Stop!

Posted on 2012-10-03 by jcs

Please. Stop. This. I’ve asked, nicely, previously. Now I’m getting annoyed. I’ve said it before: If you want Python, you know where to get it.

Posted in General | Tagged , | 6 Comments

An Analysis of PIN Numbers

Posted on 2012-10-02 by jcs

Over at Data Genetics there’s a great analysis of PIN numbers. By aggregating data from several breaches Nick Berry gathered 3.4 million PIN numbers and performed extensive analysis on them. Every possible value was represented in the sample but they were far from uniformly distributed. It will be no surprise to regular Irreal readers that the most common PIN was 12341 at almost 11%. Incredibly, the top 5 (1234, 1111, 0000, 1212, 7777) account for over 20% of the PINS. In terms of the iPhone and its automatic wipe after 10 failed PINS, an attacker has an over 23% chance of getting the correct PIN just by guessing the most popular ones.

There’s a lot more to Berry’s analysis than the most/least popular pins. The post is long and detailed and has a huge amount of information. If you use PINS (and who doesn’t?) I really recommend that you take a look at this post. PINS, of course, are not particularly secure but they are used all over the place and there’s no reason to be using an obvious one. Consider this. If a random person loses his ATM card, a dishonest finder has an over 18.6% chance of picking the correct PIN in 3 tries by guessing 1234, 1111, and 0000. Would your account be disgorging funds?

Footnotes:

1 Unless you’re the French Central Bank, in which case your pin is 123456.

Posted in General | Tagged | Leave a comment

Editing The Occur Buffer

Posted on 2012-10-01 by jcs

Here’s a great Emacs 24 tip from Xah Lee’s Google+ ErgoEmacs circle. If you’re in an Emacs occur buffer you can call 【Meta+xoccur-edit-mode and then make changes to the occur buffer that will be reflected in the original file.

This can be particularly useful with multi-occur because you can operate on several buffers at once. When you’re done making changes call 【Meta+xoccur-cease-edit to post the changes. Although the documentation doesn’t mention it, occur-cease-edit is mapped to 【Ctrl+c Ctrl+c】.

Posted in General | Tagged | 1 Comment

Apple Maps

Posted on 2012-09-30 by jcs

Much has been written lately about Apple abandoning Google maps in favor of their own in iOS 6. There are, it seems to me, two aspects to the change and the imbroglio that followed.

The first is why Apple decided to make the change at this time, especially given that their contract with Google has still had a year to go. I, of course, am not privy to Apple’s thinking on this but John Gruber of Daring Fireball, who follows Apple closely, does have some insight into that thinking. He’s written two particularly good articles that examine the issue. They’re good reading and informative so I recommend you take a look if you’re interested in the timing angle.

The other aspect is why, once Apple did change, their application performed so poorly. Certainly, Apple knows how to write software and they’ve bought lots of talent in the mapping arena so the problem must lie not with the software but with the data. At first glance it’s hard to see how this could be. After all, Apple bought all those mapping companies and got data from TomTom and Open Street Map. What could be so hard?

An article in The Atlantic helps explain how huge and difficult the problem is. The article is very revealing and gives a sense of how labor intensive producing world class maps is. To gain an appreciation for the magnitude of the effort, consider that WebProNews reports that Google has 7,100 people working on maps. That includes 1,100 full time employees and 6,000 contractors.

The takeaway is Apple has a lot of work to do to raise the quality of their maps to that of Google’s. Given the famous Apple focus, it’s just a matter of time until that happens. In the mean time, of course, Apple maps will be inferior. While you’re waiting, go on over to the Atlantic and read the article. It’s very interesting even if you have no interest in Apple’s map problems.

Posted in General | Leave a comment

A wgrep Demonstration

Posted on 2012-09-29 by jcs

Xah Lee has a post recommending wgrep, an Emacs extension that allows you to edit the results of grep and have the results reflected in the original file(s). This is good stuff. Although he didn’t write wgrep, Magnar Sveen demonstrates it in his Web Rebels talk. As I’ve said before, this is a great talk and worth watching with or without wgrep.

If you want to see how wgrep works, go watch the talk. I promise you, you want be sorry.

Posted in General | Tagged | Leave a comment

Getting Started with Common Lisp on OS X

Posted on 2012-09-28 by jcs

I was reading Nikodemus Siivola’s excellent Common Lisp FAQ and came across a reference to Jonathan Fischer’s guide to getting started with Common Lisp on OS X. If you’re an Machead who’s wanting to get started with CL, these instructions will help a lot. Fischer outlines his plan as

  1. Install SBCL
  2. Install Aquaemacs
  3. Install Quicklisp
  4. Configure everything to work together.

The rest of post expands on the individual steps of the outline.

