Project: More excellent console-mode apps
On my software (http://grumplicio.us/software.html) page, I mention a few
console applications that I use regularly, like tmux, mutt, w3m, cmus, and
calcurse. I've recently discovered a couple more applications that are worth
knowing about if you prefer to do most of your work in a terminal-based
On the face of it, this project appears to be absurd: "It's a list of TODOs. I
already have a list of TODOs", you might say. However, after giving it a shot,
I've found it to be actually quite useful. The reasons why I like it better
than my previous flat file approach are:
* Easy tagging and filtering. I primarily use +home and +work to keep my
full task list easily filterable.
* Automatic urgency calculation. Taskwarrior is smart about figuring out
which stuff you actually need to work on next --- it looks at the age of
the task, your chosen priority, the due date and other metrics to
determine how tasks are sorted. I've found this to be quite useful.
* It handles things like projects, dependencies, notes and annotations
attached to tasks. It knows that your blocking dependencies have higher
* Lots of shortcuts. I just have to say that something is due at "eom", and
it'll do the right thing.
* It keeps things together. Tasks are easy to synchronize between a remote
server and your local machine, using the "merge" command.
Anyway, it's worth a try to see if it works for you. The only thing that it
really lacks is a modern way to integrate to calendaring applications, but I'm
sure that will come before too long.
On OS X, there's not really a decent non-commercial RSS reader available,
unless you want to run Thunderbird all the time. I'd been using Liferea under
X, but it wasn't a terribly great solution. Newsbeuter aspires to be the mutt
of RSS readers, and it pretty much is. You define your URLs in a simple flat
file, spawn the reader, and it will handle updating them, downloading
summaries, and plenty of other stuff I'll never use. From the summary view, you
can have the actual article links launched in an external browser --- I use
w3m, as I run it under tmux on a remote server. That approach also means that
your read and unread items are pretty well tracked regardless of where I am.
Project: Silent teleconference
So, I oftentimes find myself in a place where I can't really take a
confidential phone call, or I have to step away from the computer to take a
conference call where I'm mostly just listening. I have found a way to take
calls from wherever I'm sitting without being concerned about being overheard.
This is on OS X, but you could probably accomplish the same thing with
Pulseaudio and/or Jack.
First, grab a copy of Soundflower:
Start Skype, and change your microphone input to be the 2ch Soundflower device.
Now, open the terminal and type:
say -a "?"
It will give you an audio device list. Pick the number of the Soundflower
Now, you can speak using:
say -a (device number) Yes, I was listening intently, but have no comments.
I'm in the process of writing a new technical book in LaTeX, and discovering
some interesting things in the process. One thing I ran into after taking
several screenshots on OS X is that by default, a drop shadow is included in
every screenshot of a window. This looked nice for a bit, until I had to
actually maximize readability and fit more than one screenshot on a single
page; the wasted space was quite obvious. And I'd also taken my screenshots in
PDF format, for easy integration via pdflatex, which made cropping the images a
bit of a pain.
Anyway, long story short, here's how to fix this problem after the fact:
\includegraphics[width=1.0\textwidth,trim=57pt 80pt 57pt 35pt,clip=true]images/myscreenshot
That snippet will clean up an OS X window drop shadow, regardless of the
scaling of the image. This technique also means you can retain a full copy of a
graphic while showing only part of it in the document. Of course, in the
future, I'll just disable the drop shadow feature:
defaults write com.apple.screencapture disable-shadow -bool true
I've added that to my OS X tweaking script on GitHub:
This is such goodness: http://attrition.org/security/rant/fsck_sun_tzu/
Project: Living in djb fantasyland
I recently committed NaCl http://nacl.cr.yp.to/ to the FreeBSD ports tree,
and submitted a patch to the maintainer of the djbdns port to add support for
DNSCurve http://dnscurve.org to the dnscache program, using Matthew Dempsky's
patch. This enables the sending of DNSCurve-encrypted queries to servers that
support it (and the ability to decrypt the responses, of course). All you have
to do is enable the "DNSCURVE" port option and (re)install/restart djbdns.
