Scrawl's OpenMW Update

I got an email last night from scrawl, the programmer I support on Patreon that does much of the work to maintain OpenMW, the modern open-source port of Morrowind that I’ve been using for the past eight months. His update, entitled ‘Taking a Break’ is for backers only, but here’s a small excerpt:

After a lot of thinking and some sleepless nights, I have decided that I need to take a break from “full-time” computer work, for as long as it takes me to significantly improve my physical condition.

Basically, the hours he’s putting in programming are taking a toll on his health, and he was quite sick for most of June. Scrawl should absolutely take the time to get better given the impact his project is having on his health.

But, as a fan, this is a huge blow. Many very talented programmers burn out, and once that happens, they often never really recover. When I was in my 20s, I didn’t really understand ‘work-life balance’; I always thought it was a euphemism for “don’t work too hard”. Now that I’ve been programming professionally for more than ten years, I’ve found that it’s really about how to sustain productivity for many years.

In any case, I wish scrawl the very best, and thank him for the tremendous work he’s put in to make OpenMW one of the highest quality open-source ports I’ve ever seen.

Emacs' Builtin Templating

I use Hugo for blogging. It statically generates the site, which means I need to type up a markdown file for every post. This should be so easy that I can do it at a moment’s notice, without thought. But there’s a bit of formatting that goes into the headers for such a file, so let’s streamline the process using Emacs.

There are a lot of templating options for Emacs, but my philosophy with almost all software is that you should use built-in functionality if it covers your needs, resorting to external projects only when the functionality gain outweighs the ongoing cost of maintaining a dependency on the external project. Luckily, Emacs has a couple of built-in systems that make this task easy.

For this task, we’ll use the Skeleton language in conjunction with abbrevs. Skeleton allows us to define functions that automatically insert the template text, and abbrevs allow us to invoke those functions when we type short codes in the buffer.

First, the skeleton:

(define-skeleton new-blog-post-skeleton
      ; Description of skeleton
      "Create a new blog post for Hugo"
      ; placeholder, since we're using skeleton-read directly
      ; Remaining lines are just concatenated together
      "---\nlayout: post\ntitle: \""
      ; Forms are evaluated and the result included
      (skeleton-read "Title: ")
      "\"\ndate: "
      (skeleton-read "Date: " (format-time-string "%Y-%m-%d")))

This uses skeleton in a bit of an unconventional way, since it inlines the skeleton-read function so we can write a template that contains multiple values. With that caveat out of the way, the code is actually pretty simple. The first three arguments are fixed:

  1. The name of the skeleton being defined.
  2. A description of the skeleton
  3. A prompt used to gather input

We disregard (3) here since we use skeleton-read directly. Any argument beyond the first three arguments is just concatenated together to get the final template. Strings are handled as-is, and forms are evaluated, with their result (a string) concatenated like a normal string would be.

In this case, we use the form skeleton-read, which is a function that prompts for user input, accepting an argument for the prompt text, and an optional second argument for the default text to be used. We leverage the second argument to default to today’s date, which we can fetch and format using format-time-string.

Now that we’ve defined the skeleton, we just have to find an easy way to activate this function. Enter abbrev mode. We can use the short code =nbp= (for New Blog Post) to activate the skeleton code:

(define-abbrev global-abbrev-table "nbp"
  "" 'new-blog-post-skeleton)

(setq default-abbrev-mode t)

Expectations and Disappointments

There are really two ways to consume entertainment: look at what’s available and choose, or imagine what you want and search. The approach you choose largely determines whether you’ll be happy or disappointed.

When I open Netflix, for example, if I’m looking for the latest movie, or even a specific movie a friend recommended, I’ll be disappointed. If I open Steam hoping that I can play The Witcher 3 on my Linux machine, I’ll shake my head and wonder if Linux users will ever get a good gaming experience. If I open Google Play Music and want to listen to A State of Trance 2016, I’ll end up closing the tab, wondering why I pay a monthly fee for the service.

On the other hand, if I open Netflix looking for something interesting to watch, I’ll be delighted. If I open Steam and look at all the games I can play on Linux, I’ll think the future is bright for Linux gamers like me. If I open Google Play Music, I’ll discover I can listen to almost anything I want. Almost.

