Christopher Swenson

I have updated the errata for my book, Modern Cryptanalysis.

This is the first post of the year. That's a little sad, but I think I am going to be redoing this site a bit in the near future.

So, some upcoming changes:

• Errata for my book -- this link has been on the RHS of my page for quite a while now, and I haven't gotten around to compiling this errata. I will do so in the next few days.

• Notes on upcoming projects. I am currently working on several projects, open source and not, and a few writing projects. Expect more details on these.

• ... and more.

I have been searching for years for a decent programming font (that is, monospaced). Over the years, I've found various ones that suited me, but recently I found ranks as my favorite: Droid Sans Mono, Dotted.



Essentially, cosmix created a dotted and slashed zero variant to Droid Sans Mono, part of the Droid family of fonts designed for Google's Android operating system.

They are designed to very legible, and I have found the Sans Mono to be clean and pleasant when in the terminal or in a coding window. It also has pretty decent Unicode support.

My previous favorite coding fonts have been: Monaco, DejaVu Sans Mono, Consolas, and Lucida Sans Console.

I recently wrote a C version of a bunch of comparison-based sorting algorithms, notably timsort and quicksort.

Timsort is a neat, unbalanced mergesort that I've been wanting to try out for the past while, and so I spent the time to write a fast C implementation of the algorithm. My experiments on random data show about a 5-10% improvement over quicksort, which is pretty amazing. If the data has any structure, which is extremely common, it has "superhuman" performance, as it can merge natural runs in the data in an efficient manner.

Another annoying thing I've noticed is that I've written the same sorting algorithms a ton of times, often just changing the type. Sometimes I've used the standard C qsort, but the function-pointer comparison function causes awful performance (the version I wrote isn't even as optimized, and is still often twice as fast). Why can't I just write a good, fast sorting algorithm?

A solution comes from a neat trick in C: token pasting. Using this, it's possible to write the function once, and just swap out the types as needed.

Using token pasting, it is also possible to implement the entire library as a single header file: no library to compile!

Sadly, sorting doesn't usually have sound effects.

There's been some hubbub going around the web about Wordpress potentially suing a developer for breaching the GPL.

The quick run-down: Wordpress is licensed under GPL2. Thesis is a premium Wordpress theme.

The debate really boils down to: does the GPL require Thesis to be also licensed under the GPL?

The answer: almost not, but maybe.

I'll save you some reading. Clause 2 of GPL2:

… If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate work. …

IANAL, but this says, quite clearly, if it is not derived from GPL code and can be reasonably considered independent, then the GPL does not apply.

The question is, what does "independent" mean in this sentence. Does it mean independent in the sense that it can run without it? Or does it mean the code does not have any code in common with the GPL code?

It's unclear. I am inclined to the second viewpoint, because the first has a lot of nasty ramifications. However, some people, including the FSF, appear to believe in the first viewpoint (roughly speaking).

Ugh. Software licensing sucks. This is why I use the MIT License. Mostly because I like putting some kind of license on the code, and this seems one of the least restrictive ones.

I'm a sucker for programming contests, and have been since high school.

I thought I would post here about one ongoing contest and one upcoming one.

First, the Intel Threading Challenge has already started. Essentially, it a little programming contest that is supposed to test your ability to program effectively for a large multi-threaded task. The "Master" section this year is writing a program to compute a simple and laborious graph theoretic property.

Second, the annual ICFP programming contest is right around the corner. Although nominally a functional programming contest, anyone can enter in any language. It's an super-fun, intense 72-hour competition. If you want to try to place, I recommend having a group of about 2–4 strong programmers. I won't be able to compete this year because of a scheduling conflict. :(

sliderepl is a really neat Python presentation tool for demonstrating code, live, in a slide-like format. Essentially, you organize your code into "slides", which you can then scroll through (though you can't go back, really). The tool was written originally by Jason Kirtland.

I wanted to see if I could use it for Sage code as sort of a GUI-less notebook thing. Kind of. Unfortunately, sliderepl is full of hacky magic, involving embedding an interpreter and introspection. Sage is too, and so they don't like each other very much.

Through some more magic, I figured out how to get them to work together anyway, and released the code on Github as sage_sliderepl.

I recently discovered task, a powerful, yet simple, command-line to-do and task management tool. Up until now, I hadn't found any way to manage to-do lists that felt "right". But task has changed that for me.

One feature I feel is missing (though I think they are planning on fixing this) is the lack of email notifications. I would really like to know what I have to do today, and I may not always remember to login and check, especially in my current transition period of getting used to using it everyday.

So, I set up cron on my system to email my current list (that is due today) every day. For those of you following along at home, you can do the same with something like so added to your crontab (crontab -e):

SHELL=/bin/bash
1 0 * * * task list due:today | mail -s "Due `date '+\%A, \%m/\%d/\%Y'`" your@emailaddress.com

(Note that you have to escape the percent signs in a crontab line.)

Just a quick update — trying to get back into the habit of posting.

One thing I am constantly thinking about is programming languages: implementing them, designing them, using them. The latter two are just fun, but implementing languages is a tricky business, and can be difficult and time-consuming.

There are some tools for helping you implement a language, such as the classical lex and yacc lexical analyzer and parser generator, respectively, or the more modern ANTLR, a combination of both.

However, learning how to even use these tools, or when to, is also difficult. Enter Language Implementation Patterns. This book, by Terence Parr (inventor of ANTLR, no less), attempts, quite successfully, to introduce the common patterns that you will use in implementing a language, with or without a parser-generator like ANTLR.

Most of all, I say that it is about freaking time for a book like this to come out. Compiler books have been mostly stagnating these past few years, and while this doesn't cover some of the more advanced optimization techniques and the like, it does a thorough job of showing how modern compilers are built. Bravo, Terence.

When I was constructing my own websites, for myself or for clients, I was always bothered by one thing:

I didn't have an SSL certificate for any of my domains.

This is due to many reasons: SSL certificates are tied to a single domain, they cost a lot of money, and they are tied to an IP address, which can make shared hosting hard. Furthermore, I don't feel that shelling out money for some SSL authority to issue me a certificate really means anything – why are they qualified to say anything (good or bad) about my website.

Unfortunately, there are only two alternatives: don't use SSL, or use a self-signed SSL certificate.

Not using SSL is not really an option if you are sending sensitive information of any kind over the Internet. For example, the password to login to the backend of any site.

If you have a user-facing website that is selling things, i.e., asking people for their credit card information, you don't have much of a choice. You really need to use SSL, and you have to use a real registered SSL certificate, since you don't want to scare away users.

However, for almost any other case, I think that they are just not necessary. Take this website, for example: the only person who logs into this domain is me. I certainly trust any certificate I sign, so a self-signed certificate makes a lot of sense. I can go ahead and "Accept the risk", as Firefox asks me to, and confirm an exception for my own site. I will then sleep easy knowing that my password is sent encrypted.

Even if I make a site for a client, I would be happy to give them the option: we can use this self-signed certificate for you to login to the backend, or they can front the cost for a "real" SSL certificate. However, nobody likes to waste money, and buying a certificate for only a few people to use a backend is a silly idea.

Creating a self-signed certificate with OpenSSL is easy, and installing it in Apache is also easy.

Don't let you or your clients down by neglecting to give them the option for free SSL.

Extra credit question: why aren't there are any free SSL signing authorities out there?