Noob dumb question (extending emacs)

Noob dumb question (extending emacs)

[Ivano Da Milano]

Hello everyone.
Please, be patient, as I'm totally new to emacs, but I'm told it can do a
lot more than just editing text.
So, I ask you, are the following possible?
And how to accomplish? (if possible, point me to a ready solution, because
I know nearly nothing about lisp)

[un]zip/tar/rar/etc archives
ASCII Art - from image, but IIRC, there's an ASCII based paint program
Batch rename
Browser (like Lynx)
Scientific calculator
Calendar
Contacts manager
DBMS (SQL Client)
Diff/patch
File manager (like Midnight Commander)
FTP Client
Id3 tag editor
IRC client
Mail client
MIDI/Music Player
OffLine browser (like HTTrack)
random password generator
Project management
Speech recognition
Spreadsheet (like sc)
System clean
Task manager (like top)
Torrent
Transcoder (with FFMPeg)
TTS (with eSpeak)
Volume mixer (like AlsaMixer)
Wave editor (with SoX)

Thanks in advance for any help.

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Re: Noob dumb question (extending emacs)
Ivano Da Milano wrote:

> [un]zip/tar/rar/etc archives

archive-mode

> ASCII Art - from image, but IIRC, there's an ASCII based
> paint program

artist-mode

> Batch rename

I'm not sure exactly what you mean, but it is possible, either
directly from Elisp or some solution/combination with/from
Dired and/or the shell ...

> Browser (like Lynx)

Emacs-w3m (3rd party, based on w3m) or the built-in eww.
Emacs-w3m is a Japanese project BTW, eww is from Norway
I guess :)

> Calendar
> DBMS (SQL Client)
> Diff/patch
> MIDI/Music Player
> Scientific calculator
> Spreadsheet (like sc)

Available  ...

> Contacts manager

~/.mailrc

> File manager (like Midnight Commander)

Dired is what I and a lot of people use ... and while
Midnight Commander is an orthodox file manager (an OFS) Dired
is a directory editor, "[a] term that predates the usage of
file manager". The first year they mention on the Wikipedia
page [1] is 1974 for dired and 1984 for OFS, so that's
a decade already ...

> FTP Client
> Id3 tag editor

Don't know ...

> IRC client

ERC

> Mail client

There are several ... Rmail (written and used to this day by
RSM) and Gnus (which is much more advanced, powerful, and
generally recommended for mails from/with Emacs).
In particular Gnus with Gmane for mailing lists! As the saying
goes, "Gnus is to Emacs users what Emacs is to computer
users".

> OffLine browser (like HTTrack)

You need/want a special browser for that?

> random password generator

Write it yourself in Elisp - in the unlikely even no one did
it already ...

> Project management

org-mode ... or text-mode ... or mhtml-mode

> Speech recognition
> System clean
> Task manager (like top)
> Torrent
> Transcoder (with FFMPeg)
> TTS (with eSpeak)
> Volume mixer (like AlsaMixer)
> Wave editor (with SoX)

Not that I know of but you can execute any shell tool from one
of the shell modes or terminal emulators ...

[1] https://en.wikipedia.org/wiki/Orthodox_file_manager

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Ivano Da Milano]

Wow, thanks so much for your replies.

Il Mer 20 Ott 2021, 00:12 Ivano Da Milano <18101982.ia@gmail.com> ha
scritto:

> Hello everyone.
> Please, be patient, as I'm totally new to emacs, but I'm told it can do a
> lot more than just editing text.
> So, I ask you, are the following possible?
> And how to accomplish? (if possible, point me to a ready solution, because
> I know nearly nothing about lisp)
>
> [un]zip/tar/rar/etc archives
> ASCII Art - from image, but IIRC, there's an ASCII based paint program
> Batch rename
> Browser (like Lynx)
> Scientific calculator
> Calendar
> Contacts manager
> DBMS (SQL Client)
> Diff/patch
> File manager (like Midnight Commander)
> FTP Client
> Id3 tag editor
> IRC client
> Mail client
> MIDI/Music Player
> OffLine browser (like HTTrack)
> random password generator
> Project management
> Speech recognition
> Spreadsheet (like sc)
> System clean
> Task manager (like top)
> Torrent
> Transcoder (with FFMPeg)
> TTS (with eSpeak)
> Volume mixer (like AlsaMixer)
> Wave editor (with SoX)
>
> Thanks in advance for any help.
>

Re: Noob dumb question (extending emacs)

[H. Dieter Wilhelm]

Hello Ivano

Gnu-Emacs can do a lot for you and often it can be accomplished in
multiple ways or with multiple packages.

I suggest to tackle one of your tasks after another and coming back with
more concrete questions.

By the way, on which OS is your Emacs running?

   Dieter

Ivano Da Milano <18101982.ia@gmail.com> writes:

> Hello everyone.
> Please, be patient, as I'm totally new to emacs, but I'm told it can do a
> lot more than just editing text.
> So, I ask you, are the following possible?
> And how to accomplish? (if possible, point me to a ready solution, because
> I know nearly nothing about lisp)
>
> [un]zip/tar/rar/etc archives
> ASCII Art - from image, but IIRC, there's an ASCII based paint program
> Batch rename
> Browser (like Lynx)
> Scientific calculator
> Calendar
> Contacts manager
> DBMS (SQL Client)
> Diff/patch
> File manager (like Midnight Commander)
> FTP Client
> Id3 tag editor
> IRC client
> Mail client
> MIDI/Music Player
> OffLine browser (like HTTrack)
> random password generator
> Project management
> Speech recognition
> Spreadsheet (like sc)
> System clean
> Task manager (like top)
> Torrent
> Transcoder (with FFMPeg)
> TTS (with eSpeak)
> Volume mixer (like AlsaMixer)
> Wave editor (with SoX)
>
> Thanks in advance for any help.
>

-- 
Best wishes
H. Dieter Wilhelm
Zwingenberg, Germany

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

H. Dieter Wilhelm wrote:

> Gnu-Emacs can do a lot for you and often it can be
> accomplished in multiple ways or with multiple packages.

Gnu-Emacs haha :) But yes ...

> I suggest to tackle one of your tasks after another and
> coming back with more concrete questions.

Start by editing files ...

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Marcin Borkowski]

On 2021-10-20, at 02:36, Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> wrote:

>> Id3 tag editor
>
> Don't know ...

Available via EMMS.

>> random password generator
>
> Write it yourself in Elisp - in the unlikely even no one did
> it already ...

Or call a CLI one.

>> Project management
>
> org-mode ... or text-mode ... or mhtml-mode

Also, there are packages supporting existing cloud-based solutions (if
you're into them), often via Org-mode.

Best,

-- 
Marcin Borkowski
http://mbork.pl

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Ivano Da Milano <18101982.ia@gmail.com> [2021-10-20 08:47]:
> Hello everyone.
> Please, be patient, as I'm totally new to emacs, but I'm told it can do a
> lot more than just editing text.
> So, I ask you, are the following possible?
> And how to accomplish? (if possible, point me to a ready solution, because
> I know nearly nothing about lisp)

You should use command:

M-x package-list-packages

To see the available Emacs packages and browse within them to find
anything you need or like.

> [un]zip/tar/rar/etc archives

When in Dired mode, you can press `Z' and pray it will do what you
want.

> ASCII Art - from image, but IIRC, there's an ASCII based paint
> program

M-x artist-mode

> Batch rename

in shell `rename'

see: M-x man RET rename RET

> Browser (like Lynx)

M-s M-w to launch `eww' Emacs browser. 

> Scientific calculator

M-x calc

> Calendar

M-x calendar

> Contacts manager

RCD Notes for Emacs
https://hyperscope.link/3/7/1/5/5/RCD-Notes-for-Emacs-37155.html

Managing 226147 contacts, relations and 16160 accounts like groups and
companies with it.
 
> DBMS (SQL Client)

M-x sql-postgres or other sql- commands

emacs-libpq @ Github
https://github.com/anse1/emacs-libpq

> Diff/patch

M-x diff

> File manager (like Midnight Commander)

C-x C-f

if you need Midnight Commander, then after C-x C-f:

C-x 3

> FTP Client

C-x C-f RET /ftp:server:/directory

> Id3 tag editor

id3v2 system command

> IRC client

M-x irc

> Mail client

https://www.mutt.org you can run it in Emacs M-x term

> MIDI/Music Player

In Dired, use & and customize variable `dired-guess-shell-alist-user'

> OffLine browser (like HTTrack)

Httrack

> random password generator

https://gnu.support/gnu-emacs/packages/rcd-password-el.html

> Project management

Evaluate: (info "(emacs) Projects")

> Speech recognition

M-x doctor

after a while it starts recognizing speech...

> Spreadsheet (like sc)

M-x ses-mode

or

$ gnumeric

> System clean

Use system `sweeper'

> Task manager (like top)

M-x proced

> Torrent

M-& aria2c "magnet:your-favorite-link"

> Transcoder (with FFMPeg)

I use what I made, and I convert videos for Internet:

First: https://gnu.support/gnu-emacs/packages/rcd-utilities-el.html

(defun video-mime-type-p (file)
  "Determines mime type of video"
  (let ((mime-type (rcd-mime-type file)))
    (if (string-match "video" mime-type) file nil)))

(defun video2webm-dired ()
  "Converts any video to webm"
  (interactive)
  (let* ((bitrate (read-number "Bitrate: " 300))
	 (videos (dired-get-marked-files))
	 (videos (mapcar 'video-mime-type-p videos))
	 (videos (seq-remove 'null videos))
	 (async-shell-command-buffer 'new-buffer)
	 (command (format "ffmpeg -y -i `?` -c:v libvpx-vp9 -b:v %sk -pass 1 -passlogfile `?` -speed 4 -c:a libopus -f webm /dev/null -async 1 -vsync passthrough && ffmpeg -y -i `?` -c:v libvpx-vp9 -b:v %sk -pass 2 -passlogfile `?` -speed 1 -c:a libopus \`?`.webm -async 1 -vsync passthrough && rm `?`-0.log;" bitrate bitrate)))
    (dired-do-async-shell-command command nil videos)))

> TTS (with eSpeak)

See: https://gnu.support/gnu-emacs/packages/rcd-utilities-el.html

> Volume mixer (like AlsaMixer)

(global-set-key (kbd "<XF86AudioLowerVolume>") 'emms-volume-lower)
(global-set-key (kbd "<XF86AudioRaiseVolume>") 'emms-volume-raise)

> Wave editor (with SoX)

kwave

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-20 09:02]:
> > Mail client
> 
> There are several ... Rmail (written and used to this day by
> RSM) and Gnus (which is much more advanced, powerful, and
> generally recommended for mails from/with Emacs).

Gnus is also excellent as a predisposition to other packages. Like
when it does not do what is expected, just run M-x doctor and
eventually get saved from suicidal thoughts.


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

> M-x package-list-packages
>
> To see the available Emacs packages and browse within them
> to find anything you need or like.

You will see ELPA that way and with this MELPA as well:

  (push '("melpa" . "https://melpa.org/packages/") package-archives)

But there are many more packages out there ...

>> File manager (like Midnight Commander)
>
> C-x C-f
>
> if you need Midnight Commander, then after C-x C-f:
>
> C-x 3

HA! Bravo ...

> M-x irc

That way you get Rcirc ... not recommended, use ERC.

>> random password generator
>
> https://gnu.support/gnu-emacs/packages/rcd-password-el.html

You can improve that code a lot ...

>> Speech recognition
>
> M-x doctor
>
> after a while it starts recognizing speech...

:)

> I use what I made, and I convert videos for Internet:
>
> First: https://gnu.support/gnu-emacs/packages/rcd-utilities-el.html
>
> (defun video-mime-type-p (file)
>   "Determines mime type of video"
>   (let ((mime-type (rcd-mime-type file)))
>     (if (string-match "video" mime-type) file nil)))
>
> (defun video2webm-dired ()
>   "Converts any video to webm"
>   (interactive)
>   (let* ((bitrate (read-number "Bitrate: " 300))
> 	 (videos (dired-get-marked-files))
> 	 (videos (mapcar 'video-mime-type-p videos))
> 	 (videos (seq-remove 'null videos))
> 	 (async-shell-command-buffer 'new-buffer)
> 	 (command (format "ffmpeg -y -i `?` -c:v libvpx-vp9 -b:v %sk -pass 1 -passlogfile `?` -speed 4 -c:a libopus -f webm /dev/null -async 1 -vsync passthrough && ffmpeg -y -i `?` -c:v libvpx-vp9 -b:v %sk -pass 2 -passlogfile `?` -speed 1 -c:a libopus \`?`.webm -async 1 -vsync passthrough && rm `?`-0.log;" bitrate bitrate)))
>     (dired-do-async-shell-command command nil videos)))

:)

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

>>> Mail client
>> 
>> There are several ... Rmail (written and used to this day
>> by RSM) and Gnus (which is much more advanced, powerful,
>> and generally recommended for mails from/with Emacs).
>
> Gnus is also excellent as a predisposition to other
> packages. Like when it does not do what is expected, just
> run M-x doctor and eventually get saved from
> suicidal thoughts.

But ... I thought you went to eat fruit by the ocean with swim
girls when that happens?

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-20 11:23]:
> > M-x irc
> 
> That way you get Rcirc ... not recommended, use ERC.

M-x irc works so fine.

When was last time you tried it out?

And I use XMPP chat, jabber.el all day and manage teams in few
countries with it.

> >> random password generator
> >
> > https://gnu.support/gnu-emacs/packages/rcd-password-el.html
> 
> You can improve that code a lot ...

For now it just works, it pass so far 100% of websites asking for
passwords and in connection with RCD Notes, passwords are stored in
the database. It looks like this:

                   ID    25
         Date created              "2021-03-22 16:30:25.728468"
        Date modified               "2021-04-11 15:11:15.905016"
         User created              "myuser"
        User modified               "myuser"
        Password type               "WWW Host"
       Person related                "Jean Louis"
            Host name           "bugs.amule.org"
             Username          "muusername"
               E-mail        "my@example.com"
             Password          "\\xc30d040703025a11da979548a7bc60d24001f2e1f625056df45e9871e6e3a2a14735b878b2611c761b255adf9fbffc11be090fd0c1cb2b145bd6d05890c6a7e8dd1fa3bc3d20e3de64e9ccd124535e3451"
          Description             nil

> >> Speech recognition
> >
> > M-x doctor
> >
> > after a while it starts recognizing speech...
> 
> :)

I knew you will understand it.


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Ivano Da Milano]

Il Mer 20 Ott 2021, 02:36 Emanuel Berg via Users list for the GNU Emacs
text editor <help-gnu-emacs@gnu.org> ha scritto:

> Re: Noob dumb question (extending emacs)
> Ivano Da Milano wrote:
>
> > [un]zip/tar/rar/etc archives
>
> archive-mode
>
> > ASCII Art - from image, but IIRC, there's an ASCII based
> > paint program
>
> artist-mode
>
> > Batch rename
>
> I'm not sure exactly what you mean, but it is possible, either
> directly from Elisp or some solution/combination with/from
> Dired and/or the shell ...
>

I mean renaming files all at once, applying string manipulation to the file
name

> Browser (like Lynx)
>
> Emacs-w3m (3rd party, based on w3m) or the built-in eww.
> Emacs-w3m is a Japanese project BTW, eww is from Norway
> I guess :)
>
> > Calendar
> > DBMS (SQL Client)
> > Diff/patch
> > MIDI/Music Player
> > Scientific calculator
> > Spreadsheet (like sc)
>
> Available  ...
>
> > Contacts manager
>
> ~/.mailrc
>
> > File manager (like Midnight Commander)
>
> Dired is what I and a lot of people use ... and while
> Midnight Commander is an orthodox file manager (an OFS) Dired
> is a directory editor, "[a] term that predates the usage of
> file manager". The first year they mention on the Wikipedia
> page [1] is 1974 for dired and 1984 for OFS, so that's
> a decade already ...
>
> > FTP Client
> > Id3 tag editor
>
> Don't know ...
>
> > IRC client
>
> ERC
>
> > Mail client
>
> There are several ... Rmail (written and used to this day by
> RSM) and Gnus (which is much more advanced, powerful, and
> generally recommended for mails from/with Emacs).
> In particular Gnus with Gmane for mailing lists! As the saying
> goes, "Gnus is to Emacs users what Emacs is to computer
> users".
>
> > OffLine browser (like HTTrack)
>
> You need/want a special browser for that?
>

Not sure about this


> > random password generator
>
> Write it yourself in Elisp - in the unlikely even no one did
> it already ...
>
> > Project management
>
> org-mode ... or text-mode ... or mhtml-mode
>
> > Speech recognition
> > System clean
> > Task manager (like top)
> > Torrent
> > Transcoder (with FFMPeg)
> > TTS (with eSpeak)
> > Volume mixer (like AlsaMixer)
> > Wave editor (with SoX)
>
> Not that I know of but you can execute any shell tool from one
> of the shell modes or terminal emulators ...
>
> [1] https://en.wikipedia.org/wiki/Orthodox_file_manager
>
> --
> underground experts united
> https://dataswamp.org/~incal
>
>
>

Re: Noob dumb question (extending emacs)

[H. Dieter Wilhelm]

Marcin Borkowski <mbork@mbork.pl> writes:

>>> random password generator
>> Write it yourself in Elisp - in the unlikely even no one did
>> it already ...
> Or call a CLI one.

