The Hipsters and the Designer

Posted on 2013-06-20 by jcs

Editorial note: I wrote this a few weeks ago (before WWDC) but didn’t publish it because it seemed a bit ranty. Now Apple has revealed iOS 7 and its icons and the hipsters are still yak yak yaking about them. How about we wait until iOS 7 is released and we all have a chance to use it and experience the new look and behavior for ourselves? I predict that when we do, most people will be just fine with it. As for me, I’m just happy that the faux leather is gone.

Most everyone who knows who Jony Ive is agree that he is an absolute master of the design arts. Even the anti-fan boys admit that few can bear the comparison. It’s strange, then, that the hipsters over at Wired are offering Ive advice on what he should do. It’s really more offensive than that; the article is entitled It’s Not About New Icons: What Jony Ive Needs to Do for Apple’s iOS. Really? Have you looked at the Wired site lately? They’re the last ones who should be offering design advice.

Actually, the whole article is premised on the idea that Ive is simply going to get rid of the skeuomorphism favored by Steve Jobs and Scott Forstall but that that’s not enough. The problem is that no one (outside of Apple) actually knows what the design will look like. Wired’s Mike Senese admits this and then goes right on assuming the premise is true. Like many, I’m not a fan of faux leather calendars so I hope it is true but also like everyone else, I don’t know.

Then there’s Maggie Hendrie who appears to think that design isn’t that important (odd given that she’s Chair of Interaction Design at Pasadena, CA’s Art Center). Ben Thompson over at Stratechery notes with amusement that Hendrie thinks Apple is missing the boat by not being more like Microsoft and Nintendo. She says that, “The very fact that we’re talking about who’s going to design the icons, who’s going to design the applications and the operating system is a little bit of a concern.” Of course, Apple isn’t talking about that. She and Wired are.

I’m sorry that the hipsters are bored by, say, the iPhone 5 but you know what? Actual users seem to like it just fine. Just as they’ll doubtlessly like iOS 7. That remains to be seen, of course, but maybe we should wait to see what it actually looks like before we declare it and Apple dead.

Posted in General | Tagged | Leave a comment

Quickutil

Posted on 2013-06-19 by jcs

Robert Smith and Eitarow Fukamachi have started a really interesting new project: Quickutil. The idea is to do for small Lisp utilities what Quicklisp does for Lisp libraries. Smith explains it all on his SYMBO1ICS IDEAS blog but the TL;DR is that while the Alexandria project collects Lisp utilities, the project likes to thoroughly vet each utility resulting in very slow uptake and problem resolution. Quickutil is meant to help ameliorate this problem by providing a place to collect these utilities in a timely manner, perhaps while the Alexandria project is doing its vetting. The project is still in beta at this point but looks to be off to a good start.

Lispers, of course, love to write small utilities so you might think that there won’t be much demand for this sort of service but I believe there will be for a couple of reasons. First, programmers are often under deadline pressure (and sometimes just lazy, of course) and will often find the service useful. Second, nobody knows about everything and sometimes you need a utility that implements an algorithm that you don’t know the details of. For example, you might need to check the primality of large integers but not know much about the Miller-Rabin algorithm or the other usual methods. In those cases, it’s a huge win to have the utility there ready to use.

In any event, I’m excited about the project and am looking forward to seeing how it works out.

Posted in General | Tagged , | Leave a comment

European Lisp Symposium

Posted on 2013-06-18 by jcs

Here are links to the talks from the European Lisp Symposium from this June. There were some technical problems but most of the talks were captured. These are audio links and in some cases the accompanying slides (as PDFs). If you couldn’t be there, here’s your chance to get in on the action.

Posted in General | Tagged , | Leave a comment

Regular Expressions and Emacs Lisp

Posted on 2013-06-17 by jcs

Over at What keramida said…, Giorgos Keramidas poses an interesting problem. Given the following output from dstat, get rid of the B, k, and M suffixes by converting them into bytes. 

