Esse quam videri.

Category: Writing

Fixed-width or monospace fonts in Sparrow

If you’ve been playing around with the Sparrow email application, like me, and you’ve been enjoying it, like me, and you’re a geek, like me, then its rigorous use of Arial everywhere probably drives you crazy. Like me.

Thanks to Vinicius Horewicz, with the penchant for lolcats talk, the problem is solved.

  1. Close Sparrow
  2. Wander over to /Applications/
  3. Make a backup of message-editing.css and conversations.css.
  4. Edit message-editing.css, replace font-family in the body stanza with your favorite font. For me, that’s Liberation Mono.
  5. Edit conversations.css, replace font-family in the div.-sparrow-messageBody and div.-sparrow-quickReplyTextContents with your favorite font.
  6. Restart Sparrow.
  7. Feel a little closer to your mutt, pine, and Mailx roots.
// message-editing.css
body { font-family: Liberation Mono; }
// conversation.css
div.-sparrow-messageBody { font-family: Liberation Mono; }
div.-sparrow-quickReplyTextContents { font-family: Liberation Mono; }

Symantec explains why proprietary software is dangerous

Someone stole Symantec’s source code five years ago. Since that time, the only people who knew about the exploits were Symantec and the bad guys. So when Christine Ewing, the product manager, says ”malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits,” she’s only half-right.

The other half of the truth is, “You can’t rely on Symantec to properly respond to a security breach, and since you’re utterly reliant on Symantec to fix any exploits, and we didn’t do that, you’ve been vulnerable for five years.”1

Having your source code in the wild isn’t inherently dangerous. It becomes dangerous if a) only the bad guys have it, and b) you’re not adequately responding to threats. Symantec, for whatever reason, allowed both of these things to be become true, and so put their customers in peril. If this software’s code was open, the good guys have just as much of a chance as the bad guys, even if Symantec wasn’t being responsive.

It’s been said before, but obviously bears repeating: if you’re relying on proprietary software for security, you’re taking unnecessary risks.


“Modern Media Tweet Shortcode” caching woes.

Modern Media Tweet Shortcode makes it easy to embed Twitter on your WordPress site. I use it in my “…from Twitter” category, which is now mercifully exempted from the front page and the RSS feed. It works fine, and even does you the favor of caching the JSON from Twitter so you don’t have to hammer their servers every time someone visits a page with an embedded tweet. It looks like this:

The trouble is that if you hit the Twitter rate limit (about 150/hour nowadays) Modern Media’s plugin won’t realize it, and will cache the error instead of the tweet. That permanently poisons the cache, and there’s no way to get your tweets displaying again. Here’s what the poisoned cached tweet looks like:

{"error":"Rate limit exceeded. Clients may not make more than 150 requests per hour.","request":"\/1\/statuses\/oembed.json?id=150739352413147136&omit_script=true&lang=en&maxwidth=500&align="}

The solution is to head over to /wp-content/plugins/modern-media-tweet-shortcode/cache and find all the file that are 192 bytes in size. You can use find . -size 192c -print for that. If they change the wording of the error message, that size will change, but you get the idea. Delete all those files, and the plugin will retry caching the tweets.

Mel Chua is awesome.

The best I can hope for is the ability to hear beaver sneezes.

via [M]etabrain [E]ntry [L]og » Blog Archive » I do not know what to call this..

DISA releases IAVA-to-CVE mapping

Image courtesy Robert A. Martin and MITRE.

The DOD keeps its own catalog of system vulnerabilities, the IAVM. You can think about this as the computer security alerting system for the DOD. If you get an IAVM, it will tell you what the vulnerability is, how critical it is, and if you need to patch it immediately.

The rest of the world keeps track of vulnerabilities using MITRE’s Common Vulnerability Enumeration, or CVE. Most commercial tools (like Yum) understand CVEs: you get a CVE, you drop it into your patching system, and away you go.

But if you’re in the DOD, it’s not that easy. You’re given new IAVMs almost every day. The most automated you could ever make the process is to have a human log in to the IAVM website with their DOD-issued smart card, read the IAVM information, hope to God the JTF-GNO mapped the IAVM to a CVE, otherwise find the CVE that matches the IAVM you were given, and then drop that CVE into your patch system. That’s tedious, which means nobody ever does it.

Building a Timeline of Open Source in the US Government

I spent the last couple days on this project, and it’s looking pretty good so I thought I’d give an early peek. Eventually, I’d like to throw this up on Open Source for America and integrate it with CivicCommons’ list of government open source projects. But, you know, baby steps. At the very bottom of the page, you can learn more about how this was created.

Anyway, this is a timeline of the major events, publications, and code releases in the history of the US Government’s adoption of open source. I think it’s interesting to see all the moments of open source lined up together. It gives a nice feel for the flow and momentum of the movement.

Getting a Simile Timeline to Work in WordPress

The first step is to get it working on static pages. Kiyohito Yamamoto; provides a great starter kit. You’ll save yourself some trouble if you create a separate .js file for your own timeline scripts.

Yamamoto’s script is pretty great, but if you try using Timeline 2.3.0, you’ll discover that the Timeline.DefaultEventSource.Event() constructor has changed. The fix is pretty easy, though. I just use named parameters instead:

var event = new Timeline.DefaultEventSource.Event({
   text: title,
   description: description,
   instant: true,
   start: start,
   end: null,
   latestStart: null,
   latestEnd: null,
   isDuration: false,
   image: image,
   link: link,
   icon: null,
   color: undefined,
   textColor: undefined

Once that’s working, you need to get it working in WordPress. That means finding a way to embed the script that we just created, and the Simile Timeline libraries in the <head> element. Thanks to Peter Binkley, I learned that you can install the HiFi plugin, which lets you inject code into the <head> element on a post-by-post basis. Perfect.

So with Hifi installed, I added the <body> of my static HTML page to the post, and added these lines to the new “Head injection” field:

Endorsed: Kinesis Advantage Keyboard


I started getting pains and numbness in my back and upper arms in my late twenties. Knowing that had to change, and quick, I did two things: started using a standing desk, and got myself a Kinesis Advantage keyboard.

The premise is simple: put the most common keys (space, enter, delete, backspace, etc.) on your strongest digit, which is your thumb. The rest of the keys are laid out in a concave pattern, which makes it much easier to reach Z, ? and the other pariahs.

After 6 years, I decided to retire my original. The function keys were getting less responsive, the Page Up and Page Down keys no longer work, and its computer-industry-standard-beige has turned sallow. I traded it in for the fetching black number you see above. It never occurred to me for a moment that I’d purchase anything else.

Need For Agility

“If I could reliably predict the future, my life would be much different than it is right now. I would be richer, smarter, and probably better-looking. Instead, I have to rely on my years of experience working with the Federal government. That has given me a modest amount of insight into what we can expect from the Federal IT market in 2012.”

– me

Read more at WashingtonExec. I seriously need a new headshot.

Astaire gets weird on belts.

In the way of belts, Astaire likes to use silk handkerchiefs—purely for utilitarian purposes rather than theatrical. He has a 31-inch waist and loses pounds when he is dancing. The resilient silk allows him to draw his pants right. “I used to use old neckties for the same purpose but the handkerchiefs are better.” At home he will use a belt, usually shoving the buckle to one side, “simply to get it out of the way.”

via Interview With Fred Astaire on his Style and Clothes: Celebrities: GQ.