2012-02-23

Stop Bashing on Linux Terminal and Start Using Zsh


Zsh? Bash? Dude... WTF?
If you are new to the Linux world or haven't really been into it you might have seen or heard of such scary program - Terminal. It's basically a window to the past when everything was not ran true nice graphical user interface (GUI), but rather true text inputs or ASCII looking ugly programs. Remember Windows XP or older Windows installations? That's what we call ncurses looks. Sure I must say/write that most of the programs that use ncurses looks a lot better so sorry if I made someone angry by this comparison...

Anyway back to the point... So people uses this window to the past to use some sort of command line tools or  programs and the tool that understands those calls and runs proper programs inside that window is ussually bash... Or as I now will propose - Zsh. Why this matters? Terminal can do stuff a lot faster since typing is faster than point and click also it's distraction free and easy on your resources. Really! Therefore most of Linux wolfs heavily uses terminal.

Perfection lies in simplicity
If so - Zsh if far from perfect. Yet small and simple parts of it brings it so much closer. If you tried Zsh before, you probably haven't noticed a huge difference to the bash, also you might think that bash has better integration to current Linux distributions (better looking prompts), but under certain point of customization it becomes insignificant what integration is done for the distribution you are using and if you like personalizing stuff as much as possible, you will like Zsh.

So just change bash to Zsh?
No. Zsh alone is pretty boring (just as bash is), unless you at the end of the line of geekyness and you don't like what others has to offer, or you just don't care about using terminal.
So the magical pack is called "Oh My Zsh!", it just trows a pile of configs on top of Zsh, and allows you to change anything you like.
It adds multiple aliases (for e.a. sudo==_) and allows to use themes. Sure it also brings full configuration for Zsh after which you are able to navigate in terminal easier.

Give me samples!
O.K. For example if you previously executed 'vi foo' and then 'ls ~', after pressing up arrow you will be given command 'ls ~' just like in bash, but if you would start typing 'vi' and press up, it would give only those history results that starts with 'vi'. Cool eh?

Some more. If in your $HOME directory you have a file 'Documents', and you would start typing 'doc', press <TAB> - it would autocomplete to 'Document' fixing the first letter, sure having in mind if there would not be any documents/files starting with 'doc'. Remember in Linux capital and non-capital letters are different.

All of this was just Zsh, but combining yih "Oh My Zsh" you get good looking and smooth terminal experience. Why I say so? Because that magic pack also adds some aliases that fixes your common mistakes. For e.a. if you miss 'cd' at the beginning of command and you would just type folder name it would automatically go to that directory.

Or for example have you ever typed 'sl' instead of 'ls'? It also fixes that (sorry steam locomotive fans).

For more complicated mistypes ('emaxs' instead of 'emacs') in case when Zsh would not find 'emaxs' executable it would ask if you mistyped 'emaxs' and would like to fix it to 'emacs' [Y/N]? Now thats really neat.

Thats it? Bash have awesome configs too!
At first those things looks small, but latter on they become so important that you will stick Zsh in every single of your machines, believe me...

Also one of now my favorite Zsh features is globbing.

Usually if you use wildcard '*' in a command you probably referring to every single file in (lets say) current directory, Zsh allows to use '**/*' that means not only every file in current directory but also all the files within folders that are in current directory. And to objection to your -R comment, just have in mind that not all tools (especially small ones) have support for recursion.

As with wildcard (*) you can use full patters with this. '**/*.py' will find all .py files.

Zsh has really good regular expression engine build in so finding files for commands is really easy.

It can also give you files modified within past 24 hours or with certain permissions just out of a simple shell, completely replacing 'find' and pipes (|).

All of it is nicely covered here by Stanford university: http://openclassroom.stanford.edu/MainFolder/VideoPage.php?course=PracticalUnix&video=zsh-globbing&speed=100

So How to Install This?
Simple, just install Zsh (It should be available on most of major/alive distribution within standard packages). Then install git if you don't have it.

Finally follow instructions on https://github.com/robbyrussell/oh-my-zsh.

P.S. I do trust automated installer option - it works.

Anything else?
Just look at the Oh my zsh wiki (first link above). Also you might look up Zsh reddit community at http://reddit.com/r/zsh besides that - just give it a week or so, you'll like it.

Also as suggested by Alexander these links are also worth checking out if you're interested in scripting:
http://www.linux-mag.com/id/1079/
http://grml.org/zsh/zsh-lovers.html

Happy usage, Over and Out.
JackLeo

2012-02-14

My valentine day's post for Vim

WTF is Vim?
From vim.org:
Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.
Vim is often called a "programmer's editor," and so useful for programming that many consider it an entire IDE. It's not just for programmers, though. Vim is perfect for all kinds of text editing, from composing email to editing configuration files.
Asides the official/commercial crap it's a minimalistic editor meant for text editing. It has a totally different approach to editing so it takes some time learn it. Yet it is impossible to completely master it. Why? Because it has almost infinite ways to be customized and there will always be a something that you forgot/did not knew about it. Despite that it is really small. 

