Profile cover photo
Profile photo
Ryan Gordon
Stick it in the camel and go.
Stick it in the camel and go.


A lot of the best art turns out to be accidental.

I recently tweeted about the ending of The Graduate, which was meant to end with two kids laughing as they start off towards a new adventure together. Instead, they're sitting there like "oh shit, what the fuck do we do now?" and it's a perfect moment of what it feels like to start being a grown-up. Apparently Mike Nichols yelled at Dustin Hoffman and Katharine Ross while filming because they weren't laughing, and you ended up viewing their reaction.

The real power of Mike Nichols is he knew when not to take out the trash, though. Like this scene, too:

But I wanted to talk about Once, which I fell in love with immediately. If you haven't seen it, where have you been since 2006? Stop what you're doing and watch it now:

In practice, the entire film, it's meaning, it's very soul, hinges on two words, spoken in Czech, which the speaker declines to translate.

And those words? Not in the script. Just came out of her mouth, and they kept shooting. The reaction from the other character is so perfectly honest, because he had no idea what she said, or even that they were still filming. They reshot the scene, but used the first take anyhow. The entire story is different--and so much better--for it.
Add a comment...

"Alias," the comic book that Netflix's Jessica Jones is based on, is mostly not what the TV show is about. The TV series takes the story from the final five issues and fleshes it out. The rest of the comic is not about abuse. It's actually spends most of its time critical of the idea of celebrity.

When the Purple Man ("Killgrave") storyline shows up, it's a dramatic shift in tone from the previous 23 issues.

I was thinking about how Melissa Rosenberg, the lead on the Netflix version, also wrote all five Twilight movies (in her defense, everyone needs to work, and she also wrote the first four seasons of Dexter, etc), and I wonder if Twilight could have been made better if she had taken the same approach that Jessica Jones did: figure out what's interesting in the story, expand on that, and use it to discuss a completely different theme. Eject the rest.

It's not how we film YA book adaptations, of course. We film them in a very specific way: scene-for-scene, and now, with the final book split into two films, compliments of the Deathly Hallows.

I would be so bold to suggest Twilight could have also served as a front for discussing abusive relationships, just like Jessica Jones turned out. Hell, you could almost directly drop in Edward for Kilgrave and Jacob for Simpson and not been that far from where the books already are.
Add a comment...

One more 1pass thing worth noting:

Just added an experimental thing. I haven't decided if this is useful, or a flatly terrible idea, but feedback is welcome.

So when you try the latest, it'll let you set up a "trusted device," which in this case is a mounted filesystem. Onto that filesystem it will write 4096 bytes from /dev/urandom, and do an SHA256 checksum of it. Once that is set up, the keychain will not unlock (indeed, it won't even prompt you for a password!) unless that filesystem is mounted at the same place with a file that matches that original checksum.

The theory is that you get a little USB keychain drive, start 1Password and tell it "this device belongs to me, if you don't see it, don't let anyone in."  (this is on the "Security" menu in this new version). When you walk away from your machine, you take the USB drive with you.

This is (currently) set up on each run, and it doesn't alter your 1Password keychain at all; it's strictly a way to limit physical access to your keychain at your workstation (although one could certainly mount a network drive that requires a password as a second factor).

As a future expansion, I intend to let 1pass handle other devices: Yubikeys, perhaps, or optionally listen for bluetooth devices coming and going, so it can restrict access when (say) you walk away with your phone in your pocket. But that's all just fantasy with no timetable at the moment.

None of this helps you if an attacker has physical access to your machine and your password, as this is strictly user-interface and doesn't alter the keychain itself; they could just decrypt the keychain in that case without using the existing locked-down process. But it can be useful if you just want to yank the drive out and not have to reenter your password when you come back, or your desktop is locked down enough that an attacker can't reach your keychain except through the running 1Password process.

We could have this keychain become part of your master password, as a true 2-factor auth system, but I'm not that crazy today.

Anyhow, if any of this is even a good idea, it's a work in progress, so don't secure nuclear codes with it in any case.  :)

The patch:

Feedback welcome!
Add a comment...

So I just pushed a change to 1pass that might interest you.

Now when you want to find a password in your vault, instead of a GTK+ popup menu, you get a real GTK+ window. The primary motivation for this is that it allowed me to add a text box for searching, so you can pop up the password UI and type "go" and there's your Google and GoDaddy credentials right in front of you.

There are downsides to this change, mostly that GTK+ basically doesn't actually work like you want if what you want is to do anything out of the ordinary, so things sometimes are weird (like, the second time you bring up the UI, it doesn't get keyboard focus no matter how hard I try on Unity, and KWin just puts subwindows all over the place). I'll probably move to SDL to fix all this.  :)

That being said, I've been using this change for months without serious problems, and it's been extremely useful to me, so I finally talked myself into publishing something useful but imperfect, in case anyone else wants it.

