Technocrat at large

Although I posted them last night on Facebook (they won’t stay up there forever), I’m also posting some photos that I took in the past month here, most of them being from last night.

I just picked up a new Sigma 70-300mm 4.0-5.6/f telephoto lens for my Canon XTi body, and decided to try it out at swing last night. I’m also starting to use my external flash more now, and it’s taking some getting used to, but I’m liking some of the results so far. Thus, take a look at the gallery or the Dec. 29/09 album for some of the shots that I took. Let me know what you think!

Recently I made the decision that I would try to switch keyboard styles. Almost everybody I know uses the standard QWERTY-style keyboards because they are so common, but because I use a keyboard so much, I want to protect my fingers.

A bit of background knowledge before I go any further: the most common style of computer keyboard is the QWERTY keyboard, named such because of the first six letters in the top row of the keyboard. It was initially designed during the typewriter days not to improve typing efficiency, but to prevent the keys from jamming up. DVORAK, on the other hand, was designed with computer keyboards in mind, focusing on efficiency and ergonomics. As a result, those who are comfortable with DVORAK typically type faster and cause themselves less repetitive stress injuries.

Now, I think that those are both two very good reasons to make the switch to this different style. There is, though, the obvious drawback of having to learn a new keyboard layout. Thankfully, I don’t need to buy anything to get started; any newer operating system has the ability to remap a keyboard to a new layout. The problem with this is that the writing on the keyboard doesn’t match what I want to type, so I can’t look at the keys to help me learn.

So the goal at this point is to work on my typing speed and hopefully get it to a speed that is reasonable. On a regular QWERTY keyboard, I can type at about 75 wpm (words per minute), but on a DVORAK keyboard I’m at a lowly 20 wpm. In order to help improve my speed, I’ve decided that I will type all of my blog posts on my DVORAK layout. After all, they say practice makes perfect, and if I plan to keep up with my blog posts on a regular basis, I should get better pretty quickly.

So, if anyone else out there is on their computer a lot, I challenge you to try out DVORAK some time and give it an honest shot at becoming comfortable at it. It’s certainly a challenge to pick up, but would be beneficial to preserving the life of your fingers, and when you’re in the Computer Science industry like myself, it’s game over if I can’t use my fingers. So to make things a little easier, instructions are below to enable the DVORAK layout on both Linux (Gnome) and Windows:

Linux (Gnome): System –> Preferences –> Keyboard, then go to the Layouts tab.

Windows XP: Add the Language toolbar by right-clicking on the bottom bar, then go into the Settings section under there to add a keyboard.

Well, after the massive spike in traffic to my site after writing the blog post on GNU Screen and Byobu Made Easy, I decided to do another quick tutorial on another Linux command-line tool, ViM. ViM, or “Vi Improved”, is a command-line editor that has been around since the dawn of Linux command lines, and is deceivingly powerful. Although we won’t get into the more powerful parts of the program today, stay tuned for some power tips later.

Now, anyone that has been around two or more Linux command-line junkies I’m sure has heard the Emacs vs. ViM argument at some point. Regardless of which one you like, they’re both great editors. Give them both a shot and choose your favourite.

ViM Overview

Vim can be very overwhelming to start off on, but is great once you get used to it. When you first open ViM, you will be presented with a blank document and you will be in Normal mode (see below). Soon, we will be able to start writing text, undoing a mistake, perform cuts, copies, and pastes, as well as some search-and-replace.

A quick note that almost everything is case-sensitive!

Program Modes

There are six main program modes in ViM, listed below. We will only cover three of them in this tutorial for the time being.

• Normal Mode. This is where you type all of your commands, typically to move into one of the other modes.
• Insert Mode. Here is where you’ll actually type text into your document.
• Visual Mode. Visual mode is mainly used for yanking (copying) and deleting (cutting). Although it can do more than this, we’ll focus on these for now.
• Select Mode. Similar to Visual mode, Select mode is typically used for deleting a selection of text and immediately typing over top of it.
• Command-Line Mode. This is where you type your commands, such as saving, searching (and replacing), and the ability to edit ViM’s options.
• Ex Mode. All-in-all, this is pretty much command-line mode, except after typing a command you end up staying in command-line mode instead of reverting back to Normal mode.

Let’s Write Something!

You’ve just opened up ViM, but every time you try to type text, nothing seems to happen? What gives?! Well, right now you’re in Normal mode, and ViM is waiting for an instruction. In order to start typing text, just type “i” (for “Insert”) or “a” (for “Append”). The Append mode will move your cursor one character forward before you can type, so keep note of that. After you’re finished typing what you want, just hit Escape to get back into Normal mode.

