.plan

@400000004f3ab5130232cc2c
Project: loling
Plan:

This is such goodness: http://attrition.org/security/rant/fsck_sun_tzu/


Comment Link 



@400000004e8b97e810d6c4a4
Project: Living in djb fantasyland
Plan:

I recently committed NaCl http://nacl.cr.yp.to/ to the FreeBSD ports tree, 
and submitted a patch to the maintainer of the djbdns port to add support for 
DNSCurve http://dnscurve.org to the dnscache program, using Matthew Dempsky's 
patch. This enables the sending of DNSCurve-encrypted queries to servers that 
support it (and the ability to decrypt the responses, of course). All you have 
to do is enable the "DNSCURVE" port option and (re)install/restart djbdns.

For people that run an authoritative nameserver, the process is almost as easy; 
all you need is an extra IP (or to run your main DNS server on localhost, using 
the cache as the public listener instead). You can find the forwarder in 
/usr/ports/dns/curvedns.

http://dnscurve.org/out-install.html
http://curvedns.on2it.net/

What does all this get you? DNSCurve contributes two things to DNS security: 
query content secrecy and integrity. These are not the only security challenges 
DNS must deal with, but DNSCurve is cheap and easy to implement, and doesn't 
have the design problems that DNSSEC does. Of course, until a bunch of people 
use DNSCurve, the actual security benefit is basically none at all, but if you 
deploy it, at least you'll know you're doing your part. It's kind of like being 
vegan. And it will make you super crypto-studly.


Comment Link 



@400000004e4c22cf1e5747d4
Project: A bittersweet goodbye to OPIE
Plan:

Traditionally, the way that I've done authentication on internet-facing SSH 
daemons is to disallow passwords, but allow SSH key authentication, with a 
fallback to OPIE one-time passwords. I still think OPIE has some merit, but I 
do have to say, the new Google Authenticator is dead simple, easy to use, and 
most importantly integrates nicely with mobile devices, which is pretty 
critical for a usable OTP system. Here's a quick how-to for FreeBSD users.

1) Client install

    Download the appropriate Google Authenticator application from your device's 
    ports tree equivalent (e.g. App Store, Market).

2) Server install

    Unfortunately, the Google Authenticator team hasn't released an actual release 
    tarball, so I can't roll a port of it yet (hint hint, Google). So you need to 
    clone it from the mercurial repository.

        cd /usr/ports/devel/mercurial && make install clean
        cd /usr/ports/graphics/libqrencode && make install clean
        hg clone https://code.google.com/p/google-authenticator/ 
        cd google-authenticator/libpam
        gmake
        gmake install

3) Key initialization
    
    Set up your secret key:

        google-authenticator

    Answer some simple questions. Your secret key will be generated, and you'll be 
    given a list of ``scratch codes'', which act as emergency authenticators in the 
    event you lose your phone (similar to how you can pre-generate OPIE keys). Put 
    these in your password vault or similar secret-storing mechanism.

    You'll then be shown a QR code. Use your mobile device's QR code scanner to 
    read it (I use zxing, aka ``Barcode Scanner'' on Android). This will provision 
    your secret key to your phone.

4) Update /etc/pam.d/sshd

    Put the following as the first entry in your ``auth'' section:

        auth            required        pam_google_authenticator.so

Now just test your login from a new machine, or otherwise prevent your client 
from using your SSH key. You'll be prompted for the PIN displayed by your 
mobile authenticator app, and then your password. Enjoy.

https://code.google.com/p/google-authenticator/


Comment Link 



@400000004e114c7125357d64
Project: We had to destroy it to save it
Plan:

So, I've been using native ZFS on Ubuntu, so that I can share a portable drive 
with all my media on it between my desktop and media center netbook. This has 
been going fine, until I found that my FreeBSD desktop would no longer import 
the storage pool, saying:

    cannot import 'mobile': one or more devices is currently unavailable

The Ubuntu machine still imported it fine, but no amount of tweaking would get 
FreeBSD to import it. On further investigation, a ``zpool import'' with no 
arguments informed me ``One or more devices contains corrupted data'', and that 
the pool was reporting ``state: FAULTED'' (which zpool refused to clear). I 
eventually realized that nothing could be done to save the disk, so in 
preparation to destroy it and re-sync my media from backups, I did this:

	[lx@deepthought ~ 1339 ] sudo zpool destroy mobile
	cannot open 'mobile': no such pool
	[lx@deepthought ~ 1340 ] sudo zpool destroy -f mobile
	cannot open 'mobile': no such pool

Ok, so zpool refuses to even destroy a corrupted drive. Let's just start over 
from square one, eh?