For people that run an authoritative nameserver, the process is almost as easy;
all you need is an extra IP (or to run your main DNS server on localhost, using
the cache as the public listener instead). You can find the forwarder in
What does all this get you? DNSCurve contributes two things to DNS security:
query content secrecy and integrity. These are not the only security challenges
DNS must deal with, but DNSCurve is cheap and easy to implement, and doesn't
have the design problems that DNSSEC does. Of course, until a bunch of people
use DNSCurve, the actual security benefit is basically none at all, but if you
deploy it, at least you'll know you're doing your part. It's kind of like being
vegan. And it will make you super crypto-studly.
At @400000004fba86e315134d44, Nicolai writes:
I saw on your site that you updated FreeBSD's djbdns port for DNSCurve support. It's
nice to see people deploying DNSCurve, but IMHO you underestimate the (still modest)
userbase. Based on your choice of software and interest in DNSCurve I'm surprised you
haven't deployed CurveDNS on your nameservers... any reason for that?
At @400000004fba899438165854, lx responds:
There is a reason --- a very stupid one. Namecheap, my registrar, has a web
interface that did not support nameservers having hostnames long enough to
contain the public keys (in clear violation of the relevant RFCs). They claim
to have resolved this, but I have not since retried. I will probably do so, but
at the moment I've a bit of a dilemma in that the IPv6 and dnscurve patches
conflict, and the former is a little higher on my priority list than the
Regarding underestimation: I hope so! I also hope djb finally releases the new
version of djbdns he promised.
Project: A bittersweet goodbye to OPIE
Traditionally, the way that I've done authentication on internet-facing SSH
daemons is to disallow passwords, but allow SSH key authentication, with a
fallback to OPIE one-time passwords. I still think OPIE has some merit, but I
do have to say, the new Google Authenticator is dead simple, easy to use, and
most importantly integrates nicely with mobile devices, which is pretty
critical for a usable OTP system. Here's a quick how-to for FreeBSD users.
1) Client install
Download the appropriate Google Authenticator application from your device's
ports tree equivalent (e.g. App Store, Market).
2) Server install
Unfortunately, the Google Authenticator team hasn't released an actual release
tarball, so I can't roll a port of it yet (hint hint, Google). So you need to
clone it from the mercurial repository.
cd /usr/ports/devel/mercurial && make install clean
cd /usr/ports/graphics/libqrencode && make install clean
hg clone https://code.google.com/p/google-authenticator/
3) Key initialization
Set up your secret key:
Answer some simple questions. Your secret key will be generated, and you'll be
given a list of ``scratch codes'', which act as emergency authenticators in the
event you lose your phone (similar to how you can pre-generate OPIE keys). Put
these in your password vault or similar secret-storing mechanism.
You'll then be shown a QR code. Use your mobile device's QR code scanner to
read it (I use zxing, aka ``Barcode Scanner'' on Android). This will provision
your secret key to your phone.
4) Update /etc/pam.d/sshd
Put the following as the first entry in your ``auth'' section:
auth required pam_google_authenticator.so
Now just test your login from a new machine, or otherwise prevent your client
from using your SSH key. You'll be prompted for the PIN displayed by your
mobile authenticator app, and then your password. Enjoy.
Project: We had to destroy it to save it
So, I've been using native ZFS on Ubuntu, so that I can share a portable drive
with all my media on it between my desktop and media center netbook. This has
been going fine, until I found that my FreeBSD desktop would no longer import
the storage pool, saying:
cannot import 'mobile': one or more devices is currently unavailable
The Ubuntu machine still imported it fine, but no amount of tweaking would get
FreeBSD to import it. On further investigation, a ``zpool import'' with no
arguments informed me ``One or more devices contains corrupted data'', and that
the pool was reporting ``state: FAULTED'' (which zpool refused to clear). I
eventually realized that nothing could be done to save the disk, so in
preparation to destroy it and re-sync my media from backups, I did this:
[lx@deepthought ~ 1339 ] sudo zpool destroy mobile
cannot open 'mobile': no such pool
[lx@deepthought ~ 1340 ] sudo zpool destroy -f mobile
cannot open 'mobile': no such pool
Ok, so zpool refuses to even destroy a corrupted drive. Let's just start over
from square one, eh?
