Vim: The Ex Mode

 Computing, History  No Responses »
Oct 272016
 

I have recently been ‘entertaining’ myself with watching some videos on the vim editor which to the uninitiated is an extremely powerful if somewhat ‘unusual’ editor that is popular amongst Linux power users. One of the surprising things that came up was that apparently there are experienced vim users who are not aware of why the ex mode exists.

Or probably why the ex command exists.

In the dim and distant past (and in fact even longer than I’ve used Unix!), one of the possible ways of interacting with computers was with a printing terminal :-

On such a terminal, using a visual editor like vim (or it’s predecessor vi) would have been painful. Redrawing the screen would take a couple of minutes or more; imaging moving the cursor across from the beginning of the line to the end!

So it was common to use an alternative kind of editor – the line editor. The process of creating a file is somewhat clumsy :-

$ ex ~/Foo
"~/Foo" 1L, 4C
Entering Ex mode.  Type "visual" to go to Normal mode.
:p
Foo
:a
Bar
.
:p
Bar
:1
Foo
:write
:quit

Now for a quick explanation (although this is no tutorial on line editors!): The ex ~/Foo is the command given to start editing a pre-existing file called Foo in the ex editor. After the editor starts up, I enter the “p” command to print the current line. I then use the “a” command to append text after the first line, and enter a “.” on it’s own to finish adding lines. Again I use “p” to print the current line, and then “1” to print the first line.

Which is more than you’ll ever want to know about how to use ex, so why does it still exist?

The first reason is simply because it’s possible. It’s almost certainly fairly easy to support the ex mode with vim; after all the ex-mode is effectively the commands you get when you enter “:” within vim.

The next reason is that line editors were sometimes used within shell scripts to batch edit files, and somewhere out there is a shell script from hell that relies on ex to keep running.

Friday’s DDoS: Assisted By Poor DNS Configuration

 Computing, Security  No Responses »
Oct 222016
 

Yesterday lots of people found the Internet disappearing on them due to a significant DDoS attack against the DNS infrastructure of one company. Now there are all sorts of suggested fixes for this sort of problem, some of which are useful.

However it is notable that people have not mentioned one method built into DNS which could have been used more effectively. Indeed one suggestion was for the DNS to do something it already does – caching.

When you ask your ISP’s DNS servers to resolve a name such as example.org, the answer that your ISP’s DNS server gets back contains several bits of information in addition to the answer you are interested in (the IP address to connect to). One of which is how long to cache the value for, which means that your ISP’s DNS servers can save themselves some work for as long as they are allowed to cache the answer for.

Now it is awfully convenient to set this value to something like 5 minutes because if you have a need to change the value, it is nice to have the value change as quickly as possible.

But it also increases your vulnerability to a weaknesses in the DNS infrastructure.

If you increase the time-to-live (TTL) value to something more like 24 hours, then your DNS servers (or more usually the DNS servers of your DNS service provider) are required less frequently which means that if something takes them offline for any reason then there would be a decreased impact. It will still stop some people from getting the DNS answers they need, but the proportion unable to get an answer will drop dramatically.

 

damascus-dns

Calais Children and the Pathetic Little Whinging Cowards

 General, Politics  No Responses »
Oct 212016
 

All that is necessary for the triumph of evil is that good men do nothing

– Possibly not Edmund Burke.

If you are of sensitive disposition and get a little twitchy around ‘naughty’ words, probably best skip this one – I’m really, really angry and the box of swear words is wide open.

Recently there has been some noise on my Facebook feed perpetrated by the kind of malevolent dipsticks who swallow the output of the Daily Fail (I’m not linking directly to their site because the slimy little shits don’t deserve the extra ad revenue) wholesale. Specifically there are some ‘concerns’ regarding the child migrants from Calais entering the country.

Apparently these fearful little whinging cowards are quaking on terror at the thought that some of these child refugees might not be children, but either young adults or some sort of Daesh terrorist in disguise. So because there is a tiny risk that some children might be a little too old to be technically children, or that there is a tiny risk that some might be associated with Daesh, we’re supposed not to give some refugee children in dire straits a home?

Hell, no.

Whilst the pathetic little worms are right in saying that some of the children might be a bit too old to be considered children, and there might be some risk that Daesh could infiltrate a terrorist, it’s time to tell the to tell the worms to piss off until they’ve grown a spine.

We’re British, which doesn’t mean cowering in our little hovels hoping that bump in the night isn’t some monster out to get us. It means doing the right thing and welcoming child refugees to our country, and if that means a bit extra risk (although most terrorist attacks are from home-grown terrorists), then we’ll suck it up. Hell, we take a bigger risk opening the front door and going to work every day.

