oscarbonilla.com

In light of recent news:

The hacker, whose March 15 attack was traced to an IP address in Iran, compromised a partner account at the respected certificate authority Comodo Group, which he used to request eight SSL certificates for six domains: mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and login.live.com.

The certificates would have allowed the attacker to craft fake pages that would have been accepted by browsers as the legitimate websites. The certificates would have been most useful as part of an attack that redirected traffic intended for Skype, Google and Yahoo to a machine under the attacker’s control. Such an attack can range from small-scale Wi-Fi spoofing at a coffee shop all the way to global hijacking of internet routes.

At a minimum, the attacker would then be able to steal login credentials from anyone who entered a username and password into the fake page, or perform a “man in the middle” attack to eavesdrop on the user’s session.

And because it is not the first time COMODO has screwed up, I’ve decided to turn off their root certificate from my browser (Safari). Here’s how you do that.

1. Open Keychain Preferences (in /Applications/Utilities).
2. Click on “System Roots” on the left pane.
3. Seach for “COMODO”.
4. Rigth-click on the certificat and select “Get Info”.
5. Select “Never Trust”.

I’ve just done this so we’ll see if it has any effect on my general surfing experience.

I’m a big fan of Malcolm Gladwell, but I classify his books more as fiction than science. My problem with Gladwell as a science writer is that he always seems to be very selective on the research he presents to his readers. Thus he presents half the issue and makes it up to be “proven” by science. I’ve meant to write some thoughts on Blink!, which I read a while ago, but never finished writing them. Now Daniel J. Simons and Christopher F. Chabris have beaten me to it with “The Trouble With Intuition”[1]. Here are some good parts:

The most troublesome aspect of intuition may be the misleading role it plays in how we perceive patterns and identify causal relationships. When two events occur in close temporal proximity, and the first one plausibly could have caused the second one, we tend to infer that this is what must have happened.

I have found that even after constantly repeating “correlation does not imply causation”, I still botch it all the time unless I’m actively reminding myself to NOT jump to conclusions before analyzing. The sweet temptation to go with intuition is just too, uh, sweet… and… tempting? Hmm.. okay, let’s move along.

Take the case of the perceived link between childhood vaccinations and autism. Nowadays children receive several vaccines before age 2, and autism is often diagnosed in 2- and 3-year-olds. When a child is diagnosed with autism, parents naturally and understandably seek possible causes. Vaccination involves the introduction of unusual foreign substances (dead viruses, attenuated live viruses, and preservative chemicals) into the body, so it’s easy to imagine that those things could profoundly affect a child’s behavior. But more than a dozen large-scale epidemiological studies, involving hundreds of thousands of subjects, have shown that children who were vaccinated are no more likely to be diagnosed with autism than are children who were not vaccinated. In other words, there is no association between vaccination and autism. And in the absence of an association, there cannot be a causal link.

I’ve always been baffled at that “vaccination causes autism” debate. In the scientific community there seems to be no debate. And even if “correlation does not imply causation”, correlation is a necessary condition for causation. And later on, we find this gem:

In a way, intuition and statistics are like oil and water: They can easily coexist in our minds without ever interacting.

This is a fantastic analogy, and I have many times been seduced by intuition only to find myself on wild goose chases. The whole piece is worth reading.

1. Which proves once again my maxim that if you wait long enough to do something, either somebody else does it or it becomes irrelevant. [↩]

I’m going to go off on a limb and blog about something I know absolutely nothing about. Power generation.

So I’m reading the news recently and I read that the U.S. is going to invest in building a couple of nuclear power plants. Now, I don’t know much about nuclear power plants or power generation in general. But I know how to use the googles for finding out about stuff I don’t know much about. So I hit wikipedia and all those other websites and I find about all of these wonderful methods of generating power.

Fossil Fuels: Coal for instance. Oil and natural gas too. The main idea is to burn these fossil fuels in order to boil water so that the steam can make a turbine spin and generate electricity using a big electromagnet.

Nuclear Fission: Create a controlled nuclear reaction so that we can heat up water and produce steam to spin a turbine hooked up to a huge electromagnet.

Geothermal Power: Drill a very, very deep hole to reach the hot granite that underlies the earth’s crust. This granite is so hot we can use it to… boil water… steam… turbine… electromagnet.

Hydroelectric: Just avoid the whole boiling water bit and spin the turbine directly from a river.

Tidal Power: Make a dam in the ocean and put the turbine there.

Wind Power: Instead of boiling water and using steam, use wind to spin the turbine.

Solar power: At this point, if I had read that we were using solar to boil water I would’ve just given up hope for humanity. But no, at least with solar we actually just use the energy… no turbine involved.

So my question for more informed readers is: uh, how about not needing the turbine and using some other method of gathering the released energy? Especially in the case of Nuclear Fission. It seems somewhat wasteful to fire up an atomic bomb just to boil some water…

Back when TextMate was relatively new and that famous video of ruby on rails was making the rounds. I watched in amazement with the rest of the nerds as code flew around the screen. I had caught Snippet Fever.

After using TextMate for a while I became addicted to snippets. The basic idea of a snippet is that you can write a few characters and they expand to whatever you want. For example, you can type: ‘fl’, hit Tab and TextMate will write:

  for(int i = 0; i < ... ; i++) {
    ...		     
  }

Where ... is where the insertion point will be each time you hit tab. You can do the same with Emacs in many different ways: Emacs skeletons, the snippet.el plugging, hand-coded elisp, etc. The point of this post, however, is not to show all the different ways that you can get snippets. The point is to ask whether it’s worth using snippets at all.

