Improve git performance on Windows without patching your git install

I’ve blogged about improving the performance of Git on Windows in the past and rightly labelled the suggested solution as a bad hack because it requires you to manually replace binaries that are part of the installation. For people who tend to use DVCSs from the command line, manually replacing binaries is unlikely to be a big deal but it’s clunky and should really be a wakeup call for some people to include a newer base system.

By now there is a much easier way to get the same performance improvement and this is to use Git for Windows instead of the default Windows git client from git-scm.com. Not only does the Git for Windows installer include the newer openssl and openssh binaries that I suggested dropping into the git installation directory in my original post, it is also a much newer version of git.

For me, installing the Git for Windows client kills a couple of birds with one stone.

First, it addresses a large part of my complaint that Windows is a second class citizen to the Git developers. Using git on Windows is still a tad clunkier than using it in its native environment (ie, the Unix world) but a dedicated project to improve the official command line client goes a long way to address this issue. Plus, the client is much more up to date compared to the official client from git-scm.com.

Second, addressing the performance issues that the official client has is a big deal, at least to those of us who need to work with git repositories in the multi-gigabyte size class. With repositories of that size, it does make a difference if your clone performance suddenly is an order of magnitude faster. In my case it also finally allows me to use these large git repositories with Mercurial’s hg-git plugin, which simply was not possible before.

I’ve not tried to verify if the newer openssh and openssl binaries address the issue I described in Making git work better on Windows. My assumption is that it’s not the case as I saw the same behaviour with the manually updated binaries. For use with a CI system like Jenkins I still recommend to use http access to the repository.

Adding TLS support to Emacs 24.5 on Windows

The Windows build of Emacs 24.5 doesn’t ship with SSL and TLS support out of the box. Normally that’s not that much of a problem until you are trying to access marmalade-repo or have org2blog talk to your own blog via SSL/TLS.

Adding SSL and TLS support to the Windows builds of Emacs is easy. SSL/TLS support in the official Emacs build for Windows isn’t enabled because it doesn’t ship with the necessary support libraries, but you can get pre-built binaries from the ezwinports project on Sourceforge. Installation is simple – grab the desired binaries (I used gnutls, but there’s also an older openssl build available) and extract them into the root directory of your Emacs install. The directory layout is the same and mimics the standard Unix directory layout so everything ends up in the correct place.

After the next restart of Emacs, a quick

M-: (gnutls-available-p)

should result in ‘t’, showing you that Emacs has found the gnutls binaries. All of a sudden, org2blog can talk to my blog again and I’m finally set up the same way I am on the other OSs I use.

ezwinports has a whole bunch of other useful libraries available as well, like libpng, so check it out.

One caveat – the ezwinports libraries are 32 bit libraries so they work fine with the official 32 bit build of Emacs for Windows, but you need to look into alternatives if you use a 64 bit build.

avast!’s virus scanner uses a self-issued trusted root certificate

tl;dr – avast’s web shield functionality appears to insert itself into SSL connections using a self signed trusted root certificate and a simple kind of man-in-the middle “attack” on SSL. I would recommend you turn off web shield’s https scanning or choose another virus scanner.

I read about this on a blog post that was linked from Hacker News where someone claimed that Avast’s virus scanner for Mac OS inserts itself into SSL-encrypted connections using a self-signed certificate. A quick check on a Windows machine in my household confirmed that this was also true for Windows:

Google Maps showing the Avast! certificate
Google Maps showing the Avast! certificate

I case you’re not that familiar with what the connection information is supposed to show you, you can be pretty sure that Google doesn’t have their identity verified by avast!.

As I was preparing the images for the blog post, I noticed the same behaviour on Outlook.com. Have a look at the “Issued by:” entry for the certificate information and also the encryption information in the URL box:

outlook-avast

Now compare the identity information for the “clean” connection with avast! web shield disabled to the information that was showing up in my first example showing Google Maps. This is what a real certificate is supposed to look like:

outlook-clean-1

outlook-clean-2

 

Did you notice the inscription “Microsoft Corporation [US]” next to the padlock symbol that indicates you’re on an encrypted connection? That shows Microsoft is using an EV (Extended Validation) certificate for this particular site. EV certificates are backed by a much more thorough identity verification process, not to mention that they’re considerably more expensive than a normal certificate. EV certificates are intended to give the user additional confirmation that you’re indeed talking to who you think you’re talking to and not Joe’s Phishing & Hijacking service. With avast!’s inserted security certificate, you lose this additional protection. Oh, and for additional comedy value – avast! themselves use an EV certificate on their own website. Which is commendable, only that you don’t necessarily see it if you use the software you downloaded from that website.

