Password DNA

Unix-ninja has an excellent analysis of a large database of passwords and other information with over 18.2 million records. The file is unique because the site used home-grown crypto to encrypt the passwords and it was easily reversed. That means that this is a complete set of passwords not just the ones easy enough to be recovered. For example, if someone were using a password manager that generated long random passwords and had a password of kj#AXP39kjl#&!VV<>xzpln;:}NsdT, that password would almost certainly not be recovered by conventional password cracking. But because the weak crypto made it possible to decrypt the entire file, all passwords, including the strong ones, are available for analysis.

Although unix-ninja doesn't say where the data came from, it appears to be from something like a dating site because it contains fairly comprehensive information (things like body type) about the users. That allows him to study how, for example, the password security of people with athletic body builds compares with other cohorts.

A lot of his results are depressingly predictable. The passwords 123456 and password are favorites as always. One interesting and unexpected—at least to me—result is that while 2.9% of the passwords had at least one symbol, only 0.6% had an upper case letter. There are other interesting patterns too. It's definitely worth a read if you care about password security. Of course, as usual, the best advice is to use a password manager and generate long random passwords with characters drawn from lower and upper case letters, symbols, and numbers.

Finally, if you're interested in the details, a lightly sanitized list of the passwords and a 27 page technical appendix of the results (many not in the post) are available for download.

Posted in General | Tagged | Leave a comment

Tutorial Update

Rainer König has another week's worth of tutorials up in his excellent series of videos on Org-mode. He's trying to do one every workday so there's a lot a really great material available.

Mike Zamansky has added another video to his Emacs tutorial series. This one's on using avy for navigation.

These are both really great series and I encourage you to watch them all.

Posted in General | Tagged , | Leave a comment

Blowing Up Academic Publishing

Jason Shen has a very interesting post on how Sci-Hub is blowing up academic publishing. For those who don't know, Sci-Hub is a site that offers free access to over 51,000,000 scientific journal articles. These papers are collected when a user with access to a journal's collection—usually through a university library—downloads the paper from the publisher and subsequently uploads it to Sci-Hub.

I'm a bit conflicted about this. On the one hand, it's easy to characterize what's going on as stealing. The publishers are in the business of publishing these articles in their journals and selling subscriptions to university libraries and others who can afford the hefty1 subscription price. The problem is that individual researchers write the articles, other academics review them, and still others serve as journal editors. None of these people are paid for their efforts. The publishers might do some minor tweaking of the papers' \LaTeX, print them in the journals, and essentially sell the academics' work back to them.

Alexandra Elbakyan, a neurotechnology researcher from Kazakhstan, founded Sci-Hub to deal with one of the externalities of this process. Researchers from poor areas or those unaffiliated with a university must pay fees of about $30 per paper to get access to the research. Sci-Hub seeks to remedy this by making the papers available to anyone for free. It's easy to see Sci-Hub as a moral and legitimate reaction to an intolerable situation.

I can see both these points of view, hence the confliction. Meanwhile, academics—especially in Mathematics—have mounted their own gorilla action against the publishers by refusing to submit their papers to or referee for the worst abusers. It's easy to be on the side of the academics who are boycotting Elsevier but some—especially the publishers who are, of course, suing—have problems with Sci-Hub. What do you think?

Footnotes:

1

The University of California spends about $8.7M per year on subscriptions from Elsevier alone.

Posted in General | Tagged | Leave a comment

Vi and Emacs Without the Religion

Chris Patti over at Blind Not Dumb has gathered his courage and written a piece on vi versus Emacs. He approaches the subject, as the title suggests, without the usual religious fervor.

His take, which is hard to argue with, is that the best editor depends on what you are trying to do. If you want to edit text as quickly and efficiently as possible then vi/Vim is probably the editor for you. Be aware, though, that Vim is an editor not an IDE. Patti says that efforts to bolt on IDE-like features rarely end well. Either the extension doesn't work well or it destabilizes Vim.

Emacs, on the other hand, is more of a programming environment that is highly optimized for dealing with text. That means that you can not only edit but do other other—usually but not always—text oriented tasks in the same environment. That gives rise to the familiar—to Emacsers—tendency to move everything possible inside Emacs.

The other advantage of Emacs is that you can customize it to operate in almost any conceivable way. Vim, of course, is also customizable but not nearly to the same extent.

Patti's post is a balanced recounting of the benefits of each editor and may help n00bs trying to decide which one to use to pick the editor best suited for them. I'd bet that almost every Emacs/vi user knows and have used both. Many people start with one and switch to the other for some reason. From my point of view, I love using Emacs because I have adjusted it to enable a nearly frictionless workflow. Still, there are times when only vi/Vim is available so I'm glad to know both.

Posted in General | Tagged , | Leave a comment

Literate Programming with Org Mode

Frédérick Giasson, whom I've mentioned before, has a nice post on setting up Org mode for literate programming. Giasson's post is mostly concerned with using literate programming to write Clojure but almost all of his setup is usable for other languages.

It's a testament to the power of Org mode that very little has to be changed from the default settings to have a first class environment. Most of the significant changes that Giasson made involved setting up the environment for Clojure.

