Internal Irreal Links with Emacs

Posted on 2012-09-17 by jcs

I try to keep a couple of posts in reserve for those days when nothing strikes me as worth writing about. Other times, I may write a series of posts on a related topic and not post them until the entire series is done. Whenever possible, I like to provide internal links to previous posts to provide readers with context. For example, in a series the subsequent posts might have links to the previous posts in the series.

The problem is that those earlier posts haven’t been published yet so there’s nothing to link to. Fortunately, org2blog inserts the page ID of the post into the org file when it get’s pushed to WordPress so I can push the posts to WordPress as drafts and then publish them later. That means that the org file has the page ID of the post so that I can link to it even though it hasn’t been published yet. Of course, the post containing the link has to be published after the linked post.

As I’ve mentioned before, org links have the form

[[url][label]]

so knowing the url, which for Irreal posts is http://irreal.org/blog/?p=ID where ID is the page ID, makes it possible to add links to not yet published posts.

Naturally, I’m much to lazy too do that by hand so I whipped up a bit of Elisp to do it for me:

(defun irreal-post (label id)
  "Make a link to an Irreal post given its ID number and a label."
  (interactive "sLabel: \nsID: ")
  (insert (concat "[[http://irreal.org/blog/?p=" id "][" label "]]")))

Now I just call irreal-post, fill in the label and post ID and the link is inserted. As with most of these little helper functions, it’s not a big thing but it does make my life a little easier.

Posted in Programming | Tagged , | 1 Comment

Some Good News From PHP

Posted on 2012-09-16 by jcs

Here’s some encouraging news on the security front. As regular readers know, I’ve written several times about how to safely hash passwords and complained about sites that don’t do it correctly. Now PHP 5.5 has a function that does the right thing automatically. Just make the call

$hash = password_hash($password, PASSWORD_DEFAULT);

and you get a properly salted password hash processed by bcrypt. The default algorithm of bcrypt can be overridden as can the amount of work required to hash the password.

PHP programmers no longer have an excuse for not doing the right thing. No special knowledge or crypto expertise is needed. Simply use the provided API and get safe password storage. Let’s hope a facility such as this comes to other programming environments.

Posted in Programming | Tagged | Leave a comment

A Simple Common Lisp REPL

Posted on 2012-09-15 by jcs

I love this simple Common Lisp REPL by Stas Boukarev over at Zach Beane’s Common Lisp Tips. In just 5 lines of code you get a complete REPL that even handles *, **, and ***.

In the comments, Brit Butler adds two more lines that makes it display the current package as well. Good stuff.

I’ve mentioned Common Lisp Tips many times before and can’t recommend it enough. Xach always has something useful to say and, most often, something I didn’t know. If you’re a Lisper, you really should subscribe.

Posted in Programming | Tagged | Leave a comment

A Nice Elisp Tutorial

Posted on 2012-09-14 by jcs

Christian Johansen has posted a nice introduction to Elisp. He had a particular problem he wanted to solve with Emacs and the tutorial is about how he went about learning enough Elisp to program a solution.

The tutorial is focused on that particular problem but is nevertheless an excellent introduction to Elisp programming. It’s perfect for the programmer who wants to learn some Elisp but has no Lisp experience. If you’re a lisp neophyte wanting to try out some Emacs Lisp, this tutorial may be just what you need.

Posted in Programming | Tagged , | Leave a comment

Common Lisp Tip Tweets Redux

Posted on 2012-09-13 by jcs

I’ve mentioned Jean-Philippe Paradis’ Common Lisp Tip Tweets before. He’s reorganized the site a bit and categorized the tweets so that it’s easier to find what you’re looking for. If you don’t follow him on Twitter, it’s worth stopping by his site every once in a while to check out the new tips.

My favorite new tip since my last visit:

CL tip: Indentation-saving trick:
 (multiple-value-bind (a1 a2 b c1 c2 c3)
   (multiple-value-call #'values (values 1 2) 3 (values 4 5 6))
  ...)
Posted in Programming | Tagged | 2 Comments

A Silly But Beautiful Quicksort

Posted on 2012-09-12 by jcs

Steven Goss over at the zero bit stream has another great Common Lisp post. His idea is to compare a minimal Haskell Quicksort routine to the same function written in Common Lisp. A case can be made that the result is not really Quicksort in either language because of the performance profile but they do follow the Quicksort algorithm and are interesting even if they aren’t useful as production code.

Goss’s final result makes use of a list comprehension macro that is interesting in its own right but the first attempt is also nice. Here’s Goss’s code for the first attempt:

(defun quicksort (list)
  (when list
    (destructuring-bind (p . xs) list
      (let ((lesser (remove-if-not (lambda (x) (< x p)) xs))
            (greater (remove-if-not (lambda (x) (>= x p)) xs)))
        (append (quicksort lesser) (list p) (quicksort greater))))))

Notice how it makes the structure of the Quicksort algorithm explicit. Of course it doesn’t choose the pivot in an intelligent way—which can result in n2 behavior—and all those remove-if-not and appends are each tacking on O(n) penalties but you still have to love the beauty and brevity of the code.

Quicksort, like any other industrial strength algorithm, is hard to get right. As I mentioned in my post on Jon Bentley, perfecting the Quicksort algorithm is definitely not trivial. This implementation doesn’t come close but it is useful because it makes the structure of Quicksort clear and because it shows how Common Lisp can express algorithms in a beautiful way.

