krig

Phr Password Generator

2013-01-21T22:57:21+01:00

Here's a quick hack: I wanted a command line utility version of passhra.se so I could use it from a more complicated password/passphrase storage solution I'm working on once in a while. This is an implementation of the ideas expressed in this xkcd comic, to basically forego short random passwords for longer but more human-friendly ones.

Turns out that once you have a list of english words, this is really easy to do. Here's the python code for my quick hack. Download the word list and save it as $HOME/.phrdict (or modify the code below to load the dictionary from another location). The dictionary is just a space-and-newline separated list of words, feel free to modify it to suit your needs.

All the program does is load the dictionary, pick four words at random from it and print them to the screen.

Source code

#!/usr/bin/env python
from os.path import expanduser
from random import seed, sample
phrdict = expanduser('~/.phrdict')
seed(None)
with open(phrdict) as f:
    words = set(sum([l.split() for l in f.read().splitlines()], []))
    print ' '.join(sample(words, 4))

Another golang defer for C++11

2013-01-19T23:44:11+01:00

Note: As I was putting this post together, I noticed that Ignacio Castaño updated his version, linked below, to be pretty much identical to the one I arrived at. I'll take that as confirmation that this variant might actually be valid. :)

DEFER()

First of all, here's the code:

#include <functional>

namespace detail {
  template <typename Fn>
  struct Defer {
    Fn fn;
    Defer(Fn&& fn) : fn(std::forward<Fn>(fn)) {}
    ~Defer() { fn(); }
  };

  template <typename Fn>
  Defer<Fn> defer_fn(Fn&& fn) {
    return Defer<Fn>(std::forward<Fn>(fn));
  }
}

#define DEFER_1(x, y) x##y
#define DEFER_2(x, y) DEFER_1(x, y)
#define DEFER_3(x) DEFER_2(x, __COUNTER__)
#define DEFER(x) auto DEFER_3(_defer_) = detail::defer_fn([&] { x });

Explanation

I've seen a few different implementations of a construct resembling the Go defer statement in various degrees, but none of them really felt that great to me. Either they incurred a performance cost due to adding heap allocations via std::function, or they didn't quite do what I needed.

I don't know if my attempt is much more appealing, but at least it's fairly simple. I also don't know if it's actually valid C++11. My use of std::forward and move constructors may be incorrect. I've only tested it on Apple's version of clang 3.1 which ships with Xcode 4.5.

That said, first of all I should probably explain what defer does. The statement takes a function call expression as parameter, and calls this function just before exiting the enclosing function. All the deferred expressions within one function are executed in the order they were deferred. A more complete explanation with examples can be found on this page.

This C++ version superficially equivalent, but is in fact quite different. My use case is a specific one: When dealing with C APIs for resource management like the standard library fopen/fclose, it is quite cumbersome to get the code exception safe without creating RAII style wrappers for every API. With this defer implementation, it's usually possible to avoid creating any RAII wrappers, a simple defer statement containing the fclose call does the trick.

Three main things are different compared to Go, as far as I can tell:

In this implementation, a complete block of code can be deferred, not just a function call.
Deferred blocks are executed in reverse order: the last block to be deferred is executed first.
Deferred blocks are executed at the end of the nearest enclosing scope, not function.

Examples

void foo() {
  FILE* f = fopen("test.txt", "r");
  if (f == nullptr)
    return;
  DEFER(fclose(f););
  // use f here
}

This would work as the Go programmer expects. The following example won't:

void bar() {
  for (int i = 0; i < 4; ++i)
    DEFER({
      printf("%d ", i);
    });
  printf("done.");
}

The Go programmer would expect this to print done.0 1 2 3. It will print 0 1 2 3 done.. The deferred calls are executed within each for loop, just like an un-deferred printf would.

Kodsnack

2012-09-16T15:01:46+02:00

Jag, tillsammans med Tobias Hieta och Fredrik Björeman, har börjat spela in en podcast för svenska programmerare: Kodsnack!

Så här långt har vi släppt två avsnitt, ett intro-avsnitt och nu senast idag, ett avsnitt om olika programmeringsplattformar. Några vi använt, några vi använder/jobbar med idag, och några tips på intressanta plattformar/programmeringsspråk vi tänkt titta på men inte hunnit med.

Den plattform jag pratade om som jag hoppas på att kunna titta på någon dag är Clojure. Istället för att prata om samma saker som jag svamlade om i podcasten tänkte jag länka till lite olika videor som ligger uppe på nätet, dels lite om Clojure i sig men också några andra, mer generella presentationer från Rich Hickey, mannen som ligger bakom Clojure och som har en del ideer som jag håller med om, speciellt när han pratar om komplexitet och hur man skriver bättre kod.

Keynote: Simplicity Matters by Rich Hickey

Rich Hickey: Deconstructing the Database

Annat

Clojure @ infoq

Podcasts - February 2012

2012-02-21T09:43:10+01:00

Presenting an unsorted list of links to podcasts, for listening while driving.