I pushed it into a named branch called "gtkui" for now if you want it.


(EDIT: if you want more explanation about what 1pass is, start here, I guess: )
Add a comment...

Okay, here's a wild oversimplification that is likely to make OpenGL implementors' heads explode, but this is the best way I can explain the value of Vulkan/Metal/Mantle/DX12 to you.

If you have a recent Intel GPU on Ubuntu 14.10, this is exactly the code that runs deep deep deep in the core of Mesa when you try to draw a triangle with OpenGL:

Line 645. See that for-loop? It cycles through a bunch of "atoms," which in this case means "small units of data we want to push to the GPU." One function pointer is called for each atom in that loop. One might set a new fragment shader, another might upload a buffer of vertex data to the GPU, or change the viewport state on the hardware, or whatever. The draw call I'm looking at in Unreal Engine 4 at the moment has 54 atoms to run through.

To get to this for-loop after you call glDrawArrays(), an enormous amount of code runs. The GL validates all sorts of stuff, it updates a bunch of internal state, it goes through various checks where various GL extensions might conflict or your GL target might not offer features you are trying to use.

For Vulkan? Some of this work will move into your app (and won't need to run on each draw call!), but more or less? Delete everything from the driver but that for-loop.

And then delete the if-statement inside that for-loop, too.
Add a comment...

I've been bitching on Twitter today about Git, including how everyone tells you that it is SO EASY to use GitHub pull requests, and how this ease of use is important to encouraging people to contribute to your project.

But really, they're "easy" for maintainers. The contributor is easy to send away to fix whatever so the maintainer can click the approve button.

I fought with Git for an hour today because my pull request was on the wrong branch and I couldn't coerce it to move to the right place. Several copies of the repo were ruined, deleted and cloned from scratch again.

I really wanted this patch in revision control, otherwise I would have posted the diff and said, "fuck it, if you want it, YOU figure it out without the "Merge this Pull Request" button."

Several things about this system suck, are broken, and should be improved, but there is this ridiculous amount of inertia around git already. It feels like walking through tar to talk about how things aren't super amazing in the git user experience, and someone is always nearby, ready to tell you that you just had to type "git bloop -k bebop dong --reset --mediumrare <nodeID> HEAD master origin bagel"
Add a comment...

Working on a small compiler thing, and it's currently spitting out the equivalent of this on a test program:

void main ()
  float tmpvar_1 = 4.0;
  tmpvar_1 = 4.0;

Every line of this screams for an different optimization pass:
- line 1: assigns an unused value, since the next line overwrites it.
- line 2: assigns the same value that's already in tmpvar_1.
- line 3: an expression with no side-effects.

So the expressions on line 1, 2, and 3 should be removed.

But once you remove those, the allocation of tmpvar_1 should be removed entirely too, as an unused variable.

And once you remove that, the entire program could be replaced with a single "ret" opcode, because this program now officially does nothing.

Optimization is fun!
Add a comment...

Post has attachment
One minor spam update, across two graphs.

The first one: after greylisting, we ask SpamHaus if an IP address is sane (the ones it rejects is the red part of the graph). Then we push it through SpamAssassin and ClamAV and reject the mail before the SMTP transaction is complete if possible (the rejects are the yellow part). Then the green part is mail we have accepted.

The second one: same thing, but the blue part is stuff we rejected through greylisting. This stuff is magic.
2 Photos - View album
Add a comment...

Boy, if you thought Into The Woods didn't get the point, try the movie version of Rent.

That is all.
Add a comment...

So here's what you need to know about the new Into the Woods movie.

The original musical has a "junior" script available, which is something that lots of Broadway musicals offer. A junior script takes the original show and reworks it for children, so, say, 7th graders can do it as a school production.

This usually means editing for length, and content, and maybe putting some of the songs in an easier key so kids can sing them well. This isn't actually as bad as you'd think it would be, if you set expectations appropriately. I've seen sixth graders do stuff that should have been above their level with these scripts before.

Into the Woods has a junior script. The most notable change is that it deletes the entire second half. The full script goes from a whimsical adventure, a mashup of various fairy tales on a quest, to adult problems these characters face afterwards: bad marriages, parenting problems, death, adultery, loneliness.

So naturally, we definitely needed Disney to produce this thing.

The movie doesn't work. Skip it.

Watch the original Broadway cast instead; they taped a performance of the show for PBS at some point and Amazon will stream it to you for 1/3rd the cost of a movie ticket.
Add a comment...
Wait while more posts are being loaded