	[lx@deepthought ~ 1341 ] sudo dd if=/dev/random of=/dev/da0 bs=1m
	^C86+0 records in
	85+0 records out
	89128960 bytes transferred in 6.920540 secs (12878903 bytes/sec)

Ok, nuked. Let's make sure that zpool reports no unmounted pools:

	[lx@deepthought ~ 1342 ] sudo zpool import
	  pool: mobile
	    id: 9019763186385134398
	 state: ONLINE
	action: The pool can be imported using its name or numeric identifier.
	config:
	
	    mobile      ONLINE
	      da0       ONLINE

Wait, what? That state was listed as ``FAULTED'' for the last hour of my 
messing with this problem, and there shouldn't even *be* a pool now. What the 
hell just happened?

	[lx@deepthought ~ 1344 ] sudo zpool import mobile
	cannot import 'mobile': pool may be in use from other system
	use '-f' to import anyway
	[lx@deepthought ~ 1345 ] sudo zpool import -f mobile
	[lx@deepthought ~ 1346 ] 

Yes, really. Writing 85M of random data to the beginning of the disk magically 
fixed the pool. Zpool was still reporting that there might be some corrupted 
data, but I did a ``zpool clear'' and was on my merry way. So, apparently ZFS 
is resilient enough to continue to use a disk when some of the uberblocks are 
completely destroyed, but not resilient enough to ignore to work around 
corrupted ones.

ZFS: So fault-tolerant, even Linux can't fuck it up.


Comment Link 



@400000004dc2fbea0a140654
Project: So let me get this straight
Plan:

Ubuntu comes with:

- GNOME
- Libreoffice
- Empathy
- Evolution
- Sudoku
- Minesweeper
- Brasero
- Banshee
- ``Social Network'' integration

And refuses to install on any drive under 4.5G.

But it does not come with:

- a compiler
- make
- sshd
- vim
- screen/tmux
- fortune
- NFS support

``UNIX-like'' my ass. Even a Mac is more UNIX than this. This is GNU Bob.

Comment Link 



@400000004d2c942c3811ad04
Project: Minor mutt tip
Plan:

This has been a minor irritation with mutt -- when a new message in a thread 
comes in, sometimes that thread is months old -- so the message appears way 
above where you would normally be looking. The following options make it so 
updated threads pop up close to the bottom of your mailbox (where the new 
things are, in my configuration), ala Thunderbird:

set sort=threads
set sort_browser=reverse-date
set sort_aux=last-date-received

And if you prefer new messages at the top, change the last line to 
``reverse-last-date-received''.

Comment Link 



@400000004d0152c211c5b0b4
Project: Fun vim tips of the day
Plan:

Vim has an easy mode to input digraphs, ligatures and other special characters.
Simply hit Ctrl-k in input mode, and type your base character, followed by a
character representing its accent mark. So for example, ``ü'' is made by
``Ctrl-k u:''. This also works for other characters like ligatures; you can use
``Ctrl-k ffl'' to insert an ffl ligature. This is of course horrible in a
monospaced font, but good if you're writing web pages that use proportional
text.

For more information on digraph mode, use ``:help digraphs'' or look at
http://vimdoc.sourceforge.net/htmldoc/digraph.html.

For bonus silliness, check out
http://www.thegeekstuff.com/2008/12/vi-and-vim-editor-3-steps-to-enable-thesaurus-option/
to learn how to enable vim's thesaurus functionality.


Comment Link 



@400000004cf6ed2d315dd334
Project: Working on RSI stuff
Plan:

Traditionally, I've had problems with my wrists from typing, especially my left
one, which is somewhat arthritic. I've addressed this thus far with
notifications for typing breaks, a typical MS ergonomic keyboard, and some
changes in posture. I switched to a trackball long ago, and don't use the mouse
all that much to begin with, so that's never been an issue. However, lately
I've been having problems with my left pinky (which is apparently called
``Emacs pinky'', which is adds insult to injury as I hate Emacs), and have been
attempting to figure out what to do about it.