Hardcore History

Increasingly long shows (the latest one is around 4.5 hours) on different aspects of history, by Dan Carlin. Engaging, very high quality.

Common Sense

American politics by the same creator as is behind the Hardcore History show. I don't agree with everything Carlin says, but his views on the mainstream american political events are generally interesting.

EconTalk

This is an economy podcast. Each show is an interview by the host, Russ Roberts. I think he would be considered to be of the austrian school, but the interviews range across the spectrum. Surprisingly easy to follow even for someone with no experience in economics.

The Skeptics' Guide to the Universe

A weekly show on skepticism. Debunking bunk science, discussing the current events from a skeptical point of view.

This American Life

This podcast is probably familiar to anyone who listens to a lot of podcasts, but since it is the best podcast out there, it is worth bringing up.

RadioLab

The style reminds me a lot of This American Life, although much more aggressively edited. The content is mainly science-related. Think of it as This American Life (Science edition).

Piracy 3: Character

2012-01-20T23:39:48+01:00

This entry on my series on piracy (see part 1 and part 2) is the shortest, and is focused on a single question. What is the character of the pirate? The common anti-pirate view is that the pirate is a simple thief, a leech, someone who doesn't want to pay and steals without remorse. I think that is a simplistic view, a narrow view, and one that is ultimately not supported by empirical evidence.

Taking a systemic view instead of focusing on the specific transaction in question - that is, look at the pirate, not the piracy - might shed some light on why I think that ultimately, piracy is not a destructive force.

There is research showing that pirates, on average, spend more money on the things they pirate than non-pirates. While this may sound counter-intuitive, on reflection, it begins to make sense.

There are those who pirate for the sake of pirating. Lets call them hoarders. Hoarders download everything they can, with no intention to ever pay for any of it. Hoarders are not potential customers. Hoarders can't really be accurately described as thieves either. They would never be customers in a system where they would have to pay, and they do not actually take anything, since what they hoard are copies, not originals.

The other category of pirates that do not fit the mold of robbers are people who, lets take music for example, who really love music. The enthusiasts. These are the tape traders, the music bloggers, the connoisseurs. Enthusiasts spend a lot of money on music. They also have an active network, trading music with other enthusiasts. In fact, this trading network is what provides feedback and drives their interest in music to begin with. The piracy forms an integral part of this enthusiast network. The downloading of music that they engage in is the fuel that drives their consumption up, beyond that of a regular, law-abiding consumer who just buys one or two records per month.

I'm not saying that these are the only types of pirates. The statistical evidence from several studies done on musical piracy seem to support this characterization, though (see this swiss study or this dutch study, for example).

So in this case, the view of the pirate as a leech is not an accurate account. In fact, the pirate is the perfect customer, and it is the piracy that made him that.

I also don't think that this type of pirate is new at all, it's just that the trading has become a lot more visible, and these networks have become open to more people.

Piracy 2: More Discussion

2012-01-20T07:26:52+01:00

...where I continue my previous discussion on piracy, the ethics and the law.

[...] I don't think piracy ruins businesses. However, I don't think that anyone can make the argument that they ethically have the right to disregard the producer's terms for consuming their product, regardless of the form the product is in or how unreasonable those terms are. (bluebridge at hn)

No, I've never worked for myself as in paying the bills based on my own copyright, although not from a lack of trying. I, like many people, started out with dreams of fame and glory through music, but gave it up quite early as the risks involved in choosing that career far outweighed the potential benefit. Plus, this was during the first dot com bubble, so getting into computers seemed like a good deal.

I see you brought it back to a question of ethics, which is something that I think is ultimately not very interesting. Ask any horse-cart driver during the infancy of the car industry, and they would probably curse cars for being noisy and dangerous, and car drivers for being unethical and immoral for supporting this metal abomination. These days no one cares. In the same way, hopefully, we'll one day look back at the era of government anti-freedom bills and shake our heads in disbelief.

Because short of actually going into the heads of all the people who, unlike you, don't see piracy as a parasitic activity, what can you actually do about it?

It's so easy to copy works digitally that many people are no doubt doing it without realizing it. If you have a blog, and someone links to a youtube music video, and you like it and want to share the experience of seeing it with a friend.. you put a link to the video on your blog. But! Unbeknownst to you, that video was put there without the permission of the original creator, and you just committed a crime (by proxy, in this case, but a moral crime nontheless).

A short history of Minecraft, as told by me (guaranteed to be inaccurate in many ways):

Minecraft rose to fame by being heavily shared while in the alpha/beta stage at various indie game forums, 4chan, something awful and other places like these, from where the word of mouth spread wider and wider. From the start, it was for sale (I think for $10), it has never been a free game as far as I know. It was pirated like crazy from the beginning. By the time notch formed mojang, he was already a millionare from the sales of minecraft.