And that’s good enough, as it turns out. I’m perfectly happy with the options I have. But if I imagine a world where I have every option, suddenly the real world will be disappointing. The only difference is my expectations.

Bullet Journal

I’ve struggled to find a good task/appointment management system for years. I am an org-mode adherent, and I believe org mode is unmatched for notes, drafts, journals, and general prose. It also handles day-to-day to-do lists and calendaring, but those features never really stuck for me.

I’ve tried other systems, like TaskWarrior and todo.txt, which I wrote an Emacs mode for.

As an aside, I pretty much believe in cryonics, the singularity, that this entire thing might just be a simulation, and that The Matrix was an amazing movie.

System Failure

My point is, as much as it pains me to say this, there is a huge advantage for me in tracking events and ‘action items’ with a physical pen and actual dead-tree paper. There’s something about opening a small book, reviewing past items, bringing them into an up-to-date entry, reviewing the monthly schedule, and consolidating items that gives my mind something tangible to handle and become familiar with.

In most of my dealings, I seek minimal contact with the system I’m manipulating; I consistently seek automation everywhere, so the slightest action on my part leads to cascades of events that eventually result in the desired outcome. Computers are handy for this.

But when it comes to events and tasks that I am responsible for, I find that reviewing them, rewriting them, and consolidating them on a daily basis helps me grow an organic feeling for their weight and momentum. I need a feel for what’s coming up, and paper provides that.

But I also need structure. So I’ve settled on using Bullet Journal.

Bullet Journal

I don’t use all the modules. I do use rapid logging, along with the future log, daily log, and monthly log. I don’t find the index or signifiers particularly useful, though. But laying down tasks and migrating them forward consistently is a remarkably effective way to keep the important things in mind. I’m not sure what sort of digital system would be quite as…tangible.

The Adventures Of Tracking OpenMW Master

I love OpenMW, but if you move off the stable releases for some reason, things get interesting. There was an odd bug in 0.38 that would cause some saves not to load. When I asked scrawl about it, he said it was fixed in nightlies, so I checked out the git repo and started compiling and playing nightlies. Then the fun began!

Just as scrawl said, the save game bug was fixed, but a few days later, I updated and suddenly elves’ faces were untextured (i.e. completely black), so I started rolling back commits until it worked again.

A couple of weeks later (today), I thought maybe the texture issue was fixed, so I rolled forward to the latest master and recompiled. The face textures worked. Then I went to the Caldera mages guild and there was no one inside. Then I loaded an older save in Vivec, and found that the game had stopped loading actors in interior cells!

It’s awesome tracking scrawl’s work (I subscribe to the github RSS feed for commits on master), but I do find myself tagging ‘working’ commits so I can easily go back to them when the newest builds throw a curve ball.

Amazon Drops Device Encryption

Even as the debate about whether the All Writs Act of 1789 can be used to compel a company to write new software that compromises the security of its own devices continues, Amazon has quietly removed all support for full disk encryption in their latest version of Fire OS, based on Android 5.0 ‘Lollipop’ (which has native encryption support). I discovered this while attempting to upgrade my 4th generation Kindle Fire, but got an error message indicating that I needed to backup all my data, do a factory reset on my device to remove encryption, and then install the update, since Fire OS 5 does not have support for encryption. Amazon did link to a page on their site explaining this, but it appears to not be indexed and I haven’t been able to find it again. Amazon’s removal of such a core privacy feature is somewhat surprising, since it represents a bit of a break from other high-tech firms like Google, Facebook and Twitter who have publicly expressed support for Apple’s stance that it will not subjugate the privacy of its users to government whims.

Copyright Extensions

2016 brings us a new year, and with it, more copyright extensions. Techdirt’s coverage makes two points worth mentioning about the works that should be entering public domain, but aren’t:

  1. At the time they were created, the copyright term of 56 years was enough to incentivize the creation of the work. Odd then, that they should retroactively be affected by copyright extensions.
  2. Many of the works themselves were based on public domain works, like Ben-Hur, Sleeping Beauty, and Journey to the Center of the Earth.