[lx@deepthought ~ 1341 ] sudo dd if=/dev/random of=/dev/da0 bs=1m
^C86+0 records in
85+0 records out
89128960 bytes transferred in 6.920540 secs (12878903 bytes/sec)
Ok, nuked. Let's make sure that zpool reports no unmounted pools:
[lx@deepthought ~ 1342 ] sudo zpool import
action: The pool can be imported using its name or numeric identifier.
Wait, what? That state was listed as ``FAULTED'' for the last hour of my
messing with this problem, and there shouldn't even *be* a pool now. What the
hell just happened?
[lx@deepthought ~ 1344 ] sudo zpool import mobile
cannot import 'mobile': pool may be in use from other system
use '-f' to import anyway
[lx@deepthought ~ 1345 ] sudo zpool import -f mobile
[lx@deepthought ~ 1346 ]
Yes, really. Writing 85M of random data to the beginning of the disk magically
fixed the pool. Zpool was still reporting that there might be some corrupted
data, but I did a ``zpool clear'' and was on my merry way. So, apparently ZFS
is resilient enough to continue to use a disk when some of the uberblocks are
completely destroyed, but not resilient enough to ignore to work around
ZFS: So fault-tolerant, even Linux can't fuck it up.
Project: So let me get this straight
Ubuntu comes with:
- ``Social Network'' integration
And refuses to install on any drive under 4.5G.
But it does not come with:
- a compiler
- NFS support
``UNIX-like'' my ass. Even a Mac is more UNIX than this. This is GNU Bob.
Project: Minor mutt tip
This has been a minor irritation with mutt -- when a new message in a thread
comes in, sometimes that thread is months old -- so the message appears way
above where you would normally be looking. The following options make it so
updated threads pop up close to the bottom of your mailbox (where the new
things are, in my configuration), ala Thunderbird:
And if you prefer new messages at the top, change the last line to
Project: Fun vim tips of the day
Vim has an easy mode to input digraphs, ligatures and other special characters.
Simply hit Ctrl-k in input mode, and type your base character, followed by a
character representing its accent mark. So for example, ``ü'' is made by
``Ctrl-k u:''. This also works for other characters like ligatures; you can use
``Ctrl-k ffl'' to insert an ﬀl ligature. This is of course horrible in a
monospaced font, but good if you're writing web pages that use proportional
For more information on digraph mode, use ``:help digraphs'' or look at
For bonus silliness, check out
to learn how to enable vim's thesaurus functionality.
Project: Working on RSI stuff
Traditionally, I've had problems with my wrists from typing, especially my left
one, which is somewhat arthritic. I've addressed this thus far with
notifications for typing breaks, a typical MS ergonomic keyboard, and some
changes in posture. I switched to a trackball long ago, and don't use the mouse
all that much to begin with, so that's never been an issue. However, lately
I've been having problems with my left pinky (which is apparently called
``Emacs pinky'', which is adds insult to injury as I hate Emacs), and have been
attempting to figure out what to do about it.
A few things have conspired here. I make heavy use of the modifier keys, mostly
Ctrl and Mod4, to the point where I always remap CapsLock within minutes of
switching to a new machine. I even often use ^] as a substitute for Escape. I'm
starting to think the key remap is a bad idea.
I also often only use the modifiers on the left side of the keyboard, which is
also not a very good idea, and the remap makes it even easier to fall into.
Another thing that the remap does is make it very easy to use multiple finger
combos at once, e.g. Ctrl-Tab, Ctrl-Shift-Tab, which is yet another
ergonomically bad idea. And I still use the regular Ctrl key, tending to
curl my pinky up to press it with my first knuckle on that finger, which is yet
another possible cause for the pain.
After some research, I found that it was recommended to use your palm to hit
the Ctrl key, which would have been a bit more obvious, except...I was using an
``ergonomic'' keyboard. Now, I'm not totally writing off ergonomic keyboards
yet, but the typical ergo keyboard's arch makes it extremely awkward to use
Ctrl with the palm, and requires a bigger than normal stretch to reach many key
There have been some studies which have indicated that split keyboards have
ergonomic advantages for wrist pain, but I personally don't think they're
terribly good for finger pain. Also, I'm rather skeptical of the studies to
begin with, as it's highly unlikely they were properly blinded or controlled:
in an ergonomics study, it's immediately obvious to both the administrator and
the subject if they've been given a standard keyboard or an ergonomic one. If
you get an ergonomic one, the placebo effect and Hawthorne effect are going to
come into play pretty much automatically, and these keyboards are going to come
out on top.
