I got an email last night from scrawl, the programmer I support
on Patreon that does much of the work to maintain OpenMW,
the modern open-source port of Morrowind that I’ve been using for the
past eight months. His update, entitled ‘Taking a Break’ is for
backers only, but here’s a small excerpt:
After a lot of thinking and some sleepless nights, I have decided
that I need to take a break from “full-time” computer work, for as
long as it takes me to significantly improve my physical condition.
Basically, the hours he’s putting in programming are taking a toll on
his health, and he was quite sick for most of June. Scrawl should
absolutely take the time to get better given the impact his project is
having on his health.
But, as a fan, this is a huge blow. Many very talented programmers
burn out, and once that happens, they often never really recover.
When I was in my 20s, I didn’t really understand ‘work-life balance’;
I always thought it was a euphemism for “don’t work too hard”. Now
that I’ve been programming professionally for more than ten years,
I’ve found that it’s really about how to sustain productivity for
In any case, I wish scrawl the very best, and thank him for the
tremendous work he’s put in to make OpenMW one of the highest quality
open-source ports I’ve ever seen.
I use Hugo for blogging. It statically
generates the site, which means I need to type up a markdown file for
every post. This should be so easy that I can do it at a moment’s
notice, without thought. But there’s a bit of formatting that goes
into the headers for such a file, so let’s streamline the process
There are a lot of templating options for Emacs, but my philosophy
with almost all software is that you should use built-in functionality
if it covers your needs, resorting to external projects only when the
functionality gain outweighs the ongoing cost of maintaining a
dependency on the external project. Luckily, Emacs has a couple of
built-in systems that make this task easy.
For this task, we’ll use the
in conjunction with
Skeleton allows us to define functions that automatically insert the
template text, and abbrevs allow us to invoke those functions when we
type short codes in the buffer.
First, the skeleton:
; Description of skeleton"Create a new blog post for Hugo"; placeholder, since we're using skeleton-read directly""; Remaining lines are just concatenated together"---\nlayout: post\ntitle: \""; Forms are evaluated and the result included
(skeleton-read "Title: ")
(skeleton-read "Date: " (format-time-string"%Y-%m-%d")))
This uses skeleton in a bit of an unconventional way, since it inlines
the skeleton-read function so we can write a template that contains
multiple values. With that caveat out of the way, the code is
actually pretty simple. The first three arguments are fixed:
The name of the skeleton being defined.
A description of the skeleton
A prompt used to gather input
We disregard (3) here since we use skeleton-read directly. Any
argument beyond the first three arguments is just concatenated
together to get the final template. Strings are handled as-is, and
forms are evaluated, with their result (a string) concatenated like a
normal string would be.
In this case, we use the form skeleton-read, which is a function
that prompts for user input, accepting an argument for the prompt
text, and an optional second argument for the default text to be used.
We leverage the second argument to default to today’s date, which we
can fetch and format using format-time-string.
Now that we’ve defined the skeleton, we just have to find an easy way
to activate this function. Enter abbrev mode. We can use the short
code =nbp= (for New Blog Post) to activate the skeleton code:
There are really two ways to consume entertainment: look at what’s
available and choose, or imagine what you want and search. The
approach you choose largely determines whether you’ll be happy or
When I open Netflix, for example, if I’m looking for the latest movie,
or even a specific movie a friend recommended, I’ll be disappointed.
If I open Steam hoping that I can play The Witcher 3 on my Linux
machine, I’ll shake my head and wonder if Linux users will ever get a
good gaming experience. If I open Google Play Music and want to
listen to A State of Trance 2016, I’ll end up closing the tab,
wondering why I pay a monthly fee for the service.
On the other hand, if I open Netflix looking for something interesting
to watch, I’ll be delighted. If I open Steam and look at all the
games I can play on Linux, I’ll think the future is bright for Linux
gamers like me. If I open Google Play Music, I’ll discover I can
listen to almost anything I want. Almost.
And that’s good enough, as it turns out. I’m perfectly happy with the
options I have. But if I imagine a world where I have every option,
suddenly the real world will be disappointing. The only difference is
I’ve struggled to find a good task/appointment management system for
years. I am an org-mode adherent, and I believe
org mode is unmatched for notes, drafts, journals, and general prose.
