CurtisFree.com Blog

I recently discovered a nifty trick in the cd builtin provided by ZSH: the ability to change from the current directory to another whose path is generated via simple (and, for better or worse, non-global) search-and-replace:

% pwd
/top/left/bottom
% ls /top/*
/top/left:
bottom

/top/right:
bottom
% cd left right
/top/right/bottom
% pwd
/top/right/bottom

Unfortunately, users of BASH don’t get this nicety; however, by adding a (somewhat) simple function to your shell config (~/.bashrc or perhaps ~/.bash_profile), you can emulate this behavior:

cd () { 
    if [ $# -eq 1 ]; then
        builtin cd ${1}
    elif [ $# -gt 2 ]; then
        echo -e "usage: cd path" >&2
        echo -e "       cd to_replace replace_with" >&2
        return 1
    else
        local new_pwd=$(echo ${PWD} | sed "s/${1}/${2}/")
        builtin cd ${new_pwd} && echo ${new_pwd}
    fi
}

Note that this isn’t perfect. For example, it will not work with values of to_replace or replace_with that contain forward slashes (or anything else that will mess with the sed command). There are certainly more involved methods that would avoid the limitations seen here.

Update (18 Feb 2011):

Josh Berry points out that this can be done using BASH’s built-in string manipulation in place of sed. The relevant line in the above function can be replaced with the following:

local new_pwd=${PWD/${1}/${2}}

Google offers two separate encrypted (i.e., via HTTPS) search pages: https://encrypted.google.com (which has been established for some time) and https://www.google.com (a more recent development). The former has generally lagged behind the standard Google search page in terms of features; https://www.google.com looks more like the regular Google search page.

My personal motivation for preferring Google’s HTTPS variants is not to protect my search terms: rather, I am concerned with the cookie information being passed between my browser and Google’s servers. While I do not often (okay, ever) use “open Wi-Fi,” failure to use an encrypted connection means that there is increased potential for a session hijack (as highlighted by the widely-publicized Firesheep).

Aside from differences in each version’s “frills,” there is an important security-relevant difference between the two: the underlying search result links.

Note that links in Google search results look like they point directly at the result URL; however, they actually point back to Google’s own servers, which redirect the browser to the actual result. This means that Google can track clicks, lead to particular referers, and more.

On https://encrypted.google.com, these underlying links point back to https://encrypted.google.com; however, on https://www.google.com, search result redirect links not use HTTPS.

For example, the first hit when searching for “Arch Linux” on https://encrypted.google.com is (line breaks added):

https://encrypted.google.com/url?sa=t&rct=j&q=arch%20linux&source=web&cd=1&ved=0CDMQFjAA&url=htt
p%3A%2F%2Fwww.archlinux.org%2F&ei=7-AQT_D3JIGFtgeC05mVAg&usg=AFQjCNHBJwJZGGNQOe4ZlnbMOM676Q1H7g&
sig2=qeODYK6JsiPId9mR0kwyOw

On https://www.google.com, one has:

http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CDQQFjAA&url=http%3A%2F%2Fww
w.archlinux.org%2F&ei=GOEQT_SsOtGJtweYl-GLAg&usg=AFQjCNHBJwJZGGNQOe4ZlnbMOM676Q1H7g&sig2=ek7en0Z
ia2EtsYirM0xlsQ

While it is unlikely that your session will be hijacked simply by following one of these redirections, note that any cookie information related to your authenticated session that is sent across the Internet unencrypted carries some potential for misuse if it is intercepted.

Users of the EFF’s HTTPS Everywhere Firefox extension are probably already using https://encrypted.google.com. If you’re using Chrome, you can manually add a new search engine with a search string of:

https://encrypted.google.com#q=%s

If you don’t already use the HTTPS-fortified Google search pages, give it a try.

I’ve been using Vimperator for years. I’m a huge fan of the Vim text editor, and Vimperator provides a Vim-like user experience in my favorite Web browser, Mozilla Firefox.

That said, Vimperator 3 was a departure from the experience I had come to know and enjoy.

• The command line UI was revamped. In part, this led to the removal of what I consider a nice security feature: color-coding (the status bar) to indicate the security in use on the current page. Though one can use a custom script to re-implement this color-coding, it causes noticable delay when changing tabs.

• Certain lower-level aspects became less Vim-like. For example, the 'guioptions' option (like that in Vim) was replaced with 'gui' – which has different (and sometimes confusing) behavior.

Recently, a friend asked me about the browser enhancement I was using, and when researching it herself, she discovered my new favorite Firefox extension: Pentadactyl.

Pentadactyl began as a fork of pre-3.0 Vimperator when two of the latter’s primary developers left the project. While Vimperator development has focused on “usability,” “simplicity”, “stability”, and “design” (as described in in the Vimperator wiki), Pentadactyl has maintained (and pushed toward) a truer Vim experience that can fulfill a hacker’s dream.

Importantly, both of the specific points mentioned above are nonissues with Pentadactyl:

• The status bar security color-coding is functional. Like Vimperator, Pentadactyl now (by default) shows only a single line at the bottom of the window. Whereas Vimperator’s “single line” is a dual-purpose status and command line, Pentadactyl shows only the status line and reveals the command line only when necessary.

• Pentadactyl still uses 'guioptions'. That said, some options diverge from what one might be accustomed to with Vim. Notably, search-related options use the term find instead of search (e.g., Vim’s 'hlsearch' vs. Pentadactyl’s 'hlfind'); and Vim’s multiple case-related options ('ignorecase' and 'smartcase') are unified into a single option ('findcase').

If you love Vim and have been using Vimperator, give Pentadactyl a shot (you’ll need to update your .vimperatorrc to a compatible .pentadactylrc). If you’re new to both, try each in turn and see which you prefer!