I've evaluated a few different keyboards for switching to. I've used the
Kinesis contoured keyboard for about a week in the past, and I found it awkward
for a few reasons -- the crappy rubberized function and Escape keys were
annoying, I didn't like the repositioning of Space and Enter, and the thing
just felt generally uncomfortable. Using modifier keys and typing passwords was
also really unpleasant. I suspect these keyboards are good for some people,
especially people who just do straight up typing rather than lots of navigation
and metacharacters. I think it's bad for programming and similar activities.
For the MS Natural keyboard, aside from the aforementioned problems with Ctrl
and finger stretch, there are a couple of other annoyances. First, like most
modern keyboards, the keys are mushy, making it so you hit the keys harder than
you need to. Also, it has a palmrest, which is pretty widely recognized as
being a bad idea. Everybody knows that the proper palmrest is a cat.
So, after excluding the contoured keyboard as well as the MS Natural, there
were a few other options to consider. My primary goal was to find something
that didn't have the poor feedback of pretty much every keyboard, which means
limiting the candidates to mechanical models, mostly of the buckling spring
type. I went with the approach of the Das Keyboard, which brings all the keys
in closer to each other and gives good audio and tactile feedback. It also has
blank keycaps, which is cute, as I used to spraypaint my keyboards to achieve
the same effect. Another option was the Truly Ergonomic keyboard, which has an
interesting design and mechanical keys, but is more expensive, has an odd
layout, and doesn't technically exist yet. I may try it in the future.
There's a lot of advice on ergonomics online. Here are the points which I think
are important for finger pain specifically.
- Firstly, learn to type.
- Now, learn to type lightly. Switch keyboards if this helps.
- Find a keyboard that works for you. ``Ergonomic'' is relative.
- Learn to use the modifier keys on both sides of the keyboard, including
Shift. Map the right ``Menu'' key to Mod4, if you're lacking a second Mod4 key.
- Learn to hit the Ctrl keys with your palms. If this is too difficult, swap
Alt and Ctrl, and use your thumb.
- Don't switch Caps and Ctrl. I'm still leaving mine swapped as I have no use
for Caps, but I think in general, this causes bad habits.
- Think more. Type less.
Rachel: I'm not sure why i don't have repetative stress. I sure as hell
type enough for it. I have pretty good hand posture/typing skills from a
typing class i took in high school, but i use a laptop so much with my hands
resting on the base of the keyboard instead of elevated that it's a bit
surprising. I *do* have caps remapped as control, which i think helps. I
could probably remap the right alt to escape, which might help some (escape is
up in alaska). Tilde down at right control might help as well (in the
neverending attempt to make a standard keyboard feel more like old sun
Project: Mature UNIX Japanese support at last?
The SCIM input method has been one of the most flexible and practical
input engines for inputting asian languages on UNIX for quite a while
now. Unfortunately, it's also always been incredibly unstable, buggy and
poorly maintained, and is now effectively dead despite its inclusion
in many UNIX desktop distributions. I've been trying to maintain the
FreeBSD SCIM infrastructure for a while now, with limited success.
Thankfully, Google has stepped in to create IBus
https://code.google.com/p/ibus/, a new and modern input method which
supports several conversion engines -- notably Anthy, which should make
transition for most Japanese SCIM users easy; but also mozc, Google's
new multiplatform Japanese input method, which has some cute security
features and will probably supplant Anthy.
I've updated my tutorial to use IBus and Anthy/mozc, and removed some of
the irrelevant cruft. I'll probably drop my maintainership of SCIM soon,
and good riddance.
Project: This can't be right
I upgraded my work laptop from an X61 to a T410s. Shockingly, everything
works -- wireless, video (once I locked the BIOS to use only the nvidia
chip instead of the fake ``Intel'' one), sound (once I told it not to
play sound through the HDMI output), etc. I even got everything booting
from a GELI device inside a ZFS pool, bootstrapped by a USB key.