My only quibble with Fischer’s plan is the recommendation to use Aquaemacs instead of GNU Emacs. I’ve used Aquaemacs and it’s a great tool but I much prefer GNU Emacs. Perhaps I’m not enough of a Machead to worry about having the Emacs UI modified to do things the Mac way but I like using the “standard” Emacs because it’s always more up to date and because it’s available and works the same on all the platforms that I use.

In the comments, Greg Pfeil makes the case for Clozure Common Lisp as easier to install and having an IDE for the Mac. I’ve used CCL and it’s definitely a great CL implementation. I use SBCL because it’s used by many of the Lispers I admire and follow and seems to be preferred by most experienced Lisp hackers. The integrated CCL IDE holds no attraction at all for me. As I’ve written before, I’m all about using and mastering a single editor for ALL my work. In fact, my original impetus for moving from Vim to Emacs was to get Slime so I don’t need no stinkin’ IDE. Again, though, I used CCL for some time and I can recommend it without hesitation.

If you’ve been wanting to try out CL but it seemed too hard to get started, Fischer’s post may be just what you need.

Posted in General | Tagged , , | 2 Comments

Images in Emacs

Posted on 2012-09-27 by jcs

Christopher Wellons over at null program has a nifty post on rendering fractals in Emacs. He shows how to draw and display fractal using Emacs lisp. I didn’t know you could do stuff like that. The Elisp writes the image in Netpbm format and then switches the buffer to image-mode. The code is surprisingly simple.

None of this is going to change your life, probably, but it is a lot of fun and it shows off the amazing versatility of Emacs. Head on over and take a look just for fun. You might also want to experiment a bit to see what pretty pictures you can come up with.

Posted in Programming | Tagged , | Leave a comment

Security Roundup

Posted on 2012-09-26 by jcs

It’s been a busy week on the security front. Of course, that’s true of most weeks but here’s some interesting stories from the past few days:

  • CloudCracker is offering a special this week on their MS-CHAPv2 service. They will break any MS-CHAPv2 password for only $20, a $180 discount. As CloudCracker puts it

    This means that any PPTP VPN connection or intercepted MS-CHAPv2 WPA
    Enterprise wireless credentials can be cracked and decrypted with a
    100% success rate for only $20.

  • The IEEE (!) had a “data breach” in which 100k of plaintext passwords were exposed on their FTP site for over a month. I don’t know what else can be said about this.
  • Hotmail is helpfully (and silently) shortening users’ passwords to 16 characters. Honestly, there’s really no reason or excuse for this. If they were doing things correctly, they’d be hashing those passwords with bcrypt or something similar so it wouldn’t matter how long the password is. What this means, of course, is that they’re storing the passwords unhashed.
  • W3C has published a draft of its Web Cryptography API. When this is finalized and implemented it could help improve Web security. But it probably won’t because the usual people still won’t bother doing the right thing.
Posted in General | Tagged | Leave a comment

Emacs Rocks! Episode 13

Posted on 2012-09-25 by jcs

Magnar Sveen is on a tear and has posted another Emacs Rocks! episode. This one is, to use a phrase Sveen might utter, mind-blowing. It’s a demonstration of his Emacs extension multiple-cursors. When I first saw this extension demonstrated in Sveen’s Oslo Web Rebels talk (that I discussed here) I was blown away by the seeming magic of it. Episode 13 gives a much more comprehensive demonstration and simply must be seen to be appreciated.

The really good news is that multiple-cursors is now available on Marmalade and Melpa. I’ve been using mark-multiple (also by Sveen) but disabled it after I downloaded multiple-cursors because the latter is essentially a superset of the former. Watch the demonstration and you’ll want to install it too.

I’ve just started using it but I’m already Addicted. As I say, watch the video and you’ll be an addict too. And if you haven’t already, watch the Web Rebels talk too—it’s fantastic.

Posted in General | Tagged | Leave a comment

An Elisp Puzzle

Posted on 2012-09-24 by jcs

Xah Lee points to this interesting tweet The three S’s of SUCCESS by Gary Fredericks and asks for something similar in Elisp. Fredericks’ code is

(map (vec "SUCCESS") [0 5 6])

which certainly isn’t Elisp.

My first attempt at Elisp is

(mapcar (apply-partially #'aref "SUCCESS") '(0 5 6))

which does the trick but outputs the results as integers

(83 83 83)

because that’s how Emacs represents characters.

If we want to print out the actual S’s we need to wrap the above in some extra code

(mapcar #'char-to-string (mapcar (apply-partially #'aref "SUCCESS") '(0 5 6)))

which yields

("S" "S" "S")

What we really need here is something like the Common Lisp char function that outputs the actual characters but, of course, Emacs can only do this my making strings. On the other hand, CL lacks the nice currying function apply-partially so I don’t see a nice succinct solution in it either.

Update Noam has a much better solution in the comments.

Posted in Programming | Tagged , | 4 Comments