Let’s say, that you just wrote “ViM is awesome!” in your spiffy new document, but saying it once just isn’t enough! You want to say it over and over again, but typing it out so many times just seems like a waste, doesn’t it? Time to go into Visual mode! Move your cursor to the beginning of your text using the cursors, then type “v” (lower-case). This puts you into Character-Select Visual mode. Move your cursor to the end of the text, and press “y” (for “Yank”), which copies the text into it’s built-in clipboard. Move your cursor to where you want to paste, and type “p” (for “Paste”). Note that “P” will paste BEFORE your cursor, so keep that in mind.

Fixing Screw-ups

Whoops! You pasted it one-too-many times, or you pasted it in the wrong spot! Never fear, the Undo tool is here! Make sure you’re in Normal mode (just hit Escape if you’re not sure), and press “u” (for “Undo”).

What if, for example, you ended up typing “ViM is awsemoe!” (hey, your fingers got tied up; it happens). It doesn’t make sense to undo all of that, so let’s just do a search-and-replace. Go into normal mode and type “:%s/awsemoe!/awesome!”, then hit enter. Poof! Problem solved! I’ll discuss the search-replace a bit more in the cheat sheet. If you just want to search for text, type “/your-text-here” in Normal mode, then hit enter. “n” will move you forward through all the findings, and “N” will move you backwards.

Saving and Exiting

Saving and exiting is really easy. “:w myfile.txt” will write the file to myfile.txt. If you opened an existing file, you don’t need the file name, so “:w” is all you need. To do a save and quit at the same time, type “:wq”.

What if you want to quit but don’t save your changes? The best way to do this is “:q!”, which will quit without heeding any warnings about the file not being saved.

Command Quick-Review

- a - Append
- i - Insert
- /<your-text-here> - Search for <your-text-here>. Does NOT use regular
  expressions
- dd - Delete the entire line that your cursor is on
- x - Delete the character your cursor is hovering on.
- :42 - Move to line 42
- G - Go to the last line in the document
- :s%/<search>/<replace> - Regular expression-compatible search-replace.
    - :s/<search>/<replace>/g - Same as above, except replaces everything on a
      single line. Remove the "g" to replace only the first occurrance.
    - :s42/<search>/<replace>/g - Same as above, except replace on line 42.
- V - Line-select Visual mode
- v - Character-select Visual mode
    - y - Copy (yank) the selected text
    - d - Delete the selected text
- :w - Write the file to disk
- :wq - Write and quit
- :q - Quit
- :q! - Quit without saving

---

Hopefully those that are starting out on Linux will find this useful. I plan on going in to greater depth in the near future, so stay tuned for that. If you like this article, I’d love for you to Digg or Reddit this page below. It’s such a great feeling when your traffic spikes to 1000 hits in a day. And, for those Emacs lovers, I’ll be doing an Emacs writeup as well.

Some days, it pains me to see how woefully insecure some web browsers are. Every day, it seems that ten new browser-based exploits (or client-side attacks, as my presentation will tell you) are publicly released, and just because you’re on a site that you think is legitimate doesn’t mean that somebody hasn’t compromised it.

For those of you using Internet Explorer (IE), I pity you. IE, still being the #1 most commonly-used browser in the world, is the target of the most attacks by far out of all the major browsers. If you’re smart enough to use another, better browser, then you’re already one step towards protecting yourself. I’m going to assume, though, that you’re using Firefox or one of it’s derivatives such as Flock, since the plug-in libraries are huge.

1. Use the Web of Trust

https://addons.mozilla.org/en-US/firefox/addon/3456
My Web of Trust (MyWOT) is a plugin for Firefox that warns you about potentially risky sites. It can alert you to known scam sites, spam sites, and pages that are known for hosting malware. It’s great for getting an idea of how trustworthy the site you are visiting is, and is a great extra level of protection against attacks against your computer.

