midnight commander for snow leopard

midnight commander snow leopard

Wether you like to have a file manager running as root , need a file manager that can really dig into the guts of the os or are just nostalgic for the good ole 2 pane commanders , either way you got to have mc handy on your brand new 64 bit osx.

There are a number of ways to install it , you can go all out downloading the source and dependences and compile , or take a easy road by means of the macports or fink  packages , however there you might find this way the easiest .

Attached to this post is a zip file with the compiled sources, download and extract it to the root directory of /mc , then open a terminal with 5 tabs , type “cd” in each then drag each of the folders to a different tab , press enter in each , then type “sudo make install” in each tab , in this order : gettext > pkgconfig > glib > slang > mc.

That’s all there is to it, delete /mc, now type mc to get your native 64bit mc fix.mcsl

ogg in safari woes

On the heels of the Firefox 3.5 release that brings HTML5 video embedding support the following pattern of embedding video files emerges (including on mozilla.com and openvideoalliance.org) that is two distinct sources for the video , one encoded with ogg , one with mpeg4 , using html code as follows :

<source src=”thefile.m4v” type=”video/mp4″>
<source src=”thefile.ogg” type=”video/ogg”>

What this does is show the mp4 file in safari and the ogg file in firefox , and it is all well and dandy except in the cases where a lot of media is involved it is unpractical at least to have 2 formats for every video file .

So let’s chose just one format then ,  because ogg is a open standard and endorsed by the One Video Alliance it is a safe bet  , sites like Dailymotion are already migrating to it .

Ok , how about browsers besides firefox , well safari for example can also support ogg video with a codec plugin namely Xiph Quicktime Component , but a simple test reveals a problem with the mime types , safari will not play the ogg file if  it has type=”video/ogg” in the html tag , works just when embeded ogg files have no type  defined.

At this point i am not certain whether it’s a bug or just a misconfiguration in osx or safari, apparently safari uses system wide mime-type settings that are accessible with System Preferences plugins like RCDefaultApp and MisFox but they do not help this cause a lot.

The point i am trying to make is that if you want to use a single format for embedding video and want it to work in all html5 compatible browsers (with ogg plugins) you best not define the type in the html tag if you want the video to work in safari.

osx and movies

OSX is nice , and not because it has no shortcomings , but because you can fix them as opposed to windows.This has a lot to do with the power of osx that stems from it having applescript and a posix compliant shell.

Here is how to change metadata of files so you can play divx movies with itunes for example , with terminal and devtools

find /path/toyour/movies/directory -name “*.avi” -print0 | xargs -0 /developer/tools/SetFile -t “MooV”

, with applescript http://forums.ilounge.com/showthread.php?t=214705

Now that you can play those files with itunes how about having them show and play in Front Row from the confort of your remote , without even adding them to the itunes library , it is just a matter of making symbolic links in your ~/Movies folder to the directories containing your movies , you can use the shell or just alt+cmd drag them to ~/Movies to make the links.

If yo do not know by now you can download movies from youtube just by selecting the file in Safari > Activity > Copy > Paste into downloads window.

How about playing every movie format there is including the flash movies you just downloaded from youtube in anything you like , quicktime , itunes , frontrow etc , well then just download http://perian.org/ and never care about formats of movies ever again.

To top it off i have a script for those times when you do want to know what are your movie files encoded with , this is a extremely fast shell script , with basic info , you can get it packaged as a osx app to drag folders to or directly as a cross-platform script.


On MS VC++ 2005 reinventing the wheel

It comes as no surprise too , microsoft’s paradigm for adding new features is reinventing the wheel , and they overengineer it just to the point where it is inevitable to break , and impossible to determine why it did so.

Without further adieu let me present MicroSoft Visual C++ 2005 and it’s brand new ‘wheel’ , i mean deployment model , dll’s now have to come with manifests and policies , and rely on the Side-by-Side service and this is is just a rough sketch , you can seehttp://msdn2.microsoft.com/en-us/library/ms235342.aspx for in depth details , there is a method to this madness you know , as always.

To put it bluntly however what you have are :
2 files in %windir%WinSxSManifests , a .cat file (security catalog , for the policy) and a .manifest file (xml file for describing the libraries)
then you have a directory in %windir%WinSxS where you need to put your actual libraries (directory name and filenames being a mix of the name , version , hash , and architecture so you wind up with something like x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50608.0_x-ww_6262d37f
, nice )

Ok , so now to the explanation , all that is microsoft striving to accomplish with all this is so we can have different version of the same library for our programs that were built with and require a specific version of it , when all you had to do to achieve this since windows 3.1 till 2000 was drop the library in the same location with the program , as a windows program will always try to load a library from its parent folder first , then start looking in every path for it , so you had different versions of the same library , each with the program that required that version.