It also handles day-to-day to-do lists and calendaring, but those
features never really stuck for me.
My point is, as much as it pains me to say this, there is a
huge advantage for me in tracking events and ‘action items’ with a
physical pen and
actual dead-tree paper.
There’s something about opening a small book, reviewing past items,
bringing them into an up-to-date entry, reviewing the monthly
schedule, and consolidating items that gives my mind something
tangible to handle and become familiar with.
In most of my dealings, I seek minimal contact with the system I’m
manipulating; I consistently seek automation everywhere, so the
slightest action on my part leads to cascades of events that
eventually result in the desired outcome. Computers are handy for
But when it comes to events and tasks that I am responsible for, I
find that reviewing them, rewriting them, and consolidating them on a
daily basis helps me grow an organic feeling for their weight and
momentum. I need a feel for what’s coming up, and paper provides
I don’t use all the modules. I do use rapid logging, along with the
future log, daily log, and monthly log. I don’t find the index or
signifiers particularly useful, though. But laying down tasks and
migrating them forward consistently is a remarkably effective way to
keep the important things in mind. I’m not sure what sort of digital
system would be quite as…tangible.
I love OpenMW, but if you move off the stable releases for some
reason, things get interesting. There was an odd bug in 0.38 that
would cause some saves not to load. When I asked scrawl about it, he
said it was fixed in nightlies, so I checked out the git repo and
started compiling and playing nightlies. Then the fun began!
Just as scrawl said, the save game bug was fixed, but a few days
later, I updated and suddenly elves’ faces were untextured
(i.e. completely black), so I started rolling back commits until it
A couple of weeks later (today), I thought maybe the texture issue was
fixed, so I rolled forward to the latest master and recompiled. The
face textures worked. Then I went to the Caldera mages guild and
there was no one inside. Then I loaded an older save in Vivec, and
found that the game had stopped loading actors in interior cells!
It’s awesome tracking scrawl’s work (I subscribe to the github RSS
feed for commits on master), but I do find myself tagging ‘working’
commits so I can easily go back to them when the newest builds throw a
Even as the
about whether the
All Writs Act of 1789
can be used to compel a company to write new software that compromises
the security of its own devices continues, Amazon has
for full disk encryption in their latest version of Fire OS, based on
Android 5.0 ‘Lollipop’ (which has
native encryption support).
I discovered this while attempting to upgrade my 4th generation Kindle
Fire, but got an error message indicating that I needed to backup all
my data, do a factory reset on my device to remove encryption, and
then install the update, since Fire OS 5 does not have support for
encryption. Amazon did link to a page on their site explaining this,
but it appears to not be indexed and I haven’t been able to find it
again. Amazon’s removal of such a core privacy feature is somewhat
surprising, since it represents a bit of a break from other high-tech
firms like Google, Facebook and Twitter who have
publicly expressed support
that it will not subjugate the privacy of its users to government
2016 brings us a new year, and with it, more copyright extensions. Techdirt’s coverage makes two points worth mentioning about the works that should be entering public domain, but aren’t:
At the time they were created, the copyright term of 56 years was enough to incentivize the creation of the work. Odd then, that they should retroactively be affected by copyright extensions.
Many of the works themselves were based on public domain works, like Ben-Hur, Sleeping Beauty, and Journey to the Center of the Earth.
When discussing public domain vs. copyright, the conversation often treats the copyright as the value generator, and the public domain as a corresponding loss of value. The second point is a nice counterpoint to that arguement, since it highlights the creative value society derives from public domain works.
Lenovo announced WiGig wireless docking as part of their new X1 Carbon refresh. I’m guessing no Linux compatability, so probably not all that useful for me, but still.
This short range, high speed (4.6 gigabits per second) technology uses 60GHz radios to transmit video, USB 3, and Ethernet data…[and has] DisplayPort, HDMI, USB 3, USB 2, audio, and gigabit Ethernet ports, and makes docking as simple as putting the laptop near the docking station.
Imagine the coverage if this were an Apple announcement.