We'll see how the battery life goes, but I'm pleasantly surprised to
have FreeBSD work out of the box on such a new system.
Project: Jabber returns
I've finally got a Jabber server back up on redundancy, after ages of
it being down due to the fact that there's no Java implementation for
FreeBSD on PowerPC. I wasn't going to run some server written in Erlang
or somesuch nonsense -- I tried once, and it was not a pretty experience
-- and I most certainly won't run such an implementation of such a
complex network service written in C.
Thankfully, I discovered Prosody http://prosody.im, which is a tiny
and simple XMPP server written in Lua. Had to fix a small thing to make
Lua work in the first place on PPC (-fPIC), but after that, it was
pretty smooth sailing. For people that just run a small server and want
their own XMPP service without the bloatiness of Java and Openfire, I
Project: Week 1 of Android
I switched to a Nexus One last week due to a hardware failure on my
iPhone. I won't get another iPhone, in spite of it being the best mobile
platform available, due to Apple's intense evil in the handling of said
platform. Here are my impressions. Well, complaints, really.
1) SMS notifications don't appear on the lock screen. This means I have
to unlock and pull down the notifications panel just to see who texted
me. All mention of this online is from people wanting to *disable* this
feature, which is apparently present on the Hero.
2) Exchange integration is pathetic. I know that the Droid has good
integration, but I'm using T-Mobile, as they're the one telco who didn't
participate in warrantless wiretaps. As has been noted, the N1 only
syncs e-mail and contacts with Exchange, and does so reasonably well.
For calendaring, you have to buy Touchdown, which doesn't integrate
terribly well. It also means that you have to have Touchdown sync your
e-mail as well, so that you get invites (which, by the way, you aren't
alerted to receiving), which causes extra battery drain. I'm basically
going to have to roll my own ROM with Motorola's calendaring APK. The
lack of enterprise support in the base OS is just lazy - in the iPhone,
Exchange integration is phenomenal. Android seems to be designed for the
3) The XMPP client only talks to Google Talk. Not terribly surprising,
but stupid. I don't use Google Talk, Gmail, Gcalendar, or anything G
other than search (and Android).
4) Similarly, the calendar app *only* supports Google Calendar. You
can't subscribe to remote ICS files, which is how I generally aggregate
my various schedules. You can't even have a local calendar; you have
to actually go subscribe to these in Google Calendar on a computer,
and then supposedly they'll sync to your phone. I'll never know this,
though, because I'm not going to tell Google what I'm doing at every
given moment. And obviously, this calendar doesn't talk to the Exchange
one. So, scheduling and calendaring on this device is basically
5) There isn't an application for TAKING NOTES. Come ON, people, this is
practically a hello world app. EVERY PHONE HAS ONE. My StarTac 10 years
ago probably had one. It's a total cop-out to rely on "the community" to
make your basic apps for you.
On the hardware end, there are some niggles, like the touchscreen seems
to be miscalibrated to recognize taps slightly above where they should
be, the fact that the trackball isn't sensitive enough and is otherwise
basically useless, and the fairly bad GPS signal aquisition. Basically,
this is an unpolished Symbian phone, but with a semi-open-source model,
non-fascist app store and slightly nicer development platform (albeit
one that still sucks horribly compared to Objective-C + Cocoa Touch +
Xcode). Not impressed, but I'll stick with it, as it seems the only
non-Apple game in town.
Project: OpenSSH configuration: Threat or Menace?
So, the ASF got compromised:
The writeup mentions SSHD configuration:
"""SSH passwords should not have been enabled for login over the
Internet. Although the Infrastructure Team had attempted to configure
the sshd daemon to disable password-based logins, having UsePAM yes set
meant that password-based logins were still possible."""
What? Let's take a closer look at the man page for sshd_config:
# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
Ok, that's rather ridiculous -- PermitRootLogin without-password
shouldn't pass things to PAM, in my opinion. Yes, I know PAM isn't
always password auth, but it almost always is. Now, is UsePAM on or off
by default? Looking below, I see:
Since I know these are off by default in OpenSSH, I assume ``UsePAM
yes'' means UsePAM is off. This is wrong -- the man page explains at the
top that the commented values are the defaults. However, here's a the
snip from FreeBSD's sshd_config man page:
Specifies whether X11 forwarding is permitted. The argument
must be ``yes'' or ``no''. The default is ``yes''.