Why do people use it?
Vim usually comes with all major Linux distributions (or at least Vi - older and even smaller version of Vim). So it means that if you ssh to a server - you probably will find Vim to edit files/configs with.

It's cross platform so you can have same editor (with mostly same configuration and same look and feel) in your Linux server, Mac home box and Windows work-desk. 

Since it has crap-tons of plugins - it can be extended to change IDE.

Options
As mentioned before - it has crap-tons  of plugins so you can end up most of the arguments with - "there is a plugin for that". Sure with the exception of image processing. That's left for Emacs.

Also if you don't like cmd/terminal apps there is GUI versions of vim as well, but primarily I concentrate on Terminal version, because I'm geek like that. Sure there is even different spins of Vim (pre-configured Vim's) or easy Vim (evim), but I tend to ignore those as well, because in the end you will end up with your own version of Vim anyways...

But IDE is made for development of <insert programming language here>
Yes. And it works as a charm. Some of the IDE's can handle even few languages, but what happens if you need to edit just a config file? Using same IDE would be overkill. Just to load damn thing would take a considerable amount of time. So you would load up tiny text editor of some sort (just for that [sometimes edit a config file] learning Vim is not worth your time since you would just drop in, make changes and get out).

But what happens when you enter that tiny editor? Suddenly it becomes harder to navigate, there is no auto-completion, no tags, no manual shortcuts or what not. 

Yes I am aware that you can config gedit or other small editor to do quick tasks, but I'm trying to make a point so shut up. Also you cannot use gedit in Linux server. If you can - this means you have GUI there and that means that you're doing the whole server wrong - it's not windows. Back to the point.

IDE is meant for specific task. Like a screwdriver for a screw or hammer for the nail. But when it comes to different situations either you have to spend a lot of time reconfiguring damn thing or you will do a sloppy job using the very same IDE. Sure hammered in screw will hold, but one day you might end up screwing a nail...

Whole academic world uses Emacs!
That's not entirely true. Yes Emacs is a lot more popular in academic world and I know few professors who use it, also database Stanford online courses was recorded while professor was using Emacs. Yet if you would look at system administrators - Vim is a lot more popular there as well so 1-1.

Jokes aside Emacs is a great tool to create text. Yet I personally don't like it's ideology. It tries to become everything at one. Need an extra terminal window - here Emacs terminal. Want to see that picture - here you go. Want to watch that film sure!? So Emacs tries to be your OS and change tools that is meant for specific tasks to make things more "unite". That's why there is a joke that Emacs is a great OS, yet it lacks decent text editor and I have to say it is soo true. So if you need complete and easy package for doing anything - Emacs way to go. But If you leave films for tools such as VLC and in search for tool to edit text - Vim is way to go.

My story
Why I use Vim - simple. I always fancied that hacker style desktops with tons of text and ncurses GUI's, also I love Linux and do web development - this means I have sometimes to do editing/configuration in servers and I wanted a tool that would be the same in everywhere. Oh and Ubuntu server (I started my Linux career there) have Vi pre-installed.

I've used to use heavily configured Gedit, yet it felt lame. Potential of an editor ended up quickly... At my first Job I tried to use IDE as a "professional" developer (net-beans) yet it also did not stick. It loaded slowly, felt bulky and boring stuff taken too much screen space. It distracted me and was pain to configure/personalize. Since I knew basic usage of Vim - I started to use it more and more especially when few colleges were using it as well, they helped me to move along and showed plugin magic. Now I wouldn't change it to any IDE.

So, WTF is Vim?
It's an editor. Primarily - a code/configuration file editor. If you would monitor what you're doing with a text, you would see that most of the time you're changing text not creating it. And by changing I mean moving or modifying text. That's why Vim has 3 modes. To insert text (you do that the least amount of time), to manipulate text (normal mode) and to highlight text for easier bulk manipulation of it. It is build in mind that moving around has to be simple and efficient, that change text should be easy and comfortable.

That's why academics prefer Emacs - they are creating texts, not editing them and that's the same reasoning why system administrators prefer Vim - they're changing aka editing config files, not creating those.

Development is also primarily consist of existing projects support or development - extending the same project and thus requires mainly to edit the code not to create it.

Don't get me wrong by edit I mean also extend it and all those fancy features for auto-completion and syntax checking is included. As I mentioned - "there is plugin for that". Think with a bit more open mindset when reading this.


Final notes
I had this article/post/blah in mind for over a couple of months and just now I decided to put it finally on bits, probably kilobytes... (wanted to say paper but damn that's internet)...

The main idea is that Vim is great tool for anything you trow at it. It might not be as easy to learn and it might make you mentally ill by using "hjkl" everywhere but it is worth it.