There can be much more to be said but i rest my case for now , what are the platforms that are ‘vulnerable’ , i mean capable of this new deployment model you might ask , why it’s NT 5.2 and it’s older brother NT 5.1 (vulgarly known as Windows 2003 and XP respectively)

On Perl and data manipulation

It is common belief that Perl is the language of choice for the purpose of data processing and manipulation , and i couldn’t agree more , having been turning to it every time i needed some serious data processing , only to get the best results at each undertaking.

However back then in 99 when looking for a method of automating the calculation of my monthly online time from my dialup provider’s access logs , a task for which ASM just wouldn’t cut it , i had no other choice but to assume this thing about perl and data manipulation as the truth and have a go at the language without knowing for certain.

Today after quite a while and many data manipulation scripts , and quite coincidentally for the purpose of calculating the total downtime of my isp from my server’s access logs , i can not feel but pleased with the power you have with perl and it’s data manipulation drive , so i felt like evoking this wonderful side of perl myself too.

Now as to not make this article a dry reading , and because probably nobody likes staring at a program execution with no progress display for hours on end , or not even minutes , i am going to explain 2 simple progress display trick for your perl scripts.

Roughly the trick consists in using r (carriage return) to write over the same line over and over, while also disabling output buffering where it is the case

The first example below is the simpler one , but memory buffers are sacrificed for this and do not use this example for files bigger than some dozens of megabytes or loading times will be drastic and memory usage intensive , that aside this should not present any other speed decreases given you write your script in a speed conscious manner.

use POSIX;
#disable output buffering
$| = 1;

open (INFILE,”< $infile”) or die “$infile file not found”;
foreach $a (@data){
$proc = floor((($#data – $.) / $#data) * 100);
print “$. more lines to process ($proc% processed)r”;

In this second script we are not buffering the whole file into memory , so loading speeds will be great even tho’ we have to use a function to count the total line number of the file with clines() before starting to process it

use POSIX;
#disable output buffering
$| = 1;

#reading line length
print “Reading $infile….”;
$lines = clines($infile);
print “done ($lines lines)n”;

#processing data
open (INFILE,”< $infile”) or die “$infile file not found”;
$out = 0;
while(<INFILE>) {
$proc = floor(($out / $lines) * 100);
print $lines-$out.” more lines to process ($proc% processed)r”;
sub clines {
my ($filename) = @_;
$lines = 0;
open(FILE, $filename) or die “Can’t open `$filename’: $!”;
while (sysread FILE, $buffer, 4096) {
$lines += ($buffer =~ tr/n//);
close FILE;
return $lines

The Confidence of the Incompetent The Peter Principle and Hagakure

I was baffled but not really surprised by a relatively new discovery by Dr. David Dunning that the most likely persons to overestimate their skills in a area are the ones that do not have any skills in that area.

The logical explanation seems to be that the skills required for competence often are the same skills necessary to recognize competence.

Interesting is the fact that unlike their unskilled counterparts, the most able subjects in the study, Kruger and Dunning found, were likely to underestimate their own competence.

The researchers attributes this to the fact that, in the absence of information about how others are doing, highly competent subjects assumed that others were performing as well as they were — a phenomenon psychologists term the “false consensus effect.”

This brings in mind a book that dates back to 1969 by Dr. Laurence Johnston Peter , The Peter Principle which largely states that every person in a organization strives to reach and eventually gets promoted to their incompetence level , at which they remain from thereafter.

In my opinion Dr.’s Dunning study sheds new light on the The Peter Principle , because now we can assume that a explanation to why the person never gets put off its incompetence level is that he appears to be at his most competent level only while being utterly incompetent.

Now let us go way back to 1716 and see exactly the same thing portrayed in a old japanese writingHagakure

In one’s life. there are levels in the pursuit of study. In the lowest level, a person studies but nothing comes of it, and he feels that both he and others are unskillful. At this point he is worthless. In the middle level he is still useless but is aware of his own insufficiencies and can also see the insufficiencies of others. In a higher level he has pride concerning his own ability, rejoices in praise from others, and laments the lack of ability in his fellows. This man has worth. In the highest level a man has the look of knowing nothing.

Astonishingly how the insight on the human nature from almost 300 years ago is still as valid and revealing as the modern studies.

Intrigued by these new perspectives i have started to a little survey by myself on a much smaller scale , more exactly i am asking the users that take my PHP Skill Test and the Common Knowledge Test to average their competence for that test before seeing the test results


In the above graph notice how big is the difference at the end of the chart between the many with lots of confidence and the few with lots of knowledge


In the above graph a small scale number reflects a minority while a big number a majority , the distance between the two lines reflects the proportion between knowledge and confidence , a equal amount of them is reflected where the lines entwine.