When discussing public domain vs. copyright, the conversation often treats the copyright as the value generator, and the public domain as a corresponding loss of value. The second point is a nice counterpoint to that arguement, since it highlights the creative value society derives from public domain works.

You can find the full list and some discussion on Duke’s Center for the Study of the Public Domain.

Wireless Laptop Docking

Lenovo announced WiGig wireless docking as part of their new X1 Carbon refresh. I’m guessing no Linux compatability, so probably not all that useful for me, but still.

This short range, high speed (4.6 gigabits per second) technology uses 60GHz radios to transmit video, USB 3, and Ethernet data…[and has] DisplayPort, HDMI, USB 3, USB 2, audio, and gigabit Ethernet ports, and makes docking as simple as putting the laptop near the docking station.

Imagine the coverage if this were an Apple announcement.

Playing Morrowind with OpenMW

OpenMW is a full-featured, GPL-licensed rewrite of the Morrowind engine. During my end-of-year vacation, I discovered that OpenMW has made incredible progress since I last looked at it a couple of years ago, and now plays Morrowind almost flawlessly on my modest Linux laptop. GOG has made a DRM-free version of Morrowind available, so even if you’ve never purchased Morrowind before, it is easy to get started, even if you’re a Linux or OS X user.

Morrowind makes an incredible platform for storytelling, and projects like Tamriel Rebuilt are very promising examples of how a game can become a platform for interactive community storytelling.

There are a handful of active contributors but scrawl really stands out. If you want to support the project, he has a Patreon page.

France tells Google to remove search results globally, or face big fines

Ars Technica reports that France wants Google to apply its ‘right to be forgotten’ requests globally, rather than only within France. I’d be happy to see Google respond by simply removing their services in France entirely. Imagine if, for example, China made the same demands?

Emacs Hydra for Music Control

Hydra is a hugely powerful framework for setting up key bindings in Emacs. When I first learned of it, I didn’t really understand the use case, but after having built a few hydras to manage daily tasks, it’s starting to sink in. A hydra is basically an ephemeral key mapping with pre-defined conditions for termination. For example, one key might execute a command, but retain the key mapping, while another is designed to execute it’s command and restore the previous key mapping. I use Hydra to manage all my programming and project key accelerators, but it’s also great for quick tasks that can come up at any time, like controlling music. Here’s a hydra to manage Bongo, my preferred music player.

(defhydra hydra-bongo (:color blue :hint nil)
Bongo control
_l_: library     _p_: pause/resume     _s_: stop
_b_: back 10s                        ^^_f_: fwd 10s
_B_: back 60s                        ^^_F_: fwd
  ("b" bongo-seek-backward-10 :color red)
  ("f" bongo-seek-forward-10  :color red)
  ("B" bongo-seek-backward-60 :color red)
  ("F" bongo-seek-forward-60  :color red)
  ("l" bongo)
  ("p" bongo-pause/resume)
  ("s" bongo-stop)
  ("q" nil "cancel"))

(global-set-key (kbd "C-c b")   'hydra-bongo/body)

The default keybinds for library, pausing and stopping are all terminal (blue) heads, while the commands to seek forward and backward are non-terminal (red) heads. Why use Bongo instead of a regular desktop music player? Partly because manipulating libraries, playlists and music playback is much easier and more customizable from within Emacs!

One of the things that makes Emacs so unique and powerful is that workflows like this are easy to create, and make working a pleasure, instead of a chore, since everything you use often can be accomplished with such ease. It’s a lot of fun.

KISS Launcher (Android)

I’ve used Android since the TMobile G1 came out, and I settled on Nova Launcher for years; it really offers more customizability and power features than any other launcher I’ve tried. As an experiment, I decided to switch the (FOSS) KISS launcher last month, and to my surprise, I’ve stuck with it. It offers very few features: it simply allows you to execute a substring search for and app name to launch it. It also searches settings modules and contracts, but it’s quite disciplined in its constraint, and I suspect I’ll stick with it for some time.

Android Wear on iPhone

This is a major engineering achievement. So far, Pebble has been going it alone with dual OS support in the smartwatch world, so this is a big change for the smartwatch scene.

