypercube that could easily heat a couple rooms). If your machines suspend after a couple hours of no keyboard or mouse activity, then the impact may not be very large. I'd be leery of running it on a laptop, especially if it keeps the machine from suspending (as SETI@Home did a decade ago).

Soundtrack: "Danger" by the Motels

Friday, August 20, 2010

Cousin Done Good

Tracy Hamlin has been elected by judges and the SQL Server community as the Exceptional DBA of 2010. See http://www.exceptionaldba.com/hall-of-fame/

Sent from my iTouch

It seems pretty common nowadays to get e-mails with statements such as Sent from my iTouch and the like appended. This is analogous to the advertisements that HotMail used to stick on e-mail messages. Why do people want to send advertising copy with their e-mail? Didn't you pay for your iTouch? If so, why provide Apple (or whoever) with free advertising? My advice would be to remove such tripe from e-mails, or, if you can't, then be very ware that you are not in control of the image you project when using such tools.

Soundtrack: "I Robot" by The Alan Parsons Project.

Wednesday, August 11, 2010

Free Slater!

When people are repeatedly placed in untenable positions, outcomes are not always positive. Blame the airlines and the TSA if passengers and flight attendants snap. The airlines and the TSA have been steadily making air travel less pleasant, to the point that, even if one looks forward to a trip, very few of us look forward to the flight any more. In fact, when traveling, the flight is the major stressor, as the most likely place that a trip can be derailed.


Monday, August 9, 2010

Where I've Been, Domestic Edition

This application is created by interactive maps.
You can also have your visited states map on your site.

If you see this message, you need to upgrade your flash player.

Make your visited states mapFlex charts

Where I've Been

This application is created by interactive maps.
You can also have your visited countries map on your site.

If you see this message, you need to upgrade your flash player.

Make your visited countries mapFlash charts

Sunday, August 8, 2010

Man, I Knew It

From the USA Today site:

Scariest airports

Four U.S. airports made SmarterTravel's list of the world's scariest airports for takeoff and landing:

[ ... ]

Also making the list: Gibraltar Airport in Gibraltar; Toncontin International Airport in Tegucigalpa, Honduras; Paro Airport in Paro, Bhutan; Barra Airport in Barra, Scotland; La Aurora International in Guatemala City; and Wellington International in Wellington, New Zealand.

La Aurora requires an unusual maneuver in which a landing plane banks steeply and then thuds down. The jet I arrived in from Ft. Lauderdale did this, and a few days after my arrival, I was walking north of the airport and saw a Cessna perform the same maneuver. I think La Aurora is scariest, though, due to the lack of facilities in the international terminal. Probably the least pleasant airport I've ever had to fly from. And as I'm wont to say, Vasco da Gama never had to put up with airlines and airports when he traveled the world.

Saturday, August 7, 2010

Surprising Bogosity from PearsonHigherEd.com

Pearson usually supplies instructor supplements to texts in Zip archives. Fine. But the PowerPoint slides for Sebesta's Programming the Web 5th ed are in an archive with an extension .sitx. A little searching says this is a StuffIt archive, a proprietary format. Why? Are they going out of their way to make sure some of their customers can't access the materials? StuffIt's free unroller isn't even available in a Linux version, making the 10MB archive useless wasted space on my hard drive.