Ads by Google

Sunday, June 26, 2011

A simpler search: Emacs Occur

The Emacs manual has a section devoted to search and replacement exploring a multitude of options to search and replace text.  You should at least be familiar with
`C-s'
     Incremental search forward (`isearch-forward').
`C-r'
     Incremental search backward (`isearch-backward').
Anything a bit more complicated than that, you need to dive into the manual.

And if you really do read the section end to end, you'd see the last part on Other Repeating Search.

And you'll find another simple search M-x occur. Call it, supply the search string and that's it.  It provides all the matches in another buffer, each line clickable to take you to the specific line  in the source file or buffer where the match was made.  It is also mapped to M-x list-matching-lines.  And if you want to search multiple buffers, there's M-x multi-occur and M-x multi-occur-in-matching-buffers, the latter that takes a regular expression for file names.

And if you do want a bit of context to the matches, supply a prefix argument and it will show contextual lines to the matches; i.e C-u 2 M-x occur searchtext RET will show 2 lines of context with every match. 

That's it. M-x occur is for the occasions where you can't be arsed to find the 100% correct regex and no one's watching you hacker FAIL.

And you should really read the complete section on Search and Replace.  It's well worth your time.
Mastering Regular ExpressionsRegular Expressions CookbookBeginning Regular Expressions (Programmer to Programmer)

Thursday, June 23, 2011

Emacs 24.1 heading into Pretest

A bit late to post this but it appears Emacs 24.1 feature freeze and pretesting is going to start.

Well, almost, if you look at the entire mail thread; for a release in 2012, if all goes well.

If you don't want to wait that long, you can still get the weekly builds from here.

Version Control with Git: Powerful Tools and Techniques for Collaborative Software DevelopmentPro GitProducing Open Source Software: How to Run a Successful Free Software Project

Friday, June 17, 2011

Emacs world domination...will have to wait

So, on a whim, I decide to look up google trends for emacs search volume.




This is not looking good. It's time to organise and spread the gnus otherwise we might go out with a mew...err...whimper.

The Org Mode 7 Reference Manual - Organize your life with GNU EmacsLearning GNU Emacs
An Introduction to Programming in Emacs Lisp

Sunday, June 12, 2011

Data Security will probably never work till....

data loss is the same as physical property loss.  Since that's never going to happen, data security in the IT field will probably be a fool's errand.

Let me explain.  First this post is a good rant on security issues and how management perceives it.

If someone steals your iphone or laptop, that loss is completely tangible.  You had it then you lost it; something which you paid lots of money to get.  There is an incentive and an object that you know that belonged to you that got stolen that makes you want to safeguard it.  Compare this to a database breach;  The same data is still there except that someone else too, unauthorised, has a copy.  In fact, there is nothing like someone got punched, got a gun pulled at his face,blood,screams,physical assault with the object forced from their hands.  One random day, someone reports that there was unauthorised access and the data has probably been copied over.

That's all.

You expect people to swoon over data loss, some electronic stuff which to most people is fungible? 

I'm convinced that this is the primary reason why no one cares or will care.  It's just not the same as physical property loss(Of course the impact of the data loss is large;not denying that).   I think Nicholos Negroponte explained this well in his book 'Being Digital'.  Something along the lines of "what's original and what's a copy in the digital realm when one bit is the same as the other bit?"  and the values attached to them compared to physical originals and copies.  How does one even know that a file has been copied a million times?

All the worst case scenarios and security checks will probably never impact management till some cracker figures out a way to steal the data centre, lock, stock and barrel. :-)

Being Digital

Saturday, June 4, 2011

Why aren't Firms doing a cost benefit analysis on Data theft?


After reading a lot of recent news on phishing and cracking attacks on high profile firms, I keep wondering whether anything is being attempted at all in the security front all. I mean,you're on the WWW, there are a broad spectrum of people who are for/against/indifferent to you.  And if you do something perceived as unpopular, you're inviting some form of protests, legitimate or not. Inevitably, the firm's site is cracked and a whole lot of really, really sensitive information gets leaked and then there is much grovelling and PR.

Is it still that companies are still going through the popular 'security theatre'?
Virus software Check
Firewall Check
RSA token Check
ACL software check

and that's it?

And oh 'It can't happen to us/me' syndrome?
Yes,Yes, I get the usefulness of the above softwares and how they raise the  bar on cracking and all that but it all seems so pointless when the actual methods of cracking are revealed, isn't it?

Why aren't the firms looking at cost benefit analysis on the loss of data before doing any securing of the data?  I mean, if you're looking at a Credit Card database, wouldn't a worst case planning of complete compromise of the same be planned and mitigation steps planned for the same?  Multistep authorisations, access control, manual verification, disabling remote access for certain operations, aren't they supposed to be done for securing such data? I find it hard to wrap my head on the entire credit card databases being whacked;  I can understand a single card holder account compromised due to social engineering tricks but entire card databases?  How?  It boggles the mind.

Wouldn't one at least check the cost of compromise of the database? i.e. we'd lose X millions in sales and revenue if this get leaked along with the bad PR and legal issues pertaining to card data losses and intimation to individual users and hence we'd need to make sure we have the above security checks and processes in place? Shouldn't the expected data loss cost be a factor in making additional investments in terms of money, time and processes to make sure the unthinkable does not happen?  And application teams and project managers deploying things would probably think about security from the ground up rather than treating it as something the infrastructure guys would help with before deployment.

And shouldn't they pick up best practices from the casinos?  Of course, I realise they work with physical money more rather than electronic stuff but they seem to be doing a good job in making sure they don't come out red faced that often with so much money involved.  And they seem better at figuring out Insider threats and have enough checks and balances to catch them?  I mention this because (apparently) most data losses seem to stem from insiders doing it and/or providing the information to external parties under duress, carelessness or otherwise.

The downside of the litany of compromises is that, there will be legislation and laws that are not going make it easy to do business.  In India, we seem to have that started with the central bank insisting mobile/internet payments in certain cases be done through a 2 step process.  I currently have to do that now for paying my cellphone bill through the carrier's mob app. I pay through the app and then I get an SMS that outlines how I will have get in touch with the bank payment gateway, get a one time code and send that as an SMS again to the carrier.