Some people will love it, some will hate it. So choose your own weapon for work. If you're still reading this and not writing an angry comment - it might be just for you. Otherwise I will not even bother to give a suggestion since you're not reading and you already have an editor you (probably) love.

So it happens that today is Valentines day and this is how show my love to my weapon of choice. Now it's time to go home and show some love to a person I truly love, so I'm leaving you here with your thoughts. If you will be patient enough you will find more articles about Vim here, yet I cannot promise when it might happen or how many of these [articles] you will have to skip until mentioning Vim again.

2012-02-07

Algorithmic passwords


What?! Why?
Usually we use a string for a password that we memorize it. Making a random string does help if someone tries to read while you're typing or in case of someone tries to guess it. Besides... It's pretty much useless. As shown, longer passwords are more secure, yet easy to read (steal). My old password was 11 symbols long and easy to memorize. I thought it was good and rather hard to breach. I haven't thought of other problem. What if your password would be lost because of the website, not you? Sure some may say - use few passwords! Yet again if top tear password would be breach, it could be tried for as important things and... Fuck! Or if your email password is breached most of the websites allows recovery of password using simple email form... Shit happens bro!


What's the cure?
Instead of memorizing string, memorize an algorithm. If you're familiar with MD5 you may know about salting. MD5 takes a value and returns unique for that value string. Salting adds extra characters to a final string in predetermined way (not exactly, it's just a example). This makes same string have different value of MD5 than it would get in another machine so thus making brute force cracking a lot harder when salt is unknown. The final result of such algorithm is always a unique password for each service and no additional memorizing required. Its easier than it sounds.


Samples
I suggest to take a peace of paper and write down a series of test cases:
foo
bar
foobar
se7en
localhost
123654
a
google.com
apps.facebook.com
Now write down salt you might use. For example birth date last numbers and first letters of your favorite poem:
1950-01-15 => 015
Roses are red Violets are blue => RarVab
Now come up with an algorithm. In this example lets say we will take a number of letters inside service name (apps.facebook.com => facebook) then we add last number from salt.
After this we will take first 3 letters from salt and first capitalized letter from domain.
Then we will write first and second number from our salt and if service has even number of letters we write capitalized last letter else non-capitalized second to last.
Now we end up with last three letters from salt.


Now look what kind of passwords we get:
foo => 35RarF01oVab
bar => 35RarB01aVab
foobar => 65RarF01RVab
se7en => 55RarS01eVab
localhost => 95RarL01sVab
123654 => 65Rar1014Vab
a => 15RarA01aVab
google.com => 65RarG01EVab
apps.facebook.com => 85RarF01KVab
But what if I forget?!
Chose salt that you won't forget. Also you may use some sort of written formula. For example in this case <C><Snl><Ss1><C1><Snf2><eCl/sl><Ssl>. If someone would read this for a moment he will definitely wont get WTF is that or especially what it means to you. While you would just read it in such manner:
<C> - count of letters in service name
<Snl> - salt number last character
<Ss1> - Salt string first part
<C1> - capitalized first letter od servce name
<Snf2> - salt number first 2 numbers
<eCl/sl> - if even then capitalized last letter or else second to last letter
<Ssl> - salt string last part
This looks so hard...
After writing these tests I already memorized it. Sure password entering will take to get used to, but after a while you will start to solve this algorithm in a split of a second just like you did multiplication table in school. Just remember - double password fields is your best friends! Yes for this you do need a certain mindset but if you still reading this you probably got it. Just remember this is only an example. Algorithm might be anything you like. Take your current password and trow in some characters from service and this will help a ton in automated attack scenario witch is the most common.


Why the hell you need this?
I raised this question all the time I thought about using algorithm instead of string. Today I got a letter with title: "ACTION REQUIRED - Password issue on djangopackages.com". Here main point of this email:
ACTION REQUIRED - If you use the same password on djangopackages.com as you use on other sites, you should change all of your passwords. 
[Full disclosure:  We were alerted that some account information was publicly exposed. There have been no reported incidents of passwords being stolen. We have corrected this error, but as a precautionary measure are moving to OAUTH, so that we don't store your password at all.]
No I'm not mad about this on djangopackages, It might happened to anyone. At least they got the dignity to inform its users unlikely some huge companies, moreover it forced me to use algorithmic passwords.


Notes
Image source: http://xkcd.com/936/

Fresh start

Hi, it's me again.

So it happens that now I'm on blogger. Why? Mainly due to integration with Google services as well as my server being development battle ground.

I got bored just messing up with Django simple and primitive blog so started looking at the other areas thus making blog in quite bad state as well as being unpractical. Maybe when things go better I'll perfect it and run it once again. For now - blogger it is.

I'm going to import my old post latter on.

Over and out - JackLeo.