2. Block Javascript and Popups

AdBlock Plus: https://addons.mozilla.org/en-US/firefox/addon/1865
NoScript: https://addons.mozilla.org/en-US/firefox/addon/722
The most common form of browser-based attack is cross-site scripting, or XSS. XSS uses Javascript (a scripting language that websites use) in order to force your browser to do something. Typically, Javascript usage is legitimate; when you post something on somebody’s wall on Facebook, Javascript is used there to push the new message to their wall without refreshing the page, and to create that cool sliding effect as the old posts move down the page. You can also use it for malicious use, though. Stealing login credentials is a common one, but I’ve seen Javascript sophisticated enough to hijack your browser, forcing you to visit sites without you having any input or even downloading and running malware and viruses against your will. NoScript will block all Javascript, and then you can tell it what you want to enable. It takes a while to configure properly, but after a week or so of setting it up, you’ll be a lot more secure. XSS sometimes propagates through ads, so AdBlock is nice to have as well.

3. Use Different Passwords

This always seemed like a no-brainer to me, but I know many other people who won’t do this. Using the same password for multiple sites is just stupid. If somebody manages to steal your password from one site, what’s stopping them from going to the other site (and no, having a different user name isn’t going to prevent anything). Instead of using the same password, use different ones, minimum 8 characters, and random characters. If you can’t remember all of those, take two 4-character random strings, and take the domain name, and put each random string on either side of the domain; there’s your password. For example: “4n$sFACEBOOKn4%l”. Swap “e” for “3″, “s” for “$” or “l” for “1″ – think L33T!

4. Clear Those Tracking Cookies

https://addons.mozilla.org/en-US/firefox/addon/6623
Although you may not realize it, tracking cookies are used to track your movement around the internet. Although you may visit very different web pages, the company that displays ads on the sites may be the same. Beat these cookies with BetterPrivacy, which removes tracking cookies and LSOs from your browser cache.

5. If You Didn’t Expect To Get It, Don’t Click It

I hate to have to reiterate common sense, but sometimes it escapes us. If you didn’t expect to get a link from somebody, or they sent you a file that you weren’t planning on getting, don’t open it. I don’t care if it came from their MSN account; if you didn’t follow rule #3, there’s no reason why their account couldn’t have been hacked. If someone sends you a link, do yourself a favour and just ASK the person what it is before you click it; if you get a reply that is something that your friend would say, then you’re probably okay.

---

Well, that took longer than expected. Hopefully that’s of some use for people. As always, I appreciate your comments and feedback. If you like what you read, help me out by posting the article on Reddit, Facebook, or Digg (or sending the link to a friend). See you next Monday!

Well, it’s been a while since I’ve posted; about three weeks, actually. To the one or two readers I have, my apologies that you don’t have something to waste your time on twice per week. I’m getting back into the writing mood, so I should be building up a buffer of things to write in the near future.

A lot has happened since I last talked about the IPAM presentation that I took part in. To start with the related topic, I was approached to do the presentation again, this time internally to other departments. Thus, the other co-op student and I set about cleaning up the presentation a bit, fixing some errors, and making it flow smoother. It went much better the second time, thankfully, both from a public speaking perspective and a demonstration perspective. As fun as it was to work on that, I’m glad it’s over and done with right now.

Speaking of work, the number of days that I have left at IPC are dwindling quickly as the new year approaches. I work until December 31st, at which point I’m back in class. It’s been a fun past couple of months, and the paychecks have been very nice, but I’m also looking forward to getting back on campus to get some more studying done. I’ve decided that I won’t get a job during the winter semester so I can concentrate on my studying; I’ll have more than enough money to get through four months, and then I’ll be working in the summer again.

After that presentation was done with at work, I found that I had a fair amount of spare time, as there weren’t too many tasks to work on. I spent that time learning Ruby on Rails, and putting that knowledge towards the new UMSwing site. Although on the outside it will look almost the same as before, this new site will have an extensive backend that will make UMSwing virtually paperless. Although you may not think we use that much paper, think again; I have a full 3″ 3-ring binder in our office that says otherwise. All of our memberships, attendance, and transactions will be tracked on the web application, thus eliminating the need for those pieces of paper to be printed in the first place. Anyways, I’ve been working very hard on the site, and it’s almost ready to be tested by some other people. So, if you’re interested in testing some software for an eco-friendly cause, let me know in the comments section and I’ll keep you informed.

That’s a quick update on what’s happened in the past few weeks at work. I have a few more updates to spew out in the coming days, one of them involving my server upgrade (*cough* RAID *cough*), and some involving some extra-curricular activities (including some new photos to go up soon).

Last Wednesday, myself and the other co-op student working with me did a presentation to the Information Protection Association of Manitoba (IPAM) about attacks on web-based applications. It was certainly an interesting experience. Although it wasn’t a stellar performance, I think we did okay considering our presentation skills. Unfortunately we were expecting a slightly larger percentage of technical-minded people rather than business-minded people, and thus I got the impression that some of the talk was a little over the heads of a few of those in attendance. Regardless, it was a learning experience, and something I learned a lot from.

