Some TeX Developments

Security in computer programs is always an issue, with the balance between ease of use and security never being a simple black and white line. There’s a very interesting paper, being presented at an upcoming conference, about TeX security issues. This is particularly significant to MiKTeX users, as it’s led to a change in how MiKTeX implements certain features.

One of the well-known security questions with TeX is whether to enable \write18, and as a result this is off by default in TeX Live and MiKTeX. Another area that is of obvious concern is the \openout primitive, which allows writing a new file and could therefore be used for undesirable purposes. Of course, this functionality is also important: writing to files is how LaTeX manages a whole range of automated cross-referencing. So there is a balance to be struck: we need \openout, but not at any cost.

The TeX Live team have taken the attitude that \openout should be able to write within the current directory structure but not outside of it. This can be seen with a couple of very similar plain TeX test files. If you try

\newwrite\mywrite
\immediate\openout\mywrite test/test.xxx
\bye

then everything will be fine and the test file will be created. On the other hand

\newwrite\mywrite
\immediate\openout\mywrite ../test.xxx
\bye

will raise an error. The behaviour with MiKTeX was to allow both (and also absolute paths, etc.). That has now been altered, so that MiKTeX behaves in the same way as TeX Live (at least, that’s what it looks like in my tests).

Reading the MiKTeX lists, the new behaviour is causing issues because LaTeX’s \include relies on \openout. Quite a lot of MiKTeX users have been doing things like:

\include{C:/Users/<user>/My Documents/Chapters/chapter1.tex}

or

\include{../Chapters/chapter1.tex}

which used to work and now does not. There is a setting which enables the old behaviour, but it’s not really to be recommended, I think. So users will have to rearrange their input a bit to reflect the new more secure approach.

There are some other interesting points in the paper on TeX security. One is that making a truly secure LaTeX implementation (to use as a web service) is basically impossible. The MathTran site gets mentioned as the most secure TeX web service: it uses a specially hardened version of plain TeX, with no access to things like \csname, \catcode and so on to make it secure. For LaTeX, that is probably not possible (at least with LaTeX2e). Worth reading, but for those of us who just use TeX on our own computers not quite so immediately relevant.

I’ve been able to meet up with a few ‘TeX people’ over the past few months, as we’ve ended up in the same places and I’ve been able to put a face to an e-mail address. It’s always interesting to meet other TeX users, and to talk not only about TeX but also about other things! I’m sure I’m not the only person who find this, so if anyone fancies talking about typesetting over a cup of coffee, do drop me a line. It might be nice to arrange some kind of informal get together (I know these are popular in some countries), if there is any interest.

I’ve just reinstalled my Strawberry Perl system on Windows, and so had the opportunity to try a clean build of biblatex-biber. I’ve posted before about building this on various platforms, and it now is almost asstraight-forward on Windows as on Linux.

As before, I’ll assume you’ve grabbed the source code, unzipped it and have a Command Prompt running as the Administrator, in the directory where biblatex-biber is unzipped. First, you need to install one support Perl module using

cpan Config::AutoConf

You can then do

perl Build.PL
build installdeps
build
build test
build install

That’s it! I’m not quite sure why you have to install Config::AutoConf ‘by hand’, but if you don’t then Text::BibTeX still fails to work. However, that is almost as easy as on Linux or MacOS 10.6, so everyone should be able to use biblatex-biber now.

The list of TeX Frequently Asked Question is one of the most useful online resources for TeX users. Since the list was first published some years ago by UK-TUG it’s grown to include over 400 questions and answers. Most of the work has been done by one person, Robin Fairbairns. Robin’s contributions to the TeX community, both in maintaining the FAQ and running one of the three core CTAN nodes, are really vital to all TeX users.

At the moment, there’s a thread on comp.text.tex where the subject of adding new information to the FAQ has been mentioned. Getting new material (for the FAQ or anything else) is always a problem, and so most of the text in teh FAQ is written by Robin. That’s a lot to do for one busy person, and we all need to play our part. The question is hoe to do that. The advantage of having one person writing everything is that the quality is good, and there is care taken to keep material up to date. So if you spot a gap, your best sending some (good) text as detailed in the FAQ itself. One suggestion that’s come up is setting up a wiki, with the idea being that contributions there can then be used as ‘source’ for adding to the FAQ. Time will tell if this comes to pass: it might be interesting, but I suspect the same people will still be doing the writing!

WinEdt is a popular (La)TeX editor on Windows. A new major release, version 6, has just appeared on the WinEdt homepage. The interface has received a lot of attention, with new icons and menu arrangements. One thing that a lot of people have been hoping for is UTF-8 support, but the release notes say

Avoid sending major feature requests: they will have to wait for version 6.1 (unicode, folding and all)!