I'm using org-passwords

    Dieter

-- 
Best wishes
H. Dieter Wilhelm
Zwingenberg, Germany

Fwd: Noob dumb question (extending emacs)

[Ivano Da Milano]

Sorry, sent to wrong address

---------- Forwarded message ---------
Da: Ivano Da Milano <18101982.ia@gmail.com>
Date: Mer 20 Ott 2021, 20:30
Subject: Re: Noob dumb question (extending emacs)
To: H. Dieter Wilhelm <dieter@duenenhof-wilhelm.de>


Yes, I have a Samsung Galaxy S9+, with "hacker's keyboards" app, and, when
at home, I use it in DeX with mouse+keyboard

Il Mer 20 Ott 2021, 20:22 H. Dieter Wilhelm <dieter@duenenhof-wilhelm.de>
ha scritto:

> Ivano Da Milano <18101982.ia@gmail.com> writes:
>
> >>  By the way, on which OS is your Emacs running?
> >
> > I bet you won't believe me. Android + Termux
>
> I believe you, since I also ran Emacs under Termux just to SEE Emacs on
> my phone and a tablet! ;-) But without a keyboard I'm lost.  You
> probably are running Android with better hardware, larger screen and a
> keyboard, I assume.  At least I hope it for you...
>
> Have fun
>
>     Dieter
>
> --
> Best wishes
> H. Dieter Wilhelm
> Zwingenberg, Germany
>

Re: Noob dumb question (extending emacs)

[Tassilo Horn]

Ivano Da Milano <18101982.ia@gmail.com> writes:

>> > Batch rename
>>
>> I'm not sure exactly what you mean, but it is possible, either
>> directly from Elisp or some solution/combination with/from
>> Dired and/or the shell ...
>
> I mean renaming files all at once, applying string manipulation to the
> file name

Dired can rename files matched by a regexp, and use \N in the
replacement to insert the string matched by the N-th group of the
regexp, and there are also many other file transformations, see (info
"(emacs) Transforming File Names").

Or even better: you can make a dired buffer writable and just edit what
you are seeing there, i.e., filenames, and permissions, see (info
"(emacs) Wdired").  Of course, you can also use keyboard macros when
doing so, see (info "(emacs) Keyboard Macros").

Bye,
Tassilo

Re: Noob dumb question (extending emacs)

[Ken Goldman]

On 10/20/2021 1:10 PM, Ivano Da Milano wrote:
>>> Batch rename
>> I'm not sure exactly what you mean, but it is possible, either
>> directly from Elisp or some solution/combination with/from
>> Dired and/or the shell ...
>>
> I mean renaming files all at once, applying string manipulation to the fi

wdired-mode  calls up the directory editor.  From there you have
all the usual find and replace features.  You can also change protections
and the timestamp.

Re: Noob dumb question (extending emacs)

[Ivano Da Milano]

Guys, thanks so much everyone for the replies. I appreciate this very much
=)

Il Mer 20 Ott 2021, 20:58 Ken Goldman <kgoldman@us.ibm.com> ha scritto:

> On 10/20/2021 1:10 PM, Ivano Da Milano wrote:
> >>> Batch rename
> >> I'm not sure exactly what you mean, but it is possible, either
> >> directly from Elisp or some solution/combination with/from
> >> Dired and/or the shell ...
> >>
> > I mean renaming files all at once, applying string manipulation to the fi
>
> wdired-mode  calls up the directory editor.  From there you have
> all the usual find and replace features.  You can also change protections
> and the timestamp.
>
>
>
>

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Ivano Da Milano <18101982.ia@gmail.com> [2021-10-20 20:12]:
> I mean renaming files all at once, applying string manipulation to the file
> name

C-x C-w to enter wdired mode, or M-x wdired-change-to-wdired-mode and
then:

M-% will do string replacement.


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Ivano Da Milano]

I tried your suggestions, I only had troubles with these:
- RCDNotes
- org-passwords
- aria2c
- ses-mode
Also tried looking in packages (M-x package-list-packages, then M-x
myQuery), no luck

Il Gio 21 Ott 2021, 02:55 Jean Louis <bugs@gnu.support> ha scritto:

> * Ivano Da Milano <18101982.ia@gmail.com> [2021-10-20 20:12]:
> > I mean renaming files all at once, applying string manipulation to the
> file
> > name
>
> C-x C-w to enter wdired mode, or M-x wdired-change-to-wdired-mode and
> then:
>
> M-% will do string replacement.
>
>
> --
> Jean
>
> Take action in Free Software Foundation campaigns:
> https://www.fsf.org/campaigns
>
> In support of Richard M. Stallman
> https://stallmansupport.org/
>

Re: Noob dumb question (extending emacs)

[H. Dieter Wilhelm]

Ivano Da Milano <18101982.ia@gmail.com> writes:

> I tried your suggestions, I only had troubles with these:
> - org-passwords

M-x list-packages
C-s org-plus-contrib
i
x

        :-)

-- 
Best wishes
H. Dieter Wilhelm
Zwingenberg, Germany

Re: Noob dumb question (extending emacs)

[Ivano Da Milano]

No results

Il Gio 21 Ott 2021, 09:40 H. Dieter Wilhelm <dieter@duenenhof-wilhelm.de>
ha scritto:

> Ivano Da Milano <18101982.ia@gmail.com> writes:
>
> > I tried your suggestions, I only had troubles with these:
> > - org-passwords
>
> M-x list-packages
> C-s org-plus-contrib
> i
> x
>
>         :-)
>
> --
> Best wishes
> H. Dieter Wilhelm
> Zwingenberg, Germany
>

Re: Noob dumb question (extending emacs)

[H. Dieter Wilhelm]

Ivano Da Milano <18101982.ia@gmail.com> writes:

> No results

Coulnd't you find org-plus-contrib?

> Il Gio 21 Ott 2021, 09:40 H. Dieter Wilhelm <dieter@duenenhof-wilhelm.de>
> ha scritto:
>
>> Ivano Da Milano <18101982.ia@gmail.com> writes:
>>
>> > I tried your suggestions, I only had troubles with these:
>> > - org-passwords
>>
>> M-x list-packages
>> C-s org-plus-contrib
>> i
>> x
>>
>>         :-)
>>
>> --
>> Best wishes
>> H. Dieter Wilhelm
>> Zwingenberg, Germany
>>
>

-- 
Best wishes
H. Dieter Wilhelm
Zwingenberg, Germany

Re: Noob dumb question (extending emacs)

[Ivano Da Milano]

No, indeed

Il Gio 21 Ott 2021, 18:03 H. Dieter Wilhelm <dieter@duenenhof-wilhelm.de>
ha scritto:

> Ivano Da Milano <18101982.ia@gmail.com> writes:
>
> > No results
>
> Coulnd't you find org-plus-contrib?
>
> > Il Gio 21 Ott 2021, 09:40 H. Dieter Wilhelm <dieter@duenenhof-wilhelm.de
> >
> > ha scritto:
> >
> >> Ivano Da Milano <18101982.ia@gmail.com> writes:
> >>
> >> > I tried your suggestions, I only had troubles with these:
> >> > - org-passwords
> >>
> >> M-x list-packages
> >> C-s org-plus-contrib
> >> i
> >> x
> >>
> >>         :-)
> >>
> >> --
> >> Best wishes
> >> H. Dieter Wilhelm
> >> Zwingenberg, Germany
> >>
> >
>
> --
> Best wishes
> H. Dieter Wilhelm
> Zwingenberg, Germany
>

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Ivano Da Milano <18101982.ia@gmail.com> [2021-10-21 08:29]:
> I tried your suggestions, I only had troubles with these:
> - RCDNotes

That I can understand. Package need my help to be installed
fully. First emacs-libpq module, then some files.

> - org-passwords

Is on website.

> - aria2c

That is external command, command line tool to download torrent or
magnet links or other links.

> - ses-mode

Well you have to read manual on that.

> Also tried looking in packages (M-x package-list-packages, then M-x
> myQuery), no luck

There are many packages not in any of ELPA.

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Ivano Da Milano wrote:

>> > Batch rename
>>
>> I'm not sure exactly what you mean, but it is possible,
>> either directly from Elisp or some solution/combination
>> with/from Dired and/or the shell ...
>
> I mean renaming files all at once, applying string manipulation to the file
> name

All or almost all shell CLI tools that work on files are
"batch" - or should be ...

But as has been mentioned, the usual answer would be
rename(1p) - "p" as in Perl, or the "User Contributed Perl
Documentation".

>> > OffLine browser (like HTTrack)
>>
>> You need/want a special browser for that?
>
> Not sure about this

I'd like my ordinary browser since I'm accustomed to that and
have it configured the way I want, it doesn't matter if what
is being browsed is a file received from a web server or is
a local file I have on disk ...

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

>>> M-x irc
>> 
>> That way you get Rcirc ... not recommended, use ERC.
>
> M-x irc works so fine.

I hope so :)

But I think ERC is more powerful and now (it wasn't always
like that) it seems to have a very active little team of
developers working on it at a very high skill level!

There was a time I always cross-posted ERC matters to
gmane.emacs.erc.general and gmane.emacs.help since no one ever
replied on gmane.emacs.erc.general anyway ... not so
anymore! Good.

BTW maybe ERC should be invoked on M-x irc RET ?

> When was last time you tried it out?

Such things aren't logged as that would impose a
huge overhead ...

> And I use XMPP chat, jabber.el all day and manage teams in
> few countries with it.

Okay, what do these teams do?

> For now it just works

But Lisp is an elitist language ...

> with RCD Notes

What is RCD?

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[H. Dieter Wilhelm]

Jean Louis <bugs@gnu.support> writes:

>> - org-passwords
> Is on website.

Right: https://bitbucket.org/alfaromurillo/org-passwords.el

It was in the org-contrib repo but they kicked it this year because it
seems that it is, sadly, not maintained any longer (last commit in
2019).

   Dieter

-- 
Best wishes
H. Dieter Wilhelm
Zwingenberg, Germany

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

H. Dieter Wilhelm wrote:

>>> org-passwords
>>
>> Is on website.
>
> Right: https://bitbucket.org/alfaromurillo/org-passwords.el
>
> It was in the org-contrib repo but they kicked it this year
> because it seems that it is, sadly, not maintained any
> longer (last commit in 2019).

But if it works and is useful no need to kick it out, still.

Generally speaking that is, I don't know what it is or is
supposed to do or if indeed not br0ken ...

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[H. Dieter Wilhelm]

Emanuel Berg via Users list for the GNU Emacs text editor
<help-gnu-emacs@gnu.org> writes:

> H. Dieter Wilhelm wrote:
>
>>>> org-passwords
>>>
>>> Is on website.
>>
>> Right: https://bitbucket.org/alfaromurillo/org-passwords.el
>>
>> It was in the org-contrib repo but they kicked it this year
>> because it seems that it is, sadly, not maintained any
>> longer (last commit in 2019).
>
> But if it works and is useful no need to kick it out, still.

I didn't quite understood their argument in 
https://elpa.nongnu.org/nongnu/org-contrib.html

> Generally speaking that is, I don't know what it is or is
> supposed to do or if indeed not br0ken ...

https://github.com/AndreaCrotti/org-passwords/blob/master/org-passwords.el

it requires an external password generator (per default Gnu-Linux' pwgen)

It's working perfectly for me, e.g. (org-passwords-random-password)

     Dieter

Re: Noob dumb question (extending emacs)

[Jean Louis]

* H. Dieter Wilhelm <dieter@duenenhof-wilhelm.de> [2021-10-22 10:00]:
> it requires an external password generator (per default Gnu-Linux' pwgen)

Emacs Lisp is good enough to generate passwords just like `pwgen', on
my side it is:

(rcd-password) ⇒ "hGsdfHH&3KwIuhy7DvO{"

From https://gnu.support/gnu-emacs/packages/rcd-password-el.html


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

>> it requires an external password generator (per default
>> Gnu-Linux' pwgen)
>
> Emacs Lisp is good enough to generate passwords just like
> `pwgen'

Are there some agreed-upon, formal requirements to
a password generator?

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Yuri Khan]

On Fri, 22 Oct 2021 at 19:56, Emanuel Berg via Users list for the GNU
Emacs text editor <help-gnu-emacs@gnu.org> wrote:

> > Emacs Lisp is good enough to generate passwords just like
> > `pwgen'
>
> Are there some agreed-upon, formal requirements to
> a password generator?

The first rule of password generators is to use a crypto quality
randomness generator. Which, as far as I can tell, Elisp’s ‘random’ is
not, at least unless you do a ‘(random t)’ first. And maybe not even
then.

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-22 15:57]:
> Jean Louis wrote:
> 
> >> it requires an external password generator (per default
> >> Gnu-Linux' pwgen)
> >
> > Emacs Lisp is good enough to generate passwords just like
> > `pwgen'
> 
> Are there some agreed-upon, formal requirements to
> a password generator?

Out of 4540 passwords maintained in my computer and demands by
websites, I can conclude that passwords shall:

- be very random, not similar to any dictionary words;
- have mixture of upper and lower letters;
- include some numbers;
- include special symbols like & or %

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Yuri Khan <yuri.v.khan@gmail.com> [2021-10-22 16:16]:
> On Fri, 22 Oct 2021 at 19:56, Emanuel Berg via Users list for the GNU
> Emacs text editor <help-gnu-emacs@gnu.org> wrote:
> 
> > > Emacs Lisp is good enough to generate passwords just like
> > > `pwgen'
> >
> > Are there some agreed-upon, formal requirements to
> > a password generator?
> 
> The first rule of password generators is to use a crypto quality
> randomness generator. Which, as far as I can tell, Elisp’s ‘random’ is
> not, at least unless you do a ‘(random t)’ first. And maybe not even
> then.

For people interested, manual explains about randomity:
(info "(elisp) Random Numbers")

How I understand it, than it may be that neither `pwgen' is generating
truly random numbers. 

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Yuri Khan]

On Sat, 23 Oct 2021 at 00:55, Jean Louis <bugs@gnu.support> wrote:

> For people interested, manual explains about randomity:
> (info "(elisp) Random Numbers")
>
> How I understand it, than it may be that neither `pwgen' is generating
> truly random numbers.

Inspecting the source shows pwgen uses /dev/urandom if available, and
/dev/random otherwise, and all bytes of the password come from one of
those sources. These are

On the other hand, the manual for Emacs ‘random’ says:

    A deterministic computer program cannot generate true random numbers.
    For most purposes, “pseudo-random numbers” suffice.

Spoiler: secure password generation is not one of those purposes.

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Yuri Khan wrote:

>>> Emacs Lisp is good enough to generate passwords just like
>>> `pwgen'
>>
>> Are there some agreed-upon, formal requirements to
>> a password generator?
>
> The first rule of password generators is to use a crypto
> quality randomness generator. Which, as far as I can tell,
> Elisp’s ‘random’ is not, at least unless you do a ‘(random
> t)’ first. And maybe not even then.

Okay, but how do one tell for sure?

And, if it isn't good enough, how do we improve it and in
what sense?

Because, as the saying goes, random numbers are too important
to be left to chance ...

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Yuri Khan]

(Sorry for the previous unfinished email.)

On Sat, 23 Oct 2021 at 00:55, Jean Louis <bugs@gnu.support> wrote:

> For people interested, manual explains about randomity:
> (info "(elisp) Random Numbers")
>
> How I understand it, than it may be that neither `pwgen' is generating
> truly random numbers.

Inspecting the source shows pwgen uses /dev/urandom if available, and
/dev/random otherwise, and all bytes of the password come from one of
those sources. These are as random as you can get and use thermal
noise in your HDD as one of the sources of randomness.