I was approached twice after our presentation was over. The first gentleman, to paraphrase, suggested that the presentation would be more useful had it included a mitigation strategy to prevent and (hopefully) eliminate the possibility of attack. I thought he might be on to something here. After all, wouldn’t it be great to have a check list to go through, and making sure each item is checked off would result in a secure application? For the rest of the day, I spent a lot of time going back and forth on this idea. On one hand, this check list would be nice, but I also firmly believe that a large amount of the prevention relies on the skill level of the programmer, debugger, and penetration tester, and a check list simply wouldn’t be sufficient to protect yourself from attacks. But, having the check list would be a good start. Sort of an “if you’ve done these things, you’ve covered the basics” check list. It would be a good reminder sheet for pro programmers, and a good stepping stone for those who are just starting off. To that person, your suggestion has been heard, and the check list has been added to my to-do list, hopefully to have a first draft out within a month or so, so stay tuned for that.

The second gentleman asked if the slides to the presentation would be online for later viewing. At the end of the presentation, although we took almost an hour, I was well aware that we were rushing; we probably had too much content that we wanted to cover. Before the presentation I had already planned to put the slides online as a reference; although it’s nice to see the slides during the talk, it’s also nice to go back and view them at a later date. Thus, my slides will be online here for anybody to take a look at. I will also be posting my source code, but that will be a bit later (ie. probably next week), since there’s a few sections that are a little finicky right now.

So my twice-per-week updates seem to have fallen a bit behind as of late. To those one or two dedicated readers, my apologies for not giving you something to burn a couple minutes from your day with.

I have three culprits to lay the blame for this lack of updates. One of those has been a savage case of writer’s block. Another of those has been a very busy schedule for me. Busier than normal, even. As such, the third and final culprit goes by the name of “Sleep Deprivation”, which always seems to tag along with culprit number two. In a possibly vain attempt to get myself back on my writing pedestal, I figured I’d fill you all in about the past two weeks.

As those of you who are involved in the Winnipeg swing scene may know, UMSwing had two events to demo at last weekend, the first being the Gilbert & Sullivan Gala Fund-raiser, and the second being the Winnipeg Jazz Orchestra’s performance. The fund-raiser involved a couple of demonstration songs, and the WJO performance involved dancing for 20 minutes during their intermission, as well as the opportunity for one or two couples to dance on stage during one of their songs. Although they took place over the weekend, I’ve been in talks with organizers of both events for quite some time, and the last week became crunch time for me as I made sure everything went as expected. I’m really glad that we were invited to both events, and we’d certainly be interested in doing it again.

To swing (no pun intended) from one quirky interest to another, this Wednesday a couple of us took advantage of the day off and planned for a session of Dungeons & Dragons. I need to take a minute here to explain this:

• No, it did NOT die out ten years ago
• Yes, it IS fun
• No, you do NOT need to be an über-nerd to play
• Yes, girls DO play it.

Anyway, in this group (which has yet to receive a name), I am the DM; I’m the one who tells the story, plays the non-player characters (NPCs), and guides the other players through their adventures. Although very fun to DM, it also requires a lot of work to create your own adventures; dungeons, the global map, encounters, and NPCs all need to be planned. Thus, that chewed through a fair amount of spare time that I had. On the plus side, I over-prepared, so I have everything I need for the next time around.

This weekend, I have plans to go out to a friend’s cottage for some much-needed rest. It’ll be nice to get away from it all, and hopefully take some great photos, which I hope to put up for Monday’s post. I also have some ideas for another Linux command line tip, so those of you reading my previous post regarding Byobu: stay tuned.

“I’ve never seen you here before. I like that in a woman.”
– Renaldo ‘The Heel’, Crimewave (1985)

For the *nix elitist, no graphical tool comes close to the power that the command line provides. While this may strike some people as odd, particularly those who only have experience with Windows, it’s a pretty well known fact that the Linux command line provides a method of controlling every aspect of your computer activity; this is so much the case that most GUI applications on Linux are just command line “wrappers”, hiding you from what’s actually happening behind the scenes.

While this is all fine and dandy, things like development and multi-tasking can prove to be a little frustrating when connecting to a remote location and requiring more than one window open. Although a typical command line pretty much prevents this from happening, using GNU Screen or Byobu can make things a lot smoother. One window, multiple command lines.