And here is Ubuntu's:
Specifies whether X11 forwarding is permitted. The argument
must be ``yes'' or ``no''. The default is ``no''.
I see. Also in the man page on Ubuntu is this:
Note that the Debian openssh-server package sets several options
as standard in /etc/ssh/sshd_config which are not the default
in sshd(8). The exact list depends on whether the package was
installed fresh or upgraded from various possible previous
versions, but includes at least the following:
* Protocol 2
* ChallengeResponseAuthentication no
* X11Forwarding yes
* PrintMotd no
* AcceptEnv LANG LC_*
* Subsystem sftp /usr/lib/openssh/sftp-server
* UsePAM yes
Well, it's no wonder people are confused. You have FreeBSD transparently
changing the long-standing default options (albeit correctly, if you
were going to do such a thing), and Debian saying ``The default options
in this man page are for the OpenBSD version of OpenSSH. We may have
changed some of them, but you can't be sure which ones. Have a nice
Project: Waving goodbye to sysinstall
I just did a vanilla FreeBSD install onto a ZFS root partition using
PC-BSD's installer, instead of spending probably an entire day trying to
figure out how to use ZFS root as I did last time. Good job, guys, this
is a big win.
Project: Saving my eyes
I'm not sure why I waited so long to switch to Inconsolata after I was
first exposed to it, but after several weeks of stinging eyes, I finally
switched. This also involved switching to a Tango-based terminal theme,
using vim in 256 color mode, and bumping font size up, and my eyes felt
better after mere minutes. I saw mention somewhere that small fonts can
cause high blood pressure and stress, which is a cute idea, but haven't
found any studies. Anyway:
Project: SSL and open source fools
As much as I'm involved with and enjoy using open source software,
the open source ``community'' is largely incompetent when it comes to
security. Take for example the thread at:
There is a long-standing and disastrously false belief that there is
some benefit to encrypting communications without bothering to check who
you're encrypting them to. THERE ISN'T. None whatsoever. Middle-person
attacks happen ALL the TIME, and the tools to do it are just as easy, if
not easier, than using tcpdump. Even security people get bitten by this,
including one prominent one who had his entire mail spool stolen because
he used fetchmail to retrieve it: fetchmail silently failed to validate
However, I keep running into this idea, especially with open source
cranks. The FreeBSD security team refused to consider it an issue
that libfetch, which is used to retrieve files by pkg_add(1) by
default, silently establishes SSL connections without performing
any verification. A patch to fix the problem was ignored, and I was
requested to go fuck myself for impugning the quality of the code in the
It seems these developers want to beat on their chests about how
untrustworthy public CAs are (they are), but do nothing to actually
help solve the problem except to pretend that SSL will magically work
on its own, thus exposing users to even greater risk than just refusing
to do SSL at all. A CA does not have to be a public CA: it can be a
corporate or personal CA. You don't have to even use CA verification --
you can use SSH-style fingerprint verification. You can use both. Or any
number of other things. But righteously ignoring the problem is asinine
Project: more of a browser "police action"
Ok, I've gotten progressively more frustrated with Firefox, even with
the wonderful vimperator. Its performance is just staggeringly bad,
especially on non-Windows platforms. Originally I had looked at uzbl
http://uzbl.org, but the decision to use external shell and python
scripts to handle cookies and such was just too cracked out. Besides
performance concerns, it's likely a security nightmare, and way too much
fiddling to spend on a browser.
Surf http://surf.suckless.org/ is a very nice minimal browser --
extremely fast, small, and customizable via a dwm-style config.h. I
like surf a lot, but was missing the link hinting from vimperator, so
happily I found vimprobable http://www.yllr.net/vimprobable/. I use
vimprobable1. This behaves largely quite like firefox + vimperator, except
it's stupidly fast, configured through config.h and doesn't use tabs.