Now, is this a big security crisis and we all need to break out our tinfoil hats? I seriously doubt that. In fact, I believe avast! is acting in good faith with their web shield – after all, if you want to protect your users from malware downloaded over an encrypted connection to a dodgy site, the only way to do this in real-time is basically to insert yourself into the connection in the first place.

However, I personally am a bit concerned that Avast! installs a Trusted Root certificate into the Windows certificate store:

avast-certmgr

Call it “echos of SuperFish” (see Lenovo’s security advisory here, Google for the tons of spilled electrons on the Internet), but that makes me uncomfortable, especially if the machine you find it on a machine that you use for online banking.

For my part, I’ve turned the web shield https scanning functionality off for now and will probably spend some more time on this sunny afternoon researching alternative virus scanners.

Improved syntax highlighting with org2blog and custom CSS

As mentioned in an earlier post, I changed my blogging workflow to org2blog for writing and editing posts in Emacs and only push them up to my WordPress blog when the posts are almost done. I still do the final editing in WordPress so I can tweak the SEO settings and all that, but the majority of the work happens in org-mode now.

One area that really needed improving was the appearance of the source code that I put in posts. Before I started using org-mode for blogging I edited the code in Emacs, ran it through htmlize and pasted it into my blog post.. That way the Emacs theme I’m using also determined what the generated HTML looked like and it allowed me to control the code’s appearance to a certain extent. Once I moved to org-mode, I just got a generic htmlize output.

In order to improve the appearance output, I switched from the inline styled export to CSS-based export. That way, I can tweak the CSS for the basic syntax highlighting, pick appropriate background colours and all that fun stuff.

First, prepare WordPress for additional custom CSS

The web is full of warnings that you shouldn’t edit your installed WordPress theme so you don’t lose all your customisations the next time the theme is updated. The usual recommendation is to create a child theme instead. This does exactly what I needed to, but felt awfully heavyweight for the comparatively simple task at hand. All I wanted was jam some additional CSS onto a page and be done with it.

I’m using Jetpack on my self-hosted WordPress install for certain additional features that you’d normally only get when hosting a blog on WordPress.com. Jetpack has a neat feature called “Custom CSS” that allows you to add additional CSS to your existing theme’s stylesheets. In other words, it allows you to provide exactly the kind of customisation I need to tweak the source code highlighting. If you haven’t activated the Custom CSS feature yet, go to your Jetpack settings and activate it.

Adding org-mode’s code export CSS

This is a relatively simple operation. First, you need to tell org-mode to export the source code formatting information using css and not the more usual inline style. This is easily done by adding the following setting to your .emacs and re-evaluate that particular piece of code:

(setq org-export-htmlize-output-type 'css)

Once that’s done, the easiest way to get the parts of the CSS that are relevant to source code formatting is to create an org file, stick a #+BEGIN_SRC/#+END_SRC block in there and export that to HTML. You can then pull the relevant parts of CSS out of the resulting HTML buffer and put it into the custom CSS settings provided by Jetpack.

In my case, the relevant CSS looks like this:

pre {
  border: 1px solid #ccc;
  box-shadow: 3px 3px 3px #eee;
  padding: 8pt;
  font-family: monospace;
  overflow: auto;
  margin: 1.2em;
  -moz-border-radius: 5px;
  border-radius: 5px;
}
pre.src {
  position: relative;
  overflow: visible;
  padding-top: 1.2em;
  background-color: DarkSlateGrey;
  color: WhiteSmoke;    
}
pre.src:before {
  display: none;
  position: absolute;
  background-color: white;
  top: -10px;
  right: 10px;
  padding: 3px;
  border: 1px solid black;
}
pre.src:hover:before { display: inline;}
pre.src-sh:before    { content: 'sh'; }
pre.src-bash:before  { content: 'sh'; }
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
pre.src-R:before     { content: 'R'; }
pre.src-perl:before  { content: 'Perl'; }
pre.src-java:before  { content: 'Java'; }
pre.src-sql:before   { content: 'SQL'; }
pre.src-clojure:before { content: 'Clojure'; }

Copy your customized CSS into Jetpack’s “Custom CSS” edit control, save your changes and you’re done. The next time you publish a post from org-mode using org2blog, it’ll automatically apply the above CSS to all your code blocks that were marked as such.