Handling of the 2013 Bitcoin Blockchain Fork

Bitcoin (the blockchain, really) is one of the most significant advances in computer science in the last decade. This piece on Freedom to Tinker is a in-depth looking at how the 2013 blockchain fork was resolved. It’s notable that a fundamentally decentralized system benefited significantly by both centralized decision-making and hashpower. The lesson may be that we should develop and use systems that afford federation, but allow for centralization.

New Chosen-Ciphertext Attack over Airgap

This new chosen-ciphertext attack on common encryption software is really impressive:

We successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP standard), within a few seconds. The attack sends a few carefully-crafted ciphertexts, and when these are decrypted by the target computer, they trigger the occurrence of specially-structured values inside the decryption software. These special values cause observable fluctuations in the electromagnetic field surrounding the laptop, in a way that depends on the pattern of key bits (specifically, the key-bits window in the exponentiation routine). The secret key can be deduced from these fluctuations, through signal processing and cryptanalysis.

via Schneier on Security

Surveillance Aircraft

At the beginning of June, the Associated Press broke a story about a fleet of small aircraft registered to fake companies that are being flown over U.S. cities on a regular basis. The planes were traced back to the FBI, which has been identified as running operations in at least 11 states using at least 50 aircraft, logging around 11 flights a month.The planes carry high resolution cameras that photograph continuously, and in some (rare) circumstances, an IMSI-catcher, which tracks all cell phones (in use or not) in the area visible to the aircraft as it flies (cell phones use line-of-sight frequencies, by and large).

When the story first broke, I wasn’t sure what to think. Having just read Nothing To Hide and Data and Goliath, privacy issues were fresh in my mind. Today, I got the chance to listen to a RadioLab episode called Eye in the Sky, about a company called Persistent Surveillance Systems which flies small aircraft over urban areas. The episode gives rare insight into not only how the technology works, but also how citizens (and reporters) respond to it when they grow to understand it.

The technology was tested in in Dayton, OH, and the test went well, demonstrating that the planes could be useful in fighting crime. The subsequent town hall meeting that was held to discuss the adoption of the technology did not go very well, however. Some citizens of Dayton were concerned about being watched all the time, everywhere they went. As a result of that meeting the police in Dayton did not adopt the technology, but may in the future. But the citizens got a voice, and there was a discussion.

It would be surprising if the FBI were not using technology that is largely identical to what Persistent Surveillance Systems uses, though probably more invasive, given their use of IMSI-catchers. The fact that there has been no public discussion of the use of the technology, and that the FBI has taken extensive measures to hide their use of the planes as tools of mass surveillance over United States cities is concerning. It seems reasonable to expect that the citizens of a democracy should have a say in how law enforcement operates, and should not be intentionally deceived by law enforcement agencies.

If you’re interested in this kind of stuff, be sure to give the RadioLab episode a listen.

Copyright, Music and the Internet

I wanted to pen a long post discussing Cory Doctorow’s Information Doesn’t Want to Be Free: Laws for the Internet Age and how it relates to Taylor Swifts two-day-old yet now-famous letter to Apple. As is often the case, Mike Masnick wrote up my thoughts better than I ever could. Although I only just started Cory Doctorow’s book over the weekend, I am amazed by how well he articulates subtle issues surrounding copyright and the internet. I highly recommend giving it a read if you’re interested in the subject matter.

Single Point of Failure

One argument against having the government develop dossiers on every citizen en masse is that it introduces a single point of failure: if that repository is breached, all data is compromised in one swift stroke. This phenomenon is nothing new. Insurance companies have detailed information about the insured, and those repositories have been targeted, as we saw earlier this year in the Anthem attack that compromised the information of 8.8 million people. The government also collects lots of information on workers that it gives security clearances to, naturally. The information is quite detailed for a Single Scope Background Investigation, and that information is compiled into an 127-page SF-86 form (pdf, if you’re curious). It turns out those forms were compromised in the latest attack made by China on U.S. government databases. Decentralized systems are more robust because they avoid a single point of failure, and can still authorize parties to retrieve information as needed. One project that trends in this direction is Unhosted, which separates the concern of hosting the application from the concern of storing the data. ReadWrite has an explanation of the architecture.