OpenMW is a full-featured, GPL-licensed
rewrite of the Morrowind engine. During my end-of-year vacation, I
discovered that OpenMW has made incredible progress since I last
looked at it a couple of years ago, and now plays Morrowind almost
flawlessly on my modest Linux laptop. GOG has made a
of Morrowind available, so even if you’ve never purchased Morrowind
before, it is easy to get started, even if you’re a Linux or OS X
Morrowind makes an incredible platform for storytelling, and projects
like Tamriel Rebuilt are very promising
examples of how a game can become a platform for interactive community
Ars Technica reports that France wants Google to apply its ‘right to be forgotten’ requests globally, rather than only within France. I’d be happy to see Google respond by simply removing their services in France entirely. Imagine if, for example, China made the same demands?
Hydra is a hugely powerful framework
for setting up key bindings in Emacs. When I first learned of it, I
didn’t really understand the use case, but after having built a few
hydras to manage daily tasks, it’s starting to sink in. A hydra is
basically an ephemeral key mapping with pre-defined conditions for
termination. For example, one key might execute a command, but retain
the key mapping, while another is designed to execute it’s command and
restore the previous key mapping. I use Hydra to manage all my
programming and project key accelerators, but it’s also great for quick
tasks that can come up at any time, like controlling music. Here’s a
hydra to manage Bongo, my preferred
The default keybinds for library, pausing and stopping are all terminal
(blue) heads, while the commands to seek forward and backward are
non-terminal (red) heads. Why use Bongo instead of a regular desktop
music player? Partly because manipulating libraries, playlists and
music playback is much easier and more customizable from within Emacs!
One of the things that makes Emacs so unique and powerful is that
workflows like this are easy to create, and make working a pleasure,
instead of a chore, since everything you use often can be accomplished
with such ease. It’s a lot of fun.
I’ve used Android since the TMobile G1 came out, and I settled on Nova Launcher for years; it really offers more customizability and power features than any other launcher I’ve tried. As an experiment, I decided to switch the (FOSS) KISS launcher last month, and to my surprise, I’ve stuck with it. It offers very few features: it simply allows you to execute a substring search for and app name to launch it. It also searches settings modules and contracts, but it’s quite disciplined in its constraint, and I suspect I’ll stick with it for some time.
Bitcoin (the blockchain, really) is one of the most significant advances
in computer science in the last decade. This
on Freedom to Tinker is a in-depth looking at how the 2013 blockchain
fork was resolved. It’s notable that a fundamentally decentralized
system benefited significantly by both centralized decision-making and
hashpower. The lesson may be that we should develop and use systems
that afford federation, but allow for centralization.
We successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP standard), within a few seconds. The attack sends a few carefully-crafted ciphertexts, and when these are decrypted by the target computer, they trigger the occurrence of specially-structured values inside the decryption software. These special values cause observable fluctuations in the electromagnetic field surrounding the laptop, in a way that depends on the pattern of key bits (specifically, the key-bits window in the exponentiation routine). The secret key can be deduced from these fluctuations, through signal processing and cryptanalysis.
At the beginning of June, the Associated Press broke a story about a
fleet of small
registered to fake companies that are being flown over U.S. cities on a
regular basis. The planes were traced back to the FBI, which has been
identified as running operations in at least 11 states using at least 50
aircraft, logging around 11 flights a month.The planes carry high
resolution cameras that photograph continuously, and in some (rare)
IMSI-catcher, which tracks
all cell phones (in use or not) in the area visible to the aircraft as
it flies (cell phones use line-of-sight frequencies, by and large).
When the story first broke, I wasn’t sure what to think. Having just
read Nothing To
and Data and
privacy issues were fresh in my mind. Today, I got the chance to listen
to a RadioLab episode called Eye in the
Sky, about a company called
Persistent Surveillance Systems which flies
small aircraft over urban areas. The episode gives rare insight into
not only how the technology works, but also how citizens (and reporters)
respond to it when they grow to understand it.
The technology was tested in in Dayton, OH, and the test went well,
demonstrating that the planes could be useful in fighting crime. The
subsequent town hall meeting that was held to discuss the adoption of
the technology did not go very well, however. Some citizens of Dayton
were concerned about being watched all the time, everywhere they went.
As a result of that meeting the police in Dayton did not adopt the
technology, but may in the future. But the citizens got a voice, and
there was a discussion.