Installing Google Chrome on Ubuntu 15.04

Yes, I know Ubuntu and Xubuntu already come with Chromium in their official package repositories, but sometimes it does help to have the official/commercial version installed in addition to the Open Source one. I actually both installed right now, plus Firefox and Vivaldi. You could almost think I’m some sort of web developer or something.

The Google Chrome installation instructions for 14.04 on Ubuntu Portal also work fine for 15.04 with one wrinkle. If you use the installation via PPA method, you need to run the following command to actually install the stable version of Chrome:

sudo apt-get install google-chrome-stable

The page above lists the command as sudo apt-get install google-chrome but that doesn’t work for me on 15.04.

I would recommend installing Chrome via PPA as that will integrate into the automatic update process. One less thing to think about when keeping your machine up to date.

Running a single Clojure test using leiningen

I’ve recently been working in Clojure on some code that really benefits from parallelization but doesn’t need to squeeze the last available cycle out of the machine.

Of course, if you’re using Clojure, you’re also using Leiningen as the universal build and configuration system. Accept no substitute. Now if I could only remember the syntax to run a single test when I’m refactoring some code and need to reflect the changes in the test suite via the build system and not just from inside the REPL?

Ah, here it is:

lein test :only TestNS/function

This is of course self-explanatory if one’s brain is running in clojure mode and not only the editor.

GNU Emacs 24.5 on (X)ubuntu 14.10

GNU Emacs 24.5 was released on April 10th. I’m in the process of setting up a dual boot Windows/Linux machine right now as I’m slowly moving away from Mac OS X, mainly because of the cost of the hardware but also because I don’t like it that much as a Unix-y development environment anymore.

Xubuntu 14.10 only comes with Emacs 24.3 and it looks like 15.04 will “only” include 24.4 so now is a good time as any to manually install 24.5. Please note this is not a complaint about Ubuntu and its many contributors. They do a great job, I’d rather have a stable system comprised of well-tested packages and install the exciting, cutting edge stuff manually.

A manual “out of the box” install is actually pretty easy. I followed the instructions for installing 24.4 on UbuntuHandbook, substituting 24.5 where appropriate. I also installed Emacs in a user-local directory tree as I really don’t like mixing system-wide tools that have been installed by the package manager and manually installed packages in the same directory tree. Yes, I’m weird like this.

All in all the install was completely hassle free and allows me to send a test blog post from Emacs 24.5 on my new Xubuntu box to the blog using org2blog as usual.

Update: The instructions linked to above also work for Ubuntu 15.04 – you have to rebuild your Emacs 24.5 for 15.04 as some of the dependencies have changed.

CD of the Symantec C++ Windows + DOS development environment back from 1993

Symantec sold a C++ compiler?

Stuff you find that shows you’ve been around this programming business for a while:

CD of the Symantec C++ Windows + DOS development environment back from 1993
Original copy of Symantec C++ (née Zortech C++) 6.1

Most people these days are surprised that Symantec actually sold a C++ compiler at some point. I used this particular copy in my first, not very successful business venture – I started out using Walter Bright’s Zortech C++ compiler which eventually morphed into Symantec C++.

At the time, I preferred this compiler to Microsoft’s C++ compiler – it was a much faster compiler and while the generated code wasn’t quite as fast as the Microsoft compiler’s one (and the code produced by that one was beaten hands down by the Watcom C/C++ compiler, which I also used at some point), it was a considerably faster compiler. All of the C++ compilers of that era were, err, slightly quirky and portability of the code between them – if it wasn’t plain C – was still a distant dream.

Symantec C++ was a bit of a niche product and eventually lost the popularity contest to the Microsoft C++/Borland C++ compiler duopoly, with companies like Watcom filling specialist niches.

I even found an old Dr Dobbs’ article by Al Stevens where he’s looking at the above compiler.

Useful regular expressions for searching C++ code with Visual Studio

I’m generally more of a grep person but sometimes it’s easier to just use the built-in search in Visual Studio, especially if you want to be able to restrict the search to parts of your Visual Studio solution. Visual Studio does have pretty powerful search built in if you do use regular expressions instead of the default text matching. Here are a couple of regexes to get you started:

Find all shared_ptr calls that use “new” instead of the recommended make_shared: shared_ptr<.+>(new .+)

Find all empty destructors – very useful if you want to remove them in C++11 code: ~.+s+{s*}