So for the moment people who need UTF-8 will have to look elsewhere. Another point to note for users of version 5.5 is that this is not a free upgrade (WinEdt is shareware).

A while ago I talked about the variation between different chemistry publishers in their LaTeX support. Looking for something on the Royal Society of Chemistry site today I find that the people at Physical Chemistry Chemical Physics have created an updated template for TeX users. I’d say that is good news: remember of course that the journals are not typeset from the TeX source.

In my post box a few days ago was the proceedings of the EuroTeX 2009 conference (TUGBoat 30:3, which I get as a joint member of TUG and UK-TUG). Quite a few of the articles are about ConTeXt, not surprising as the 3rd ConTeXt meeting took place in parallel to EuroTeX. The highlights will be different for everyone, of course. I’ll pick out a few articles that caught my attention (and perhaps add a few more in a later post):

• Siep Kroonenberg wrote about maintaining a (Windows) network installation of TeX Live. While not a step by step guide, I found this a useful insight into getting started on providing multi-user access to TeX.
• Péter Szabó looked at optimising PDF size, both using pdfTeX and with post-production tools. This has come up recently on the TeX Live mailing list, so it was interesting to see more detail about the concepts involved.
• Taco Hoekwater explained how the development work on LuaTeX has finally removed all of the Pascal code from the sources, and why this was a ‘Good Thing’. An interesting insight into work at the engine level.
• In the ‘Abstracts Only’ section I was particularly interested in one about PPCHTeX by Hans Hagen. PPCHTeX is an approach to typesetting chemical structures in TeX, and is therefore of more than passing interest to me in my day job.

I note for my diary that EuroTeX 2010 is scheduled for the 25th to the 29th of August 2010 in Pisa. I’ll see how my diary works out: perhaps I’ll make this one!

I’ve just sent a draft to TUGBoat for an article about pgfplots. As many readers will know, pgfplots is built on pgf/Tikz, which means that it can be used for both DVI and PDF output, and with plain TeX, LaTeX and ConTeXt. In my draft, I’ve used some real life plots (from a couple of recent publications in the research group I work in). The draft will probably change a bit, but for a preview take a look a the the PDF.

I was looking something up today, and quite by accident found that Safari Books Online has both the Guide to LaTeX and The LaTeX Companion available. Unfortunately, the subscription costs mean that for individuals the price is far too high, compared to buying the printed versions. However, I also found that my employers (UEA) have paid for access to a range of books via the service. So if you are in a university it might be worth seeing if you can get the books as part of your institution’s more general access policies.

I get quite a few e-mails asking for help with my packages, and also spot a few questions in various public places (comp.text.tex and The LaTeX Community, mainly). I’m always happy to help where I can, and it always makes my life a bit easier if the question arrives with all the information to start with.

One of the things that get repeated by almost everyone trying to help out users is the need for a minimal example. For LaTeX, that typically looks something like:

\documentclass{article} % Or perhaps memoir, beamer, ...
\usepackage{...}
\begin{document}
Example here
\end{document}

ConTeXt examples are not dissimilar, while plain TeX ones need very little at all (but I get very few of these). It’s much faster to supply everything to start with than to send a snippet with key details left out. It’s surprising how many things people simply assume are obvious, when they are not (“Surely everyone uses package wibble”).

Another useful thing to do in advance of sending a query is to send a log file. Again, LaTeX users are normally best advised to include \listfiles in their input, so the kernel makes a neat listing of everything in use (hopefully including the versions).

Often, I get description of either how things should look or why they are wrong, rather than an actual example. If at all possible, a “reference rendering” is much easier to follow. That can be something done in a drawing programme, using some alternative (but awkward) TeX code, or a screenshot of something. Describing things in words (especially if the questioner is not a native English speaker) can be a recipe for a long and painful process.

For questions posted in public, it’s always best to drop me a line so I spot it: I do my best but sometimes I miss things. For places such as comp.text.tex, that can simply be a CC on the posting, or for forums a quick note that says

Hello,

I posted a question about your <whatever> package:

http://some-url-here/

Please take a look.

will make sure that the issue gets me interest.

On the other hand, questions direct to me obviously get straight to the point but miss out on the public record part of a posting to Usenet. The same issues do tend to pop up more than once! Sometimes there is good reason for avoiding public postings: I get questions including unpublished material about achemso, for example. So I’d encourage anyone with an issue they think is general (such as a bug in one of my releases) to post something in public if possible. I always try to follow up postings as well as e-mailing people directly as well.

As I say, I’m always happy to try to help. I hope that most of the time I succeed.