On the other hand, the manual for Emacs ‘random’ says:

    A deterministic computer program cannot generate true random numbers.
    For most purposes, “pseudo-random numbers” suffice.

Spoiler: secure password generation is not one of those purposes.

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

> For people interested, manual explains about randomity:
> (info "(elisp) Random Numbers")
>
> How I understand it, than it may be that neither `pwgen' is
> generating truly random numbers.

Truly random numbers, as you say, cannot be generated since
computers are deterministic by nature and definition, and
that's a good thing.

Maybe quantum computers can do it?

For practical purposes it should be random enough as it is,
I think.

Or that's my superficial understanding of it anyway ...

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

> Out of 4540 passwords maintained in my computer and demands
> by websites, I can conclude that passwords shall:
>
> - be very random, not similar to any dictionary words

Right, since a brute force attack would (1) iterate such
existing dictionaries and those are a small subset of all
possible passwords, yet if allowed, people would still use
them, and more often so than any (to a human) meaningless
combination of chars, so not only would it (2) decrease the
search space, it would (3) increase the likelihood of a hit in
that, already diminished space ...

That is, it will be easier to carry out a brute force attack
(point 1), and the likelihood of success will increase (points
2 and 3).

Technically the search space wouldn't be decreased, on the
contrary by disallowing such words, THAT will decrease it, but
because of human behavior ... its a decrease that will be
an increase!

> - have mixture of upper and lower letters;
> - include some numbers;
> - include special symbols like & or %

Well, this will increase the search space size. But just
because it looks more cr%pt1C to a human doesn't mean it is
necessarily more difficult for a computer since it will just
iterate all possible chars ... However the bigger the space ->
the more attempts -> the more computing power and/or time will
be necessary.

The search space size is easy enough to calculate, if the
allowed alphabet (chars) are A = {a ... o} and the min
password length is n and the max is m (so n <= m), then the
number of combinations, i.e. the search space size, would be
... |A|**n + ... + |A|**i + ... + |A|**m for all integers
i that are n < i < m (and including the endpoints n and m,
this can be put in math using the big sigma, for summation,
and below it, initialization, here i = n, above it, where the
loop stops if you will, here m, yes inclusive).

The math behind it is called combinatorics and is a branch of
math that is very easy to a programmer's mind I'd say :) (I
hope I won't regret having said that :P)

Now, if one doesn't rely on passwords at all, the brute force
attack guess it won't ever succeed ...

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Yuri Khan wrote:

> On the other hand, the manual for Emacs ‘random’ says:
>
>   A deterministic computer program cannot generate true random numbers.
>   For most purposes, “pseudo-random numbers” suffice.
>
> Spoiler: secure password generation is not one of
> those purposes.

Okay, but how does it happen them?

Roll the dice on 5 continents and add the extra 2 just
in case?

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Yuri Khan wrote:

> Inspecting the source shows pwgen uses /dev/urandom if
> available, and /dev/random otherwise, and all bytes of the
> password come from one of those sources. These are as random
> as you can get and use thermal noise in your HDD as one of
> the sources of randomness.

Clever! Cool.

Can't `random' do the same?

Or add a separate `random-linux' perhaps ...

Or is that what the option does?

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Yuri Khan <yuri.v.khan@gmail.com> [2021-10-22 21:52]:
> On Sat, 23 Oct 2021 at 00:55, Jean Louis <bugs@gnu.support> wrote:
> 
> > For people interested, manual explains about randomity:
> > (info "(elisp) Random Numbers")
> >
> > How I understand it, than it may be that neither `pwgen' is generating
> > truly random numbers.
> 
> Inspecting the source shows pwgen uses /dev/urandom if available, and
> /dev/random otherwise, and all bytes of the password come from one of
> those sources. These are
> 
> On the other hand, the manual for Emacs ‘random’ says:
> 
>     A deterministic computer program cannot generate true random numbers.
>     For most purposes, “pseudo-random numbers” suffice.
> 
> Spoiler: secure password generation is not one of those purposes.

That only when looking from the viewpoint of perfection. 

We could even go further and say that computers were not meant
initially to store any data, and safe storage of data requires
professional engineering and safety. 

But people do store data on computers. And hard disks fail all the
time.

Absolutes are not attainable and practically any LISP can generate
passwords just as many other random outcomes.

What matters is practicality. Can a program generate a practical
random password? If answer is YES, it is useful.

For huge majority of users it does not matter neither they can know
that passwords have their seeds or that they are not truly random.


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Yuri Khan <yuri.v.khan@gmail.com> [2021-10-22 21:56]:
> (Sorry for the previous unfinished email.)
> 
> On Sat, 23 Oct 2021 at 00:55, Jean Louis <bugs@gnu.support> wrote:
> 
> > For people interested, manual explains about randomity:
> > (info "(elisp) Random Numbers")
> >
> > How I understand it, than it may be that neither `pwgen' is generating
> > truly random numbers.
> 
> Inspecting the source shows pwgen uses /dev/urandom if available, and
> /dev/random otherwise, and all bytes of the password come from one of
> those sources. These are as random as you can get and use thermal
> noise in your HDD as one of the sources of randomness.

Which tells me Emacs Lisp could have access to such data and set the
seed quite randomly practically:

- I have noticed that file "/proc/pressure/io" is constantly
  changing, could not find temperature stuff now, thus:

(defun first-line-of-file (file)
  (with-temp-buffer
    (insert-file-contents file)
    (substring (buffer-string) 0 (string-match "\n" (buffer-string)))))

(let ((line (first-line-of-file "/proc/pressure/io")))
  ;; Now set random seed:
  (random line)
  ;; Now generate random password
  (rcd-password)) ⇒ "TMqVMJiT(JKR1^8uLYzT"

You say that passwords are not really random and Emacs Lisp is
not made for that.

I say that passwords can be generated practically to be random
for the user from the users' viewpoint, and it is evident.

If you can predict the password I am generating it will become
evident that passwords are not truly random. Until then... they
are random. ;-)


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[H. Dieter Wilhelm]

Jean Louis <bugs@gnu.support> writes:

> You say that passwords are not really random and Emacs Lisp is
> not made for that.

I've an idea, why not using the hashes of Emacs commits for lisp files?
d9de0a58744d5d8f0b23a1bd4c42a0b8e4829e25 so we have both something lispy
AND random! ;-) Just joking

> I say that passwords can be generated practically to be random
> for the user from the users' viewpoint, and it is evident.

I agree

  Dieter

-- 
Best wishes
H. Dieter Wilhelm
Zwingenberg, Germany

Re: Noob dumb question (extending emacs)

[Michael Heerdegen]

Yuri Khan <yuri.v.khan@gmail.com> writes:

>     A deterministic computer program cannot generate true random numbers.
>     For most purposes, “pseudo-random numbers” suffice.
>
> Spoiler: secure password generation is not one of those purposes.

If you use Emacs' `random' to generate a password, an attacker would
need to have access to your system to predict the result.  He would at
least have to know exactly when you started your Emacs session (that
time is used to generate the seed).  Or he would need much more
pseudo-random numbers from you.

Without any of these, no chance to guess, because there are too many
possible pseudo-random numbers when you don't know at which position in
the sequence the generator started.

But if the attacker already has access to your session, he can just
steal the password out of your Emacs session or system clipboard or take
a screenshot or whatever.

So I don't see a problem here.  Or am I missing something?

Michael.

Re: Noob dumb question (extending emacs)

[Yuri Khan]

On Sat, 23 Oct 2021 at 15:41, Michael Heerdegen
<michael_heerdegen@web.de> wrote:
> > Spoiler: secure password generation is not one of those purposes.
>
> If you use Emacs' `random' to generate a password, an attacker would
> need to have access to your system to predict the result.  He would at
> least have to know exactly when you started your Emacs session (that
> time is used to generate the seed).  Or he would need much more
> pseudo-random numbers from you.
>
> Without any of these, no chance to guess, because there are too many
> possible pseudo-random numbers when you don't know at which position in
> the sequence the generator started.

The position in the sequence, aka the random seed, contains a certain
number of bits. In Emacs, as far as I can tell, best case, the random
seed is 48 bits. Which means, no matter how long a password you (the
user) generate, it still contains only 48 bits of entropy. Whereas
with ‘pwgen’ you get more entropy as you generate a longer password.

An attacker might have access to one or more passwords you generate
before and/or after the password the attacker is interested in, e.g.
by being one of the entities you have an account with, or by
possessing a leaked database of user information from a compromised
service.

(It is also customary, when discussing security, to assume the
attacker knows exactly the algorithms you use.)


It is okay to generate your own passwords using a weak generator if
you are aware of that and deem the risk insignificant.

It is okay to offer a library for password generation using a weak
generator to other people, as long as they are aware and deem the risk
insignificant.

It is *not* okay to offer a library for password generation using a
weak generator to other people without explaining its entropy
characteristics so that they could assess their risk.

Re: Noob dumb question (extending emacs)

[Yuri Khan]

On Sat, 23 Oct 2021 at 04:35, Jean Louis <bugs@gnu.support> wrote:

> - I have noticed that file "/proc/pressure/io" is constantly
>   changing, could not find temperature stuff now, thus:

“Constantly changing” does not mean it is a reliable source of
randomness (entropy).

Also, the word “pressure” there does not refer to any physical
processes. In context, it is a metaphor, referring to the concurrent
processes in your computer competing for a resource, in this case, the
input/output system.

Anyway:

    $ cat /proc/pressure/io
    some avg10=0.00 avg60=0.00 avg300=0.05 total=313213969
    full avg10=0.00 avg60=0.00 avg300=0.04 total=238002455

    $ cat /proc/pressure/io
    some avg10=0.13 avg60=1.09 avg300=1.08 total=318142202
    full avg10=0.13 avg60=0.98 avg300=0.97 total=242407828

What we have here is some constant text that does not contribute to
randomness in any way, and a few decimal numbers. A single sampling
gives you 36 digits. 3 decimal digits ≈ 10 bits, so you could estimate
120 bits which would be considered a fair amount of entropy.

However, if you sample it repeatedly, as you would when generating a
number of passwords, you can observe they are not completely
independent. The moving averages over 10/60/300 seconds are continuous
functions, i.e. the next sample is a value reasonably close to the
previous; and the total is a monotonically and not very rapidly rising
function, so the next sample is equal to the previous plus a small
value. So the added entropy for each next sample is much smaller than
the original 120 bits.


(Of course you could just replicate what pwgen does, and read from
/dev/urandom or /dev/random, and directly convert that into characters
usable in passwords.)

Re: Noob dumb question (extending emacs)

[Michael Heerdegen]

Yuri Khan <yuri.v.khan@gmail.com> writes:

> The position in the sequence, aka the random seed, contains a certain
> number of bits. In Emacs, as far as I can tell, best case, the random
> seed is 48 bits.

That would be 281.474.976.710.656 or 2.8*10^15.  I guess this is still
quite hard to handle?  At least if you use additional salting.

Ok, but I see that this entropy is just enough for a random password of
a length of 8 or 9, depending on the character range used, so it's edgy.

Just curious btw, I haven't followed this thread closely, especially did
I not follow who offered what code to whom.

Michael.

Re: Noob dumb question (extending emacs)

[Tassilo Horn]

Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> writes:

>>>> M-x irc
>>> 
>>> That way you get Rcirc ... not recommended, use ERC.
>>
>> M-x irc works so fine.
>
> I hope so :)
>
> But I think ERC is more powerful and now (it wasn't always
> like that) it seems to have a very active little team of
> developers working on it at a very high skill level!

Hey, don't underestimate the work Philip Kaludercic has done in rcirc
lately, e.g., support for several IRCv3 features, and support for SASL
authentication!  Also note that "rcirc" is almost part of his lastname
which suggests a bright future, doesn't it?

> BTW maybe ERC should be invoked on M-x irc RET ?

I think that's off the table.  Users who always used M-x irc RET
shouldn't face a situation where another client is invoked and their
configs are disregarded.

Bye,
Tassilo

Re: Noob dumb question (extending emacs)

[Michael Heerdegen]

Yuri Khan <yuri.v.khan@gmail.com> writes:

> The position in the sequence, aka the random seed, contains a certain
> number of bits. In Emacs, as far as I can tell, best case, the random
> seed is 48 bits.

Is the random number generator able to use more than 48 bits of entropy?

Michael.

Re: Noob dumb question (extending emacs)

[Yuri Khan]

On Sat, 23 Oct 2021 at 19:55, Michael Heerdegen
<michael_heerdegen@web.de> wrote:
> > In Emacs, as far as I can tell, best case, the random
> > seed is 48 bits.
>
> Is the random number generator able to use more than 48 bits of entropy?

Not as far as I can tell from srand48(3).

This pseudo-random number generator is not designed to be used for
password generation and cryptography. It’s okay for simulations,
games, network retry delays, this kind of things.

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

> Absolutes are not attainable and practically any LISP can
> generate passwords just as many other random outcomes.

If Linux can do it it should be possible to hook Lisp (Elisp)
into that same mechanism and without too much work as well,
since the work is already done.

> What matters is practicality. Can a program generate
> a practical random password? If answer is YES, it is useful.
>
> For huge majority of users it does not matter neither they
> can know that passwords have their seeds or that they are
> not truly random.

No one is saying stop using Lisp for practical purposes.
But doing things the right way is not a slower or more
impractical way to do it in the short run - and in the long
run, it is much better in that and other respects ...

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Yuri Khan wrote:

> What we have here is some constant text that does not
> contribute to randomness in any way, and a few decimal
> numbers. A single sampling gives you 36 digits. 3 decimal
> digits ≈ 10 bits, so you could estimate 120 bits which would
> be considered a fair amount of entropy.

Entropy, is that a term from information theory?
Please provide the definition the way you are using the term
here ...

> (Of course you could just replicate what pwgen does, and
> read from /dev/urandom or /dev/random, and directly convert
> that into characters usable in passwords.)

Indeed, that's better, if we assume what they do is good
enough. Use directly or replicate, as you say.

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Michael Heerdegen wrote:

> If you use Emacs' `random' to generate a password, an
> attacker would need to have access to your system to predict
> the result. He would at least have to know exactly when you
> started your Emacs session (that time is used to generate
> the seed). Or he would need much more pseudo-random numbers
> from you.
>
> Without any of these, no chance to guess, because there are
> too many possible pseudo-random numbers when you don't know
> at which position in the sequence the generator started.
>
> But if the attacker already has access to your session, he
> can just steal the password out of your Emacs session or
> system clipboard or take a screenshot or whatever.
>
> So I don't see a problem here. Or am I missing something?

Well, obviously no one is cracking your account because
`random' isn't random enough :)

Well, if they do it at a industrial standard level (I didn't
see such a standard myself, but I trust Yuri has) there is no
reason we shouldn't be there as well ...

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Yuri Khan wrote:

>> If you use Emacs' `random' to generate a password, an
>> attacker would need to have access to your system to
>> predict the result. He would at least have to know exactly
>> when you started your Emacs session (that time is used to
>> generate the seed). Or he would need much more
>> pseudo-random numbers from you.
>>
>> Without any of these, no chance to guess, because there are
>> too many possible pseudo-random numbers when you don't know
>> at which position in the sequence the generator started.
>
> The position in the sequence, aka the random seed, contains
> a certain number of bits. In Emacs, as far as I can tell,
> best case, the random seed is 48 bits. Which means, no
> matter how long a password you (the user) generate, it still
> contains only 48 bits of entropy.

#! /bin/zsh
$ echo $(( 2**48 ))
281474976710656

Or Elisp:
(expt 2 48)
281474976710656 (#o10000000000000000, #x1000000000000)

> It is *not* okay to offer a library for password generation
> using a weak generator to other people without explaining
> its entropy characteristics so that they could assess
> their risk.

But what is the method stipulated then, we'll just do
a `random-passwd' with that ...

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Michael Heerdegen wrote:

> That would be 281.474.976.710.656 or 2.8*10^15. I guess this
> is still quite hard to handle?

(defalias '** #'expt)
(** 2 48)
281474976710656 (#o10000000000000000, #x1000000000000)

> Ok, but I see that this entropy is just enough for a random
> password of a length of 8 or 9, depending on the character
> range used, so it's edgy.

Cool, how did you compute that?

