Older blog entries for chalst (starting at number 271)

Recentlog
karlberry mentioned the Firefox It's All Text add-on, which allows you to edit TEXTAREA forms in Emacs. Worth mentioning Alex Bennee's Edit with Emacs plugin for Chrom{ium,e}.

Recentlog
karlberry wondered where he'd seen the question about Pdftex's \pdfnormaldeviate primitive. I guess it has to be TH's post Random numbers in TeX, where he wonders what the old Pdftex manual meant by the primitive generating a distribution with a "unit" of 65 536.

Recentlog
fzort wrote Not sure if StevenRainwater is still accepting patches.

Last time I asked, he was planning a substantial change to the core of mod_virgule, and was discouraging patches to avoid the conversion problem.

Now I come to think about it, this is the problem DVCS' were invented to solve.

Recentspam
Sometimes it seems like my involvement with Advogato consists of reporting spammers.

Account echo http:==www.advogato.org=person=alanove=|tr = / is a spam account that is nearly two weeks old. You know what to do with it.

I think the spammer changed the URL contents from something plausible looking to something spammy — but not yet actually useful for a spammer, I think.

It might help watch for this kind of bait-and-switch tactic, which ncm raised as a worry some time back, if the list under www.advogato.org/person/ were ordered by most recent edit and not trust.

A New Hope
I'm exceedingly happy to see karlberry's recent posts. There aren't a whole lot of high-profile hackers making regular, unsyndicated posts to recentlog.

Ten Years of Advogato

Steven Rainwater, Advogato's maintainer, posted an article there, Happy 10th Birthday, Advogato, which provoked me to think a bit about where the site is going. I've put together a timeline, consisting of a link from each of the ten years that gives an idea of what Advogato was like that year.

• 2008 — GNU and FSF News for January 2008
• 2007 — Advogato and Hateful/Divisive Posts
• 2006 — Articles 871-900 — Thirty consecutive articles, up to Raph Levien's decision to abandon, and Steven's decision to rescue, the site.
• 2005 — Article:advogato.org and advogato.com renewed.
• 2004 — A diary post by Graydon Hoare, which shows how the action back then had moved to recentlog.
• 2003 — Article: Is the active user-base of Advogato incompetent?; note moshez' response, on the advantages of managing where your content is posted.
• 2002 — Articles Mixins for PHP and Thoughts on voting machine fraud
• 2001 — Article The Rules of Open-Source Programming, to which Raph replied with Some more "rules".
• 2000 — Alan Cox wrote two articles about patent law and practice, both widely cited: one, two.
• 1999 — This year's anniversary article, Happy 10th Birthday, Advogato, gives a feel for the first days; my post there has some links from that time.

Advogato is one of the older social networking sites, for free software developers, from before the days when that term was used, and it's maybe the one with the most unappreciated lessons, in both senses. I greatly admire what Raph Levien has done with the site, and am very happy to have been involved with it during most of its history.

Syndicated 2009-11-13 12:21:53 (Updated 2011-09-22 21:07:32) from Text

Texlive 2010's security model
Manuel Pégourié-Gonnard, Texlive's texdoc maintainer, posted a response to my question about Texlive's restricted execution model, explaining why the feature was yanked from Texlive 2009, and saying that the change is that details have been sorted out.

Recentlog
redi: I see it now, but my, probably flawed, recollection was that direct certifications didn't need time to affect your recentlog filter. FWIW, I waited a few minutes before feeling compelled to write my last diary entry.</b>

Advogato glitch
marnanel is visible on my ratings report at 2.2, so I have tried twice to bump his rating up to something that clears my preferred recentlog threshold.

Alas, no success. I get the confirmation page, but the rating visible to me doesn't change. A server configuration bug, or something in mod_virgule, maybe?

Texlive 2010 has restricted shell \write18
...which is, I think a good thing. It was discussed for Texlive 2009, but didn't make it because of worries to do with restricted shell access to binaries which themselves had shell escaping.

I only discovered this feature through a post on the new tex.stackexchange.com website, How should one use \write18 with BibTeX? I asked a follow-up question, What analysis of Texlive's restricted permissions model exists?, and the answers so far don't seem to suggest that much in the way of security modelling, however informal, has been done by the Texlive team. Joseph Wright did, however, post a link to a USENIX paper, Are Text-Only Data Formats Safe? Or, Use This LATEX Class File to Pwn Your Computer, which is something like a survey of attack vectors through Latex, with proof-of-concept implementations in the context of Miktex on Windows. They make the point that, besides class and style files, Bibtex entries, typically shared without close examination, suffice for an exploit.

I'd be grateful, and reassured, to learn of more work that has been done on this.

Dos and Don'ts of diary syndication
We should have, I think I have said before, have a nice front-page article about how to go about syndicating your RSS Feed to Advogato, and why it is one's best interests to follow the advice or not syndicate at all. I should write it, shouldn't I? But...

...I've not had a lot of appetite to contribute to Advogato in the last few months, though. I generally feel that there are too many things broken around here, and if one of the strengths of Advogato is that it can be and is run by the participants, and not the benevolent dictator, on the other hand that means that there is great inertia standing in the way of improving things.

The impetus for this post comes from a couple of mindcrime's recent posts. Kudos to mindcrime for the progress with Project Shelley, but posting diary entries with more than ten large screenshots in them is not the kind of syndication that recentlog should be receiving. I don't want to drop mindcrime's output from my view of recentlog, but equally, I don't want to have this kind of material there.