Lars Wirzenius: December, 2006
Contents
- December 27: Notetak
- December 24: Finnish as an encryption method
- December 13: EoC security problem fixed
- December 04: Tattoo
Wednesday, December 27, 2006
Random hacks: Notetak
I always spend my Christmas with my parents, and for the past few years, I've always started some new little hobby hacking project or another. Three years ago I started writing a new text editor, sex.py. I still use it, although I haven't had much time to improve it further.
This year, I wanted to see if I could come up with a little something to jot down random little notes easier, to keep track of said notes, and to help me manage a GTD workflow better.
Last summer, I started dabbling with the "Getting Things Done" method by David Allen. It's basically a way of keeping track of things that you need to do. A bit more sophisticated than a simple todo list, without getting seriously bureaucratic or tedious. So far, whenever I follow the method, it seems to be working, although I'm not sure if it is because of using this particular method, or because I'm a method at all.
GTD requires keeping a few lists of things: todo items that can be done now (assuming suitable context, but with no unfilled dependencies), todo items that might be done some day, etc. The tool I chose for this last summer is Gjots2. It's a GUI outliner tool that works adequately, but is not smooth enough to prevent me from looking at better tools.
One of the things missing from Gjots2 is a good search facility. You can't do things like "show me all items containing the words 'Debian' and 'upload'", for example.
Some time ago, while browsing 43Folders, I learned about a small application for MacOS X, called Notational Velocity. I don't have a Mac, so I can't try it out myself, but it works by keeping track of small text-only notes, each with a title, and has a user interface geared at searching. Instead of having a tree or a list of notes, it has a title bar where you enter some words, and it shows you a list of the notes that match those words. You can then either select something from the list, or press Enter to create a new note, with the text you entered as a title.
This sounded intriguiging to me, and I thought it might be interesting to experiment with it for my note taking and GTD needs. So I spent one night at my parent's writing a first approximation of a prototype. I'm calling it Notetak.
Notetak, first prototype. The drop-down menu shows the notes that contain the word "notetak", in upper or lower case.
I've today switched from Gjots2 to Notetak, and it's already clear that it's a completely different approach to things. So far I like it, but I'll have to experiment with this for a few days or weeks to see if it really works.
I'm pretty sure the basic approach would benefit from having additional tags for notes, or possibly having stored searches. I keep finding myself searching for, say, "@next" a lot to get a list of GTD next actions.
The source (and a preliminary .deb) is on my home page, in case you're interested. Please note (ahem) that this is highly experimental and may eat your data. I may abandon it at any moment, if I decide that it's not worth it, but if not, it might also change frequently. If you do use it, I'd be happy to receive any bug reports, suggestions for improvements, and patches you may come up with.
Sunday, December 24, 2006
Anecdotes: Finnish as an encryption method
Watching my sister's Welsh boyfriend slowly learn Finnish, I'm reminded of the fact that the language is often considered difficult. At any rate, it is spoken by a very small percentage of the world's population. Some Finns therefore think they can safely use it abroad to talk about anything, even if it is embarrassing or sensitive. I've found that not to be true.
There's other Finns everywhere. There's always someone who will hear and understand if you say something not meant for outsiders. A couple of anecdotes might prove this.
In 1990, I was abroad for the first time, in Eindhoven, the Netherlands, for an ACM programming competition. I and a team mate spent one evening in a local bar, talking with each other. After a while we were interrupted by a Finnish woman who lives in Eindhoven. Luckily, we hadn't said anything too bad, she just recognized fellow Finns and wanted to say hi.
In 1999, I was in London for a conference, and had a bit of free time, which I spent walking on Oxford Street. At some point, I was walking behind two young men, in their early twenties. They were speaking fairly loudly, commenting on the physiological features of the woman walking in front of them. The woman eventually stopped, turned around, and started swearing at them. Loudly. In Finnish.
My theory is that Finns are slowly taking over the world by spying on each other abroad. That's why there's always at least two Finns anywhere.
Wednesday, December 13, 2006
Enemies of Carlotta: EoC security problem fixed
My face is covered in egg.
Antti-Juhani Kaijanaho found a security problem in EoC, both the 1.0.3 and the 1.2.3 versions. The problem is that EoC did not quote shell arguments properly. I have fixed the problem in 1.2.4, which contains no other changes relative to 1.2.3. This problem has the code CVE-2006-5875.
You can find the 1.2.4 version from the EoC website: http://liw.iki.fi/liw/eoc/ and I have also uploaded it to Debian's unstable.
Debian's stable contains 1.0.3, and I have prepared a patch for that. It is actually essentially the same patch as was used to create 1.2.4. The Debian security team has uploaded a fixed version of the 1.0.3 package to security.debian.org. I've attached it to this message in case anyone not running Debian wants to stay with 1.0.3, but I won't be releasing a 1.0.4 unless someone really needs it (if you do, please tell me immediately).
For risk assessment: I was unable to come up with an exploit. Doing so would require getting a certain kind of construct through the SMTP level to EoC, and I wasn't able to make that happen, but I would not rely on it being impossible. Therefore, please upgrade immediately.
I apologize for this problem. It was amateurish to let the problematic code into a released version of the program, I knew better than do that.
Monday, December 04, 2006
Debian: Tattoo
Unless something very surprising happens, this is the tattoo I will not be getting. Alas. There's still around sixteen hours until it's no longer December 4th anywhere, but it's not going to be enough.