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Tassilo Horn wrote:

>>>>> M-x irc
>>>> 
>>>> That way you get Rcirc ... not recommended, use ERC.
>>>
>>> M-x irc works so fine.
>>
>> I hope so :)
>>
>> But I think ERC is more powerful and now (it wasn't always
>> like that) it seems to have a very active little team of
>> developers working on it at a very high skill level!
>
> Hey, don't underestimate the work Philip Kaludercic has done
> in rcirc lately, e.g., support for several IRCv3 features,
> and support for SASL authentication! Also note that "rcirc"
> is almost part of his lastname which suggests a bright
> future, doesn't it?

Okay, heh.

-- 
underground experts united
https://dataswamp.org/~incal

ERC links to man pages (was: Re: Noob dumb question (extending emacs))

[Emanuel Berg via Users list for the GNU Emacs text editor]

Yuri Khan wrote:

> Not as far as I can tell from srand48(3)

Can't we have ERC provide links to man(1) pages on that
syntax, just as `gnus-article-mode' does?

Since both Gnus and ERC are built in, maybe not just the same
code but even the same functions (that are already available)
can just be called, the same way, to achieve this?

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

>> It is *not* okay to offer a library for password generation
>> using a weak generator to other people without explaining
>> its entropy characteristics so that they could assess
>> their risk.
>
> But what is the method stipulated then, we'll just do
> a `random-passwd' with that ...

From pwgen on Debian 11:

/*
 * randnum.c -- generate (good) randum numbers.
 *
 * Copyright (C) 2001,2002 by Theodore Ts'o
 * 
 * This file may be distributed under the terms of the GNU Public
 * License.
 */

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <errno.h>

#include "pwgen.h"

#ifdef HAVE_DRAND48
extern double drand48(void);
#endif

static int get_random_fd(void);

/* Borrowed/adapted from e2fsprogs's UUID generation code */
static int get_random_fd()
{
	struct timeval	tv;
	static int	fd = -2;

	if (fd == -2) {
		gettimeofday(&tv, 0);
		fd = open("/dev/urandom", O_RDONLY);
		if (fd == -1)
			fd = open("/dev/random", O_RDONLY | O_NONBLOCK);
	}
	return fd;
}

/*
 * Generate a random number n, where 0 <= n < max_num, using
 * /dev/urandom if possible.
 */
int pw_random_number(max_num)
	int max_num;
{
	unsigned int rand_num;
	int i, fd = get_random_fd();
	int lose_counter = 0, nbytes = sizeof(rand_num);
	char *cp = (char *) &rand_num;

	if (fd >= 0) {
		while (nbytes > 0) {
			i = read(fd, cp, nbytes);
			if ((i < 0) &&
			    ((errno == EINTR) || (errno == EAGAIN)))
				continue;
			if (i <= 0) {
				if (lose_counter++ == 8)
					break;
				continue;
			}
			nbytes -= i;
			cp += i;
			lose_counter = 0;
		}
	}
	if (nbytes == 0)
		return (rand_num % max_num);

	/* We weren't able to use /dev/random, fail hard */

	fprintf(stderr, "No entropy available!\n");
	exit(1);
}

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Yuri Khan <yuri.v.khan@gmail.com> [2021-10-23 13:17]:
> An attacker might have access to one or more passwords you generate
> before and/or after the password the attacker is interested in, e.g.
> by being one of the entities you have an account with, or by
> possessing a leaked database of user information from a compromised
> service.
> 
> (It is also customary, when discussing security, to assume the
> attacker knows exactly the algorithms you use.)
> 
> 
> It is okay to generate your own passwords using a weak generator if
> you are aware of that and deem the risk insignificant.

I fully get this. Though ideology is a pleasant game for mind though
not useful if it cannot be practically implemented.

How I see it, it is very easy to set random seed by providing some
automatically generated, random string to `random', such as those from
the system's /proc directory.

random is a built-in function in ‘C source code’.

(random &optional LIMIT)

Return a pseudo-random integer.
By default, return a fixnum; all fixnums are equally likely.
With positive integer LIMIT, return random integer in interval [0,LIMIT).
With argument t, set the random number seed from the system’s entropy
pool if available, otherwise from less-random volatile data such as the time.
With a string argument, set the seed based on the string’s contents.


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Yuri Khan <yuri.v.khan@gmail.com> [2021-10-23 13:47]:
> On Sat, 23 Oct 2021 at 04:35, Jean Louis <bugs@gnu.support> wrote:
> 
> > - I have noticed that file "/proc/pressure/io" is constantly
> >   changing, could not find temperature stuff now, thus:
> 
> “Constantly changing” does not mean it is a reliable source of
> randomness (entropy).
> 
> Also, the word “pressure” there does not refer to any physical
> processes. In context, it is a metaphor, referring to the concurrent
> processes in your computer competing for a resource, in this case, the
> input/output system.
> 
> Anyway:
> 
>     $ cat /proc/pressure/io
>     some avg10=0.00 avg60=0.00 avg300=0.05 total=313213969
>     full avg10=0.00 avg60=0.00 avg300=0.04 total=238002455
> 
>     $ cat /proc/pressure/io
>     some avg10=0.13 avg60=1.09 avg300=1.08 total=318142202
>     full avg10=0.13 avg60=0.98 avg300=0.97 total=242407828
> 
> What we have here is some constant text that does not contribute to
> randomness in any way, and a few decimal numbers. A single sampling
> gives you 36 digits. 3 decimal digits ≈ 10 bits, so you could estimate
> 120 bits which would be considered a fair amount of entropy.

Congratulation for the analysis, although myself I cannot follow it.

> (Of course you could just replicate what pwgen does, and read from
> /dev/urandom or /dev/random, and directly convert that into characters
> usable in passwords.)

I agree, though I don't need it personally, as no analyst so far has
cracked any of my Emacs Lisp generated passwords.

I will give US $1,000 if you crack any of my passwords in any of
websites I am subscribed within next 2 years. OK?


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Yuri Khan <yuri.v.khan@gmail.com> [2021-10-23 16:09]:
> On Sat, 23 Oct 2021 at 19:55, Michael Heerdegen
> <michael_heerdegen@web.de> wrote:
> > > In Emacs, as far as I can tell, best case, the random
> > > seed is 48 bits.
> >
> > Is the random number generator able to use more than 48 bits of entropy?
> 
> Not as far as I can tell from srand48(3).
> 
> This pseudo-random number generator is not designed to be used for
> password generation and cryptography. It’s okay for simulations,
> games, network retry delays, this kind of things.

What is better?

1. To have users "invent" their passwors by letting them type it each
   time? 

2. Or maybe to offer them a random password like:
   "6IcH8L$BnQcmL-NrnSHe" which they can anyway change if they like?

In my practical password generation the latter option is more secure,
then if I start inventing passwords like "So8ething98" which I
consider less secure or using hands to type something random like
"asdf45huji" which in the end and due to habits may not be that random
at all.

When making highly hypothetical observation it is not bad to remember
the practical use of it. 

Emacs Lisp how it is can generate random passwords and that is what
matters and is practically useful.

If you wish to say that passwords are not random, unsafe, and so on,
please demonstrate it practically, not just theoretically. 

For example, try to predict the outcome of the following:

(random (format "%s" (random)))

And provide a script in any programming language that will predict the
outcome of that function. Prove it. Don't let it be just confusing.

If you can do that, you have completed scientific exercise and have
proven it empirically that passwords are not random. Not only
theoretically, as from theory I have no practical benefit.

By using (rcd-password) ⇒ "n=(3hWqlaWfPRTSDQrWV" function I have a
constant daily practical benefit. 

Then I have to face a professional programmer of Emacs Lisp who wants
to convince me that I should not be generating passwords by using
Emacs Lisp. 

Come on.

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-23 21:09]:
> Jean Louis wrote:
> 
> > Absolutes are not attainable and practically any LISP can
> > generate passwords just as many other random outcomes.
> 
> If Linux can do it it should be possible to hook Lisp (Elisp)
> into that same mechanism and without too much work as well,
> since the work is already done.

It's really not necessary, just read documentation for `random'
function, it is good enough.

> > What matters is practicality. Can a program generate
> > a practical random password? If answer is YES, it is useful.
> >
> > For huge majority of users it does not matter neither they
> > can know that passwords have their seeds or that they are
> > not truly random.
> 
> No one is saying stop using Lisp for practical purposes.
> But doing things the right way is not a slower or more
> impractical way to do it in the short run - and in the long
> run, it is much better in that and other respects ...

So the right way is something you know it should exist, because of
scientists talking about it, but it is not out there in real world?

I call that science fiction.

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Yuri Khan]

On Sun, 24 Oct 2021 at 01:15, Emanuel Berg via Users list for the GNU
Emacs text editor <help-gnu-emacs@gnu.org> wrote:

> Entropy, is that a term from information theory?
> Please provide the definition the way you are using the term
> here ...

https://en.wikipedia.org/wiki/Entropy_(computing)

Re: Noob dumb question (extending emacs)

[Michael Heerdegen]

Emanuel Berg via Users list for the GNU Emacs text editor
<help-gnu-emacs@gnu.org> writes:

> Cool, how did you compute that?

Not hard to do (unless I'm missing something): For which password length
l exist approximately 2^48 different passwords using an alphabet of n
characters?

2^48 = n^l

48 ln 2 = l ln n

l = 48 ln 2 / (ln n)

If you use lowercase and uppercase letters and, say, 8 other symbols,
n=26*2+8=60

    48 ln(2)
l = -------- ~ 8.13.
     ln(60)

That would mean that already for a length of 9 only a small fraction of
passwords are computable.


Michael.

Re: Noob dumb question (extending emacs)

[Michael Heerdegen]

Jean Louis <bugs@gnu.support> writes:

> How I see it, it is very easy to set random seed by providing some
> automatically generated, random string to `random', such as those from
> the system's /proc directory.

Then you just consult a second source of entropy.  Which is more or less
the conclusion: don't rely on the entropy of Emacs' `random' function.

If that other source is a reliable source of more entropy, you don't
need Emacs' `random' at all.  If it is not, you have gained nothing.

And there is another problem which would make things much worse: when
Emacs `random' number generator operates with 48 bit numbers (which
seems to be the case, but I didn't check the sources), each algorithm
calling `random' can only generate passwords with an entropy of
maximally 48 bit, no matter what the entropy of the seed is.

Michael.

Re: Noob dumb question (extending emacs)

[Michael Heerdegen]

Emanuel Berg via Users list for the GNU Emacs text editor
<help-gnu-emacs@gnu.org> writes:

> Well, obviously no one is cracking your account because
> `random' isn't random enough :)
>
> Well, if they do it at a industrial standard level (I didn't
> see such a standard myself, but I trust Yuri has) there is no
> reason we shouldn't be there as well ...

Depends on what the passwords are used for. EC card PINs have only 10^4
~ 2^13 different "passwords".  But it's not possible to try them all.

But when you have stolen a hashed password of a length of only 8 chars
or even less, it is already in reach to restore the password with a lot
of time.  If the used entropy was actually less than 2^48, I think we
are entering a problematic terrain.  Depends on the costs of the hashing
algorithm used for your account.

Michael.

Re: Noob dumb question (extending emacs)

[Michael Heerdegen]

Jean Louis <bugs@gnu.support> writes:

> I will give US $1,000 if you crack any of my passwords in any of
> websites I am subscribed within next 2 years. OK?

Why should he tell you?  I bet one or the other of your accounts is
worth much more than that.

Michael.

Re: Noob dumb question (extending emacs)

[Michael Heerdegen]

Jean Louis <bugs@gnu.support> writes:

> For example, try to predict the outcome of the following:
>
> (random (format "%s" (random)))

How many tries do I have?

Michael.

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

> I fully get this. Though ideology is a pleasant game for
> mind though not useful if it cannot be
> practically implemented.

"Ideology" :D

Are you into politics now, Jean? :)

But actually it isn't true, if pwgen can use /dev/urandom,
/dev/random and/or the thermal noise of the HDD, that's as
practical as it gets.

So we shouldn't disrespect that just because Elisp cannot do
it/certain individual likes to ... etc etc.

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

> So the right way is something you know it should exist,
> because of scientists talking about it, but it is not out
> there in real world?

$ apt-get source pwgen

> I call that science fiction.

*engineering

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Yuri Khan wrote:

>> Entropy, is that a term from information theory?
>> Please provide the definition the way you are using the
>> term here ...
>
> https://en.wikipedia.org/wiki/Entropy_(computing)

Yeah, I've seen it ... so what part did you like the best?

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Michael Heerdegen <michael_heerdegen@web.de> [2021-10-24 11:51]:
> Jean Louis <bugs@gnu.support> writes:
> 
> > I will give US $1,000 if you crack any of my passwords in any of
> > websites I am subscribed within next 2 years. OK?
> 
> Why should he tell you?  I bet one or the other of your accounts is
> worth much more than that.

Hahahahaha.


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-24 12:41]:
> Jean Louis wrote:
> 
> > So the right way is something you know it should exist,
> > because of scientists talking about it, but it is not out
> > there in real world?
> 
> $ apt-get source pwgen

I like to avoid external commands when necessary. In case of pwgen it
is not necessary when Emacs and Perl and other programming languages
may easily serve the purpose.




-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Michael Heerdegen <michael_heerdegen@web.de> [2021-10-24 11:58]:
> Jean Louis <bugs@gnu.support> writes:
> 
> > For example, try to predict the outcome of the following:
> >
> > (random (format "%s" (random)))
> 
> How many tries do I have?

Unlimited. You could or should show how you can predict the outcome.

I have evaluated the function now, and recorded the outcome, so let me
know, mentalist.




-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Michael Heerdegen <michael_heerdegen@web.de> [2021-10-24 11:29]:
> Jean Louis <bugs@gnu.support> writes:
> 
> > How I see it, it is very easy to set random seed by providing some
> > automatically generated, random string to `random', such as those from
> > the system's /proc directory.
> 
> Then you just consult a second source of entropy.  Which is more or less
> the conclusion: don't rely on the entropy of Emacs' `random' function.
> 
> If that other source is a reliable source of more entropy, you don't
> need Emacs' `random' at all.  If it is not, you have gained nothing.
> 
> And there is another problem which would make things much worse: when
> Emacs `random' number generator operates with 48 bit numbers (which
> seems to be the case, but I didn't check the sources), each algorithm
> calling `random' can only generate passwords with an entropy of
> maximally 48 bit, no matter what the entropy of the seed is.

This is my basic function, practical, useful, used almost daily in
other functions to generate passwords. It replaces my needs for
`pwgen' and it was made not to be dependent on some outside system
software. 

(defvar rcd-password-alpha "ABCDEFGHIJKLMNOPQRSTUVWHYZ")
(defvar rcd-password-special-characters "!@#$%^&*()-=+_[]{}|")

(defun rcd-password-generate-1 (string)
  "Return capitalized or downcased single symbol from a string"
  (random (format "%s" (random)))
  (let* ((max (length string))
	 (rnd (random max))
	 (single (substring string rnd (+ rnd 1))))
    single))

(rcd-password-generate-1 rcd-password-alpha) ⇒ "M"

Unless you or Yuri can predict the outcome of this function, any
hypothesis is pretty much useless.

And the function remain useful.

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-24 12:32]:
> Jean Louis wrote:
> 
> > I fully get this. Though ideology is a pleasant game for
> > mind though not useful if it cannot be
> > practically implemented.
> 
> "Ideology" :D
> 
> Are you into politics now, Jean? :)
> 
> But actually it isn't true, if pwgen can use /dev/urandom,
> /dev/random and/or the thermal noise of the HDD, that's as
> practical as it gets.
> 
> So we shouldn't disrespect that just because Elisp cannot do
> it/certain individual likes to ... etc etc.

How "disrespect"? It is not related to it.

`pwgen' is system command, good for let us say shell, but Emacs is
much more and is integrated into database on my side. If then Emacs
Lisp programs run on different systems, I like if they don't depend on
too many external commands, especially one as simple as password
generation. 

I cannot write `ffmpeg' so I convert videos by using Emacs Lisp on
remote computers calling external `ffmpeg'. 



-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Yuri Khan]

On Sun, 24 Oct 2021 at 13:50, Jean Louis <bugs@gnu.support> wrote:

> I will give US $1,000 if you crack any of my passwords in any of
> websites I am subscribed within next 2 years. OK?

I am not playing penetration testing with you.

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

>>> So the right way is something you know it should exist,
>>> because of scientists talking about it, but it is not out
>>> there in real world?
>> 
>> $ apt-get source pwgen
>
> I like to avoid external commands when necessary. In case of
> pwgen it is not necessary when Emacs and Perl and other
> programming languages may easily serve the purpose.