Amazon CA

Looks like Amazon is going to be a CA, and not just for users of AWS or other Amazon services. Companies like Google and Yahoo have been taking bold steps to provide encrypted email, and Let’s Encrypt looks like very promising project to provide free SSL certs to everyone. Apple’s Tim Cook has publicly stated that encryption is vital, and was joined shortly thereafter by the UN. I’m excited to see Amazon joining in.

You are your Password

Project Vault (being discussed at Google I/O right now – no links online yet) analyzes device usage in real time to produce a live-updated trust score that can be adaptively applied to various actions the user of the device attempts to make. Use case: trust score drops below 50, may allow user to play a game, but not launch a banking app. Very smart idea.

EDIT: It turns out that I’d conflated Project Vault with Project Abacus. Project Vault is a microSD ARM computer that handles trusted operations on Android phones via a faux FAT-filesystem interface. Also cool, but not what I originally posted about.

Arguing the Obvious

How can we possibly be arguing this much about something so blindingly obvious? If APIs are copyrightable, then there’s no point in creating them. The whole point of an API is to create compatibility and interoperability.

Browsing on Android

I still haven’t found a great browser on Android. I used Firefox for some time, but it had rendering issues. Chrome is closed source, which I try to avoid. Oddly, a Chromium build was never available, so I stuck with WebView wrappers like Lightning, which I can also load on my non-Play devices (Kindle Fire). Turns out, there were no Chromium builds because the code wasn’t open source…but that’s changing according to aurimas_chromium on Reddit. I’m looking forward to having Chromium show up in F-Droid!

Full Disk Encryption for the Masses

One of the best side-effects of full-disk encryption is that “factory reset” functionality is a no-op, since it doesn’t rely on complex and potentially error-prone disk wiping routines. It turns out that Android suffers from exactly those sort of faults.

Breaking Primes

Schneier has posted about Logjam, a method for subverting encrypted connections by downgrading cipher strength during key exchange. Much more fascinating is the discussion that the NSA has likely factored one or more of the primes used widely to initiate TLS, SSH and VPN connections.

Privacy of Cell Phone Metadata Unclear

It’s been a very interesting couple of days. Yesterday, the 11th Circuit Court of Appeals found that a person does not have an expectation of privacy with respect to his or her location if they are carrying a cell phone. The full PDF of the decision is available. Two judges penned a compelling dissenting opinion, in which they insightfully pointed out that:

…as far as I can tell, every argument the government makes in its brief regarding cell site location data applies equally well to e-mail accounts, search-engine histories, shopping-site purchases, cloud-storage files, and the like.

So that case was with respect to police requesting cell location information from cell providers, and was essentially based on the third-party doctrine.

Today, the 2nd circuit handed down a related but differing opinion with respect to warrantless, bulk collection of phone call metadata. The decision (PDF) fell short of declaring it unconstitutional, but did assert that Section 215 of the Patriot Act did not authorize bulk phone call metadata collection on United States citizens.

The decisions are distinct, but related. They both relate to phone metadata collected about United States citizens, but one covers actions permissible by domestic law enforcement, the other the actions of intelligence agencies whose mission is supposed to be focused on foreign intelligence collection. Increasingly, the distinction between domestic and foreign is blurred, leading to complexity and confusion.

One-time Pads Largely Misused and Unnecessary

Insightful post on Freedom To Tinker about a startup that is basing their messaging app on one-time pads. It’s another great example of people ignoring the ‘hard’ part of the crypto problem (key exchange, implementation bugs, etc.) and instead trying to improve the parts that work the best (cryptographic primitives), all the while introducing new vulnerabilities (eavesdropping during key exchange, side-channel attacks). We’ve seen this sort of approach before, and the early results weren’t good. Reinventing your own approach to crypto is almost never a good idea.

