Archive for September, 2008

stumpwm — wow

Thursday, September 18th, 2008

I had a long train ride today, and little battery life left.  So I read the manual for stumpwm and played with it.  Wow.  The real key for me was figuring out how to restore windows to full size after splitting them “C-t Q”.  So here are the commands that I use to navigate stumpwm
“C-t s” splits a window (actually a frame in stumpwm parlance)  vertically — making it half as tall

“C-t S” splits a window horizontally — making it half as wide (horizontal vs vertical splits may be obvious to some people but they always seem to trip me up when I read them).

“C-t f” puts a number in the upper left hand corner of each frame, pressing the number for the frame you want to go to will do that.
“C-t Q” makes a window full-screen
“C-t w” lists the windows — applications running

“C-t #” where # is the window you want to use, brings that window to the top of it’s frame and puts focus there

“C-t C-#” grabs a window from whatever frame it is in, and pulls it into your current frame

getting emacs, a terminal (for emacs to run in), and firefox were all major amounts of damage, that I have sustained for the last month or so.  Firefox was by far the hardest, when I get FF3 setup in x on OS X I will write about the process.

Here were links that helped me  — i’m still digesting this but it seems to be the msot thorough explanation of xmodmap and emacs key oddities that I have seen.

by using xev, I have figured out that I have 9 seperately addressable modifier keys available to me , counter-clockwise (capslock, l-shift,l-ctrl,windows,l-alt,r-alt, windows-context,r-ctrl,r-shift).  freaking sweet

Getting the SVN revision number of a file in python

Thursday, September 11th, 2008

I’m writing out data from python programs and it is important to have an audit trail.  I decided that I would write out the SVN revision number of the code generating the reports, into the reports.

Getting the svn revision number of a file is fairly straight forward in python:

os.popen('svn info %s | grep "Last Changed Rev" ' % fName, "r").readline().replace("Last Changed Rev:","")

that acutally returns a string with the revision number in it.

Thats a bit of code though, and I didn’t want it sprinkled, duplicated, all over my different python files

so I put it in my util library

in python, grabbing the name of the file you are working from is fairly straightforward:


however, since I was writing this in my utility library, I didn’t care about that file’s name, I wanted the name of the calling file.

I figured that out

fName = sys._getframe(1).f_code.co_filename

this gets the name of the file 1 call up the call stack

combining these I ended up with

def getSvnVersionOfFile(fName = sys._getframe(1).f_code.co_filename):
return os.popen('svn info %s | grep "Last Changed Rev" ' % Name, "r").readline().replace("Last Changed Rev:","")

Security Anomally in CoreGraphics Event Taps

Thursday, September 4th, 2008

When I was playing around with changing modifier keys for OS X I stumbled onto some inconsistencies with permission requirements and abilities for two very similar event types.

The code I used here is modified from . You can view the code on github here
There are two programs included in the tar ball.  getKeyPressCode and insertKeyPressOnModifier. They have a very similar structure.  I will start by describing getKeyPressCode

GetKeyPressCode has two functions, main and a call back function.  A call is made to CGEventTapCreate , which passes the myCGEventcallBack function in (I’m hazy on my c code,  it must somehow pass in a pointer), and event mask flags for the type of event, in this case kCGEventKeyDown or kCGEventKeyUp.
The callback in getKeyPressCode displays the keycode for any character you press, in any application on the system. If you press the = key, it replaces that with ‘f’ .
To run getKeyPressCode, you need to be superuser (sudo) or have Assistive devices enabled.  Otherwise the program will fail saying, event tap failed to create.  Also notice that when you go to a  systemwide password box (such as you would be prompted for in keychain) , no keyUp or keyDown events are fired, even though the program was run with superuser privileges.

The second program is insertKeyPressOnModifier.  This program has the same form, the difference is that it catches modifier keys — CGEventFlagsChanged.  This program displays the EventFlags for modifier keys (“CAPSLOCK” , “SHIFT”, “CTRL”, “OPTION”, “OPTION/ALT”, “APPLE”) when a modifier key is pressed.  When any modifier key is pressed, the program inserts an “=” or “+” depending on whether or not shift was pressed.  Again this behaviour takes place in any application on the system.

Now the interesting thing is, you don’t need superuser rights or assistive devices enabled to run insertKeyPressOnModifier.  Even more interesting is, inserKeyPressOnModifier still fires events when you are in a system wide password box, it will also insert ‘=’ characters.  This seems like a potential security hole.

I filed a bug report for this a year ago, apple hasn’t responded or fixed the hole.  This I have observed this behavior on a Mac Book Pro running Tiger and Leopard.  I’m not well versed in C, CoreGraphics, OS X internals, or general security measures like this.  There could be a very good explanation for the behavior, to me though, it seems like an inconsistency that could be a hole.  I haven’t seen the password box behavior mentioned anywhere else.

You can look at the header file for CGEvent on your mac here