Yes, commands that are run very often and have no security
implications one can maybe be cool with a downgrade for that
reason, but commands that are used seldom and have security
implications, nope, that should be at the level of the CLI
alternative _or_ one should simply use the CLI alternative.

Note that you can still use your (or any other) Elisp
interface ...

I think this is much more the practical approach BTW!

1. the practical and skilled approach: use the CLI tool;
   a quick fix but at the top level anyway

2. the skilled and scientific and practical approach: rewire
   Elisp to be at that same level (practical as in doing it,
   but also as in sharing it in the FOSS world)

3. other approach: write it in ELisp, and after a nontrivial
   effort the outcome will still not be as good as the CLI
   tool

?

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

> `pwgen' is system command

pwgen is a program.

> good for let us say shell, but Emacs is much more and is
> integrated into database on my side

Emacs is integrated with the shell so that solution is easier
(more practical that way), better, and you can still use/write
your own/a custom interface (so equally practical in THAT
way).

Also it will take advantages of further improvements to pwgen
or possible forks or other such programs with no or very small
adjustments ...

> If then Emacs Lisp programs run on different systems, I like
> if they don't depend on too many external commands

Indeed must be used to benefit the user ...

> especially one as simple as password generation.

But not simple enough for you do to it at the level of the CLI
command ...

> I cannot write `ffmpeg' so I convert videos by using Emacs
> Lisp on remote computers calling external `ffmpeg'.

But you cannot write a pwgen either - or at least, you
haven't yet ... so what's the difference?

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Yuri Khan <yuri.v.khan@gmail.com> [2021-10-22 21:56]:
> (Sorry for the previous unfinished email.)
> 
> On Sat, 23 Oct 2021 at 00:55, Jean Louis <bugs@gnu.support> wrote:
> 
> > For people interested, manual explains about randomity:
> > (info "(elisp) Random Numbers")
> >
> > How I understand it, than it may be that neither `pwgen' is generating
> > truly random numbers.
> 
> Inspecting the source shows pwgen uses /dev/urandom if available, and
> /dev/random otherwise, and all bytes of the password come from one of
> those sources. These are as random as you can get and use thermal
> noise in your HDD as one of the sources of randomness.
> 
> On the other hand, the manual for Emacs ‘random’ says:
> 
>     A deterministic computer program cannot generate true random numbers.
>     For most purposes, “pseudo-random numbers” suffice.
> 
> Spoiler: secure password generation is not one of those purposes.

Password generation is not "random numbers". Spoiler is futile. All
your base are belong to us.


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Yuri Khan <yuri.v.khan@gmail.com> [2021-10-24 21:20]:
> On Sun, 24 Oct 2021 at 13:50, Jean Louis <bugs@gnu.support> wrote:
> 
> > I will give US $1,000 if you crack any of my passwords in any of
> > websites I am subscribed within next 2 years. OK?
> 
> I am not playing penetration testing with you.

But I would not reject you. For the right price.

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

>> Spoiler: secure password generation is not one of
>> those purposes.
>
> [...] Spoiler is futile. All your base are belong to us.

:)

Mess with the best - die like the rest!

> Password generation is not "random numbers".

Password generation is, to a large extent and to the extent
that is difficult/critical, random numbers.

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-25 03:13]:
> Jean Louis wrote:
> 
> >> Spoiler: secure password generation is not one of
> >> those purposes.
> >
> > [...] Spoiler is futile. All your base are belong to us.
> 
> :)
> 
> Mess with the best - die like the rest!
> 
> > Password generation is not "random numbers".
> 
> Password generation is, to a large extent and to the extent
> that is difficult/critical, random numbers.

There are different ways to make passwords, one of it is random
way. Purpose is to protect access to some digital resource. The
purpose is what is important. You don't need a computer to construct a
password, computers are new in that regard. Use pen and paper. For me
is not convenient with pen and paper in home and office, but in a
public Internet point I would not hesitate using it.

Apart from all hypothetical discussion none can predict the next
password given by (rcd-password) function. 

Purpose is fulfilled.

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-24 21:33]:
> Jean Louis wrote:
> 
> > `pwgen' is system command
> 
> pwgen is a program.

OS is program, Emacs is program, programs run within programs.

`pwgen' is not Emacs, I hope we can agree on it.

It is external program that is easily replacable in Emacs.

Emacs Lisp within Emacs is environment for itself, it is not Bash nor
Mate or Gnome desktop environment. Many Emacs users decide to dwell
within Emacs environment, some may run Window Manager by using
Emacs. Using Emacs as PID 1 seem to be possible too. And how I see it,
Emacs developers try to avoid where possible using external commands,
call it programs.

For example I can copy or rename files within Emacs Dired without
recourse to /usr/bin/cp or /usr/bin/mv, I believe it runs straight
from Emacs. Mass of other functionality is integrated in Emacs.

By principle we integrate features into Emacs. Picture viewer is
integrated into Emacs, though for me it is often too slow. I like
using M-x sxiv with external program. But when possible I don't use
external programs.

> Also it will take advantages of further improvements to pwgen
> or possible forks or other such programs with no or very small
> adjustments ...
> 
> > If then Emacs Lisp programs run on different systems, I like
> > if they don't depend on too many external commands
> 
> Indeed must be used to benefit the user ...
> 
> > especially one as simple as password generation.
> 
> But not simple enough for you do to it at the level of the CLI
> command ...

Before I was using `pwgen' in Bash and storing passwords in
appendable only file ~/.passwords and now I store it in the database
by using Emacs Lisp. Thus `pwgen' is redundant.

> > I cannot write `ffmpeg' so I convert videos by using Emacs
> > Lisp on remote computers calling external `ffmpeg'.
> 
> But you cannot write a pwgen either - or at least, you
> haven't yet ... so what's the difference?

Emacs image viewer is not `sxiv' or "Eye of Gnome" but still fulfils
the purpose to view images.

The function `rcd-password' fulfils the purpose of `pwgen' to generate
passwords for me. 

https://gnu.support/gnu-emacs/packages/rcd-password-el.html

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-24 21:22]:
> Yes, commands that are run very often and have no security
> implications one can maybe be cool with a downgrade for that
> reason, but commands that are used seldom and have security
> implications, nope, that should be at the level of the CLI
> alternative _or_ one should simply use the CLI alternative.

In science, if there is "security implication" then it has to be
proven. That is why breaking crypto requires a proof which is usually
program or exploit that breaks it, not just a theoretical statement.

It is not reasonable within Emacs environment and especially on this
mailing list to keep recommending general CLI alternatives.

What about cp, mv, we use it in Dired, should we start now
recommending using external "cp" instead of Dired one? As much as
possible we strive to integrate features into Emacs, not the other way
around. 

> Note that you can still use your (or any other) Elisp
> interface ...
> 
> I think this is much more the practical approach BTW!

I will use Emacs Lisp interface to external commands in cases where it
is for some reason not possible to get equivalent speed and
functionality from within Emacs.

For example GNU `mail' utility is very handy and powerful to construct
emails, I rather use that one, then the Emacs way of constructing
emails. I will rather use `mutt' as Emacs offers none of email clients
nearly so fast and functional as `mutt'. I have tried my best to find
similarly functional client in Emacs and I have tried them all,
solutions are slow and lack features I need. For Xournalapp, I will
use Emacs and database to track locations of Xournal notes, but
external program must be invoked to modify such note. 

But if user does not want to integrate stuff in Emacs Lisp, such will
use more external commands. Many will use their graphical file
managers instead of Dired, that is up to individual's desires.

> 2. the skilled and scientific and practical approach: rewire
>    Elisp to be at that same level (practical as in doing it,
>    but also as in sharing it in the FOSS world)

If program modifies Emacs and is published, it has to be with
GPLv3 license or compatible one. Is it clear?

> 3. other approach: write it in ELisp, and after a nontrivial
>    effort the outcome will still not be as good as the CLI
>    tool

That is too general statement, it seem to come from your experience in
which I did not participate. Outcome of Emacs Lisp may be equally good
as other external command. I wonder how you, who I know you to have
written many Emacs Lisp programs now speaks contradictory.

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Michael Heerdegen]

Jean Louis <bugs@gnu.support> writes:

> Unlimited. You could or should show how you can predict the outcome.

Ok, I'll do it for 5000$.  Unlimited number of trials.

But only with a contract we both sign.  I do not know you and I do not
like being cheated.  Should I fail, I don't have to pay anything
(attackers normally don't pay you if they fail).

Deal?

TIA,

Michael.

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Michael Heerdegen wrote:

>> Unlimited. You could or should show how you can predict
>> the outcome.
>
> Ok, I'll do it for 5000$. Unlimited number of trials.
>
> But only with a contract we both sign. I do not know you and
> I do not like being cheated. Should I fail, I don't have to
> pay anything (attackers normally don't pay you if they
> fail).

I can put 500 000 USD I'm right ...

pwgen is better, and to invoke it from Emacs/Elisp is not
a problem; it _is_ possible to do it as good from Emacs/Elisp;
however doing it worse does not make you more practical than
anyone else ... (clarification for Jean only: LESS)

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Yuri Khan]

On Mon, 25 Oct 2021 at 12:55, Jean Louis <bugs@gnu.support> wrote:

> In science, if there is "security implication" then it has to be
> proven. That is why breaking crypto requires a proof which is usually
> program or exploit that breaks it, not just a theoretical statement.

In crypto science, an algorithm is considered compromised, for
example, if it was previously thought to require a brute force search
of 2^128 to break, and later shown to be breakable in 2^64 attempts.

A 20-letter password contains about 120 bits of information. A user
who requests generation of such a password reasonably expects that the
attacker would have to bruteforce 2^120 possibilities. However, your
generation algorithm uses only 48 bits of entropy, so the attacker
only has to search through 2^48 possible seeds, and maybe 2^5
different generated password lengths, and breaks the password in 2^53
attempts, or 2^67 ≈ 1.5*10^20 times faster than expected.

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Yuri Khan wrote:

> A 20-letter password contains about 120 bits of information.

Okay, so what's the other 40?

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Yuri Khan <yuri.v.khan@gmail.com> [2021-10-25 12:42]:
> On Mon, 25 Oct 2021 at 12:55, Jean Louis <bugs@gnu.support> wrote:
> 
> > In science, if there is "security implication" then it has to be
> > proven. That is why breaking crypto requires a proof which is usually
> > program or exploit that breaks it, not just a theoretical statement.
> 
> In crypto science, an algorithm is considered compromised, for
> example, if it was previously thought to require a brute force search
> of 2^128 to break, and later shown to be breakable in 2^64 attempts.
> 
> A 20-letter password contains about 120 bits of information. A user
> who requests generation of such a password reasonably expects that the
> attacker would have to bruteforce 2^120 possibilities. However, your
> generation algorithm uses only 48 bits of entropy, so the attacker
> only has to search through 2^48 possible seeds, and maybe 2^5
> different generated password lengths, and breaks the password in 2^53
> attempts, or 2^67 ≈ 1.5*10^20 times faster than expected.

That is why I said, if it is "so the attacker only has to search
through 2^48 possible seeds" then please demonstrate it, search it and
prove what would be the next char in this password. I think 50 chars
will give you enough playground to find the seeds.

(rcd-password 50) ⇒ "YQAguCWdKEiR%OiEyjuKHcttCvyVOEt}pwG5HJoUirOdA6RBOa"

Once you find first seed, let me know, that I can pay the pizza for
you Yuri.

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Michael Heerdegen <michael_heerdegen@web.de> [2021-10-25 12:20]:
> Jean Louis <bugs@gnu.support> writes:
> 
> > Unlimited. You could or should show how you can predict the outcome.
> 
> Ok, I'll do it for 5000$.  Unlimited number of trials.

> But only with a contract we both sign.  I do not know you and I do not
> like being cheated.  Should I fail, I don't have to pay anything
> (attackers normally don't pay you if they fail).

Do you say you can predict outcome of my `rcd-password' function?

Example:
(rcd-password) ⇒ "KsDwGMWPs_!61kbUlzwo"

Code:
https://gnu.support/gnu-emacs/packages/rcd-password-el.html

Send contract, I sign it. 


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Michael Heerdegen]

Jean Louis <bugs@gnu.support> writes:

> Do you say you can predict outcome of my `rcd-password' function?

Yes, I said I can predict the outcome using unlimited trials.

> Send contract, I sign it.

Cool!

How do you plan to test whether your password is in my trials?  You will
receive a lot of trials, and I want to be sure you don't cheat.  Because
it will take some time.

Michael.

Re: Noob dumb question (extending emacs)

[Jean Louis]

Yuri and Michael H., you are very right, too simple password
generation without enough entropy produces duplicate passwords.

The way to go is to create some entropy. Reading /dev/urandom is not a
portable solution. At this moment I would not know if it works on
DragonflyBSD which I use on some computers, I will check later.

But that does not mean that anybody may guess the password produced on
this computer.

If somebody knows how to read slice of a file like /dev/urandom, let
me know, otherwise I have to use external command.

(defun rcd-read-urandom (&optional length)
  "I am also free to modify the Emacs Lisp unlimited times."
  (shell-command-to-string "head -n 1 /dev/urandom"))

(defun rcd-password-generate-1 (string)
  "Return capitalized or downcased single symbol from a string"
  (random (format "%s" (rcd-read-urandom)))
  (let* ((max (length string))
	 (rnd (random max))
	 (single (substring string rnd (+ rnd 1))))
    single))

(rcd-password) ⇒ "5l}tAl9hvk^ofQkqbSWh" --- I am now more random...


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-25 12:35]:
> I can put 500 000 USD I'm right ...

Password generation is used by single individuals who get help with
password, sometimes password is too long and has to be shortened, and
user can always insert something in the generated password. It is help
to quicker generate a secret token.

None of passwords so far generated are not same and practically they
are not predictable. Theoretically yes.

Entropy can be generated by providing something random that computer
did not generate. /dev/urandom I would not know how to read from Emacs
Lisp, as it is not regular file. Maybe as stream, don't know now.

Then I can read my own files and generate md5sum:

(defun rcd-random-string-from-home ()
  (md5 (car (directory-files (getenv "HOME") t (rcd-password-generate-alpha-1)))))

(dotimes (a 100)
  (insert (rcd-password))
  (insert "\n"))

That gave me enough randomity and none of passwords is same in 100 iterations.