It would be surprising if the FBI were not using technology that is
largely identical to what Persistent Surveillance Systems uses, though
probably more invasive, given their use of IMSI-catchers. The fact that
there has been no public discussion of the use of the technology, and
that the FBI has taken extensive measures to hide their use of the
planes as tools of mass surveillance over United States cities is
concerning. It seems reasonable to expect that the citizens of a
democracy should have a say in how law enforcement operates, and should
not be intentionally deceived by law enforcement agencies.
If you’re interested in this kind of stuff, be sure to give the
RadioLab episode a listen.
I wanted to pen a long post discussing Cory Doctorow’s Information
Doesn’t Want to Be Free: Laws for the Internet
and how it relates to Taylor Swifts two-day-old yet now-famous letter
As is often the case, Mike Masnick wrote up my
better than I ever could. Although I only just started Cory Doctorow’s
book over the weekend, I am amazed by how well he articulates subtle
issues surrounding copyright and the internet. I highly recommend
giving it a read if you’re interested in the subject matter.
One argument against having the government develop dossiers on every
citizen en masse is that it introduces a single point of failure: if
that repository is breached, all data is compromised in one swift
stroke. This phenomenon is nothing new. Insurance companies have
detailed information about the insured, and those repositories have been
targeted, as we saw earlier this year in the Anthem
that compromised the information of 8.8 million people. The government
also collects lots of information on workers that it gives security
clearances to, naturally. The information is quite detailed for a
Single Scope Background
and that information is compiled into an 127-page SF-86 form
(pdf, if you’re curious).
It turns out those forms were
in the latest attack made by China on U.S. government databases.
Decentralized systems are more robust because they avoid a single point
of failure, and can still authorize parties to retrieve information as
needed. One project that trends in this direction is
Unhosted, which separates the concern of
hosting the application from the concern of storing the data. ReadWrite
has an explanation of the
Looks like Amazon is going to be a
CA, and not just
for users of AWS or other Amazon services. Companies like Google and
Yahoo have been taking bold
steps to provide encrypted email,
and Let’s Encrypt looks like very promising
project to provide free SSL certs to everyone. Apple’s Tim Cook has
that encryption is vital, and was
shortly thereafter by the UN. I’m excited to see Amazon joining in.
Project Vault (being discussed at Google I/O right now – no links
online yet) analyzes device usage in real time to produce a live-updated
trust score that can be adaptively applied to various actions the user
of the device attempts to make. Use case: trust score drops below 50,
may allow user to play a game, but not launch a banking app. Very smart
EDIT: It turns out that I’d conflated
Project Vault with
Project Vault is a microSD ARM computer that handles trusted
operations on Android phones via a faux FAT-filesystem interface.
Also cool, but not what I originally posted about.
How can we possibly be arguing this
about something so blindingly obvious? If APIs are copyrightable, then
there’s no point in creating them. The whole point of an API is to
create compatibility and interoperability.
I still haven’t found a great browser on Android. I used Firefox for
some time, but it had rendering issues. Chrome is closed source, which
I try to avoid. Oddly, a Chromium build was never available, so I stuck
with WebView wrappers like
Lightning, which I can
also load on my non-Play devices (Kindle Fire). Turns out, there were
no Chromium builds because the code wasn’t open source…but that’s
Reddit. I’m looking forward to having Chromium show up in
One of the best side-effects of full-disk encryption is that “factory
reset” functionality is a no-op, since it doesn’t rely on complex and
potentially error-prone disk wiping routines. It turns out that
from exactly those sort of faults.
posted about Logjam,
a method for subverting encrypted connections by downgrading cipher
strength during key exchange. Much more fascinating is the discussion
that the NSA has likely factored one or more of the primes used widely
to initiate TLS, SSH and VPN connections.
It’s been a very interesting couple of days. Yesterday, the 11th
Circuit Court of Appeals
that a person does not have an expectation of privacy with respect to
his or her location if they are carrying a cell phone. The full
PDF of the
decision is available. Two judges penned a compelling dissenting
opinion, in which they insightfully pointed out that:
…as far as I can tell, every argument the government makes in its brief regarding cell site location data applies equally well to e-mail accounts, search-engine histories, shopping-site purchases, cloud-storage files, and the like.
So that case was with respect to police requesting cell location
information from cell providers, and was essentially based on the
Today, the 2nd circuit handed
a related but differing opinion with respect to warrantless, bulk
collection of phone call metadata. The decision
fell short of declaring it unconstitutional, but did assert that Section
215 of the Patriot Act did not authorize bulk phone call metadata
collection on United States citizens.