KOTOR: Fabulous on the Nexus Player

I picked up KOTOR for Android and tried it out on my Oneplus One (it was surprisingly good) and also installed it on my Nexus Player. I’ve had stability problems with games on the Nexus Player before, but KOTOR is very stable after an hour or so of play. I’ve never actually played KOTOR before, and even though it’s 12 years old, I admit it’s very well done. If you’re looking for a Star Wars RPG fix on Android, I highly recommend it. It’s on sale right now for $3 (normally it’s $10). 55, would buy again.

Why Google Plus 'Failed'

Slashdot ran an article about Google engineers discussing why Google Plus failed. They point out that it was late to market, and that they wanted it to be too much like Facebook. As a developer, though, I am amazed by how well executed G+ is, but I’m also amazed by how closed the API is. I’m very surprised no one pointed out that the API is read-only. If I had to choose one thing that put me off the most, that would be it.

Google Focusing on Oversized Devices

With awesome laptops like the Dell XPS 13 and the Chromebook Pixel 2015 coming in very small form factors, Google’s strategy of focusing on 6- and 9-inch Android devices seems like a major misstep. The ‘correct’ phone size is between 5 and 5.5 inches, and the ‘correct’ tablet size is between 6 and 8 inches. Nevertheless, Google’s decided to discontinue both the Nexus 5 and the Nexus 7, both of which were more successful than their larger, newer, counterparts.

Science and Perception

Public Health has written a bit about why Chipotle dropped GMO foods, and why PepsiCo dropped aspartame (but only in some drinks!) It’s a short but insightful read about how small the role of science is in such decisions.

Learning Curve

I’ve always felt that computers had taken a wrong turn somewhere; that they should imbue users with new powers to undestand the world around them. I love Engelbart’s work, and this piece fits together the two ideas beautifully.

Flash is good for...DRM

YouTube finally moved to HTML5 as the default! Great news for us Linux Firefox users, where flash is barely maintained. Unfortunately, every streaming music service out there still uses Flash. I can only imagine it’s because the of DRM requirements.

Clipper Chip, Part II

It looks like we have to fight this all over again. The U.K. and U.S. government believe they have the right to read private communications between citizens. Not on my watch.

Firefox → Yahoo

This is a mistake. Firefox is already losing mindshare in Silicon Valley, partly because there seems to be a widespread perception that Chrome is just faster than Firefox, but the power-user features of Firefox don’t seem to have enough appeal. Firefox switching to Yahoo for search will cement the impression that Firefox is to browsers what Yahoo is to search, that is, a distance second (third?) place. In practice, Firefox is a superb browser for lots of reasons, but its victory is far from guaranteed.

Let's Encrypt

The announcement about Let’s Encrypt is probably the most important security announcment in the past few years. The current regime makes deploying certificates that won’t give users huge warnings an expensive proposition. Let’s Encrypt will not only make the setup process easier, but will also distribute signed certificates free of charge, which drastically lowers the barriers to entry. You can read more over on Alex Halderman’s blog.

'Serial' is Amazing

Serial is a podcast from the folks that brought us This American Life. It investigates a murder from 1999, and is completely riveting. Start at the beginning.

Amazon Echo

Amazon Echo is clearly an indicator of where tech is heading. Having bought and used a Kindle Fire, however, I have little faith in Amazon’s ability to deliver quality software for voice recognition, which is the core feature of the Echo. Google is the clear leader there, and Google’s ability to recognize proper nouns correctly is excellent (probably due to Knowledge Graph). As usual, though, Amazon got the pricing right.

There are a few competing models for decentalizing the web. Unhosted is really interesting to me, but I have doubts that folks will sign up for something like 5apps and plugin into it from a bunch of unhosted apps.

On the other hand, running your own server is cumbersome. I think Sandstorm is addressing the core of the problem really well, and I’m looking forward to see some businesses pop up that offer Sandstorm hosting. The team behind Sandstorm has a lot of momentum and fabulous credibility. I’m on board.

Software Estimates

My own experience of software estimation has never been so accurately captured. This insight is central:

And the problem is that, hidden in the parts you don’t fully understand when you start, there are often these problems that will explode and just utterly screw you.

Moving From Wordpress

Etherplex has run on Wordpress for years, but got compromised earlier today, which I thought was as good a time as any to move to a new platform. I’ll be migrating content as time permits. Stay tuned!