A few things have conspired here. I make heavy use of the modifier keys, mostly
Ctrl and Mod4, to the point where I always remap CapsLock within minutes of
switching to a new machine. I even often use ^] as a substitute for Escape. I'm
starting to think the key remap is a bad idea.

I also often only use the modifiers on the left side of the keyboard, which is
also not a very good idea, and the remap makes it even easier to fall into.
Another thing that the remap does is make it very easy to use multiple finger
combos at once, e.g. Ctrl-Tab, Ctrl-Shift-Tab, which is yet another
ergonomically bad idea. And I still use the regular Ctrl key, tending to
curl my pinky up to press it with my first knuckle on that finger, which is yet
another possible cause for the pain. 

After some research, I found that it was recommended to use your palm to hit
the Ctrl key, which would have been a bit more obvious, except...I was using an
``ergonomic'' keyboard. Now, I'm not totally writing off ergonomic keyboards
yet, but the typical ergo keyboard's arch makes it extremely awkward to use
Ctrl with the palm, and requires a bigger than normal stretch to reach many key
combinations. 

There have been some studies which have indicated that split keyboards have
ergonomic advantages for wrist pain, but I personally don't think they're
terribly good for finger pain. Also, I'm rather skeptical of the studies to
begin with, as it's highly unlikely they were properly blinded or controlled:
in an ergonomics study, it's immediately obvious to both the administrator and
the subject if they've been given a standard keyboard or an ergonomic one. If
you get an ergonomic one, the placebo effect and Hawthorne effect are going to
come into play pretty much automatically, and these keyboards are going to come
out on top.

I've evaluated a few different keyboards for switching to. I've used the
Kinesis contoured keyboard for about a week in the past, and I found it awkward
for a few reasons -- the crappy rubberized function and Escape keys were
annoying, I didn't like the repositioning of Space and Enter, and the thing
just felt generally uncomfortable. Using modifier keys and typing passwords was
also really unpleasant. I suspect these keyboards are good for some people,
especially people who just do straight up typing rather than lots of navigation
and metacharacters. I think it's bad for programming and similar activities.

For the MS Natural keyboard, aside from the aforementioned problems with Ctrl
and finger stretch, there are a couple of other annoyances. First, like most
modern keyboards, the keys are mushy, making it so you hit the keys harder than
you need to. Also, it has a palmrest, which is pretty widely recognized as
being a bad idea. Everybody knows that the proper palmrest is a cat.

So, after excluding the contoured keyboard as well as the MS Natural, there
were a few other options to consider. My primary goal was to find something
that didn't have the poor feedback of pretty much every keyboard, which means
limiting the candidates to mechanical models, mostly of the buckling spring
type. I went with the approach of the Das Keyboard, which brings all the keys
in closer to each other and gives good audio and tactile feedback. It also has
blank keycaps, which is cute, as I used to spraypaint my keyboards to achieve
the same effect. Another option was the Truly Ergonomic keyboard, which has an
interesting design and mechanical keys, but is more expensive, has an odd
layout, and doesn't technically exist yet. I may try it in the future. 

There's a lot of advice on ergonomics online. Here are the points which I think
are important for finger pain specifically.

- Firstly, learn to type.

- Now, learn to type lightly. Switch keyboards if this helps. 

- Find a keyboard that works for you. ``Ergonomic'' is relative.

- Learn to use the modifier keys on both sides of the keyboard, including 
  Shift. Map the right ``Menu'' key to Mod4, if you're lacking a second Mod4 key.

- Learn to hit the Ctrl keys with your palms. If this is too difficult, swap
  Alt and Ctrl, and use your thumb.

- Don't switch Caps and Ctrl. I'm still leaving mine swapped as I have no use
  for Caps, but I think in general, this causes bad habits.

- Think more. Type less.