The decisions are distinct, but related. They both relate to phone
metadata collected about United States citizens, but one covers actions
permissible by domestic law enforcement, the other the actions of
intelligence agencies whose mission is supposed to be focused on foreign
intelligence collection. Increasingly, the distinction between domestic
and foreign is blurred, leading to complexity and confusion.
on Freedom To Tinker about a
that is basing their messaging app on one-time pads. It’s another great
example of people ignoring the ‘hard’ part of the crypto problem (key
exchange, implementation bugs, etc.) and instead trying to improve the
parts that work the best (cryptographic primitives), all the while
introducing new vulnerabilities (eavesdropping during key exchange,
side-channel attacks). We’ve seen this sort of approach before, and the
weren’t good. Reinventing your own approach to crypto is almost never a
I picked up KOTOR for
and tried it out on my Oneplus One (it was surprisingly good) and also
installed it on my Nexus Player. I’ve had stability problems with games
on the Nexus Player before, but KOTOR is very stable after an hour or so
of play. I’ve never actually played KOTOR before, and even though it’s
12 years old, I admit it’s very well done. If you’re looking for a Star
Wars RPG fix on Android, I highly recommend it. It’s on sale right now
for $3 (normally it’s $10). 5⁄5, would buy again.
Slashdot ran an article about Google engineers discussing why Google
They point out that it was late to market, and that they wanted it to
be too much like Facebook. As a developer, though, I am amazed by how
well executed G+ is, but I’m also amazed by how closed the API is. I’m
very surprised no one pointed out that the API is
read-only. If I had to choose
one thing that put me off the most, that would be it.
With awesome laptops like the Dell XPS
13 and the
2015 coming in
very small form factors, Google’s strategy of focusing on 6- and 9-inch
Android devices seems like a major misstep. The ‘correct’ phone size is
between 5 and 5.5 inches, and the ‘correct’ tablet size is between 6 and
8 inches. Nevertheless, Google’s decided to
discontinue both the
Nexus 5 and the Nexus 7, both of which were more successful than their
larger, newer, counterparts.
Public Health has written a
about why Chipotle dropped GMO foods, and why PepsiCo dropped aspartame
(but only in some drinks!) It’s a short but insightful read about how
small the role of science is in such decisions.
I’ve always felt that computers had taken a wrong turn somewhere; that they should imbue users with new powers to undestand the world around them. I love Engelbart’s work, and this piece fits together the two ideas beautifully.
YouTube finally moved to HTML5 as the default! Great news for us Linux Firefox users, where flash is barely maintained. Unfortunately, every streaming music service out there still uses Flash. I can only imagine it’s because the of DRM requirements.
is a mistake. Firefox is already losing mindshare in Silicon Valley,
partly because there seems to be a widespread perception that Chrome
is just faster than Firefox, but the power-user features of Firefox
don’t seem to have enough appeal. Firefox switching to Yahoo for
search will cement the impression that Firefox is to browsers what
Yahoo is to search, that is, a distance second (third?) place. In
practice, Firefox is a superb browser for lots of reasons, but
its victory is far from guaranteed.
The announcement about
is probably the most important security announcment in the past few
years. The current regime makes deploying certificates that won’t
give users huge warnings an expensive proposition. Let’s Encrypt will
not only make the setup process easier, but will also distribute
signed certificates free of charge, which drastically lowers the
barriers to entry. You can read more over on
Alex Halderman’s blog.
Amazon Echo is clearly an indicator
of where tech is heading. Having bought and used a Kindle Fire,
however, I have little faith in Amazon’s ability to deliver quality
software for voice recognition, which is the core feature of the Echo.
Google is the clear leader there, and Google’s ability to recognize
proper nouns correctly is excellent (probably due to
As usual, though, Amazon got the pricing right.
There are a few competing models for decentalizing the web.
Unhosted is really interesting to me, but I
have doubts that folks will sign up for something like
5apps and plugin into it from a bunch of unhosted
On the other hand, running your own server is cumbersome. I think
Sandstorm is addressing the core of the problem
really well, and I’m looking forward to see some businesses pop up
that offer Sandstorm hosting. The team behind Sandstorm has a lot of
momentum and fabulous credibility. I’m on board.