The 2000 Ig Nobel Prize was awarded to David Dunning of Cornell University and Justin Kreuger of the University of Illinois, for their report, “Unskilled and Unaware of It: How Difficulties in Recognizing One’s Own Incompetence Lead to Inflated Self-Assessments.” ( published in the Journal of Personality and Social Psychology, vol. 77, no. 6, December 1999, pp. 1121-1134 )

Corporate programmers get licence to hack

Xtreme Programming or XP for short are “agile” programming methodologies are the spearhead of what are known as lightweight programming methodologies , and are getting more popular every day.

They relate closely to opensource methodologies and are essentially a license to hack for the oppressed corporate developers so i can easily
understand their joy and sympathize with these methods myself.

In my opinion , the agile xp method is nothing else but a definition ,standardization and enhancement of the developing methods that are
used outside of the corporate bureaucracy monolithic methodologies , and that is buy itself a very good thing if those standards start to be used inside coporations , and is definitely something they have to thank the open source movement for.

PhpBB worms feeding frenzy

It looks like it is going to be a bleak year for PhpBB securitywise , do not get me wrong however , i am a big fan of the software and it is the bulletin board that i will always use.

With not less than 3 major security vulnerabilities in the last 3 months and still hundreds of unpatched installations providing a rich meal for the growing number of phpbb worms , i was recently to discover that some of my phpbb installations were on the menu.

It was about one hour into 27 feb when i took a quick glance on my server logmon screen on my way to bed , and i could not feel unstartled by the chr(32)%252Echr(113)…. strings i see in some recent http requests when the error log prints some messages about writing to /tmp/ , now there is no doubt , i stop apache , kill perl and the shell bot running under it , clear /tmp and start googling.

Introducing CAN-2004-1315 and the Santy/AWS worm variant by some brazilian hackers that with it compromised my system and tried to make it just another zombie on their botnet that the kind people at SANS promtly closed down after my report

Now fast forward to today , i am now all upgraded from phpbb 2.0.5 to 2.0.12 but that does not make me less curious when i see messages about failing to allocate memory , issue i am aware of occuring when doing phpbb backups , but i am not doing any

Introducing CAN-2005-0614 , as i have not upgraded to PhpBB 2.0.13 yet now anyone can perform administrative tasks on my board
Well that by itself is not a security conpromise for my machine , BUT , introducinghttp://www.securityfocus.com/bid/7932 , so it seems that anyone having phpbb admin privileges can also run codeCAN-2004-1235 ) on my machine (and they did) .

Evidently i am now all patched and upgraded to 2.0.13 , one day short of my time for cleaning the box and really concerned about the security future of phpbb as at this time there is still no patch to stop a user with legitimate admin privileges from executing shell code on your system trough admin_styles.php .

So until that is fixed , make sure you trust your phpbb admins .

Introducing SPF namely Sender Policy Framework

Since aprox Sept 2004 there is a new headache for mail server administrators but it is not sure whatever it has the same effect on spammers , like it was intended to , and it’s name is SPF .

It is part of a set of rules that work for the purpose of stopping spam , and it is claimed that in the future all the mail your server send will be seen as spam if you do not implement SPF into your DNS records

There is a new SPF version out that makes use of microsoft’s proprietary Sender ID , which makes it unimplementable in any GNU software , but the classic SPF implamentation does not and is widely implemented in many opensource infrastructures.

You can use a SPF wizard on http://spf.pobox.com/ to generate your TXT record for spf , then add that record to your existing DNS records , that is if you have the ability to add TXT records to your DNS server .

Once you do that here is a tool to test your domain for SPF compliancehttp://www.dnsstuff.com/pages/spf.htm

Revelations : Amaya

In a age when the browser seems to be more important than the content in it , i invite you to take a trip out from the general mood and present you with a rough , but hmm.. revelatory proposition

These day you can also not speak about browsers without mentioning the “nothing short of a revelatory experience” firefox , but the ony thing i will say about it is that it is just a classy mozilla branch , nothing more , and mozila is nothing but a good browser , it is not a revelatory experience , but allow me to introduce to to something that might be just that

However the revelations it might present might not be understood by the regular , and its rough but profound features migh not be a match to the classy and apeal to the ones that never seen a piece of hypertext source in their life , still i present you http://www.w3.org/Amaya/

I strongly encourage the ones of you who might have a webpage somewhere to use one of the atached logos to link to http://www.w3.org/Amaya/ from their site , and this time Take back the code , the esence of the net and all software powering it , not something else.

*parts of the logos by http://www.amayaner.de

[attachments doctype=image]