As most developers will tell you, having multiple windows available to you is a godsend. It’s particularly useful when you have scripts to run in the background that generate output, but you don’t want to fork them as a daemon. Now, with GNU Screen and Byobu, you can do this easily, and even make your screen look snazzy as well. The only drawback to these utilities is that they are a little hard to get used to. In this post, I will quickly outline some of the key combinations which I use regularly.

GNU Screen and Byobu Simplified

The number one thing to remember about every command you use is Ctrl+A, which will be written as C-a. This is picked up by screen and will tell the utility that the next characters typed will be commands for screen to interpret. Keeping in mind that all keys are case-sensitive (as most things are in Linux), take a look at some of the commands below:

C-a C - Create a new screen window

C-a A - Rename the screen

C-a C-a - Go back to the previous window

C-a <0-9> - Switch to screen #0-9 (quick toggle)

C-a " - View a list of the current screens, which will allow you to select one from the list

C-a ' - Enter a screen number to switch to (slower version of C-a <0-9>)

C-a d - Detach the whole screen session and fork to the background. Very useful for remote sessions you want to leave open. The command "screen -r" will resume your screen session.

C-a <Escape> - Scroll up through your command line "history" and see what output you previously got. Hitting <Escape> again cancels it.

With the introduction of Byobu in Ubuntu 9.10, you can also get some statistics added to the bottom of your command line window to help keep you informed about the state of the system you are running on. Hitting F9 in session will bring up the menu for customization, which can make your screen session look pretty awesome. Instead of using screen to start your screen session, simply use byobu instead. Easy as pie.

If you have any questions about GNU Screen or Byobu, let me know and I’ll see what I can do to answer them. Stay tuned on Friday for another issue of “Five Things” (hopefully).

Now that I’ve been taking more photos recently, I’m getting into the habit of posting them up a little more frequently. Rest assured, I’ll keep you all updated when I put up new photos. If you want to take a look at some of my other photos, just head to the gallery.

As always, I welcome your feedback; just post a comment below!

It’s not like me to gush over operating systems. Particularly looking at what we’ve dealt with in the past. If we’re lucky, we got stability in an OS, but usually at the expense of it looking terrible. This year seems to have caused things to change, however. With the release of the Windows 7 RC, Microsoft has restored a good amount of the faith that it lost after churning out the load of crap that it called Vista.

The open source community is never far behind, and Canonical’s Ubuntu 9.10 operating system is a work of art. Seriously. I would frame it and mount it on my wall if I could. Unfortunately I can’t, so all I can do is gush about it and tell people about all of it’s amazing features. Non-techies: just smile-and-nod your way through this post .

Ubuntu One

Cloud computing is all the rage these days, and Ubuntu has jumped on the bandwagon by presenting One, a personal cloud for the synchronization of files across multiple Ubuntu computers. Set up your account, get your 2 gigs of free space, move files into the Ubuntu One folder, and let them sync. Easy as pie.

ext4 Filesystem

Following in Fedora’s footsteps, Ubuntu has set ext4 as 9.10’s default filesystem. Although you won’t make the switch if you upgrade, fresh installs will feel the warm glow of ext4 during their install.

Uncomplicated Firewall

One of my main complaints with Ubuntu’s previous setups is that it fails to include a firewall by default, and that has been remedied in 9.10, with the introduction of ufw, the uncomplicated firewall. No more sifting through the iptables’s man pages to figure out how to add a simple allow rule; ufw makes firewall management easy.

Faster Load Times with Upstart

Another popular trend recently has been the goal of reducing boot times as much as possible. Fedora Project made waves as they aimed for a 20 second boot time from BIOS to login page. Although they were a little short of their goal, they made some important headway, showing that not every single scrap needs to be loaded and cached on boot. Ubuntu has carried this forward and has made a similar goal. Although they don’t mention any specific time-related goals, they made the switch to Upstart, which makes the loading page look smooth and cuts the boot time significantly.

---

Overall, I’m really happy with the progress Ubuntu has made. Although a lot of previous versions have fallen a bit behind on the times in exchange for having a stable system, they are catching up with the times and even pushing the envelope with new ideas. If you were looking for a reason to switch to Linux, put this one at the top of your list. If you’re not convinced, download the LiveCD and try it out without installing (although your performance will suffer since it’s loading from a CD…duh…).

Thanks for giving this a read, everyone. If you like what you see, or have any suggestions for further writings, drop me a line in the comments section below and give me a vote on Reddit or Digg. I read each and every one of your comments: I promise