Of course he didn't become a millionare from the piracy directly. The piracy didn't stop him from becoming one, though. In fact, I don't think it's possible to say definitively what impact piracy really had, other than that it helped spread the word. Given the graphics of Minecraft, would millions of people buy it without trying it? Maybe. You say that piracy doesn't provide resources, but in this case it did provide that one elusive thing that every independent developer desperately needs: exposure.

If you liked Minecraft, there is nothing to prevent you from paying for it and touting it. Minecraft is an especially relevant example because the developers set the bar so low in regards to price and people still pirated something they claimed to love? That's so bizarre to me- I want to support independent developers much more so than the big guys and they weren't asking for much. (bluebridge at hn)

Okay, so the problem that I'm seeing is that in your mind, you are equating a pirated copy with a lost sale. But that's an outdated and incorrect assumption, and hopefully one that time will deal with (when we've all grown up with infinite copies available from birth). A pirated copy is definitely not the same as a lost sale.

Plenty of people payed for and touted Minecraft, obviously. A huge category of people didn't pay, but still touted it.

Would that category of people have paid if piracy was impossible?

I've argued against that reality since making piracy impossible would most likely also make Minecraft impossible (since you'd have to distribute through government-approved channels). I don't see how someone could possibly create an independent product and be able to self-distribute if piracy is technically impossible. And arguably the environment that spawned and formed the successful indie game maker is heavily dependent on free and easy peer-to-peer sharing of information, code and software.

Secondly, clearly these people didn't have any moral issue with pirating the game while at the same time loving it.

It may be bizarre to you, but a huge number of people will happily break the law if it's to their benefit, without feeling bad over lost sales. Most likely, these people wouldn't have paid even if they couldn't have had the game. They would just have gone without the game.

I'd even go so far as to say that generally acting in their own self interest with little regard to people outside their closest circle is a fundamental human behavioral constant, and it's shocking to me that this is so shocking to other people.

You do know that children are starving to death in poor areas of the world? You certainly have the means to save at least one of them. Yet you don't. Why? Because their plight is too remotely removed from you. You have no emotional connection to them.

Closing the emotional gap is key to exploiting the modern economy. See the success of pay-what-you-want schemes, where people end up paying more than they would have with a set price. I'd argue that this demonstrates another interesting detail: the humble bundle, which was available as pay-what-you-want, was heavily pirated! Why? It was essentially free already! Perhaps because people like to share, and the distribution model and the economic profit margins of the creator are both lesser forces than the innate emotional desires to have and to share.

On Cake and Piracy

2012-01-19T19:29:18+01:00

Via hacker news, I came across this article titled "you can't have your cake and eat it", which itself is an article referring to previous postings that have been discussed on hacker news on the issue of piracy. More specifically, on the morality of piracy.

The original articles were attempts to describe why the author felt morally justified in pirating something, music in one case and windows in the other. The article I am addressing here generally accepted the arguments presented by those people, but counters by saying that no matter what the argument is, there is never a good reason for doing anything illegal, basically. Here is a quote,

if there is no legal way for you to enjoy it, unfortunate though it is, tough. write to them. email them. call them to protest. but don't decide to take the law into your own hands...it's not your decision.

Well... actually, it is. See, that's the thing about piracy. It is very much their decision to pirate something, or not, depending on their moral position on the issue and how scared they are of ending up in legal problems.

The argument that you can't and shouldn't do anything that is illegal is also somewhat simplistic. There are a lot of things that are illegal. Sweden is not a huge country, so I suspect we don't have quite as many laws as the United States do, but there are definitely more laws than anyone can keep track of. There's simply no way of knowing if anything you do is legal or not, other than getting arrested for doing it, in which case you've just found out.

Certain things are obviously illegal, such as killing someone. Although, if I am correct, it is legal to kill someone that trespasses on your property in some states, is it not? So even a clear-cut biblical law like that isn't always quite so clear-cut. Another example of this problem of knowing whether you are breaking a law or not is reflected in the number of times that legislators driving harsher copyright infringement laws have been found to be violating the current, not-so-harsh infringement laws by using photos on their websites without permission. So the basic idea of living a law-abiding life is problematic from that standpoint alone.

Then there's the question of laws that you don't agree with. There are many stupid, old and irrelevant laws. Many countries have religious blasphemy laws, some have laws against women driving or peeling bananas. Is it morally okay to break a law against assembly to protest a dictatorial regime, or to break speeding laws to rush an injured child to the emergency room? I would say that it is morally, but perhaps not legally, forgivable to break just about any law under the right circumstances.

There. That's that. Now, on to the bigger issue: Is piracy wrong?

Piracy - is it wrong to eat the cake?

Here's the thing: The digital age is upon us. Anything that can be expressed as a binary number can be processed and stored practically for free, and anything that can be stored on a computer can also be copied. In fact, it is impossible to even see what is stored on a computer hard drive without first copying it to the working memory, and eventually the graphics memory, of the computer.