----system---- ----total-cpu-usage---- --net/eth0- -dsk/total- sda-
     time     |usr sys idl wai hiq siq| recv  send| read  writ|util
16-05 08:36:15|  2   3  96   0   0   0|  66B  178B|   0     0 |   0
16-05 08:36:16| 42  14  37   0   0   7|  92M 1268k|   0     0 |   0
16-05 08:36:17| 45  11  36   0   0   7|  76M 1135k|   0     0 |   0
16-05 08:36:18| 27  55   8   0   0  11|  67M  754k|   0    99M|79.6
16-05 08:36:19| 29  41  16   5   0  10| 113M 2079k|4096B   63M|59.6
16-05 08:36:20| 28  48  12   4   0   8|  58M  397k|   0    95M|76.0
16-05 08:36:21| 38  37  14   1   0  10| 114M 2620k|4096B   52M|23.2
16-05 08:36:22| 37  54   0   1   0   8|  76M 1506k|8192B   76M|33.6

Keramidas also wants to do a bit of reformatting of the table, which we’ll ignore for this post. He does the conversion with three invocations of replace-regexp but given that he titles his post Powerful Regular Expressions Combined with Lisp in Emacs, I thought it would be an interesting challenge to write some Elisp to get rid of those suffixes and convert the entries into bytes.

Obviously, for a one-off task, Keramidas’ solution is the best but if this is something that has to be done regularly a bit of Elisp is just what’s needed. My solution is a Lisp function that converts the table with a single call. Leave your solution in the comments and I’ll post mine in a few days.

Posted in Programming | Tagged , | 3 Comments

Email and Encryption

Posted on 2013-06-16 by jcs

In view of the NSA brouhaha, I’ve been thinking about encrypted email as a first step in keeping my private business private. Like most of you, I’m the proverbial “nothing to hide” netizen but I also have an instinctive dislike (to put it mildly) of others snooping into my business, as innocent and boring as it is.

Sadly, this is a difficult problem. I have long had the necessary software installed and I routinely sign all my email. That’s the easy part. The hard part is getting everyone else to get, use, and publish their own PGP key. If folks would do that, email would be a reasonably secure communication medium. The problem is that Aunt Millie (1) doesn’t see the point, and (2) finds even the simple PGP procedures too difficult to understand.

Still, I’d like to do something to encourage greater PGP use. If you don’t already have a published key, get one and use it whenever you can. If you’re not sure how to get started—that seems unlikely for Irreal readers—here’s some instructions on installing PGP for Windows, Linux, and Mac OS X. It’s very easy to install PGP on any of these OS so there’s really no reason not to. I urge you to do so if you haven’t already and to start using it.

There are many benefits aside from ameliorating our paranoia. Imagine that your bank digitally signed their emails to you. That, alone, would cripple the phishing of banking credentials. Imagine that everyone signed their emails. That would essentially end phishing altogether and end the particularly nasty spammer tactic of stealing address books and forging one of your friend’s email from address for sending you spam or malware.

If you’ve got any ideas on how to encourage greater PGP use or ways that that greater use could benefit us, please leave a comment. As things stand now, we’re getting hit by criminals on the one side and the government on the other (insert your own snark here).

Posted in General | Tagged | Leave a comment

Cracking Passwords

Posted on 2013-06-15 by jcs

Last May, Ars Technica published a chilling article on password cracking that I’ve been meaning to write about for a while. I urge you to take a look at it even if you’re just a user but especially if you design and implement security systems for Web sites.

The article is about what happens when 3 password cracking experts were asked to recover 16,449 passwords that were hashed (unsalted) with MD5. That, of course, is a fairly low bar but, sadly, all too many Web sites do exactly that. The results:

  1. The most successful cracker recovered 14,734 passwords (89.6%) in 20 hours using a commodity PC with a single GPU.
  2. The second most successful cracker recovered 13,486 passwords (82%) in a bit over an hour using 2 GPUs.
  3. The least successful cracker recovered 62% in approximately an hour.

For the Web site implementer the lesson is clear: you must use salted passwords and keystretch them with bcrypt, scrypt, PBKDF2, or something similar. If you don’t, even modest effort will recover almost all of your users’ passwords.

For users, the lesson is even more urgent. You must use secure passwords. The problem is what that means. It took just two minutes and 32 seconds to brute force all passwords (upper and lower case alphanumerics, numbers, and symbols) of length 8 or less. Even if passwords are salted and keystretched, passwords less than 8 characters are going to fall pretty quickly.