#ff1PbEOvGTViO#TWTIC
$GLyL4VodIpEfpC)FhwC
%LZ}3wgbBovHJsmHaSig
)G|YjRhmN0GTbvnaWgB0
-JoB1YSWR3ZHRSHCVWP^
-jhN7pBHkzkA8AFcf*PQ
17uTbUDIH$cNHj{PyYKu
1nH}HW4YYrggMEMmGJM-
3HFn{h=OBSMz7ZRAPsGC
4HJh(eNzoWCE{YZ6FuHH
66czQRulcjBgmaEe)[oT
6mhshmLB1bTnEpciU-o+
8IVAzvsYybi}h4MfQvY#
9KIYmzOn|vABpNPv+QE0
9SZLhihsmg{0rHAIoJ}N
B{ZlJ%vEzMhiT5chhW3u
CkTQ$vZ&CkWHmhVLTBod
CupNOF5I5UJONFGNg=v^
D1Uq%YJjGWFHTWnUYP*L
DBunoT_r=blgtJS5ZGjT
EKBsJqvYg48@TuAQ+iSD
ENIQ@pLHt6JfFbevhyhQ
EOwvJcBZBwWO07h&[fzZ
ETEcuC07drGeV-OzLsOZ
EaFFUlhBHgs0&[qhch1Q
FfBYajlHvy7TpIl7@-CQ
H$DQKNLJV]1ljuDyGZGf
HGGBm6qMlp}iQNBHk|ut
I7pwdE!7evRMCsHIpyo#
I9DWhDHUtHMS[gh^lG7h
K$#haJTKqGiQY8WM8lmb
KYW0jE#7{kPrOtKojUff
O%Cs*VRLytSZ8CYW5dKF
Q4I[&zTQIh2QAukCnuwH
QRWVO#G6ZyFCMpR%vT1n
QmDH@mmw{OsIBrzZWHqT
QnzHMF|HAti3*nifct9q
RS7wyo^Y7wl=nJARsgoV
Rm}qhhS$KOcUhqIJ4p4q
RvjhvcnNqQVDldkP)KW3
SDC^1tr5SZll[EmynMQR
Sh#fy=eHZE3zlYNaRHb4
SjvHRsiSygC0rmZ{LWg4
Ssa[g0PPIqjbH$vevmfs
TDehKp7%LNDU#DuuHweH
TM*YecWCpV+1ddR7Clfq
UGs)yfNZYhClFA8Zi$ZK
UsJNoUHCYzHNaa1*SCG4
VCpYj=JnQmJ03TGCzF}i
VQIHWAZK7_hpdEueSr2)
Vw}KYrV66zTSO)ydcGqa
WCDuh}z0H%zDUPr4uVFQ
W|YFhDhhiCG05tdks{CE
Y2iuGWzAE8lmh[}GUgBO
ZYJ|IdZWMZUz4Uw&ZgBu
ZdOHAeiiSI[fH}J0P2AH
ZhIIO^JklzoUj91i=hsa
aJlb3n^W|hhUPlkNA8op
b8Rklz-PvNTnjrwTOY-D
baVKIWl8}upUJh!JTAyc
caN$oyzqi*nRgItjf63i
d*HqgFrLtEq9RsZi{WRE
dkcWP7YUbaZlSzSHIO%#
dnFHjo1TaCbHL5LE%mty
e1YU%bNKLVThTe9KB@fI
eHCkAQd]ytHqwM{0VC0S
eHfnooy*#eZklZ0HkVDW
f$ou22RgLlVHv_vTGYrI
gaglUNKvG4+Fv7Wf%zfS
hGs3DV9JjWyuYlP#G_Vp
hR{9hByHfd)MYZQWqr3H
hT2JVpNVC&zuPvJmDu-n
hZT2s5emDisVyC$Ssad[
h]hTUdArzPd&3dQYtFDC
hboJqzgw&jTB*MgAAH8Y
hc@&HhFfHtbWhjh1TRnt
idf1#jdGMRpLwNSq8Teh
iiuLvDi(BCyn7EoN_ugp
jDz0YulHCNaRC@V)SWVO
jO7ibrIw[cThAIOBcN&P
kkBIb9HCSCSw$QeZ3CmK
l5qyK|JPrRujIIb*kO9n
lRbrKhV5!hOHM=dn1iQL
lSiJwsojB)dASLNUQ7w_
n)dDG8HyBQCZM*A7GycJ
oVuvb+7D*NmVWvPBHhwB
oWB0ZDjFrkeh6VsZ#NN]
ok0PjCr!lCTzPNLEgJ=7
qjhi{Zl1nbhje4&AJHZl
rB#JsVG7tlEHEGg1jZTW
rwzMdQpmON*hWH9N+Z8B
sRe{0dTThM3S@ZbWzcWP
tyPTypq4f@4eBqce#ICB
uggVuZihhgUEp*(1ewBz
vTNkMuHT1@HE4dAd_ugm
vh5vw=*5AgbUYUnhbeCa
y%e{2NWIKgdJKACWhSLu
yhegcG{jUkz23!NZddbR
ypDSHnWYDP0R(YCJEk0*
z4[hMfrn2UJGqU}Syoes

Even easier and faster then reading /dev/urandom:

(defun rcd-random-uptime-string ()
  (md5 (concat (emacs-uptime) (format-time-string "%N %^N %3N"))))

(rcd-random-uptime-string) ⇒ "07df010260ac5749a995039f824c040c"

(dotimes (a 100)
  (insert (rcd-password) "\n"))

And there are no duplicate lines:

!AY3ghyBTsiyTRCv$H4a
#AO$9QIeqqgsHIKVWSU0
%ZtEkhdwoJQpmH6@gaSM
&WF%VYZ4fmMONNS5cJHO
)Y-aHOBlPSnDH7NnDB3u
+2$wYpcMszD7AsjKjOfI
2vobwUjiDj!e7ShjjHW-
4h%ehaFdRKpY_3LHfWBV
4rl!s6HiHdDuvd=gUgYB
5BTJ$s8tQKHz#KiMRHfD
6D)KLwhfuqA5TRvWRsf)
7]OyrJkgcWP4Tjc[Brle
9Fh-uBbDTkFsFtwHI9Y{
9LTo@n$LPhOndbh1rbmz
=ktT&kbYMIshdd6kQj9H
@8Rej6COwOsHGn%VZFsO
AaKGbLTtY{25woec=shp
BBpVm_IqdioGAdwf2k@v
BoH!Ik0JM}tzG5czRBOl
D_cPsce4nWVoAcbb=6DN
DzJ7heuTqQHdeqig$B&W
G)DtbsqqE7sFQOjKEqm-
GVzDiczd2rS9lIh+Ho#N
H+U1zOsbyf3zNcgJIs}r
HLJBq+RUkAhmUNE7j(5V
Hg8foHqr8bq+VQHGMv[f
Hlv!LVjwhPL1]ck8GSVJ
JHe4U{C2NtAt(HbvVmfZ
KojYhJC=us3fd3etMQW}
M]Hl%6vVpa9UCicMPwAe
Md%w(DNSh1bEegkJumhe
N[Ri9bA6CWBRY$klMhIn
NjEF5H=yzEyHWF@cOwZ4
O*hcl6l_LHGHMTA9mANc
OdhHWWmJ8oaRT]G{aKvP
P%lEQDAvtw1YGs4Rgb}B
PYjClUibF+4^aWHEOpUH
PpuE4ZTzO0kicKZBH}di
QO3zZbztPH^B3Jhcqki=
RHGjNEL^tN4B8qz=hKfC
RUGd$e0dAVZv3fvNwHV!
S9ksI9vKAo]wmtydsa=H
SU*2dCcrcIkb6oJ|LRle
Sa[jwR5)TLCAPhkfvYlM
Tcam2KRsLg*Bi7CNiqW{
TuemgV}9QQW8&rsrqjvI
USJt[6Gph4qQfbPhci)e
WaluVZp@rzCFHq18)hQN
[FS|PBdIDyFOt4Hef6Ji
a=ahd8Iqop2suZD$OyVd
a@mjKsLiHR0pCgPkMY)6
aBjQJvQwTJ^wuvK[LEe7
aaSegj8cSSpGhKO$n{7J
bJACW#HTG=MD8zWgiHOE
baO_St=1ZlNSughayrbl
dJJjZ4HifHK#{eCHNk7y
dkIdvYFGOaQU0igm!j2{
e6hZObTdeHs!(ozewy1B
eO3mBCadqNVJC_Jq3@zd
eTCGP5yMu{hJfsta(5KF
eq3*UHHGV-kRvkOcUkzB
fIGVCRunA8y6{EL#LIrH
ffEulRH8ghWVl#CF*Soi
gcwgGOyr5l|FU6eQU%QQ
hS!dOhrLy86!CadZmeAh
h[wzGgwPsengzWW-34oE
iwaNR3WBewhvt=SWD]G4
jNTzThYMde]Ra5&QRMfb
jejkHWy4qa*hEQhE@qvu
jsWcNMdh8dK]r=5DhQYg
kuHUfyY]CbBk)3HJQmgC
ldR1mTFfm2HlwI)fg[PC
ltSwSOh8pc-HK@ZhTRE8
lu#ceVq6FRdSihoQU|yE
lvkH8TDsc2pbeBh=(dkc
oDJlj$b8tL=0izHQmksl
oUAcafVlzu=F]L9Otlw0
oVB(LeMgC4r6CSbwy(CN
pHfFvp[K}off8JOQaA9N
piHOYHUuTsEmH5P#2CgH
qf^Tw^lThmIH3YHzIsSq
qtqoirsYcF]+QISh7cEH
rVR1dLdkQ=@7zmBpqghc
ra1vGLZDEP}vOo&j7NcR
rsNySb6PI8jiDf}sC&OC
rs{OP23lNDZ]PYAiRHcF
rzRQmK}BsZyg5dCP*Ym5
s0NEzV&qCrDj6MS(vrkO
s[YbW8!EVllDQR1ASYyQ
saPgKhS@BaAEgC3D%Jt6
shlIt_qwqWspsHKG81wu
tO1ZufhnD)L#CAwtAFM0
vNH!pH0hMAbH8ZJ+IJmj
yIVa+hQtTMf50LqRNglJ
yKSkPkNHVyo1{hjiIYDo
zEIvu1tLVTsmpW5aIv&%
zWHNk$E0THaM|9rdaIvz
zh83cvq(HyNt-tVhkVGm
zzCNc!tH9WfdfDhvtt=P
{FCcmKJqcZ6mlWcmHlU!

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

> (defun rcd-read-urandom (&optional length)
>   "I am also free to modify the Emacs Lisp unlimited times."
>   (shell-command-to-string "head -n 1 /dev/urandom"))

So you had one as well ...

Check how head does it then ... that's how to get aHEAD in
software piracy ...

(defun urandom (bits)
  (interactive "nbits: ")
  (let*((bytes     (/ bits 8))
        (bytes-opt (format "--bytes=%s" bytes)) )
    (with-temp-buffer
      (set-buffer-multibyte nil)
      (call-process "head" "/dev/urandom" t nil bytes-opt)
      (string-to-list
       (buffer-substring-no-properties (point-min) (point-max)) ))))
;; (urandom 100)

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Emanuel Berg via Users list for the GNU Emacs text editor wrote:

>> (defun rcd-read-urandom (&optional length)
>>   "I am also free to modify the Emacs Lisp unlimited times."
>>   (shell-command-to-string "head -n 1 /dev/urandom"))
>
> So you had one as well ...
>
> Check how head does it then ... that's how to get aHEAD in
> software piracy ...

Wait ... didn't we see it with pwgen?

You need to write a dynamic module, in C for this.

/dev/random isn't a regular file ... no can do.

-- 
underground experts united
https://dataswamp.org/~incal

About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs)

[Jean Louis]

* Michael Heerdegen <michael_heerdegen@web.de> [2021-10-25 16:22]:
> Jean Louis <bugs@gnu.support> writes:
> 
> > Do you say you can predict outcome of my `rcd-password' function?
> 
> Yes, I said I can predict the outcome using unlimited trials.
> 
> > Send contract, I sign it.
> 
> Cool!
> 
> How do you plan to test whether your password is in my trials?  You will
> receive a lot of trials, and I want to be sure you don't cheat.  Because
> it will take some time.

Hey... but I am not going to spend time checking terrabytes of your
trials.

You have got unlimited trials that you do on yourside, not that I work
for you and finally pay you for my work.

That is called brute force. Not an algorithm that breaks the function
and predicts its outcome.

Emacs Lisp function `random' is quite handy and definitely not random
enough as such. But with little support of Emacs Lisp it becomes very
random. The matter is solved by providing a new seed. If seed is
pretty random, then `random' becomes random.

Here is enough entropy that it can generate random passwords:

(defun rcd-random-md5-string ()
  (md5 (concat (emacs-uptime) (format-time-string "%N %6N %3N"))))

(rcd-random-md5-string) ⇒ "37c981115ec8cd7455667e1ad57e894b"

(defun rcd-password-generate-1 (string)
  "Return capitalized or downcased single symbol from a string"
  (random (rcd-random-md5-string))
  (let* ((max (length string))
	 (rnd (random max))
	 (single (substring string rnd (+ rnd 1))))
    single))

(rcd-password-generate-1 "!@#$%^&*()-=+_[]{}|)ABCDEFGHIJKLMNOPQRSTUVWHYZ") ⇒ "Y"

(rcd-password) ⇒ "wqg9@avJ@fErcvI4rrKt"

Good enough for websites, system accounts, chat accounts, etc.


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Yuri Khan]

On Tue, 26 Oct 2021 at 02:25, Jean Louis <bugs@gnu.support> wrote:

> Yuri and Michael H., you are very right, too simple password
> generation without enough entropy produces duplicate passwords.

What tipped you to this conclusion?


Still wrong!

> (defun rcd-read-urandom (&optional length)
>   "I am also free to modify the Emacs Lisp unlimited times."
>   (shell-command-to-string "head -n 1 /dev/urandom"))

Here you read the first newline-delimited line of /dev/urandom, which
may be a lot. If you have to use ‘head’, use it with -c and give a
byte count.

> (defun rcd-password-generate-1 (string)
>   "Return capitalized or downcased single symbol from a string"
>   (random (format "%s" (rcd-read-urandom)))

Here you seed the Emacs random generator with the entropy. However,
the Emacs random generator can only use 48 bits of entropy in the best
case, so it grabs exactly that and drops the remainder on the floor.

>   (let* ((max (length string))
>          (rnd (random max))
>          (single (substring string rnd (+ rnd 1))))
>     single))

Then you proceed to generate a random password using the seeded
pseudo-random generator. Which is a step up from an unseeded
pseudo-random generator (you could generate a series of passwords from
a single seed, making it easier for the attacker who knows one to
guess others) but still not as random as you would get by just
converting raw entropy into printable characters.

About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-25 22:53]:
> Emanuel Berg via Users list for the GNU Emacs text editor wrote:
> 
> >> (defun rcd-read-urandom (&optional length)
> >>   "I am also free to modify the Emacs Lisp unlimited times."
> >>   (shell-command-to-string "head -n 1 /dev/urandom"))
> >
> > So you had one as well ...

> > Check how head does it then ... that's how to get aHEAD in
> > software piracy ...
> 
> Wait ... didn't we see it with pwgen?
> 
> You need to write a dynamic module, in C for this.
> 
> /dev/random isn't a regular file ... no can do.

I was just testing it, I did not use /dev/urandm ever. It can be done,
but that is slow and not portable.

This seem to work blazing fast and is portable enough, I expect it to
work on any GNU Emacs version.

(defun rcd-random-md5-string ()
  (md5 (concat (emacs-uptime) (format-time-string "%N %6N %3N"))))

(rcd-random-md5-string) ⇒ "5ae0b5bd4f7bd84a877062b104a8f77f"


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-25 22:48]:
> Jean Louis wrote:
> 
> > (defun rcd-read-urandom (&optional length)
> >   "I am also free to modify the Emacs Lisp unlimited times."
> >   (shell-command-to-string "head -n 1 /dev/urandom"))
> 
> So you had one as well ...
> 
> Check how head does it then ... that's how to get aHEAD in
> software piracy ...
> 
> (defun urandom (bits)
>   (interactive "nbits: ")
>   (let*((bytes     (/ bits 8))
>         (bytes-opt (format "--bytes=%s" bytes)) )
>     (with-temp-buffer
>       (set-buffer-multibyte nil)
>       (call-process "head" "/dev/urandom" t nil bytes-opt)
>       (string-to-list
>        (buffer-substring-no-properties (point-min) (point-max)) ))))
> ;; (urandom 100)

Really great, though complicated.

I expect in future to run only GNU Emacs on computer, so external
commands I wish to eradicate.

I think that description of nano, micro and milliseconds from
`format-time-string' plus Emcas uptime, create enough randomity for my
needs.

%N is the nanosecond, %6N the microsecond, %3N the millisecond, etc.

(md5 (concat (emacs-uptime) (format-time-string "%N %6N %3N"))) ⇒ "ed542b20ba78029ceda9a3a3824e7154"

With or without md5 is enough random.

Can anybody predict my Emacs uptime concatenated with the current
nanoseconds, microseconds and milliseconds?

--  
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

> Entropy can be generated by providing something random that
> computer did not generate. /dev/urandom I would not know how
> to read from Emacs Lisp, as it is not regular file. Maybe as
> stream, don't know now.

Dynamic module, write it in C ... bring over what they did in
pwgen I should say, I mean the /dev/urandom extraction part.

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Yuri Khan wrote:

> Then you proceed to generate a random password using the
> seeded pseudo-random generator. Which is a step up from an
> unseeded pseudo-random generator (you could generate
> a series of passwords from a single seed, making it easier
> for the attacker who knows one to guess others) but still
> not as random as you would get by just converting raw
> entropy into printable characters.

Here:

- get industrial strength random numbers from /dev/urandom

- get the tools up-to-date to support it

- use it for passwords and other purposes

-- 
underground experts united
https://dataswamp.org/~incal

Re: About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

> I was just testing it, I did not use /dev/urandm ever.
> It can be done, but that is slow and not portable.

It is about being and beating the best, I don't care what
other people use. Besides what you say isn't true.
A C solution that reads from a regular or nonregular file on
a Unix system is portable enough, few things are that portable
in the computing world.

> This seem to work blazing fast and is portable enough [...]

... I'm done.

-- 
underground experts united
https://dataswamp.org/~incal

About randomity, entropy, random passwords - was Re: Noob dumb question (extending emacs)

[Jean Louis]

* Yuri Khan <yuri.v.khan@gmail.com> [2021-10-25 23:12]:
> On Tue, 26 Oct 2021 at 02:25, Jean Louis <bugs@gnu.support> wrote:
> 
> > Yuri and Michael H., you are very right, too simple password
> > generation without enough entropy produces duplicate passwords.
> 
> What tipped you to this conclusion?