Expressed as a binary number, what does that mean.. well, first of all, it means books. It also means any music, image, video or genetic sequence imaginable, for example. It's possible to store vast amounts of information on tiny amounts of hardware these days, at a ridiculously low cost.

So, that's a fact. Everything that can be copied, will be copied. Anything that is made available to the public will eventually be copied and spread outside the channels originally provided by the publisher. Unless no one cares about it, in which case it will never be copied, and will eventually be forgotten. Any form of digital rights management or attempts to control the spread of information technically is doomed to fail, since, as touched on previously, to be seen, information has to be copied. Standards such as HDMI attempt to address this by enforcing the DRM at every stage of the informational lifetime. Data is encrypted and inaccessible on the harddrive, and stays in that form all the way through working memory, to the graphics memory, to the TV that displays it. Of course, it only takes one weak link in one single TV or computer, somewhere in the world, for that chain to be broken and the information to escape its artifical prison. And once the informational cat is out of the bag, it stays out.

Now, that's the technical argument: You can't stop piracy using technology. Piracy it's a fact of the digital era. No, let me restate that: You don't want to stop piracy, because doing so would mean destroying computers as we know them today.

Thus, the only hope for those who want to get rid of piracy is the moral argument. If everyone could just agree that pirating copyrighted information is akin to watching child pornography, almost no one would do it and those who did could be locked up in prison for a long time and everyone would be happy. The problem is that people just don't want to agree to that. In fact, there's a growing group of people who not only think piracy is acceptable, but who actually think piracy is morally right.

See, that's the problem with the moral argument: Unless the person you are directing it against agrees with you, it has no weight. If I personally don't think that pirating software is wrong, then you telling me that it is wrong doesn't make me change my mind, just as little as me saying it is right changes yours. This is not a matter of intellectual dishonesty, as many in the pro-copyright camp seem to think. It's not the case that everyone really do think that piracy is wrong, but that they do it anyway, shamefully. No, I would argue that most people who pirate actually don't feel bad about it in the slightest. I would wager that most music pirates don't think there is anything wrong with sharing music they like with their friends. I suspect that most people who pirate music do so because they enjoy the sharing of music as much as they enjoy listening to it.

So, two points have been established:

Stopping piracy by technical means is not a good idea and won't have the desired effect.
We can't agree on whether piracy is right or wrong, so appealing to our common sense of justice won't have the desired effect.

What other option is there?

The solution!

Work around it. That's the only way to deal with piracy. The funny thing is, the people who complain the loudest about the evils of piracy are doing just fine in the face of it! The movie industry is making insane amounts of money, year by year. There's musical artists so rich they can't possibly spend it all, ending up coating their toilet rolls in gold. And software continues to sell, despite much of it being pirated. Pirated, regardless of DRM and complicated technical protections - the second richest man in the world made his fortune by creating perhaps the most pirated piece of software in the history of the world, for crying out loud.

Yes, there are struggling artists who have trouble making ends meet. Then again, haven't artists always struggled? One common argument against piracy is that if I create something, I somehow have the right to profit from it. But that is an absurd claim! If that was true, we would all be artists, happily profiting from the artistic crap we produce that no one wants to see. It's not that simple. To be successful, you need an audience, you need to produce goods that people desire. Somehow, those that do usually do fine, financially, regardless of how much free sharing goes on with their art.

Some business models won't hold up in the face of the digital age. That's to be expected. Yet other business models will appear. Would notch have been as successful as he has been making Minecraft in a world without digital sharing? Probably not, he would not have been on the entertainment industry-approved gaming network, his game would not fit in with the slick triple-A productions that those companies produce. Yet in a world where anyone can "steal" his work, he manages to sell millions of copies of it.

Piracy may be right, it may be wrong. But sharing is caring. Any technical limitation or legislation that prevents me from handing the amazing book I just read to my friend so he can read it and we can talk about it afterwards... is bullshit.

On World of Goo

Someone at HN quoted a study that showed that more than 90% of all copies of World of Goo were pirated copies, pointing to it as to show how bad piracy can be. This is the kind of thing that boggles my mind.

World of Goo was a huge success! How the piracy rate fits into the relative success or failure of World of Goo is not at all clear. I don't see how anyone can believe that there's a possible reality where World of Goo would be just as successful as it was with a 0% piracy rate, and where information exchange is free. You can't have both.

If World of Goo had made a pittance and its developers had died in poverty, maybe there would have been an argument to make there. But as it is, that piracy figure is just a number that has no tangible connection to the number of possible sales in a world where piracy is either morally abhorrent to everyone, or technically impossible. And that world is something for dystopian science fiction to explore, not one that I would ever wish to experience.

On knowing what I'm talking about

You have no idea what you are talking about, I'm guessing this is because you have never created anything worthwhile on which your livelihood depended. I'm sure you'd be quick to whine if your employer (assuming you are old enough to work) could decide whether or not you should be paid for your work after you had done it. I hope you congratulate the next person to steal from you with a cheery "well done, that's my morality too". (epo at hn)

You have no idea what you are talking about, I'm guessing this is because you are too old to have grown up with tape trading, VHS copies of films and pirate cable. I have a contract with my employer, he is bound by that agreement to pay me. If he decides he doesn't want to, I stop working for him. If I write a book, no one is under contract to purchase and read it. I'd be happy if someone did, but I'd be foolish to assume that would happen when I started writing it.