Since I use a tiling window manager, I don't really care
about having tabs. For those that do, you can use tabbed
http://tools.suckless.org/tabbed, which is a far more sensible
way to deal with tabbing applications. This works with uzbl, surf,
vimprobable, or anything else that supports the XEmbed protocol. All
3 browsers are based on webkit-gtk2, so they render more or less how
For those that are a little less vimish and/or minimal, there's also
Arora, which is light, cross-platform, fairly featureful and based on
webkit-qt4. http://code.google.com/p/arora/ It has builtin adblocking,
password management, private browsing mode, and tabs. A nice drop-in for
your everyday Firefox user.
Project: vi everywhere
I'm a big fan of vimperator et al (http://www.vimperator.org/), and with
the release of Thunderbird 3 and muttator, I may finally get pulled away
from mutt. Of course, I've said that before. Tbird3 has some pretty
nice features --- it's a good RSS reader, the search is well-designed
and basically instantaneous, and its Archive feature helps organize old
stuff pretty well. And it beats the pants off of webmail, as if that
were hard to do.
Project: dwm update
dwm 5.6 has just been released, with multihead support.
Yay! It now does everything I want. My local repo is at
http://redundancy.redundancy.org/dwm.tar.gz. Aside from a smattering
of config changes and third party patches, the main addition is a simple
``focusurgent'' patch, which warps you to the next window with the EXWMH
``URGENT'' hint set. I use this with pidgin, which can set the hint on
new messages, and also with urxvt, which can set the urgent hint on
terminal bell. Since dwm highlights tags with urgent hints set, this
acts as both new IM notification and new mail notification (as mutt uses
a terminal bell when new mail arrives). If people want to use this in
their own dwm configs:
for(c = selmon->stack; c && !(c->isurgent); c = c->snext);
Project: Code review tips for vim
I have to spend a fair amount of my time doing source code review. I've
tried using tools like the hideous Source Insight, but for all its
flaws, I always come back to vim. There are a few things that I've been
adding lately though that have made it a bit more efficient. Here's what
exuberant ctags -- ctags are simple to use: exctags -R .
This creates a file called tags in the CWD. I have in my .vimrc simply
``set tags=tags'', so the one in the CWD is always used. At the top of a
source tree, I make the tagfile, start vim, and then use ``:Explore'' to
browse to the source files I want. ctags usage in vim is just ^] to jump
to a symbol definition, and ^T to go back.
cscope -- short story: cscope -R ^D
Once in vim again, you can go to a symbol and do ^\-s to see a lookup of
where that symbol is used in the codebase, or ^\-c to see callers. Pick
a number and you jump to it. Similar to ctags, ^T jumps back. You'll
want to put http://cscope.sourceforge.net/cscope_maps.vim into your
vim plugin directory for all of this to work.
Taglist -- The vim taglist plugin will show you a sidebar with all of
the symbols in a file and/or source tree, giving you a good overview and
letting you jump around. It's pretty simple to use, just remember ^W^W
switches between different vim panels. After you've installed it, (just
put it in your .vim/plugin dir), use ``:TlistToggle'' to activate it. Same
deal: after a jump, use ^T to go back on the stack.
NerdTree -- A nice and simple directory browser sidebar, with some extra
nifty features. Quite nice and actively maintained. Much better than :Ex.
flawfinder -- a hokey script, but it does most of the grepping for nasty
standard library functions that no one should be using. The neat thing
here is that you can use the output as a tool in vim. To do this, first
move your cscope.out and tags file somewhere else for a bit -- they
confuse flawfinder. Then, at the root of the source tree, do:
flawfinder -SQD --followdotdir . > flawfile
Now, start up vim and do ``:copen'' to open up a ``QuickFix'' panel. Then do
``:cf flawfile'' to read in the flawfinder results. You now have a browsable
list of issues that you can run through. ``:cn'' goes to the next hit. Now
that you see what a hitlist looks like, you can use this for other stuff
too -- the format is trivial.
Of course there are a huge number of handy vim tricks. It's actually
worth reading the :help, as it's surprisingly usable and enlightening.
You might also want to check http://vim.wikia.com/wiki/Best_Vim_Tips
for some other handy tips.
My nice discoveries for the day are the ``magic ='' and ``magic **'' in
zsh, and fefe's ``gatling'' webserver. I wouldn't replace publicfile
with it, but for quick and dirty exporting of the CWD, it'll come in