Email Paranoia

If you’re paranoid about the security of your email or if you occasionally have the need to send secure messages to someone, the grugq, a well known and frequent commenter on security matters has a very nice gist on securing your email with PGP/GPG.

It’s not another in the long list of articles on configuring PGP/GPG but more of an opsec guide to using them securely. A large part of that is controlling the metadata. For example, one of his suggestions is to leave the subject blank or at least make sure it doesn’t refer to the content of the email in any way, even obliquely.

Another pointer is to not publish your public keys to a keyserver. Send them to your recipients only. The gist tells you how to do this securely. It’s also a good idea, he says, to have several keys and to destroy and replace them frequently. This helps deal with the fact that PGP/GPG don’t have perfect forward secrecy.

There are a lot of good ideas in the article so it’s definitely worth taking a look at it if you have a need for secure email.

Posted in General | Tagged | Leave a comment

Org Capture Template for Code Snippets

Munen Alain M. Lafon has a nice post on using an Org capture template to record a bit of source code. I like it because it’s completely self-contained. You just define the template and it works.

The real value of his template may be the ideas it demonstrates. He shows how to capture tags for the entry as well as the language the code is for. It uses the same ideas as Michael Alan Dorman’s commnet to my post from last week.

On the other hand, if you have a use case for capturing and saving bits of code for later use, you’ll probably find Lafon’s post useful on its own terms. It’s a short post and worth taking a look at even if you aren’t interested in capturing code snippets.

Posted in General | Tagged , | 3 Comments

Chez Scheme Open Sourced

Chez Scheme has always been an excellent Scheme implementation. It produces very fast object code and is a complete R6RS implementation with extensions. Chez Scheme was written by Kent Dybvig, who also wrote the excellent The SCHEME Programming Language (also available online).

The problem has been that Chez was a proprietary, closed system. Now Chez has been opened sourced. If you are a Schemer, you may want to take a look. I haven’t built it yet so I don’t have a take on how hard that is, but these directions make it look pretty simple: perhaps as simple as a configure and make install.

If you’re interested in learning Scheme, Dybvig’s book and Chez Scheme are an excellent way. And now you can get both at no cost. The CONTRIBUTING and CHARTER files indicate that Chez Scheme is an ongoing project that welcomes new developers. The open sourcing of it is really good news for the Scheme community.

Posted in Programming | Tagged | Leave a comment

Multiple Dispatch in CLOS

Eli Bendersky has an outstanding post on multiple dispatch in Common Lisp. It’s part of a series he’s doing on multiple dispatch in various languages.

Lisp has always looked at OOP differently from most languages and Lispers consider CLOS a superior way of doing things. One of the ways it shines is in multiple dispatch. With CLOS, multiple dispatch is just a natural outcome of the way dispatch works.

The post is an excellent overview of CLOS in general. If you want to know what OOP looks like in Lisp, be sure to take a look at Bendersky’s post. In Lisp, OOP is easy and natural and works well in those cases where OOP makes sense. Even if, like me, you generally don’t care for OOP, you may find that CLOS will change your mind. On the other hand, as Paul Graham says, Lisp is the language where OOP is least necessary.

Posted in Programming | Tagged , | 1 Comment

Learning Vim: Not That Hard

As anyone who’s been around Irreal for awhile knows, I’m all in on Emacs. I find new uses for it and things I didn’t know it could do every day. Nonetheless, I was a Vim user for a long time and still consider it—along with Emacs—one of the best two editors available. For plain editing, it’s composable command set makes it the fastest editor I know of.

Back when I was a Vim user, and even now, I frequently hear complaints about how hard it is to learn and use. That’s just plain wrong. Modal editing does take getting used to but once you do, many consider it superior to non-modal editing. Just take a look at all the evil and spacemacs fanatics if you doubt that.

Ben Orenstein over at robots.thoughtbot.com has an excellent rant about the putative difficulty of Vim and puts an end to the myth. He directs new users to enter

vimtutor

in their shell and spend 30 minutes on the tutorial. At the end of the 30 minutes you won’t be an expert but you will be proficient. Use it for two weeks, he says, and you’ll be faster than you were with your old editor. Conclusion: it’s not that hard to learn Vim and become an expert user.

It’s certainly easier than Emacs. After a few years of using Vim, I seldom came across anything new (other than new features that Bram introduced) while I can’t seem to go a day without learning something new about Emacs. And, of course, no one can remember all the key sequences for Emacs while it’s pretty easy to learn them all for Vim.

All that said, I prefer Emacs for the reasons I’ve explicated many, many times here but if what you really want is a fast editor that you can master in a reasonable amount of time, Vim is a good bet. Or better yet, have the best of both worlds and check out evil or spacemacs.