But it gets worse. According to Ars, the following passwords were recovered 

":LOL1313le" "Coneyisland9/," "momof3g8kids," "1368555av,"
"n3xtb1gth1ng," "qeadzcwrsfxv1331," "m27bufford," "J21.redskin,"
"Garrett1993*," and "Oscar+emmy2"

They are hardly obvious and seem to be secure but they were still recovered. That’s because the crackers and the tools they use understand how users choose their passwords and can quickly try the probable combinations. Go read the article to find out how the crackers really work to understand why these passwords fell to their efforts.

As I’ve said many times, your best bet is to use a password manager such as 1Password or KeePass and have them generate long, random passwords that differ for each site. The “long” will protect from brute-force attacks and the “random” will protect from rule-based combining of common base words. Again, read the article to see why that last point is important.

One last lesson that’s implicit in the above but should be stated explicitly: don’t reuse your passwords. All it takes is one lazy implementer on some unimportant site for your (reused) password to be recovered. If you reuse it for, say, your bank account you’re going to be sorry.

Posted in General | Tagged | Leave a comment

Quickdocs Documentation

Posted on 2013-06-14 by jcs

Quickdocs keeps getting better and better. Now they have nicely formatted documentation for the Quicklisp packages. These are nice enough and easy enough to access that I use them for my primary package documentation. They’re a lot easier to bring up than navigating through your local Quicklisp tree to get to the documentation that’s installed with the package. You can’t just bookmark those because the name of the source subdirectory changes when a package is upgraded.

The combination of Quicklisp and Quickdocs has, I think, been a real game changer for Lisp libraries. Previously they were hard to find, tricky to install, and were sometimes not documented. All that’s changed now and we have an ecosystem of well-documented libraries that work across a large range of Lisp implementations. It’s a good time to be a Lisp developer. Of course, it’s always been a good time; just not always popular.

Posted in Programming | Tagged , | Leave a comment

Marc Battyani Interview

Posted on 2013-06-13 by jcs

Vsevolod Dyomkin has another great entry in his series of interviews with Lisp hackers over at Lisp, The Universe and Everything. This time it’s with Marc Battyani, a Lisp hacker and entrepreneur whose company, NovaSparks, builds ultra-low-latency FPGA-based supercomputers for the financial industry. That might not seem like fertile ground for Lisp but it is.

Besides its expected use in prototyping, testing, and experimenting with algorithms, Battyani uses Lisp to build domain specific languages that compile to VHDL to program the FPGAs. This is pretty neat stuff and Battyani gives a nice overview of it.

This is a good interview and well worth your time if you’re a Common Lisp programmer or interested in being one. It’s a fairly short read so it’s a perfect companion to your morning cup of coffee.

Posted in General | Tagged , | Leave a comment

Lisp Web Tales

Posted on 2013-06-12 by jcs

Pavel Penev is writing a book, Lisp Web Tales, about Web applications and Common Lisp. He describes it as a set of tutorials and examples. I’ve been meaning to write about this for some time because it seems like a nice way to explore Common Lisp in an environment that is likely to be familiar to most Irreal readers. I know far more about Lisp than I do about writing Web apps so I’m looking at this as a way of learning more about Web apps in the context of Lisp. Most readers, I’m sure, will look at it in the opposite way: a chance to learn Lisp in the context of Web apps.

Penev estimates that the book is about 80% complete so presumably he will be fleshing out the examples and polishing the text. In the mean time, the book looks to be ready for study. The link above takes you to a table of contents with links to the full text. You can also buy the book in PDF, EPUP, or MOBI. I’ve done that as a way of supporting the author but you can, if you like, just stick to the Web version. The book is being sold by Leanpup.com, which offers all updates for free so you needn’t worry that work on it is ongoing.

Posted in Programming | Tagged , | Leave a comment

Emacsy

Posted on 2013-06-11 by jcs

Shane Celis has announced that Emacsy was accepted as a Google Summer of Code project. Celis describes Emacsy as an embeddable Emacs-like library for non-text applications: Emacs OS without the text editor. The idea is to bring the Emacs way of doing things to other applications. Emacsy will be built on top of Guile Scheme, which is already embeddable in C and C++ applications.

Celis’s post gives a hint of what he’s aiming at but for the real details you should see his Google SoC application. It seems like an interesting project and I’m looking forward to seeing the results. Take a look and see if you don’t agree.

Posted in General | Tagged | Leave a comment