Hiding posts from people you don’t follow on Twitter

I need to share this regularly, but Twitter doesn’t like the formatting of the snippet, so I’m creating this blogpost.

In your ad blocker’s options page, there will be a place to add custom filters. In uBlock Origin, for example, there’s a ‘My Filters’ tab. Add this snippet there and save changes:


Bye bye, suggested tweets.

Mercurial choosing Rust over Python

According to this article in Mercurial wiki, its core is being re-written in Rust. Mercurial is one of the largest open-source Python projects in existence.

This does not however mean everything will be rewritten in Rust. (Yes, this post’s heading’s not entirely accurate.)

* hg is a Rust binary that embeds and uses a Python interpreter when appropriate (hg is a Python script today)

* Python code seemlessly calls out to functionality implemented in Rust

The obvious reason for the decision is startup performance concerns, but the article also (interestingly) states:

In addition to performance concerns, Python is also hindering us because it is a dynamic programming language. Mercurial is a large project by Python standards. Large projects are harder to maintain. Using a statically typed programming language that finds bugs at compile time will enable us to make wide-sweeping changes more fearlessly. This will improve Mercurial’s development velocity.

Git was also designed with a core written in C and a host of shell scripts that call the core for additional functionality. For example, rebase is actually a shell script.

However, usage of shell scripts has made porting Git to Windows a pain. See the Lessons Learned section in this AOSA article.

C++17 finalized

The C++17 specification has been finalized. The actual specification is under a paywall (wtf), but you can get the final draft of the pdf here. But it’s 1448 pages long and you most likely don’t have time to go over everything.

However, there’s this nice writeup that summarizes the new features in C++17. There are no new groundbreaking features, but some handy additions you might wanna use.

One of the first things that caught my eye is std::optional. I love optionals in Swift. They let you wrap values which might or might not be null and reduces the chances of null pointer exceptions. std::optional is a bit more awkward to use than Swift’s built-in optionals, but I hope people would start using them.

There’s also nested namespaces and structured bindings which will help with brevity and readability. Structured bindings are similar to destructuring in JavaScript.

New server + HTTPS

This site used to be in a Hostgator shared host which I had bought long before I understood how servers work. I didn’t bother changing it as it just worked and this was not the only site/app that was hosted there. (If I was to move, I wanted to move everything)

Lack of WordPress know-how was another problem. I have/had multiple WP sites including this one, and moving meant creating a multisite, configuring it to match the original URLs, while supporting other non-WP stuff as well. Also I didn’t want to migrate the blogs as static sites for different reasons.

Finally I’ve moved most of the stuff to a separate VPS in Vultr (thx to @gaveen for referring). The major motivation was TLS support. You had to pay additionally for TLS in Hostgator, which didn’t make sense as we have Let’s Encrypt.

The multisite is mostly working now, but I need to get images working properly (uploads directories not properly configured for sub-sites), fix old thameera.com/files/... links, set up rss2email and also see what else is broken 😆.

Using ncdu to examine disk usage

du has been my go-to tool for checking disk usage and it’s wonderfully simple. But I’ve been using ncdu for a few weeks now.

ncdu is short for NCurses Disk Usage. In addition to being able to visualize disk usage by directory, it lets you sort on different parameters, delete files, show hidden files, and a few more stuff that you’ll miss if you go back to plain du. Most importantly it acts as a file manager, so you can simply enter the directories to see a more fine-grained breakdown of file sizes. As an added bonus it has Vim keybindings along with normal arrow key movements.

ncdu - ncurses disk usage

Screenshot of ncdu + help popup


brew install ncdu # macOS
sudo apt-get install ncdu # Ubuntu/debian

Printing double-sided in a non-duplex printer

My printer doesn’t support duplex printing, but I regularly print double-sided booklets. It’s not straight-forward and I always forget how to do this so I keep a checklist to consult every time. Publishing it here so I won’t lose it and someone searching for this in the interwebs might find it useful.

  1. Select ‘Odd Pages Only’ in print settings (usually under ‘Paper handling’)
  2. Print
  3. Take the printed papers out and put them in the same orientation to the tray (white side up, no turning)
  4. Select ‘Even Pages Only’ in print settings.
  5. Also, select ‘Reverse’ for Page Order
  6. Print

If you are printing a booklet, note that you will need to convert the document to a booklet format first. I use Booklet Creator for this, but there are other alternatives as well.

How the macOS root user vulnerability happened

Mac security specialist Patrick Wardle digs into the root cause (pun intended) behind why a blank password gave you root permissions:

* For accounts that are disabled (i.e. don’t have ‘shadowhash’ data) macOS will attempt to perform an upgrade

* During this upgrade, od_verify_crypt_password returns a non-zero value, and an error code which is not checked

* The user (or attacked) specified password is then ‘upgraded’ and saved for the account

It appears that od_verify_crypt_password should fail (update: it does and Apple just didn’t check for this!).

It might be an oversimplification, but what I gather from the post is that proper handling of the function’s return value (error code) could have prevented this on hindsight.

Now I’m pondering about all those times we ignore the error codes returned by the OS for file I/O operations and whatnot.

Root user vulnerability in macOS High Sierra

It has been discovered that you can get root permissions on a macOS system running High Sierra without any password. To test, click on the padlock in any System Preferences dialog and enter root as the username and keep the password to blank. Now click Ok (or whatever the confirmation button is) twice and you have root privileges!

This is like the worst nightmare ever, but note that the attacker needs to have physical access to the machine. Until Apple sends the patch, the easiest way to secure the system is by changing the root password as described here: https://support.apple.com/en-us/HT204012

Unfortunately it looks like the vulnerability was publicly disclosed without letting Apple know and waiting for a patch.

Imgur hacked

Imgur has apparently been hacked in 2014 and this has come to light only a few days back. 1.7 million emails and passwords have been leaked – passwords encrypted with SHA256. (Imgur has been using bcrypt since 2016, though)

From the article:

Although in an ideal world Imgur would never have been hacked in the first place, I believe that the company should be commended on two counts.

Firstly, Imgur didn’t ask users when they created accounts to enter any extraneous unnecessary information – such as real names, dates of birth, addresses, or phone numbers that could have made this breach much more damaging to its victims. There’s a great deal to be said for companies limiting the amount of information that they ask from their users – the less they store about you, the less they can lose.

One of the key requirements in GDPR is that websites collect only the minimum personal data necessary to perform its operations. It will be very hard to keep the user stores from being pwned, but having the least possible amount of data in them definitely helps lessen the damage.

The curse of knowledge

I came upon an article titled Are You Suffering From the Curse of Knowledge? recently in a reddit thread.

Another famous example is that of an extremely successful salesman for IBM who was asked by an interviewer why he was so good at sales, to which he responded, “It’s because I stopped coughing!”

A couple of experts in sales were so confounded by his answer that they decided to examine him more closely. After a while they found that he was actually doing a lot of things really well—he was using a ton of sales tactics brilliantly, he just wasn’t aware of it. He was naturally talented at sales.

The moral of this little story is that the IBM sales guy falsely attributed the reasons for why he was so successful.

The secrets of success from the top scorers in an examination might actually not be the secret sauce that led them to those results. Sometimes it’s not obvious why someone is doing really good.