Mechanism-not-policy violations continue to irritate me

I find this infuriating. People who write security software get hung up on the most ridiculous nonsense in ways that make my system less secure. Exampli gratia, OpenSSH simply will not use public key authentication if it decides my keys are not stored sufficiently securely, and will fall back to password authentication. That is, it will use a system it knows is less secure, because the more secure system isn’t more secure “enough”. And there’s no override for this. It’s stupid. (See also network programs that, on finding an untrusted certificate, drop TLS and continue in plaintext. Not enough desks or heads for this.)

Hamming distance in Common Lisp

Still needs much work; don’t use this yet. Snippet released under GPL v3.

(defun hamming (x y)
  (labels ((_nor (a b) (not (or a b)))
           (_diff (a b)
             (if (eq a b) 0 1))
           (_hamming (a b c)
             (if (_nor a b)
               (_hamming (rest a)
                 (rest b)
                 (+ c
                   (_diff (car a)
                     (car b)))))))
          (_hamming (coerce x 'list) (coerce y 'list) 0))) ;; probably expect the caller to coerce instead

Entropy calculator in Common Lisp

A snippet I have found very useful when doing information theory. It can assemble characters, numbers, words, or really whatever you want (you have to write the tokenizer) into a PMF and tell you various information-theoretic things about it.

Snippet is released under the GPLv3.

(defun new-pmf ()
  (let ((pmf nil))
    (lambda (msg obj)
          (case msg
                (show pmf)
                (add (let ((found (assoc obj pmf :test #'equalp)))
                        (if found
                                (rplacd found (1+ (cdr found)))
                                (setq pmf (acons obj 1 pmf)))))
                (sum (apply #'+ (mapcar #'cdr pmf)))
                (length (length pmf))))))
(defun show-pmf (pmf)
  (funcall pmf 'show nil))
(defun add-to-pmf (pmf obj)
  (funcall pmf 'add obj))
(defun pmf-sum (pmf)
  (funcall pmf 'sum nil))
(defun pmf-length (pmf)
  (funcall pmf 'length nil))
(defun frequencies (pmf)
    (mapcar (lambda (x) (cons (car x) (/ (cdr x) (pmf-sum pmf)))) 
            (show-pmf pmf)))
(defun entropy (pmf &optional (base 2))
  (- (apply #'+ (mapcar (lambda (x) (* (cdr x) (log (cdr x) base))) 
                        (frequencies pmf)))))
(defun chi-squared (pmf)
  (let* ((n (pmf-sum pmf))
         (f (frequencies pmf))
         (p (/ 1 n)))    
    (* n (apply #'+ (mapcar (lambda (x) (* p (expt (/ (- (cdr x) p) p) 2)))



pkexec is part of the PolicyKit (now PolKit) system. Like the other -kits, it was developed by Red Hat and, and like the other -kits I’m not very fond of it. The goal of all of these packages was to replace traditional pipe-oriented IPC with dbus, and boy were they successful, to the extent that they’re now moving dbus into the kernel because the userland version can’t handle all of the traffic (well, it can handle the traffic fine; it can’t handle all the marshalling and unmarshalling of data — of course XML encoding and decoding should be in Ring 0, graybeard, stop complaining).

pkexec is roughly the replacement for sudo: it allows Alice to run a command in Bob’s security context. In the simplest uses, this means running the command under Bob’s userid, but since FreeDesktop loves to make everything a Swiss Army Knife, it can get more complicated. (See the man page, particularly the dozens of lines of XML that follow the sentence “simply write a policy file such as this:”. Compare this to sudoers or doas.conf. Cry.)

Really, there are only two ways for an unprivileged user to run a privileged command: either a setuid executable, or a privileged daemon that acts on the user’s behalf. Sudo is an example of the first, and pkexec is an example of the second. The daemon is polkitd, which runs as root and passes out privileged processes to users when they request them.

Most of the complexity is in the XML, which I’m going to leave alone for now; the only command-line option that matters is –user, to specify the account to run as (defaults to root).



As the inaugural post of the WordPressified blog, we’re going to look at xlsfonts.

Xlsfonts is part of the “apps” group in the modular Xorg system. It is one of the very few examples of an entirely-CLI application that is nonetheless an X client. The purpose of xlsfonts is to output a list of the fonts available to the X server.


As an X client, xlsfonts takes the -d and -display options to specify the display (generally the $DISPLAY environment variable will provide that). It also takes the near-universal -v option to print version information and exit.

The remaining options it takes are uncommon and so worth looking at. The options -l, -ll, and -lll add verbosity to the output. (No l’s means just the fonts names, -l means name and attributes, -ll means names, attributes, and properties, and -lll means names, attributes, properties, and character metrics.) The option -m, which can only be used with one of the -l options, add minimum and maximum bounds to the font information.

The -n option tells xlsfonts to output to multiple columns (this sort of thing is considered in bad taste nowadays; you should just pass the user output which she can then pipe to her own columnizing utility, but this command’s pedigree is ancient so they kept this). -n 2 means 2 columns, -n 3 means 3 columns, etc. -n 0 means as many columns as possible (see below). -C is the same as -n 0, and -1 is the same as -n 1.

Speaking of columns, -w tells xlsfonts how many characters wide its output can be; it defaults to 79. If -n, -C, or -1 are not specified, xlsfonts prints as many columns will fit in the number specified by -w, or 79 if -w is also not specified.

-u means the output should not be sorted (by default it is; again, that’s considered bad taste by today’s programming standards). -fn pattern only lists fonts matching the string pattern (this is not a regex, just a literal case-sensitive string match).