-------------------------

Rachel: I'm not sure why i don't have repetative stress.  I sure as hell
type enough for it.  I have pretty good hand posture/typing skills from a
typing class i took in high school, but i use a laptop so much with my hands
resting on the base of the keyboard instead of elevated that it's a bit
surprising.  I *do* have caps remapped as control, which i think helps.  I
could probably remap the right alt to escape, which might help some (escape is
up in alaska).  Tilde down at right control might help as well (in the
neverending attempt to make a standard keyboard feel more like old sun
keyboards)   

Comment Link 



@400000004c449e2d0c0435c4
Project: Mature UNIX Japanese support at last?
Plan:

The SCIM input method has been one of the most flexible and practical
input engines for inputting asian languages on UNIX for quite a while
now. Unfortunately, it's also always been incredibly unstable, buggy and
poorly maintained, and is now effectively dead despite its inclusion
in many UNIX desktop distributions. I've been trying to maintain the
FreeBSD SCIM infrastructure for a while now, with limited success.

Thankfully, Google has stepped in to create IBus
https://code.google.com/p/ibus/, a new and modern input method which
supports several conversion engines -- notably Anthy, which should make
transition for most Japanese SCIM users easy; but also mozc, Google's
new multiplatform Japanese input method, which has some cute security
features and will probably supplant Anthy.

I've updated my tutorial to use IBus and Anthy/mozc, and removed some of
the irrelevant cruft. I'll probably drop my maintainership of SCIM soon,
and good riddance.

http://grumplicio.us/fbsd_japanese.html



Comment Link 



@400000004c341b2a1415bb34
Project: This can't be right
Plan:

I upgraded my work laptop from an X61 to a T410s. Shockingly, everything
works -- wireless, video (once I locked the BIOS to use only the nvidia
chip instead of the fake ``Intel'' one), sound (once I told it not to
play sound through the HDMI output), etc. I even got everything booting
from a GELI device inside a ZFS pool, bootstrapped by a USB key.

We'll see how the battery life goes, but I'm pleasantly surprised to
have FreeBSD work out of the box on such a new system.

Comment Link 



@400000004c094e0233cd48ac
Project: Jabber returns
Plan:

I've finally got a Jabber server back up on redundancy, after ages of
it being down due to the fact that there's no Java implementation for
FreeBSD on PowerPC. I wasn't going to run some server written in Erlang
or somesuch nonsense -- I tried once, and it was not a pretty experience
-- and I most certainly won't run such an implementation of such a
complex network service written in C. 

Thankfully, I discovered Prosody http://prosody.im, which is a tiny
and simple XMPP server written in Lua. Had to fix a small thing to make
Lua work in the first place on PPC (-fPIC), but after that, it was
pretty smooth sailing. For people that just run a small server and want
their own XMPP service without the bloatiness of Java and Openfire, I
recommend it.


Comment Link 



@400000004bca0e7d377f2164
Project: Week 1 of Android
Plan:

I switched to a Nexus One last week due to a hardware failure on my
iPhone. I won't get another iPhone, in spite of it being the best mobile
platform available, due to Apple's intense evil in the handling of said
platform. Here are my impressions. Well, complaints, really.

1) SMS notifications don't appear on the lock screen. This means I have
to unlock and pull down the notifications panel just to see who texted
me. All mention of this online is from people wanting to *disable* this
feature, which is apparently present on the Hero.

2) Exchange integration is pathetic. I know that the Droid has good
integration, but I'm using T-Mobile, as they're the one telco who didn't
participate in warrantless wiretaps. As has been noted, the N1 only
syncs e-mail and contacts with Exchange, and does so reasonably well.
For calendaring, you have to buy Touchdown, which doesn't integrate
terribly well. It also means that you have to have Touchdown sync your
e-mail as well, so that you get invites (which, by the way, you aren't
alerted to receiving), which causes extra battery drain. I'm basically
going to have to roll my own ROM with Motorola's calendaring APK. The
lack of enterprise support in the base OS is just lazy - in the iPhone,
Exchange integration is phenomenal. Android seems to be designed for the
unemployed.

3) The XMPP client only talks to Google Talk. Not terribly surprising,
but stupid. I don't use Google Talk, Gmail, Gcalendar, or anything G
other than search (and Android).

4) Similarly, the calendar app *only* supports Google Calendar. You
can't subscribe to remote ICS files, which is how I generally aggregate
my various schedules. You can't even have a local calendar; you have
to actually go subscribe to these in Google Calendar on a computer,
and then supposedly they'll sync to your phone. I'll never know this,
though, because I'm not going to tell Google what I'm doing at every
given moment. And obviously, this calendar doesn't talk to the Exchange
one. So, scheduling and calendaring on this device is basically
impossible.