Posted in Programming | Tagged | Leave a comment

Turning URLs into Org Links

Posted on 2012-09-11 by jcs

Often times when doing research for a blog post I will collect a series of URLs that I could potentially use as a link in the post. Nothing new or exciting there; almost every blogger doubtlessly does the same thing.

There’s a minor annoyance though. I use Org mode to write my blog posts and while I’m still in the research phase it’s too early to turn a URL into an Org link. After all, I don’t yet know where the link will end up in the post or what the anchor text associated with it will be. Therefore when I’m actually writing the post I have to either edit the link by hand or snarf & barf the URL into Org mode’s link generation machinery.

To make the process a little easier, I wrote the following bit of Elisp. Putting the cursor on a URL and calling org-linkify will prompt for the anchor text and turn the URL into an Org link.

(defun org-linkify (label)
  "Turn a URL into an org-mode link."
  (interactive "sLabel: ")
  (let ((url (thing-at-point 'url))
        (bnds (bounds-of-thing-at-point 'url)))
    (delete-region (car bnds) (cdr bnds))
    (insert (concat "[[" url "][" label "]]"))))

With this code I can collect URLs in the Org mode file associated with the post and then either delete them or turn them into links as I write. I still have to move the URL to the proper place in the text of the post, of course, but org-linkify makes the rest of the process a bit easier.

Update: Daniel points out in the comments that Org mode already handles this use case with the normal link machinery.

Posted in Programming | Tagged | 5 Comments

Password Cracking

Posted on 2012-09-10 by jcs

There’s a great article over at Ars Technica about password cracking and how easy it’s become. The ease with which passwords can be cracked are the result of two things:

  1. Improved hardware using GPU processors, and
  2. Huge lists of real world passwords that provide guesses and reveal the patterns that users favor when choosing passwords.

Consider the Project Erebus v2.5 computer used to win this year’s Crack Me If You Can contest. It has 8 AMD Radeon HD7970 GPU cards, costs just $12,000, and can brute force the entire 8 character (lower case, upper case, symbols, numbers) NTLM keyspace in just 12 hours. Think about that. If you have a password protecting something important and it’s less than 8 characters, you might as well not bother.

The other thing affecting cracking efficiency is the recent release of millions of real word passwords gathered from the exploits of Gawker, Sony, LinkedIn, and others. This helps in two ways. First, it provides a dictionary of potential passwords to try. Second, it gives insight into how users choose their passwords. It turns out that there are some very common patterns in use and knowing these patterns makes it easy to automate the generation of trial passwords using those patterns.

Be sure to follow the link and read the Ars Technica article. It’s a bit long but there’s a lot of really good information in it. The conclusion that the article reaches is that you can still have a secure password if

  1. you use a password manager such as 1Password or PasswordSafe to generate long random passwords, and
  2. you never reuse passwords across multiple sites. Password managers make this easy so it’s yet another reason to use one.

If you have any on-line presence at all, you really need to read this article. It will scare you into password sanity.

Posted in General | Tagged | 2 Comments

Daniel Weinreb

Posted on 2012-09-09 by jcs

As most of you have heard by now, Daniel Weinreb, one of the Lispers’ Tribal Elders and user/beta tester of the original Emacs, died on September 7. The Boston Globe and Xconomy have obituaries but surprisingly Weinreb had some interaction with Xah Lee who has a very nice reminiscence of those interactions (including thoughts on Emacs, old and new) and provides links to some of Weinreb’s interesting writings.

The links and recollections provide a sort of short summary of Weinreb’s professional life and are well worth a read. Like Lee, I’m sad at his passing.

Posted in General | Tagged , | Leave a comment

Cracking WiFi Passwords

Posted on 2012-09-08 by jcs

Dan Goodin over at Ars Technica has an interesting and scary article about cracking his neighbors’ WiFi network passwords. Sadly, this turns out to be a lot easier than it should be. The general process is

  • Capture the authentication handshake between the WiFi access point and a client. An attacker can force this handshake by sending a deauth frame.
  • Upload the captured handshake to a service such as CrowdCracker, pay a nominal fee, and receive the cracked password in return.

All of this is pretty discouraging. What can you do to make your network secure? The answer, as it often is, is to choose sensible passwords. CrowdCracker and similar services work by trying an extensive dictionary of possible passwords against the captured authentication handshake. If you choose a well-known or even an obscure but known password, the attacker will have your password in a matter of minutes (see the article for details).

Goodin’s recommendation is one we’ve discussed many times at Irreal: choose a password of several words such as those generated by Diceware as I discussed here, here, here, and here. A password such as “quartz apple some perfume bring token” will not appear in any password dictionary, is relatively easy to remember, and has enough entropy to be effectively unbreakable. The links above show two computer programs to generate passwords such as this but all you really need is one or more dice as explained on the Diceware Site.

The other possibility is to use a password manager, such as 1password, that allows you to generate passwords that are too long and random to remember. Again, these will not appear in any dictionary so the attacker’s only recourse is brute force. With sufficiently long passwords this will, as a practical matter, be impossible.

Password security is under attack as never before so it’s more important than ever to Choose a strong, long, random password and never reuse it.

Posted in General | Tagged | Leave a comment