Last Argument of Kings (The First Law, #3)
![]() |
Review:I need a little more time to write a real review. |
![]() |
Review:I need a little more time to write a real review. |
It was around the time "The Blair Witch Project" was a thing so it must have been in 1999 or 2000, that when I was reading Roger Ebert's "Movie Answer Man" column, I thought, hey, I may have something to say about this.
I emailed him about how the "found footage" genre was old, citing 1980's Cannibal Holocaust, and even going back to Edgar Allan Poe's "Arthur Gordon Pym" which is (of course) a found manuscript. We exchanged a few emails, he was always thoughtful, polite, willing to have a nice conversation. He eventually asked about what was the best possible time to visit Buenos Aires, I said spring or fall, suggested that he may be interested in attending BAFICI, and eventually it petered out.
So, not much as anecdotes go, but it made me realize I had been reading his reviews and articles (and later his blog and his twitter feed) for over 15 years.
I remember seeing him do a cameo in a lame TV show (the one with the guy that has a magical dog that brings him tomorrow's newspaper or something), and thinking, hey, I know that guy, sort of.
Now that he's dead, it seems he was, for everyone, the same he was for me, gracious, friendly, interesting.
He was the kind of guy who wrote reviews for Deep Throat and co-authored a Russ Meyer movie, and was always ready to say that a movie was crap yet good crap because there are degrees of crap, and you have to take crap in its own terms.
I'll miss the guy.
Earlier I mentioned a hack I use when I need to get a clean browser quick. Here it is again:
rm -f ~/.config/ralsina/devicenzo.conf curl https://devicenzo.googlecode.com/svn/trunk/devicenzo.py | python
Since that got posted on reddit (no, not linking it), it triggered "interesting" arguments. Basically many were shocked (shocked) about running arbitrary internet code locally in this manner. It's insecure. While I am by no means a security expert, at least I know I am ignorant.
Let's examine that insecurity claim a little, in the context of what I was proposing. I am trying to tell people "here's a small web browser that requires no setup and since it's not your main browser, you can nuke it and reset its state easily before running it, like this".
So, what's wrong with doing it that way, according to the commenters:
Well, that makes it exactly as insecure as every unsigned binary you ever downloaded. Or, let's be honest, every shell script, python script, perl script etc you have ever downloaded. Or you audit them?
Who exactly is being prevented from auditing it by having it presented this way? Is the intersection of "people who can audit this script" and "pople who don't understand pipes" not empty?
For those who can audit, this makes no difference. For those who can't audit, this makes no difference.
And how would you know the hash is not tampered? Wat you want, really is a digital signature of the script.
If you trust google (and usually, people do), then you know that:
The script was uploaded by me (check the history of the file)
The script has not been tampered from the repo (since it's a secure connection and yes, there is a hash of the revision)
If you don't trust google, then you don't know who uploaded it, and if you don't trust me, you don't care who uploaded it, even if it's signed (because it's signed by someone you don't trust).
He doesn't. Life is like that.
He shouldn't. OTOH, were he so inclined, he can check who wrote it, and that I am a real person, with a long history of sharing code online and no claims of ever pushing malware.
You don't need to run malware more than once, anyway. So, not much of a difference.
So does Dunkin' Donuts, and noone posts about it at reddit. But in any case, sure, it's a bad habit. Big deal.
So, is it secure? Hell no! Is it significantly less secure than installing a random PPA you see mentioned in a forum? Maybe slightly. Is it less secure than running random unsigned binaries? Hell no. Is it less secure than downloading and running it? No. Is it less secure than building a random thing from source? Hell no.
But is it less secure than the other realistic ways in which I can give you a 100+ line chunk of python code that works as a web browser? I don't think so.
In the context of "here's the code for it, it can do this", this is not significantly insecure. It's more or less as insecure as the alternatives. With the advantage that, if you want, you can audit it. It's 128 lines of code (assuming you trust Qt and PyQt and Python, etc)
So there.
"Se ve que la visita de la Presidenta al Papa no sirvió de nada [...] Son absolutamente irrespetuosos. Dicen que no van a aceptar ninguna modificación y hablan de democratizar"
—José Cano, jefe del bloque de senadores de la UCR
Por fin alguien en este país que destapa la olla, que muestra la entretela de la política, que bate la justa, que canta las cuarenta, que cacarea donde alguien, sí, esta vez puso el huevo.
Me saco el sombrero, es más, me saco el cuero cabelludo ante José Cano, ínclito senador radical y su capacidad, cual Mr. Músculo parlamentario, de sacar toda la suciedad que el oficialismo esconde.
¿Porque ya saben, el motivo por el que la presidenta fue al Vaticano? Para que los radicales tengan más senadores puedan así cambiar los proyectos de la mayoría. O tal vez para que no les hagan nana en los sentimientos. Entonces, para la próxima elección de senadores, vote Viggo Mortensen / Aragorn. Haga feliz a un papa.
It's not because I wrote it (ok, yes, it's because I wrote it) but if you ever need a "clean" browser, without cookies etc for tests, you can do worse than using my Devicenzo like this:
rm -f ~/.config/ralsina/devicenzo.conf curl https://devicenzo.googlecode.com/svn/trunk/devicenzo.py | python
The first line removes all configuration, cookies, etc, you may have and the second one downloads the latest version (don't worry, it takes about 2 seconds) and launches it.
And voilá, a completely fresh out-of-the-box, webkit-based browser, with no previous history, cookies, or configuration, fairly feature-complete.