5) There isn't an application for TAKING NOTES. Come ON, people, this is
practically a hello world app. EVERY PHONE HAS ONE. My StarTac 10 years
ago probably had one. It's a total cop-out to rely on "the community" to
make your basic apps for you.

On the hardware end, there are some niggles, like the touchscreen seems
to be miscalibrated to recognize taps slightly above where they should
be, the fact that the trackball isn't sensitive enough and is otherwise
basically useless, and the fairly bad GPS signal aquisition. Basically,
this is an unpolished Symbian phone, but with a semi-open-source model,
non-fascist app store and slightly nicer development platform (albeit
one that still sucks horribly compared to Objective-C + Cocoa Touch +
Xcode). Not impressed, but I'll stick with it, as it seems the only
non-Apple game in town.


Comment Link 



@400000004bc7a84d353f2ffc
Project: OpenSSH configuration: Threat or Menace?
Plan:

So, the ASF got compromised:

https://blogs.apache.org/infra/entry/apache_org_04_09_2010

The writeup mentions SSHD configuration:

"""SSH passwords should not have been enabled for login over the
Internet. Although the Infrastructure Team had attempted to configure
the sshd daemon to disable password-based logins, having UsePAM yes set
meant that password-based logins were still possible."""

What? Let's take a closer look at the man page for sshd_config:

	# Set this to 'no' to disable PAM authentication, account processing,
	# and session processing. If this is enabled, PAM authentication will
	# be allowed through the ChallengeResponseAuthentication and
	# PasswordAuthentication.  Depending on your PAM configuration,
	# PAM authentication via ChallengeResponseAuthentication may bypass
	# the setting of "PermitRootLogin without-password".
	# If you just want the PAM account and session checks to run without
	# PAM authentication, then enable this but set PasswordAuthentication
	# and ChallengeResponseAuthentication to 'no'.
	#UsePAM yes

Ok, that's rather ridiculous -- PermitRootLogin without-password
shouldn't pass things to PAM, in my opinion. Yes, I know PAM isn't
always password auth, but it almost always is. Now, is UsePAM on or off
by default? Looking below, I see:

	#AllowAgentForwarding yes
	#AllowTcpForwarding yes
	#GatewayPorts no
	#X11Forwarding yes

Since I know these are off by default in OpenSSH, I assume ``UsePAM
yes'' means UsePAM is off. This is wrong -- the man page explains at the
top that the commented values are the defaults. However, here's a the
snip from FreeBSD's sshd_config man page:

	X11Forwarding
			Specifies whether X11 forwarding is permitted. The argument
			must be ``yes'' or ``no''. The default is ``yes''.

And here is Ubuntu's:

	X11Forwarding
			Specifies whether X11 forwarding is permitted. The argument
			must be ``yes'' or ``no''. The default is ``no''.

I see. Also in the man page on Ubuntu is this:

	Note that the Debian openssh-server package sets several options
	as standard in /etc/ssh/sshd_config which are not the default
	in sshd(8). The exact list depends on whether the package was
	installed fresh or upgraded from various possible previous
	versions, but includes at least the following:

		  *   Protocol 2
		  *   ChallengeResponseAuthentication no
		  *   X11Forwarding yes
		  *   PrintMotd no
		  *   AcceptEnv LANG LC_*
		  *   Subsystem sftp /usr/lib/openssh/sftp-server
		  *   UsePAM yes

Well, it's no wonder people are confused. You have FreeBSD transparently
changing the long-standing default options (albeit correctly, if you
were going to do such a thing), and Debian saying ``The default options
in this man page are for the OpenBSD version of OpenSSH. We may have
changed some of them, but you can't be sure which ones. Have a nice
day.''