I did the `dotimes' and found same passwords without goods seed. Then
I have improved the seed.

> Still wrong!

You still cannot guess the next password coming... with or without
good seed. But your tips did make it more random on my side. ;-p

> > (defun rcd-read-urandom (&optional length)
> >   "I am also free to modify the Emacs Lisp unlimited times."
> >   (shell-command-to-string "head -n 1 /dev/urandom"))
> 
> Here you read the first newline-delimited line of /dev/urandom, which
> may be a lot. If you have to use ‘head’, use it with -c and give a
> byte count.

That one I forgot the same time I wrote it, it was just thinking. I
don't like external commands.

> > (defun rcd-password-generate-1 (string)
> >   "Return capitalized or downcased single symbol from a string"
> >   (random (format "%s" (rcd-read-urandom)))
> 
> Here you seed the Emacs random generator with the entropy. However,
> the Emacs random generator can only use 48 bits of entropy in the best
> case, so it grabs exactly that and drops the remainder on the floor.

It may be, I dropped that one.

> >   (let* ((max (length string))
> >          (rnd (random max))
> >          (single (substring string rnd (+ rnd 1))))
> >     single))
> 
> Then you proceed to generate a random password using the seeded
> pseudo-random generator. Which is a step up from an unseeded
> pseudo-random generator (you could generate a series of passwords from
> a single seed, making it easier for the attacker who knows one to
> guess others) but still not as random as you would get by just
> converting raw entropy into printable characters.

I'll stick to random Emacs uptime concatenated to microseconds,
nanoseconds and milliseconds.


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-25 23:22]:
> Jean Louis wrote:
> 
> > Entropy can be generated by providing something random that
> > computer did not generate. /dev/urandom I would not know how
> > to read from Emacs Lisp, as it is not regular file. Maybe as
> > stream, don't know now.
> 
> Dynamic module, write it in C ... bring over what they did in
> pwgen I should say, I mean the /dev/urandom extraction part.

Why complicate if it need no dynamic module.

There must be some way to read that irregular file from Emacs Lisp.

Not that I want to read /dev/urandom -- why, when I can generate
randomity myself. For example, before password generation I could ask
myself or user to enter random letters and press enter.


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-25 23:26]:
> Yuri Khan wrote:
> 
> > Then you proceed to generate a random password using the
> > seeded pseudo-random generator. Which is a step up from an
> > unseeded pseudo-random generator (you could generate
> > a series of passwords from a single seed, making it easier
> > for the attacker who knows one to guess others) but still
> > not as random as you would get by just converting raw
> > entropy into printable characters.
> 
> Here:
> 
> - get industrial strength random numbers from /dev/urandom

Sorry -- do you want to undermine my `rcd-password' function as not to
be of industrial strength? Please... I am using it in the industry. ;-p

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Michael Heerdegen <michael_heerdegen@web.de> [2021-10-26 18:22]:
> Jean Louis <bugs@gnu.support> writes:
> 
> > That is called brute force. Not an algorithm that breaks the function
> > and predicts its outcome.
> 
> So your accounts all have a disclaimer saying "you are only allowed to
> crack the password of this account using an algorithm that predicts the
> password"?  Does everybody respect it?

With enough attempts every password can be cracked.

Function `rcd-password' generates passwords and it is helpful and
useful with websites. Purpose is fulfilled. To say that generated
password is not sure enough and that somebody can predict it, then
better would be to prove it. As if you are cracking a random password
on a website you cannot even know how it was generated or devised.

> > Emacs Lisp function `random' is quite handy and definitely not random
> > enough as such. But with little support of Emacs Lisp it becomes very
> > random. The matter is solved by providing a new seed.
> 
> The part you didn't yet understand is: the random number generator used
> can only generate 2^48 different results.  AFAIU the code (sysdep.c) it
> is even only 2^31 different results.  You can use exabytes of entropy to
> set a seed and it will still only be able to generate 2^31 different
> results.  It will only give you one out of 2^31 possible passwords.  I
> will only have to try these 2^31.  That's just not secure enough.  We
> have mentioned this already several times, but you continuously ignore
> it for some reason.

I surely understand your hypothetical and idealistic thinking. I think
that number 2³¹ is this one: (expt 2 31) ⇒ 2,147,483,648 -- you say
that is too little, and somebody could "find" the possible password. I
think you imply that after somebody has attempted for example 1
billion times, then this person, cracker, would get control over some
of my website accounts. I don't think this is a problem neither for
`pwgen' generated passwords neither for `rcd-password' generated
passwords, because the probability for brute force attempts is equal,
regardless how password has been generated.

Let us say that there is truly random password: "jgu" -- from there it
should be obvious that a brute force password cracking program would
quickly solve it.

You speak of entropy and in same time of with brute force method. It
is disregarded that it becomes irrelevant for brute force how password
has been generated, what it consists of.

Further, the function `rcd-password' uses more basic functions
`rcd-password-generate-1' that in turn for each generated letter uses
different, again random, seed. That system increases randomity to
indefinite.

(defun rcd-random-md5-string ()
  (md5 (concat (emacs-uptime) (format-time-string "%N %6N %3N"))))

(defun rcd-password-generate-1 (string)
  "Return capitalized or downcased single symbol from a string"
  (random (rcd-random-md5-string))
  (let* ((max (length string))
	 (rnd (random max))
	 (single (substring string rnd (+ rnd 1))))
    single))

Now we come back to it, if there is way to practically predict the
outcome, then show me, make the Emacs Lisp function that demonstrates
it.

I can for example give you list of passwords, and you can, by
observing those passwords try to demonstrate to know which one will be
a next password. That way you can prove the statement from your side.

Unless it is proven that you or somebody, can predict a password
generated, `rcd-password' is useful function to generate passwords.

To crack a password generated by `rcd-password' on somebody:

- you would need to know how is password generated, you have the
  access to source, but you cannot know what was the seed. Try to
  guess the seed by guessing the md5 hash of my Emacs uptime and exact
  microsecond, nanosecond and millisecond when password was generated;

- you would need to know which website, which system account, what is
  the name of system account;

- you would need maybe to have access to physical computer on my side;

- you would need to have a program that breaks my program and finds
  out or predicts random passwords outcome;

And more than that.

If we speak only of brute force cracking that means it is irrelevant
to the fact how password was generated in the first place. Brute force
cracking does not prove that password generated by Emacs Lisp function
is unsafe.

If password is 20 chars long, than 2.2 billion times x 20 =
44000000000, I guess 44 gigabytes. I could open up VPS with 100
gigabytes, and try to generate this many passwords to try to find if
any of passwords generated by `rcd-password' is same. 


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Michael Heerdegen wrote:

>     48 ln(2)
> l = -------- ~ 8.13.
>      ln(60)
>
> That would mean that already for a length of 9 only a small
> fraction of passwords are computable.

Okay, why do you say/how do you know that?

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

>>> I cannot write `ffmpeg' so I convert videos by using Emacs
>>> Lisp on remote computers calling external `ffmpeg'.
>> 
>> But you cannot write a pwgen either - or at least, you
>> haven't yet ... so what's the difference?
>
> Emacs image viewer is not `sxiv' or "Eye of Gnome" but still
> fulfils the purpose to view images.

Try feh for a more configurable viewer.

Note that you can run sxiv from Emacs with the 'sxiv' MELPA
package, at least I think that's what it does. I guess not all
Emacs users share your aversion to "external commands" ...

> The function `rcd-password' fulfils the purpose of `pwgen'
> to generate passwords for me.

It isn't as good, that's the issue. No idea why on cannot read
a non-regular file from Elisp, but head(1) and pwgen(1) can do
it from C, and Emacs is written in C as well, so maybe it can
be done as a C built-in (Lisp primitive) or, as said, in
a C dynamic module ...

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Michael Heerdegen]

Emanuel Berg via Users list for the GNU Emacs text editor
<help-gnu-emacs@gnu.org> writes:

> Michael Heerdegen wrote:
>
> >     48 ln(2)
> > l = -------- ~ 8.13.
> >      ln(60)
> >
> > That would mean that already for a length of 9 only a small
> > fraction of passwords are computable.
>
> Okay, why do you say/how do you know that?

Anything besides used entropy is deterministic.

If you initialize the seed with a certain entropy, it means that you
randomly get one seed out of N possible (known) seeds.  In our case N =
2^31 (or something like that).

To understand the reasoning behind the following it can help to assume a
small N, e.g. N=2, N=10 or N=100, and then think about what
fundamentally changes if N is larger (actually nothing, you only need
accordingly more tries to guess).  This is all quite trivial, only the
large numbers involved cloud a bit what is going on.

Ok.  Those possible seeds are known (computable) to everyone: You start
with a random seed out of a public list of N seeds.

With each of these seeds, `random' will generate one out of N possible
predefined sequences of numbers.  With the exception: If N is larger
than the number of possible different results of `random' (a finite
number of course), let's name it "M", then you must set N = M in the
following considerations.

So if you use a publicly known deterministic algorithm using `random',
your algorithm will generate one out of N possible publicly known
password sequences for each call.

Security of these passwords stands and falls with the size of N:

Say your algorithm calculates passwords using an alphabet consisting of
a number b of letters, e.g. b=60 for small and capital letters plus some
special characters.  Then the entropy used is enough to generate
pseudo-random passwords of a length l when b^l ~ N (where "~" means "is
approximately").

Why?  If l is smaller, b^l < N, your algorithm would often calculate the
same password for different seeds, and you would waste a portion of the
initial randomness (entropy).

If l is larger, b^l > N, the passwords per se are stronger in theory
but... that doesn't matter if you publish the algorithm that computed
the passwords (or one can guess that algorithm).  Then I still have to
try only N passwords, not more than when a smaller password length is
used.  One could say that those longer passwords contain redundancy: a
part of those password strings is determined by the rest of the password
string and doesn't offer additional security.

The situation would be similar to posting on your homepage:

  "Any of my accounts uses a password out of this list:

 { "nx4BgzrJmZq0+!YPp<O|]8k&Q"<M2-`<nSV#|CH-",
   "%d~8bqv1j^rl51\6(9#/d[!D91_X_H/=`|&S]|SQ",
   ":2A]sw=V;--q)RKLOIdoxd`9B+4#Q5[WY\8yFNl",
   "?ljGuo\-;VF"9;F$MgU~uP|Ztk$!!9kxAsv~,Lv?",
   ">%M\s=>!xHP9|EMEzR[&Wu&$,\]lS`fN1y:Bc!Ey",
   "igbf^Hlcxyg,A0MBa>d:!,}{x"j%?Qi^,P<YDP-|",
   "/iGww)fjE:*$:uv,$>)M=M?|UF2DZ4|>*Mx"&>(;!,
   "EzIRpdH|;R^1iTAG'*P5LdoJ5sS_Y2kN#S:{S_a\",
   "rLBtPlQ6Unml'5`+B*l^LA}8>/8C}=I)1(']Zqz+",
   "Zt.J$fP<$zU)^AH}<ymP-cNkwz%8#1=+A]<1XON!" }

 Those are all very strong passwords, and the method I use to choose one
 of them randomly is so clever and uses so much entropy that it's
 impossible to guess it.  Try it, Mentalist!"

But since all of those possible passwords are publicly known the
situation is not better than using a random password out of
{"0", "1",..., "9"}: not more secure than using random passwords of
length 1 (even less).

Or using the formula mentioned,

  ln(N)     ln(10)
  ------ = -------- < 1.
  ln(b)     ln(60)


Now do the same consideration with a larger N.  Whether your passwords
are secure only depends on the real value of N.  And it seems that in
our case N is simply too small for good security.

AFAIU the problem in Emacs is that the number of possible results of
`random' (I called it M) is too small.  If you initialize the random
seed with an entropy N larger than M, there will be only M instead of N
classes of different initializations of the random number generator:
each class would consist of approximately N/M different seeds which
initialize the random generator with exactly the same state.

If you initialize the seed using large strings for example, this would
be comparable to using only the first three characters of these strings
carrying high entropy to initialize the random number generator.  It
would not be, in any way, better than using only three character long
strings carrying very small entropy.


Michael.

Re: Noob dumb question (extending emacs)

[tomas]

[-- Attachment #1: Type: text/plain, Size: 533 bytes --]

On Thu, Oct 28, 2021 at 01:41:23PM +0200, Michael Heerdegen wrote:

[...]

> Anything besides used entropy is deterministic.

[...]

Thanks for this nice explanation. As for how those things
are exploited in practice (you really don't want to run
all M for each possible seed time and again, esp. when
M is large), see rainbow tables [1]. There are programs
using this (cf, for example, Debian package ophcrack).

So all of this is far from "just a theoretical thing".

Cheers

[1] https://en.wikipedia.org/wiki/Rainbow_tables

 - t

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

>> Yes, commands that are run very often and have no security
>> implications one can maybe be cool with a downgrade for
>> that reason, but commands that are used seldom and have
>> security implications, nope, that should be at the level of
>> the CLI alternative _or_ one should simply use the
>> CLI alternative.
>
> In science, if there is "security implication" then it has
> to be proven.

Well, this is gmane.emacs.help. And you don't have to prove
everything (obvious things) in science.

> That is why breaking crypto requires a proof which is
> usually program or exploit that breaks it, not just
> a theoretical statement.

OK, if you say so, but in general theoretical (or formal)
proofs rank much higher than "try and see" experiments which
only show that the observed outcome is one possibility.

Often if something is possible that is well-known since it has
been tested on the field, for fun or pleasure, long before it
reaches the world of PhD students ...

> It is not reasonable within Emacs environment and especially
> on this mailing list to keep recommending general
> CLI alternatives.

It is, if there is no alternative in Emacs that is at the same
level.

> What about cp, mv, we use it in Dired, should we start now
> recommending using external "cp" instead of Dired one?

Indeed, if the Dired ones are worse than the shell tools in areas
that are critical.

> I will use Emacs Lisp interface to external commands in
> cases where it is for some reason not possible to get
> equivalent speed and functionality from within Emacs.

I think it is possible but as long as no one does it doesn't
matter what anyone thinks. But if head(1) and pwgen(1) can do
it from C Emacs should be able to do it from C as well
(built-in, a so-called Lisp primitive), or from a
dynamic module, also in C ...

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Michael Heerdegen wrote:

>>>     48 ln(2)
>>> l = -------- ~ 8.13.
>>>      ln(60)
>>>
>>> That would mean that already for a length of 9 only a small
>>> fraction of passwords are computable.
>>
>> Okay, why do you say/how do you know that?
>
> Anything besides used entropy is deterministic.
>
> If you initialize the seed with a certain entropy, it means
> that you randomly get one seed out of N possible (known)
> seeds. In our case N = 2^31 (or something like that).
>
> To understand the reasoning behind the following it can help
> to assume a small N, e.g. N=2, N=10 or N=100, and then think
> about what fundamentally changes if N is larger (actually
> nothing, you only need accordingly more tries to guess).
> This is all quite trivial, only the large numbers involved
> cloud a bit what is going on.
>
> Ok. Those possible seeds are known (computable) to everyone:
> You start with a random seed out of a public list of
> N seeds.
>
> With each of these seeds, `random' will generate one out of
> N possible predefined sequences of numbers. With the
> exception: If N is larger than the number of possible
> different results of `random' (a finite number of course),
> let's name it "M", then you must set N = M in the
> following considerations.
>
> So if you use a publicly known deterministic algorithm using
> `random', your algorithm will generate one out of N possible
> publicly known password sequences for each call.
>
> Security of these passwords stands and falls with the size
> of N:
>
> Say your algorithm calculates passwords using an alphabet
> consisting of a number b of letters, e.g. b=60 for small and
> capital letters plus some special characters. Then the
> entropy used is enough to generate pseudo-random passwords
> of a length l when b^l ~ N (where "~" means "is
> approximately").
>
> Why? If l is smaller, b^l < N, your algorithm would often
> calculate the same password for different seeds, and you
> would waste a portion of the initial randomness (entropy).
>
> If l is larger, b^l > N, the passwords per se are stronger
> in theory but... that doesn't matter if you publish the
> algorithm that computed the passwords (or one can guess that
> algorithm). Then I still have to try only N passwords, not
> more than when a smaller password length is used. One could
> say that those longer passwords contain redundancy: a part
> of those password strings is determined by the rest of the
> password string and doesn't offer additional security.
>
> The situation would be similar to posting on your homepage:
>
>   "Any of my accounts uses a password out of this list:
>
>  { "nx4BgzrJmZq0+!YPp<O|]8k&Q"<M2-`<nSV#|CH-",
>    "%d~8bqv1j^rl51\6(9#/d[!D91_X_H/=`|&S]|SQ",
>    ":2A]sw=V;--q)RKLOIdoxd`9B+4#Q5[WY\8yFNl",
>    "?ljGuo\-;VF"9;F$MgU~uP|Ztk$!!9kxAsv~,Lv?",
>    ">%M\s=>!xHP9|EMEzR[&Wu&$,\]lS`fN1y:Bc!Ey",
>    "igbf^Hlcxyg,A0MBa>d:!,}{x"j%?Qi^,P<YDP-|",
>    "/iGww)fjE:*$:uv,$>)M=M?|UF2DZ4|>*Mx"&>(;!,
>    "EzIRpdH|;R^1iTAG'*P5LdoJ5sS_Y2kN#S:{S_a\",
>    "rLBtPlQ6Unml'5`+B*l^LA}8>/8C}=I)1(']Zqz+",
>    "Zt.J$fP<$zU)^AH}<ymP-cNkwz%8#1=+A]<1XON!" }
>
>    Those are all very strong passwords, and the method I use
>    to choose one of them randomly is so clever and uses so
>    much entropy that it's impossible to guess it.
>    Try it, Mentalist!"
>
> But since all of those possible passwords are publicly known
> the situation is not better than using a random password out
> of {"0", "1",..., "9"}: not more secure than using random
> passwords of length 1 (even less).
>
> Or using the formula mentioned,
>
>   ln(N)     ln(10)
>   ------ = -------- < 1.
>   ln(b)     ln(60)

I don't think I saw that, what does it say?