I have created worthwhile things on which my livelihood depended, and those things have been cheerfully and rampantly pirated (piracy rates of video games estimated at +90%). And the company I worked for made great profits and paid me a nice bonus. Would it have made as much of a profit if those 90%+ of people who played the game, liked it, talked about it, reviewed it without paying for it, had never played it at all? I don't know. Would it have made more profit? I can't say. I doubt you can either.

As an employee, you have no basis for understanding the perceived loss that piracy incurs- you are paid 100% what you agreed upon for your creative efforts. Someone else is taking the risk and losing the profit. If you went to get your paycheck and found out that it was 40% lower than what you thought, you might feel some of that self-righteous anger that businesses are espousing.

More realistically the worst you will feel is a denied promotion, or lost a job because your company can't realize it's investment in you.

Unless you are directly culpable for the creation and distribution of a product and lose money on it because people won't honor your effort, you don't have a basis for passing judgment based on your personal experience (in other words, you're no expert :) ). (bluebridge at hn)

Now you are making a different argument, but I can argue just as effectively against this one. :)

In my role as copyright superhero have I not only worked as an employee at companies producing copyrighted works, I have also, personally, produced and sold copyrighted works that have, to some extent, been pirated. I have yet to feel any self-righteous anger. The only anger I might feel is a certain frustration where some of these copyrighted works have not been as successful as I would have wished them to be, but I would be foolish to lay the blame on piracy. More likely, the timing was not right and the quality was not high enough to ensure success.

Any business endeavor entails risk. I would hope that my employer has factored in piracy rates and other non-specific factors in the business plan before hiring me to create a video game for him. Sometimes, things don't work out as hoped and the result is a flop. That can happen for many reasons. I have yet to see a convincing argument where piracy was the reason something did not succeed. On the other hand, I can point to numerous examples were piracy was the deciding factor that let something become a success to begin with. The currently popular example is Minecraft, which spread entirely through word of mouth. How successful would that game have been if there had been no way to send it to a friend while telling them to check it out because it's awesome? I really doubt anyone would have known about it at all.

Trying Out Namecoin

2011-11-17T23:20:19+01:00

http://krig.bit/.

That URL up there will most likely not work for you. If it does, you probably already know more about namecoin than I do. Roughly, here's what I know about it: Namecoin is a peer-to-peer technology based on bitcoin, the distributed currency that there has been some noise about recently. Now, just to make it clear: I don't want to imply that I support or endorse the bitcoin project. I don't know enough about it to take a stand. Not saying that I'm against it, just that, well, I don't know anything about it, really.

Namecoin is not about money. It's a possible replacement for the DNS name lookup system used on the internet today. There are others out there as well, but at the moment there is nothing that has gained any significant traction, and that includes namecoin. In fact, namecoin is a very new project, so new that the draft proposal is still being written. Still, I find it fascinating.

In the last few days, there has been a lot of talk of proposed legislation in the US that would strike a huge blow against the free and open internet. The SOPA (Stop Online Piracy Act) - alternatively, the Stop Online Privacy Act - is being pushed through the US congress at the moment, and it has some pretty dreadful implications. Read more about SOPA at the EFF. As I understand it, the law forces ISPs to block any site that is reported as infringing, and to qualify as an infringing site under this legislation, it is enough to host a single link to something that can be alleged to "engage in, enable or facilitate" copyright infringement.

Clearly, if this passes, a lot of sites will be unfairly blocked. The only way to prevent such blocks at the DNS level will be to opt out of the current, US government controlled DNS structure. That is where namecoin comes in as an alternative to regular DNS.

Namecoin is distributed, peer to peer. This means that there is no central root nameserver. There is, however, a registrar for the .bit top domain. I decided to see if I could register a domain.

Here is the process I went through, following the instructions here.

Compiling namecoin

To interact with the namecoin network, you need to run the peer software, namecoind. This can in theory run on any operating system, but since the code is very much in flux, it seems that the only viable alternative at the moment is to build a 32 bit executable for GNU/Linux.

There are a couple of main forks of the source. This is the command line I used to clone a copy of the fork that I used.

git clone https://github.com/khalahan/namecoin.git

On Ubuntu 11.04, these are the libraries I had to install to get it to build:

apt-get install libwxbase2.8-dev libssl-dev libcrypto++-dev \
     libdb4.8++-dev libboost-dev libboost-filesystem-dev \
     libboost-system-dev libboost-thread-dev libboost-program-options-dev

You may need additional libraries that I happened to have installed already, but I think that should cover all the dependencies at this time.