Comment Link 



@400000004bba674b2e812c9c
Project: Waving goodbye to sysinstall
Plan:

I just did a vanilla FreeBSD install onto a ZFS root partition using
PC-BSD's installer, instead of spending probably an entire day trying to
figure out how to use ZFS root as I did last time. Good job, guys, this
is a big win.

http://pcbsd.org

Comment Link 



@400000004b96dde70c1e60fc
Project: Saving my eyes
Plan:

I'm not sure why I waited so long to switch to Inconsolata after I was
first exposed to it, but after several weeks of stinging eyes, I finally
switched. This also involved switching to a Tango-based terminal theme,
using vim in 256 color mode, and bumping font size up, and my eyes felt
better after mere minutes. I saw mention somewhere that small fonts can
cause high blood pressure and stress, which is a cute idea, but haven't
found any studies. Anyway:

http://www.levien.com/type/myfonts/inconsolata.html


Comment Link 



@400000004b75d20c0392063c
Project: SSL and open source fools
Plan:

As much as I'm involved with and enjoy using open source software,
the open source ``community'' is largely incompetent when it comes to
security. Take for example the thread at:

http://article.gmane.org/gmane.comp.misc.suckless/920

There is a long-standing and disastrously false belief that there is
some benefit to encrypting communications without bothering to check who
you're encrypting them to. THERE ISN'T. None whatsoever. Middle-person
attacks happen ALL the TIME, and the tools to do it are just as easy, if
not easier, than using tcpdump. Even security people get bitten by this,
including one prominent one who had his entire mail spool stolen because
he used fetchmail to retrieve it: fetchmail silently failed to validate
certificates.

However, I keep running into this idea, especially with open source
cranks. The FreeBSD security team refused to consider it an issue
that libfetch, which is used to retrieve files by pkg_add(1) by
default, silently establishes SSL connections without performing
any verification. A patch to fix the problem was ignored, and I was
requested to go fuck myself for impugning the quality of the code in the
first place.

It seems these developers want to beat on their chests about how
untrustworthy public CAs are (they are), but do nothing to actually
help solve the problem except to pretend that SSL will magically work
on its own, thus exposing users to even greater risk than just refusing
to do SSL at all. A CA does not have to be a public CA: it can be a
corporate or personal CA. You don't have to even use CA verification --
you can use SSH-style fingerprint verification. You can use both. Or any
number of other things. But righteously ignoring the problem is asinine
behavior.

Comment Link 



@400000004b478e1a2d9fd134
Project: more of a browser "police action"
Plan:

Ok, I've gotten progressively more frustrated with Firefox, even with
the wonderful vimperator. Its performance is just staggeringly bad,
especially on non-Windows platforms. Originally I had looked at uzbl
http://uzbl.org, but the decision to use external shell and python
scripts to handle cookies and such was just too cracked out. Besides
performance concerns, it's likely a security nightmare, and way too much
fiddling to spend on a browser.

Surf http://surf.suckless.org/ is a very nice minimal browser --
extremely fast, small, and customizable via a dwm-style config.h. I
like surf a lot, but was missing the link hinting from vimperator, so
happily I found vimprobable http://www.yllr.net/vimprobable/. I use
vimprobable1. This behaves largely quite like firefox + vimperator, except
it's stupidly fast, configured through config.h and doesn't use tabs.

Since I use a tiling window manager, I don't really care
about having tabs. For those that do, you can use tabbed
http://tools.suckless.org/tabbed, which is a far more sensible
way to deal with tabbing applications. This works with uzbl, surf,
vimprobable, or anything else that supports the XEmbed protocol. All
3 browsers are based on webkit-gtk2, so they render more or less how
Safari/Chrome/whatever do.

For those that are a little less vimish and/or minimal, there's also
Arora, which is light, cross-platform, fairly featureful and based on
webkit-qt4. http://code.google.com/p/arora/ It has builtin adblocking,
password management, private browsing mode, and tabs. A nice drop-in for
your everyday Firefox user.

Comment Link 



@400000004b2a842b0c2b97cc
Project: vi everywhere
Plan:

I'm a big fan of vimperator et al (http://www.vimperator.org/), and with
the release of Thunderbird 3 and muttator, I may finally get pulled away
from mutt. Of course, I've said that before. Tbird3 has some pretty
nice features --- it's a good RSS reader, the search is well-designed
and basically instantaneous, and its Archive feature helps organize old
stuff pretty well. And it beats the pants off of webmail, as if that
were hard to do.