And if you’re one of those pathetic individuals who doesn’t agree with this, then you can fuck right off. I’m not lowering my standards to pacify your pathetic need for safety, and it is about time a few more of us were prepared to tell you how pathetic you are.

cropped-B84V9142t1-elements-have-their-way-1.jpg

 

IPv6: Why The DNS Is So Important

 Computing  No Responses »
Oct 192016
 

This is a bit of a thought experiment, so it may be not entirely correct (especially the maths – my probability theory is very rusty).

One of the lesser reasons for using the DNS rather than IP4 addresses is that typing mistakes are more easily caught – if you intend to type 192.168.67.52, but accidentally enter 192.168.67.53 instead, you still have a valid IPv4 address. Whereas entering the domain name wombar.example.com instead of wombat.example.com will most likely get you an error instead of sending your secrets off to an unknown location on your network – unless you have a rather silly server naming convention of course!

But how likely are you to make a mistake typing in an IPv4 address? According to a random web site “out there”, the average accuracy of a typist is 92%, or an average of 8 typos per 100 characters. If we convert this into a probability, we get a probability of typing each character correctly as 0.92.

Given that typing IPv4 addresses is something that some of us have a lot of practice at, and in many cases we will notice typos before they become a problem, I’m going to arbitrarily declare that the probability of getting any character within an IPv4 address correct is 0.999. But to type in an IPv4 address correctly we have to get a maximum of 15 characters correct :-

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
1 9 2 . 1 6 8 . 1 2 8 . 1 2 8

So the probability of getting all those characters right is 0.999 (first character) x 0.999 (second character) … Or 0.999^15.

And once you work that out, subtract it from 1 (to get the probability of making a mistake) and convert it into a percentage, there is an 11% chance of making a typo in an IPv4 address.

For an IPv6 address such as 2001:db8:ca2c:dead:44f0:c3e9:28be:c903, which has 38 characters (no I’m not doing that silly table for IPv6) – 100 * (1 – 0.999 ^ 38) – 32%.

Now whilst my calculations may be a bit off, the likelihood of entering an IPv6 address incorrectly is nearly three times higher than the risk of entering an IPv4 address incorrectly.

In other words, with IPv6 you really need a good working DNS solution just to keep the errors to manageable levels.

dam-ip6

It’s Not A Backslash! No, It’s a Slash or Solidus!

 Computing  No Responses »
Oct 192016
 

I have just been listening to a Microsoft fanboy on the you tube wittering on about something (not computer related), when he tried to read out a URL. According to him, there are “backslashes” in the URL.

Not in any normal URL. For those who do not know, URLs are web site addresses such as http://really.zonky.org/. The character that appears after the network protocol (http) – the “/” is formally known as the solidus, and less formally as a slash. The slash that goes the other way is called the backslash (or more formally the reverse solidus).

And who decided that one was a slash (‘/”) and the other a backslash (‘\’)? Although it has been used since the Medieval era, it was probably first called as solidus in the 19th century because of it being used to signify the British shilling. Currently it is the Unicode Consortium who call it a solidus in the international standard for character encoding. If you disagree with them, by all means either convince them they’re wrong or set up a new international standard and get it more widely adopted than Unicode.

Until then, I’ll carry on calling someone who says a backslash looks like – ‘/’, wrong.

Does it matter? In the big scheme of things probably not, but it does make reading out instructions more difficult when either slashes or backslashes appear. After all computers rarely say “Ah! I see what you meant! You meant http://example.org/ which is different (and makes sense) to http:\\example.org\“. And as anyone who has ever encountered autocorrect “mistakes” will attest, letting computers decide what you meant is not always the best idea.

And how did the mistake originally occur? To some extent Microsoft is to blame, although I doubt Microsoft ever called the slashes the wrong name.

When Microsoft wrote their first operating system (DOS), they chose to make it semi-compatible with an earlier operating system (CP/M) which used the slash to indicate the use of an option to a command-line command which in turn was inherited from certain early DEC operating systems.

When they came to implementing directories (yes that long ago), they broke with the tradition of stealing ideas from DEC (or we would have ended up with paths like C:[WINDOWS.SYSTEM]FOO.SYS) and instead chose the Unix path separator. But the slash conflicted with option processing on the command-line, so they used the backslash instead – C:\WINDOWS\SYSTEM\FOO.SYS.

Of course people started calling the backslash, a slash, and I’m sure there are many out there who will continue despite being told that they are wrong. Of course when I say they’re wrong, I have the backing of an international group of grapheme experts behind me.
solidus

 

 Older Entries  Newer Entries