Compile via make,

cd namecoin/src
make -f makefile.unix

This should produce the namecoind executable. Before starting it, you need to create a configuration file in ~/.namecoin/bitcoin.conf. In this file, you add the following lines:

rpcuser=[your user name here]
rpcpassword=[make something up here]
rpcport=8336
daemon=1

You should also make sure port 8336 is open and pointing to the machine running namecoind in your firewall/router.

Once this is done, you can start namecoind. This should print

bitcoin server starting

and return immediately. If you leave out the daemon=1 line in bitcoin.conf, nothing will be printed and the program will appear to hang. You can run it in the background or in a separate terminal like that, but the most convenient option is to run the peer as a daemon.

Now you can find out your namecoin address:

namecoind listreceivedbyaddress 0 true

This should print a JSON blob with a field saying "address" : "N...". Don't worry if the address doesn't start with an N.

Once you get this far, you are going to need some namecoins in order to register a domain. I got some from faucet.yepcorp.com, but there are additional methods for obtaining namecoins listed on the dot-bit.org website.

The rest is simple. Once you have some namecoins - oh, you can check your balance via this command:

namecoind getinfo

Once you have some coins, you can ask to register a new .bit domain name using this command:

namecoind name_new d/<name>

<name> in this case is the domain you want, minus the .bit part. So example.bit becomes d/example.

This will return two large numbers. Save them. Now check the "blocks" value using namecoind getinfo. This number will be increasing slowly. Wait until it has increased 12 blocks from the time you requested a name. It should take between 2 hours and 2 days for this to happen. For me, it took around 3 hours.

Now you can actually register the domain, and ask for it to point to an IP address. This is how you do that:

namecoind name_firstupdate d/<name> <number> '{"map": {"": "<ip>"}}'

Again, <name> is your domain minus .bit. <number> is the second, shorter of the two numbers returned by by name_new. Finally, <ip> is the IP address that you want the domain name to point to.

At this point, you should update your web server to accept requests for the domain you've registered. It will take a little while for the registration to propagate in the P2P network, but pretty soon, you should be able to access your web server using the .bit domain name you just registered.

Of course, in order to do that, you need to be able to access .bit domains at all. There are multiple ways of accomplishing that, all of which are listed here. The one I used involved installing the FoxyProxy add-on for Firefox and loading a custom configuration. To test that it works, you can try accessing http://dot-bit.bit. At the time I tried this, the instructions recommmended accessing example.bit, but that domain was down for me even once I had the proxy working.

As you may have guessed, this is a new and rapidly changing project. These instructions will probably be completely out of date fairly soon. At the time of this writing (mid-November 2011), they worked for me.

jekyll-plugins @ github.com

2011-11-14T00:00:00+01:00

I added a repository at github with the plugins I use at this site. All of them are based on other plugins I found, but most of them have been slightly modified or tweaked to fit me better.

To clone:

git clone git://github.com/krig/jekyll-plugins.git

Repository page here.

Rebooting the franchise

2011-11-13T00:00:00+01:00

Gone static

This website is now based on jekyll. Jekyll is a static site generator written in Ruby. The basic idea of static site generators is to create the layout and structure of the site offline, by scanning various source documents and combining them with templates to provide structure and design. For example, each page has a common header and footer, so a simple site generator could be a program that runs through a list of source documents and adds the header and footer to all of them.

Jekyll is pretty flexible and allows for plugins that can extend the functionality. It's fairly easy to write new plugins, and I've created a few to set this page up.

Another important aspect to the use of a static site generator is a distributed version control system like git. By using git to hold the source documents, I can update the site from any computer simply by cloning the repository, committing the new post and pushing to the deployment remote repository. A post-commit-hook on the server can then automatically regenerate the HTML files.

Jekyll also provides simple support for RSS and Atom feeds.

To add a subpage to the site, I simply create that page as a document in the source directory. This document can be a HTML file, a Markdown document, a Textile document or a number of other formats supported by Jekyll. I also need to add some front matter to the top of the file to let Jekyll know that it should be processed. For example, this post has the following header:

---
layout: post
title: A New Beginning
---

The title field is the name of the post. layout specifices the template document used to style the page, and since this is a post I use a special template that provides the tags and related pages items at the bottom of this page.

There are other options that can be set here, such as tags for example.

Posts are somewhat special. Any document created in a folder called _posts with the file format YYYY-MM-DD-<title>.extension is considered a post, and is automatically added to the list of articles seen on the front page of this site. Posts get URLs based on this filename, for example a post called 1983-12-04-decembur.html would get the URL http://example.com/1983/12/04/decembur. This can be customized, but this is how I've set things up here.

The Gallery

I've spent some time writing a mostly automatic picture gallery generator. To add a new image, I just create a new post in /_posts as usual. However, instead of using the regular post layout, I use a special layout called image. I also provide a link to the image itself.

In the actual post body, I can add additional images if I want to, perhaps a step by step walkthrough of the image creation process.