Posted in General | Tagged , | 2 Comments

Password Cracking Times

Over at Better Buys they have an interesting post on password cracking times. The post includes an interactive app that lets you estimate the cracking time for various passwords. They also include several examples that show how cracking time is very dependent on password length.

The application is fun to play with but you probably shouldn’t take the results too seriously. They have a list of common passwords that they check against but after that the cracking time is completely dependent on the character types and lengths. Thus, they say that “Password” would be cracked almost instantaneously but “P@assw0rD” would take 14 years. In fact, they would both be cracked almost instantaneously because modern password cracking programs will automatically try these types of common substitutions.

I tried the simple Diceware password “luis pure comet” and was told that it would take 402,695,494 millennia to crack it. That assumes that the cracker can try 13,144,654.63 keys per second. But if the cracker knew or suspected that the password was generated with Diceware, the cracking time would be less than \(2^{13*3}/13144654.63\) seconds to crack. That’s less than 12 hours.

The lesson here is that there’s a bit more than just character types and length involved. If you really want to be safe the answer remains what I’ve told you before: Get a password manager that generates long, random, multi-character type passwords and protect that with a long Diceware type password. Even given you’re using Diceware, a 6 word password would take about 729,094,589 years to crack at 13,144,654.63 keys per second.

Posted in General | Tagged | Leave a comment

Summary of Search and Replace Commands

Om Prakash Singh has a very nice post on the Emacs search and replace commands. We all know the commands for forward and reverse incremental search (【Ctrl+s】 and 【Ctrl+r】), query-replace (【Meta+%】), and query-replace-regexp (【Ctrl+Meta+%】) but each of these commands has a plethora of options that you can invoke and there are other, specialized search and replace commands that are less often used.

All of these commands and options offer very fine grained searching and replacement but they’re really hard—at least for me—to remember. Utilities like guide-key and which-key or perhaps a hydra can help a bit but a summary like Singh’s is useful and worth bookmarking for those occasions when you need it.

You should read through his post just to get an idea of what’s available. There’s a lot of functionality that you may not know about.

Posted in General | Tagged | Leave a comment

SBCL 1.3.5

The new version of Steel Bank Common Lisp (SBCL 1.3.5) has been released. According to the NEWS file, this month’s release fixes 3 bugs and introduces 4 enhancements.

As usual, it built and installed without any problems on my Mac. The two or three previous releases had a failed regression test but that’s also been fixed in this release. Now the regression tests run as expected. It also seemed to me that the compilation and tests ran a bit snappier with this release.

As I say every month, SBCL is an excellent Common Lisp implementation. It’s under constant development with monthly releases and it’s free as in freedom and beer. If you’d like to try out Lisp or you’re looking for a really great implementation, be sure to give SBCL a try.

Posted in Programming | Tagged , | Leave a comment

Multiple Org Capture Inputs

David Zuber over at Storax has a useful post on enabling multiple inputs in an Org capture template. Templates are extraordinarily useful. I have several that I use several times a day. They do have a problem, though: you can input data into only one spot in the template.

Zuber is using capture templates to implement a ticketing system for his workflow. He wants to be able to enter a project and incident number and have them replicated elsewhere in the template automatically. While that’s not supported directly, it’s fairly easy to implement using the custom lisp expressions that the templates do support.

I’ve used custom lisp expressions in the templates I use to manage my blog queue but I hadn’t thought of using them to get keyboard input. It’s a nice idea that makes the templates potentially more useful. If you’re using capture templates, you should definitely give it a read. If you aren’t using capture templates you should consider ways that they might simplify your workflow.

UPDATE: [2016-05-07 Sat 10:37] Be sure to see the comment by Michael Alan Dorman below. He describes an easier, native way of doing the same thing.

Posted in General | Tagged , | 2 Comments

Harry Schwartz on Org Mode

Harry Schwartz, who appears to have moved to Boston from New York, gave a talk at the Boston Emacs Meetup on Getting Started with Org-mode. It’s not really a tutorial but a demonstration of many of Org’s features and how you can use them.

Schwartz spends a lot of time on the publishing aspects, which in many ways is Org’s best feature. One of the things he mentioned in the talk that I didn’t know was that Org can export to the Twitter Bootstap framework. That makes it really easy to build a nice looking Web site from the comfort of Emacs and Org mode.

He also mentions Owncloud, a self-hosted file sync and share server. Schwartz describes it as a sort of private Dropbox. It allows you to sync and share files among your different devices. It’s probably most useful for, say, a team but like Schwartz you can use it to keep your own machines in sync if you don’t want to bother with something like Git.

The talk is about 56 minutes so schedule some time. Even if you’re familiar with Org, you may learn something useful from the talk.

Posted in General | Tagged , | Leave a comment