Snippets eliminate the need to type recurrent idioms. If you have to write accessors, it’s very pleasant to type ‘set’, hit tab and watch the screen fill with 20 lines of code that just wrap a field in a class with a setter function. But this is fixing the problem in the wrong place.

The fundamental problem is that the language is too damn verbose.

Imagine English had no pronouns so if I wanted to tell you a story about my friend Tim and me, I had to write:

Tim had called Oscar to ask Oscar if Oscar could lend Tim the book that Oscar had bought the day before. Oscar told Tim that Oscar was still reading it, but that Oscar would be happy to lend Tim Oscar’s book when Oscar was done with the book so that Tim could read it.

The above paragraph is too verbose. It’s hard to write. Snippets would help me write it by automatically filling all the appropriate places with “Tim” and “Oscar”.

If the language you are using is so verbose that you need snippets, how about fixing the language?

Even on languages that don’t allow fixing the syntax you can still do something.

For example, in C, if you find yourself typing a for loop to access a list over and over again:

  for (int i = 0; i < length(list); i++) {
 
  }

Make a small pre-processor macro that abstracts that:

  #define EACH(list) for (int i = 0; i < length(list); i++)

And now you can write:

  EACH(list) printf("%s\n", list[i]);

And since code is usually read many more times than it is written, you have helped make the source base a little better.

After some late night reading of the C99 spec, I’ve found quite a few hidden gems. I’m going to start posting some of these. Since it’s late, I’ll just post a teaser.

On page 64 of the C99 standard it says:

In all aspects of the language, the six tokens

<: :> <% %> %: %:%: 

behave,respectively,the same as the six tokens

[ ] { } # ## 

except for their spelling.

Really? Then let’s try this program:

%:include <stdio .h>
int
main(int argc, char *argv<::>)
<%
	printf("hello world\n");
%>

Compile it an run it:

dirac src $ gcc main.c
dirac src $ ./a.out
hello world

Whaddaya know… I know, I know… useless. Wait for the next post then.

Quick, how big is your .emacs file? How long does it take emacs to load? A few days ago I found that my .emacs file had slowly grown to the point where it was taking emacs a significant amount of time to load. Something needed to be done.

A quick glance at the file told me I was loading a lot of modules that I seldom use. For instance, I occasionally write some code in Common Lisp or Haskell, so naturally I was loading slime and the haskell environment. I commented those out.

However, after commenting them out, I quickly realized that not loading them was problematic. When I wanted to use them, I had to open my .emacs file, uncomment the relevant portion, and M-x eval-region the code.

Then it occurred to me that I had a clear entry point for some of these modules. When I write Common Lisp, I usually start by loading SLIME’s REPL by running M-x slime. I came up with the following code:

(defun slime ()
  (interactive)
  (add-to-list 'load-path "~/emacs/slime")
  (setq inferior-lisp-program "/usr/local/bin/sbcl")
  (require 'slime)
  (slime-setup)
  (slime))

Which basically sets up my slime environment and then loads slime. Note that the slime function itself is redefined as part of the evaluation of (require 'slime), so although this looks like a recursive call, it’s not.

I’ve used this trick in several other cases and I think it’s kind of neat. It helps me keep Emacs loading fast, but I still have all the bells and whistles available.

Today is John Lennon’s death anniversary. He was shot to death on December 8th, 1980. I always commemorate this day by listening to John Lennon’s music, smoking unfiltered Gitanes, playing guitar, and letting my hair grow long… for a day… ok, not really, but I do try to listen to Imagine, at least once.

At any rate, there is a website now to commemorate John. It has a letter from Yoko Ono and a video from John Lennon.

The goal of an artist is to elicit some kind of emotion from the audience through his art. You cannot see the video and feel nothing. I left it running in the background while doing other things as I’ve seen Lennon interviews thousands of times and can usually remember how they go, but the imagery at the end, after John stops talking, pulled my eyes and engaged me like nothing has for a long while. I literally couldn’t stop watching.

At any rate, here’s to you John Lennon. You were the Walrus.

And on a lighter note… I found this clip hilarious.

Part 1:

and part 2:

If I used Windows, I’d buy norton antivirus just because of this ad.

Which can be loosely translated as “I fear Facebook even if it brings gifts”. My friends have noticed that for quite some time I’ve stopped updating my Facebook status, or even interacting with the site altogether. The reason is simple. I don’t trust them.

A short time ago, Facebook introduced a new feature called “Beacon” that lets websites send status to your mini-feed. It immediately drew a lot of criticism because of its invasion to privacy, to the point that many people figured out ways to block it. Facebook’s CEO apologized for it today and made beacon opt-out.

Now, I was going to write a detailed article about why this bothers me and how insincere the apology sounded, but our good old friend Fake Steve Jobs did a much better job in this blog post. Money quote:

These guys are like Google, only their slogan isn’t “Don’t be evil” — it’s “Don’t get caught.”

And later:

The smarmy fake apology is not at all reassuring and seems to have been written by PR people who were trying to imitate a 23-year-old kid who’s speaking from the heart and trying to sound all sheepish and aw-shucks — except the flacks can’t do it because they’re as insincere and stage-managed as as the Facebook guys. Plus, let’s face it, the flacks are getting paid in Facebook equity, right?

I couldn’t have said it better myself. You should go read the whole post.