One non-trivial change he made for Org was to tangle the code automatically when the file is saved. That keeps the code file up-to-date with the Org source file. To make sure his buffers stay up to date, he calls global-auto-revert-mode so that when the code file is updated, any open buffers for the file are reloaded.

If you're interested in trying out literate programming in an easy way, give Giasson's post a read to see how little effort is required.

Posted in General | Tagged , | 1 Comment

Swiper

For some reason I had it in my mind that swiper depended on Lispy, or Spacemacs, or some other Vim-derived Emacs mode so I never really looked at it. Then I read Mike Zamansky's post on swiper and had my eyes were opened. At a minimum, swiper is a much improved replacement for Emacs's incremental search. You can take a look at Zamansky's post to see how it improves on the default incremental search behavior1, but the TL;DR is that you get a sort of simplified regex search with all the candidates shown in the minibuffer. You can navigate this list with the usual 【Ctrl+n】 and 【Ctrl+p】 and then select the match you want.

It turns out, though, that once you have the underlying ivy mode installed everything gets better. You can get rid of ido-mode and smex and let ivy take care of the things they do. All the things you loved about ido-mode are done better with ivy. There's a very nice manual to explains everything ivy2 can do

Watch Zamansky's video on swiper—and the rest of his videos if you haven't already—to see why this is a worthwhile upgrade. I'm still cautiously feeling my way with swiper and have started small. Here's my current configuration:

(use-package swiper
  :ensure t
  :config
  (ivy-mode 1)
  (setq ivy-use-virtual-buffers t)
  (global-set-key "\C-s" 'swiper)
  (global-set-key (kbd "C-c C-r") 'ivy-resume)
  (global-set-key (kbd "M-x") 'counsel-M-x)
  (global-set-key (kbd "C-x C-f") 'counsel-find-file))

As you can see, I'm using it for find-file and execute-extended-command as well as isearch. Again, I'm starting cautiously but so far I think it's a definite win.

Footnotes:

1

One small annoyance is that there's a slight delay (a small fraction of a second) before the point moves to place selected. That may because the screen isn't scrolled until you choose a match.

2

Ivy is the library that does much of the heavy lifting for swiper.

Posted in General | Tagged | 3 Comments

Repeat Last Complex Command

Xah Lee has a very useful post on the repeat complex command command. A complex command is one that uses the minibuffer. That's different from the repeat command that is usually bound to 【Ctrl+x z】.

What happens is that the Elisp for the command is placed in the minibuffer and you can edit it before repeating the command. That's nice if, say, you made a mistake on a regexp and want to fix it and retry the command. Oddly, I knew about only the repeat command but not the repeat-complex-command version so I'm was glad to see Lee's post. Take a look at his post for the details.

The repeat-complex-command command is bound to a terrible key sequence so if you find yourself using it a lot you'll probably want to rebind it to something convenient.

Posted in General | Tagged | 3 Comments

Stop Rule 41

The changes to Rule 41 approved by the US Supreme Court are the latest example of dangerous overreach on the part of law enforcement. If you don't think the FBI should be allowed to break into your computer with only the flimsiest of safeguards, you should oppose these changes. At this point, only congress can block the changes from going into effect.

Click on the image to see what you can do

rule-41-banner4.png

Posted in General | Tagged | Leave a comment

Using Org Tables in Source Blocks

Andreas Gerler has a nice post that shows how to access individual table columns in a source block. If you don't do this sort of thing frequently, it's easy to forget the details. If you occasionally need this capability or think you might, bookmark this post so you have an easy way to reacquaint yourself with the procedure.

I haven't written about using Org source blocks for a long time but they are tremendously powerful. If, for example, you're writing up a lab report for a class, this is a wonderful way to put your data and exact calculations in the same file and then export the parts you want to turn in to a nicely formatted PDF file.

Does that sound familiar? It should. It's just reproducible research writ small. If you're out of school and producing reports or writing up results, the process is just as useful. I use this type of thing all the time in my day to day work and consider it one of the great things about Org mode and Emacs. If you want to see an another example of this sort of thing, I wrote about it here.

Posted in General | Tagged , | 1 Comment

Emacs Videos for N00bs

In yesterday's post I wrote about Rainer König's introductory videos on Org mode. Today, I want to continue that theme with a set of introductory videos for Emacs itself.

Mike Zamansky over at C'est la Z is producing a series of Emacs videos for n00bs. As of this writing Zamansky has 5 videos but he has others in the pipeline. Like König's Org tutorials, they are mostly less than 10 minutes each so they are easy to watch. If you start with Video 11, the videos will play in sequence automatically but it's worthwhile clicking on each video section because that will take you to a page with the video, associated notes, and code mentioned in the video.

So far, he has covered

  • Setting up the package manager
  • Intro to Org Mode
  • How to think about Emacs
  • Buffers
  • Windows

and is promising a video on effective navigation next.

Zamansky approaches the subject on how he uses Emacs so he introduces packages that he's found useful as he goes along. At each step he adds the package and it's configuration to his init.el file so you can see how to set it up. That code is also in the individual Video pages so you don't have to worry about writing it down.

It's an enjoyable series and should be especially useful for those just learning Emacs. Recommended.

Footnotes:

1

The video in the Introduction section is by someone else and not part of the series.

Posted in General | Tagged | 1 Comment