I've seen the first one, this

  48 bits, alphabet length n, password length l
  2^48     = n^l            <=>
  48*ln(2) = l*ln(n)        <=>
  l        = 48*ln(2)/ln(n)

which in Elisp is

(defun epwgen-space-size-2 (bits abc-len)
  (/ (* bits (log 2)) (log abc-len) ))

;; (epwgen-space-size-2 48 60) ; 8.13

Are you saying, that it is saying, "with 48 bits passwords
longer than 8.13 chars don't make it more secure"?

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

See below, if we remain at 48 bits of entropy, but instead of
60 have an alphabet of only 3 chars, the password length rises
from 8.13 chars to 30.28 ...

Does this tell us that it is equally difficult to randomly
guess the both passwords from the two different configuration
at these lengths, or what does it tell us?

What does "48 bits of entropy" mean BTW?

;;; 48 bits, alphabet length n, password length l
;;; 2^48     = n^l            <=>
;;; 48*ln(2) = l*ln(n)        <=>
;;; l        = 48*ln(2)/ln(n)

(defun epwgen-password-length (bits abc)
  (let ((abc-len (if (numberp abc)
                     abc
                   (when (listp abc)
                     (length abc) ))))
    (when abc-len
      (/ (* bits (log 2)) (log abc-len)) )))

;; (epwgen-password-length 48 60)       ;  8.13
;; (epwgen-password-length 48 '(a b c)) ; 30.28

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Michael Heerdegen]

Emanuel Berg via Users list for the GNU Emacs text editor
<help-gnu-emacs@gnu.org> writes:

> > Or using the formula mentioned,
> >
> >   ln(N)     ln(10)
> >   ------ = -------- < 1.
> >   ln(b)     ln(60)
>
> I don't think I saw that, what does it say?

It's really only just counting.  The "10" above is the same as the 2^48
below - the total number of different passwords.

> I've seen the first one, this
>
>   48 bits, alphabet length n, password length l
>   2^48     = n^l            <=>
>   48*ln(2) = l*ln(n)        <=>
>   l        = 48*ln(2)/ln(n)
>
> which in Elisp is
>
> (defun epwgen-space-size-2 (bits abc-len)
>   (/ (* bits (log 2)) (log abc-len) ))
>
> ;; (epwgen-space-size-2 48 60) ; 8.13
>
> Are you saying, that it is saying, "with 48 bits passwords
> longer than 8.13 chars don't make it more secure"?

For brute force attacks and when you know how the passwords are
generated, then yes.  If you don't publish your algorithm then passwords
are good enough (unless for some reason one can guess or reconstruct the
algorithm).

Michael.

Re: Noob dumb question (extending emacs)

[Michael Heerdegen]

Emanuel Berg via Users list for the GNU Emacs text editor
<help-gnu-emacs@gnu.org> writes:

> See below, if we remain at 48 bits of entropy, but instead of
> 60 have an alphabet of only 3 chars, the password length rises
> from 8.13 chars to 30.28 ...
>
> Does this tell us that it is equally difficult to randomly
> guess the both passwords from the two different configuration
> at these lengths, or what does it tell us?

If your calculation is correct, then yes, sure (if it's clear to the
attacker what exact alphabet you used).  As I said, it's just counting.

> What does "48 bits of entropy" mean BTW?

Did you have a look at the wikipedia article?

Michael.

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Michael Heerdegen wrote:

>> See below, if we remain at 48 bits of entropy, but instead
>> of 60 have an alphabet of only 3 chars, the password length
>> rises from 8.13 chars to 30.28 ...
>>
>> Does this tell us that it is equally difficult to randomly
>> guess the both passwords from the two different
>> configuration at these lengths, or what does it tell us?
>
> If your calculation is correct, then yes, sure (if it's
> clear to the attacker what exact alphabet you used).
> As I said, it's just counting.

What do you mean by that, do you mean it doesn't say anything,
it is just the relationship between these three things?

If so, that's good enough for me, but then what does "password
length" mean? If "sex", "love" and "god" are passwords of
length 3, 4 and 3 respectively, I understand that, but what
password length are we talking about when we are
just counting?

;;; -*- lexical-binding: t -*-
;;;
;;; this file:
;;;   https://dataswamp.org/~incal/emacs-init/epwgen.el
;;;
;;; 48 bits, alphabet length n, password length l
;;; 2^48     = n^l            <=>
;;; 48*ln(2) = l*ln(n)        <=>
;;; l        = 48*ln(2)/ln(n)

(defun epwgen-password-length (bits abc)
  (let ((abc-len (if (numberp abc)
                     abc
                   (when (listp abc)
                     (length abc) ))))
    (when abc-len
      (/ (* bits (log 2)) (log abc-len)) )))

;; (epwgen-password-length 48 60)       ;  8.13
;; (epwgen-password-length 48 '(a b c)) ; 30.28

(defun urandom (bits)
  (interactive "nbits: ")
  (let*((bytes     (/ bits 8))
        (bytes-opt (format "--bytes=%s" bytes)) )
    (with-temp-buffer
      (set-buffer-multibyte nil)
      (call-process "head" "/dev/urandom" t nil bytes-opt)
      (string-to-list
       (buffer-substring-no-properties (point-min) (point-max)) ))))
;; (urandom 100)

(provide 'epwgen)

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Michael Heerdegen]

Emanuel Berg via Users list for the GNU Emacs text editor
<help-gnu-emacs@gnu.org> writes:

> What do you mean by that, do you mean it doesn't say anything,
> it is just the relationship between these three things?
>
> If so, that's good enough for me, but then what does "password
> length" mean? If "sex", "love" and "god" are passwords of
> length 3, 4 and 3 respectively, I understand that, but what
> password length are we talking about when we are
> just counting?

I don't understand the question.  The password length is the length of
the string that is used as a password.  The number of characters of the
string.  I never meant something different.

Michael.

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Michael Heerdegen wrote:

>> What do you mean by that, do you mean it doesn't say
>> anything, it is just the relationship between these
>> three things?
>>
>> If so, that's good enough for me, but then what does
>> "password length" mean? If "sex", "love" and "god" are
>> passwords of length 3, 4 and 3 respectively, I understand
>> that, but what password length are we talking about when we
>> are just counting?
>
> I don't understand the question. The password length is the
> length of the string that is used as a password. The number
> of characters of the string. I never meant
> something different.

What does that formula communicate?

The password length is a function of the number of bits of
entropy and the alphabet size? What password is that?
A password of just that length? ... ???

And say that the alphabet is A = {a, b, c} then |A| = 3, the
entropy bits is decided by /dev/urandom, so that doesn't
change either, how can the formula hold for passwords of
different lengths from that alphabet, e.g. "a" (length 1),
"aa" (2), "abc" (3), and so on?

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Michael Heerdegen]

Emanuel Berg via Users list for the GNU Emacs text editor
<help-gnu-emacs@gnu.org> writes:

> What does that formula communicate?

For given entropy N, a given number, it returns for what word length
there are approximately N different (pass)words.

> The password length is a function of the number of bits of
> entropy and the alphabet size? What password is that?
> A password of just that length? ... ???

The functions counts words, all possible (pass)words, no password in
particular.

> And say that the alphabet is A = {a, b, c} then |A| = 3, the
> entropy bits is decided by /dev/urandom, so that doesn't
> change either, how can the formula hold for passwords of
> different lengths from that alphabet, e.g. "a" (length 1),
> "aa" (2), "abc" (3), and so on?

The formula returns a length.  So the question doesn't make much sense
to me.  Unless you ask why I don't say "maximum password length" and
don't include smaller passwords in the count.  That would not
significantly change the result though.

If these were not the answers you expect I think we are somehow
miscommunicating or I just don't express myself very well.

All I did was counting how many different words of a given length exist
for a fixed alphabet.  Or did you not understand why that matters here?

Michael.

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Michael Heerdegen wrote:

>> What does that formula communicate?
>
> For given entropy N, a given number, it returns for what
> word length there are approximately N different (pass)words.

Okay, so for entropy 10 and S = {a, b} the passwords have to
have length 10 for there to be 10 different passwords:

(epwgen-password-length 10 '(a b)) ; 10.0

What about length 4?

aaaa
aaab
aaba
...
bbbb

or 2^4 = 16 passwords?

(expt 2  4) ; 16

(expt 2 10) ; 1024 ?

Only the first 10 are random?

But none of them are ... they are a function of the alphabet
length and the password length, as we see above.

;;; -*- lexical-binding: t -*-
;;;
;;; this file:
;;;   https://dataswamp.org/~incal/emacs-init/epwgen.el
;;;
;;; 48 bits, alphabet length n, password length l
;;; 2^48     = n^l            <=>
;;; 48*ln(2) = l*ln(n)        <=>
;;; l        = 48*ln(2)/ln(n)

(defun epwgen-password-length (bits abc)
  (let ((abc-len (if (numberp abc)
                     abc
                   (when (listp abc)
                     (length abc) ))))
    (when abc-len
      (/ (* bits (log 2)) (log abc-len)) )))

;; (epwgen-password-length 48 60)       ;  8.1
;; (epwgen-password-length 48 '(a b c)) ; 30.3
;; (epwgen-password-length 10 '(a b))   ; 10.0

(defun urandom (bits)
  (interactive "nbits: ")
  (let*((bytes     (/ bits 8))
        (bytes-opt (format "--bytes=%s" bytes)) )
    (with-temp-buffer
      (set-buffer-multibyte nil)
      (call-process "head" "/dev/urandom" t nil bytes-opt)
      (string-to-list
       (buffer-substring-no-properties (point-min) (point-max)) ))))
;; (urandom 100)

(provide 'epwgen)

-- 
underground experts united
https://dataswamp.org/~incal

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-28 05:26]:
> Michael Heerdegen wrote:
> 
> >     48 ln(2)
> > l = -------- ~ 8.13.
> >      ln(60)
> >
> > That would mean that already for a length of 9 only a small
> > fraction of passwords are computable.
> 
> Okay, why do you say/how do you know that?

Programmers can make the algorithm that makes new random seed each
time and increases the difficulties to compute whatever was meant with
it. 

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-11-01 05:11]:
> (defun urandom (bits)
>   (interactive "nbits: ")
>   (let*((bytes     (/ bits 8))
>         (bytes-opt (format "--bytes=%s" bytes)) )
>     (with-temp-buffer
>       (set-buffer-multibyte nil)
>       (call-process "head" "/dev/urandom" t nil bytes-opt)
>       (string-to-list
>        (buffer-substring-no-properties (point-min) (point-max)) ))))
> ;; (urandom 100)

I think the above is not portable. And finally, if you use external
program, then you could call `pwgen' directly.


-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Passwords -- Re: Noob dumb question (extending emacs)

[Jean Louis]

* Emanuel Berg via Users list for the GNU Emacs text editor <help-gnu-emacs@gnu.org> [2021-10-28 05:37]:
> Jean Louis wrote:
> 
> >>> I cannot write `ffmpeg' so I convert videos by using Emacs
> >>> Lisp on remote computers calling external `ffmpeg'.
> >> 
> >> But you cannot write a pwgen either - or at least, you
> >> haven't yet ... so what's the difference?
> >
> > Emacs image viewer is not `sxiv' or "Eye of Gnome" but still
> > fulfils the purpose to view images.
> 
> Try feh for a more configurable viewer.

I found `sxiv' much handier, after long term usage of `feh'.

> Note that you can run sxiv from Emacs with the 'sxiv' MELPA
> package, at least I think that's what it does. I guess not all
> Emacs users share your aversion to "external commands" ...

No aversion at all. But if something works in Emacs Lisp, I will not
use external program. It is natural.

> > The function `rcd-password' fulfils the purpose of `pwgen'
> > to generate passwords for me.
> 
> It isn't as good, that's the issue. No idea why on cannot read
> a non-regular file from Elisp, but head(1) and pwgen(1) can do
> it from C, and Emacs is written in C as well, so maybe it can
> be done as a C built-in (Lisp primitive) or, as said, in
> a C dynamic module ...

It is as good as it can be.

(rcd-password) ⇒ "jLYRd+9ntSvHacClVuP]" -- obviously random. You have
my algorithm published, try to guess the next one. If you cannot
guess, there is no proof that it is "not good".

The purpose of generated passwords is to provide enough random
password that will not be easily guessed by brute force
attacks. Websites and shell accounts have often other measures to
prevent multiple brute force attempts.

So far nobody of theoretical password scientists on this list did not
break any of my passwords, despite all the invitations and awards
offered. 

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

>> (defun urandom (bits)
>>   (interactive "nbits: ")
>>   (let*((bytes     (/ bits 8))
>>         (bytes-opt (format "--bytes=%s" bytes)) )
>>     (with-temp-buffer
>>       (set-buffer-multibyte nil)
>>       (call-process "head" "/dev/urandom" t nil bytes-opt)
>>       (string-to-list
>>        (buffer-substring-no-properties (point-min) (point-max)) ))))
>> ;; (urandom 100)
>
> I think the above is not portable.

It uses Emacs, head(1) and the, as we have seen, non-regular
/dev/urandom file ...

> And finally, if you use external program, then you could
> call `pwgen' directly.

Well, that code is focused on extracting data from
/dev/urandom ...

But yes, if you want to use pwgen(1), you are encouraged to do
just that - and if you choose not to do that, beware that any
inferior solution - portable or not portable (whatever that
means BTW) external program or not - regardless of whatever,
that doesn't matter, because if pwgen is superior for its
particular purpose then pwgen will still be superior.

And I think that's where it stands now.

But cheer up Jean, a silver medal at the Olympics isn't that
bad!

-- 
underground experts united
https://dataswamp.org/~incal

Re: Passwords -- Re: Noob dumb question (extending emacs)

[Emanuel Berg via Users list for the GNU Emacs text editor]

Jean Louis wrote:

>> Try feh for a more configurable viewer.
>
> I found `sxiv' much handier, after long term usage of `feh'.

It is very common, sure, but just not as configurable as
feh(1).

> No aversion at all. But if something works in Emacs Lisp,
> I will not use external program. It is natural.

Well, pwgen(1) also works, of course. But that's not the only
tendency at work here and not the most powerful one either.

And BTW shell tools in general also work from Emacs/Elisp.
Emacs is itself a shell tool, a very powerful/versatile and
perhaps an atypical one, sure, but still.

> It is as good as it can be.
>
> (rcd-password) ⇒ "jLYRd+9ntSvHacClVuP]" -- obviously random.
> You have my algorithm published, try to guess the next one.
> If you cannot guess, there is no proof that it is "not
> good".

That has already been proven but not in that way, which hardly
would be considered a proof anyway.

-- 
underground experts united
https://dataswamp.org/~incal