Here is an example entry:

---
layout: image
title: My New Image
image: /gallery/the_new_image.jpg
tags:
 - new
 - image
---

This is just a new image.

Jekyll will automatically create a thumbnail for the image using ImageMagick and then add it to the gallery page.

The code for this process is based on a couple of Jekyll plugins, but the main sources of inspiration were

jekyll-minimagick by zroger which provided the thumbnail generation
category by josegonzalez

Originally I also generated a "feature" image, which was a larger version of the thumbnail. However, the gallery page got a bit too confusing with the featured image added as well so I disabled it.

Mobile friendly

The site is designed to be mobile-friendly. The footer is obviously the main issue being so big in its maximum-width incarnation, but I think the way it works now is pretty usable. The main trick is a bunch of declarations of this form:

@media only screen and (min-width : 320px) and (max-width : 480px)
{
    ...
}

To get the mobile browsers to not screw everything up, it's also necessary to add a few meta tags to the head section.

This is what I'm using as of the creation of this document, mainly lifted from the HTML5 mobile boilerplate.

<meta name="HandheldFriendly" content="True">
<meta name="MobileOptimized" content="320">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="cleartype" content="on">

Dynamic content?

So the obvious limitation of using a static site generator is that the resulting site is, well, static. This can be alleviated by the use of javascript and ajax, for example adding comments via Disqus. I'm planning to create my own version of a javascript-enabled commenting system just so I can have some more control over the comments, but for now I'm using Disqus.

Password Strategy

2011-11-13T00:00:00+01:00

Listen, friends, to my Tale of Woe.

I, like most people, used to select between a small number of favorite passwords over and over again when registering at different websites.

I've always been slightly stressed about this. I knew that from a security standpoint it's not a good idea to do that. No matter how good my single password is, if someone gets hold of the password database at some site or if that site stores my password in clear text, all of the accounts using that same password are now wide open.

I even created an iPhone app intended to help me solve this problem. The idea is that the app would allow me to remember a single password, but still enable the use of different passwords for every site.

I never actually got around to using it.

I have no good excuse. Having the log in process tied to an iPhone app seemed cumbersome. I didn't want to keep losing passwords due to iOS upgrades, for example.

So, naturally, I got bit by my laziness / hesitance.

My main GMail account got hacked. One day I log in, and I see a huge red warning message warning me that my last login was from the vicinity of Beijing. My guess is that some password harvester somewhere had managed to get my password from a leak at another site, probably with an association to my email, and tried to use it. I changed the password and enabled 2-step verification immediately, but what were the consequences?

Getting hacked was a horribly stressful experience to me. I had used that GMail account for everything. I stored notes there, old correspondence, financial information, who knows. I had to change my passwords everywhere. I needed to change my whole password strategy. It was a complete disaster.

So, here is what I've done to avoid getting hacked again.

How to avoid my pain

2-step verification. Turn this on immediately, everywhere possible. Both GMail and Facebook provide 2-step verification now. Using this means that even if someone has access to your password, they cannot log in.
Unique passwords. Yes, the thing that keysea was supposed to provide. What I've done this time is simplify the password creation process, and write the generator as both a command line tool written in python and a web-app written in JavaScript. I haven't cleaned these up enough to release publicly yet, but they work incredibly well for me.
Generate passwords. For ideas on how to do this and still get passwords that are possible to remember, see this xkcd comic. Don't do what most would do and take some common word, replace a letter a number or append 123. Those passwords are incredibly easy to hack, especially with access to MD5 sums from a leaked database.

There are a number of good password generators and password databases out there. However, I'm not a big fan of solutions like 1Password that store all the passwords in a database somewhere. If I can generate new passwords on the fly, all I need is my master password and the generation algorithm to recreate the passwords later. I also don't risk losing the password database.

The main issue I had with keysea was that it tied the passwords to a particular application on a particular platform. The strength of generating the passwords on the fly is that I can have a web app up on the internet somewhere, publicly. Since the generation happens completely in JavaScript locally on the client machine, I can use it safely from any computer.

Generating the passwords for every site means that I have strong, unique passwords everywhere without having to remember them. Even if some site leaks its password database, the only account that is threatened is the one on the leaking site.

My other accounts are (hopefully) safe.

As an aside, now that my passwords are >20 characters long containing a random sequence of characters, numbers and symbols, it bugs me how many sites limit the length of passwords or restrict the characters allowed. Banking and finance sites in particular are horrible in this regard!

I've even come across sites that limit the passwords to exactly six characters with no symbols. I can only hope that they at least don't store the passwords in clear text on the server, but if the restrictions are any hint, my guess is that they do...

Full Moon

2011-11-13T00:00:00+01:00

Drawn using Photoshop, a wacom tablet

Inspired by the full moon outside my window.

Jellyfish

2011-11-12T00:00:00+01:00

This was the startup image for Keysea.

Feedbeast

2011-11-12T00:00:00+01:00

A quick inkscape doodle originally intended as a mascot for an RSS reader for the iPad.