Comment Link 



@400000004a5e1b3e37cfc204
Project: dwm update
Plan:

dwm 5.6 has just been released, with multihead support.
Yay! It now does everything I want. My local repo is at
http://redundancy.redundancy.org/dwm.tar.gz. Aside from a smattering
of config changes and third party patches, the main addition is a simple
``focusurgent'' patch, which warps you to the next window with the EXWMH
``URGENT'' hint set. I use this with pidgin, which can set the hint on
new messages, and also with urxvt, which can set the urgent hint on
terminal bell. Since dwm highlights tags with urgent hints set, this
acts as both new IM notification and new mail notification (as mutt uses
a terminal bell when new mail arrives). If people want to use this in
their own dwm configs:

void 
focusurgent(Arg *x) 
	Client *c;
	for(c = selmon->stack; c && !(c->isurgent); c = c->snext);
	if(c)  
		Arg a;
		a.ui=c->tags;
		view(&a);
		focus(c);
	


Comment Link 



@400000004a39324e1e481d04
Project: Code review tips for vim
Plan:

I have to spend a fair amount of my time doing source code review. I've
tried using tools like the hideous Source Insight, but for all its
flaws, I always come back to vim. There are a few things that I've been
adding lately though that have made it a bit more efficient. Here's what
I use:

exuberant ctags -- ctags are simple to use: exctags -R .

This creates a file called tags in the CWD. I have in my .vimrc simply
``set tags=tags'', so the one in the CWD is always used. At the top of a
source tree, I make the tagfile, start vim, and then use ``:Explore'' to
browse to the source files I want. ctags usage in vim is just ^] to jump
to a symbol definition, and ^T to go back.

cscope -- short story: cscope -R ^D

Once in vim again, you can go to a symbol and do ^\-s to see a lookup of
where that symbol is used in the codebase, or ^\-c to see callers. Pick
a number and you jump to it. Similar to ctags, ^T jumps back. You'll
want to put http://cscope.sourceforge.net/cscope_maps.vim into your
vim plugin directory for all of this to work.

Taglist -- The vim taglist plugin will show you a sidebar with all of
the symbols in a file and/or source tree, giving you a good overview and
letting you jump around. It's pretty simple to use, just remember ^W^W
switches between different vim panels. After you've installed it, (just
put it in your .vim/plugin dir), use ``:TlistToggle'' to activate it. Same
deal: after a jump, use ^T to go back on the stack.

NerdTree -- A nice and simple directory browser sidebar, with some extra
nifty features. Quite nice and actively maintained. Much better than :Ex.

flawfinder -- a hokey script, but it does most of the grepping for nasty
standard library functions that no one should be using. The neat thing
here is that you can use the output as a tool in vim. To do this, first
move your cscope.out and tags file somewhere else for a bit -- they
confuse flawfinder. Then, at the root of the source tree, do: 

flawfinder -SQD --followdotdir . > flawfile

Now, start up vim and do ``:copen'' to open up a ``QuickFix'' panel. Then do
``:cf flawfile'' to read in the flawfinder results. You now have a browsable
list of issues that you can run through. ``:cn'' goes to the next hit. Now
that you see what a hitlist looks like, you can use this for other stuff
too -- the format is trivial.

Of course there are a huge number of handy vim tricks. It's actually
worth reading the :help, as it's surprisingly usable and enlightening.
You might also want to check http://vim.wikia.com/wiki/Best_Vim_Tips
for some other handy tips.

Comment Link 



@400000004a02199c04d0a88c
Project: Undisclosed
Plan:

My nice discoveries for the day are the ``magic ='' and ``magic **'' in
zsh, and fefe's ``gatling'' webserver. I wouldn't replace publicfile
with it, but for quick and dirty exporting of the CWD, it'll come in
very handy.

http://www.fefe.de/gatling/
http://www.rayninfo.co.uk/tips/zshtips.html

Comment Link 



@4000000049f62fff2ecaef6c
Project: Revolutionizing content management.
Plan: 

I did some work this weekend on my ultra-cranky ``blogging''
software, and it's working quite nicely. I'm kicking around the
idea of exporting to LaTeX, but I'm not quite sure how well that'll
really work. I wish LaTeX to HTML translators didn't all suck.
I'll definitely add support for RSS, though. Source for this is at
http://redundancy.redundancy.org/plan.sh.

Comment Link 



@4000000049f3fea32482d31c
Project: Being bleary.
Plan: 

I've been doing some hacking on dwm (http://dwm.suckless.org) as
of late, and have been quite enjoying it. I have a little repo of
the way I set it up, and it's quite delightful. You can find it at
http://redundancy.redundancy.org/dwm.tar.gz. 

Comment Link