PigDragon

2011-11-11T00:00:00+01:00

Vector image, made in Inkscape.

This started out as a plain mountain. It then felt appropriate to have a dragon cling to it, but a simple fire-breathing dragon seemed a bit cliché.

Ohm Castle

2011-11-11T00:00:00+01:00

I overused this image a bit when making Ohm Chess.

Here are some more images from the game:

The black knight chesspiece, also used as the icon for the game.

"Evil" - Represents the AI.

Female human player.

Male human player.

The King, the first image I drew for the game.

Ghost King

2011-11-11T00:00:00+01:00

An old doodle, but there's something about it I like.

Delicious Horror from Beyond

2011-11-11T00:00:00+01:00

Gotta love tentacles.

Clouds (sketch)

2011-11-11T00:00:00+01:00

Scream

2011-11-10T00:00:00+01:00

This is a very old sketch, and I don't look like this any longer.

No microphone input in skype, ubuntu 10.04

2010-05-08T00:00:00+02:00

After upgrading to ubuntu 10.04, my audio input stopped working. I solved it by installing pavucontrol, going to the input tab, and lowering the volume on the right input channel to zero. Once that was set to zero, everything worked fine.

Also make sure to unclick the "allow skype to automatically adjust my volume settings" option in skype itself, or it will lower the input volume to zero.

Dell Studio 17 laptop keyboard in Xorg

2009-12-20T00:00:00+01:00

I have a pretty big Dell Studio laptop that I use as a desktop computer replacement. It's a very nice machine with good hardware support in Linux (if you can live with some closed source drivers), and has a gorgeous 17" screen with a 1920x1200 resolution.

Everything has been working well, except that ever since Xorg switched to evdev the numpad on the laptop keyboard hasn't been mapped correctly. I haven't bothered fixing it since I don't really use the numpad much.

This weekend I decided to try running KDE for a while, and installed kubuntu 9.10. When setting up my usual keyboard mappings - US, SV and caps lock turned in to another ctrl key - I discovered that there's an auspicious -model parameter that you can give to setxkbmap. Digging around a bit, this command makes everything work correctly for me on my laptop:

  setxkbmap -model latitude -layout us,se -variant altgr-intl,
  setxkbmap -option -option ctrl:nocaps

Putting it up here in case someone else is having similar issues.

Update, Nov 2011: The Studio 17 laptop has now completely stopped working. It's having huge problems with overheating, and will shutdown after only a few minutes of operation. I've gotten as much dust out as I am able, and now I suspect that what is needed is to re-seat the processor cooling with new cooling paste. Since I'm not using this laptop any longer, I haven't bothered. But a heads-up: These laptops get hot. As in, too hot to function properly.

N900

2009-12-15T00:00:00+01:00

Through work, I got my hands on a Nokia N900. When it was first pre-ordered, the release was supposed to happen in October. It then got delayed and delayed, and finally exclusively delayed in sweden (yay!). After what seemed like forever, it arrived at the office yesterday.

Before I say too much about it, I should state some simple facts that might colour your perception of what I'm going to say about it:

I am a professional GNU/Linux developer, and my primary tools are ZSH, Git and Emacs.
I've never owned an iPhone (although b has one she's had for over a year, so I've played with one).
My previous phone was not a smart-phone at all, it was a Sony Ericsson w880i.
I have zero experience with Nokia phones or tablets before this one.

That said, here's my 2 second review:

good

Beautiful screen.
The camera has autofocus and takes pretty good photos.
SSH! client + server. I update the phone through a terminal on my laptop. That is quite awesome.
Debian Linux behind the scenes. Tools I'm familiar with.
No problem importing my contacts (though I had to jump via my computer).
MicroB is alright as a browser, feels just as fast as the browser on the iphone to me.
Flash (meaning youtube).
Plays video like a dream. Xvid, m4v, anything.
Ogg and flac support (naturally, just have to install the right .debs).
Open development means I can fix bugs when I encounter them instead of learning to live with them. I've already filed a bug for and patched one program to fix an issue I encountered.

bad

The touch screen is finicky, and scrolling in lists tests my patience. This could be a software issue, I'm not sure.
Not much software yet, and even less software that is optified.
Haven't gotten email working.
Pretty much no games. There is Quake 3, Baldur's Gate, Scummvm and a bunch of emulators closing in (so maybe this should be under good)?

My conclusion right now would be that if you're a programmer, you want this phone. If you're an active open source developer, you definitely want it. If you have an iPhone, you might as well keep it. The N900 isn't a better phone, and there is way more software for the iPhone.

Update, Nov 2011

I am now the owner of an iPhone 3Gs, after a brief encounter with the android platform. I'm also, at this point, an iOS developer. To me, the dream of a true open source phone again seems very distant. Android is a complete disappointment. At the same time, I don't know if I can even envision what a usable, consistent, open source phone would be like. Hopefully someone will show me, some day.

See also: My rant on android, elsewhere.