Passwords And Their Problems

In response to my recent post on How Passwords Are Stolen, Smitty remarked that the bar for brute forcing your credentials is lowering. I agreed and remarked that passwords are well past their sell-by date.

Unfortunately, although some reasonable alternatives exists, the industry has been slow to adopt them. That raises the question of what we should do in the mean time. The sort answer is: don’t be stupid. The longer answer is to use safe password practices. This requires action on the parts of both users and site operators.

The sad thing is that none of this is hard or mysterious. The answers have been known for a long time and yet we still see users specifying passwords of dubious quality and reusing them, while sites continue limiting the size of passwords, specifying complexity requirements, and failing to treat password safety appropriately.

Jon over at zudell.io has a very nice post on the problems with passwords and what the answers to those problems are. Take a look at the post to see the full answer but if I had to boil it down it would be:

  • Users: Pick long, random passwords. This is best done with a password manger
  • Sites: Lose all your password requirements and practice industry standard password hashing.

Some users will always be stupid, of course but there’s no excuse for the sites. There are libraries in virtually every language to deal with the safe hashing of passwords so there’s no reason for not getting that right.

Whether you’re a user, a site operator, or both, you should take a look at Jon’s post and take his suggestions to heart.

Posted in General | Tagged | Leave a comment

Customizing The Emacs Startup Screen

The Emacs Cat has another interesting post. This time it’s about customizing the Emacs startup screen. He wants to see something useful when Emacs starts up. In particular, he’d like to see

  • A calendar
  • His agenda
  • His diary
  • A random aphorism

It’s actually pretty easy to do that. You may or may not want his exact configuration but it’s very easy to adapt his code to suit yourself.

I already have some code to instantiate two side-by-side empty screens on startup but I almost always immediately start an agenda in the right screen. It seemed to me that maybe I should adopt and adapt the Cat’s code to start the agenda automatically. On the other hand, I almost never restart Emacs so I’m not sure a lot of effort configuring that for startup is worth the trouble.

I’m not sure what I’m going to do but if you would like to have a specific configuration for your startup screens, take a look at the Emacs Cat’s post. The magic is done with some Elisp but it’s pretty simple so if you are at all familiar with basic Elisp, you shouldn’t have any trouble adapting it for your particular use case.

This is yet another case of Emacs making it easy to have things your way. If you want to see something specific when Emacs starts up, it’s pretty easy to make that happen.

Posted in General | Tagged | Leave a comment

Narrowing To A Subtree From Org Agenda

Over at the Emacs subreddit, seidenkaufman asks how he can narrow to a subheading when he types Tab in the Org Agenda. If you don’t do that sort of thing it may not seem all that useful but, believe me, when you want to edit a headline in the agenda, narrowing would be a big win. That’s because by default you always end up at the timestamp in the entry.

Seidenkaufman’s idea was to simply add a hook for org-agenda-goto to call narrow. But that didn’t work and he was wondering why. As usual, the Emacs community came to the rescue with their own solutions to the problem. They ranged from a fairly elaborate bunch of Elisp to a simple macro.

In the end, though, the answer was really simple. There is no org-agenda-goto hook. Instead, you have to use the org-agenda-after-show-hook. Then you can simply use it to call org-narrow-to-subtree to get the desired result.

I really like this post because it shows a couple of things. First, there’s a lot a knowledge embedded in the Emacs user community and those users are generous about sharing it. Second, even those that had working solutions found that there was a simpler solution available. In other words, everybody benefits from the discussion of Seidenkaufman’s question

Posted in General | Leave a comment

How Passwords Are Stolen

As most you know by now, I live a digital life as much as possible. I pay my bills, do my banking, order my food and other shopping, communicate with friends and family, and get my news electronically. For someone who grew up with Dick Tracey’s wrist radio, it’s like living in the future.

Still, there are downsides. No, not the silliness pushed by latter day Luddites but the very real possibility of being hacked and losing control of your digital life. The SANS OUCH! Newsletter tells the story of—the probably apocryphal—Lisa, a graphics designer, who, like me, lives a digital life. But then she gets hacked and her digital life appropriated by criminals who proceed to lay waste to her life.

That’s horrifying, of course, but most of the article offers advice on how to avoid that happening to you. They start with the five common ways that exploits can happen:

  1. Social Engineering Attacks
  2. Malware
  3. Brute Force Attacks
  4. Data Breaches
  5. Purchased Credentials

and offers three simple steps that will help you avoid falling victim to such attacks. Those steps are the usual: long, complicated passwords; a password manager; and using two-factor authentication when available.

We nerds always think we’re too smart to fall for these common ploys but if you’ve had a beer, are tired, or simply not paying attention, it’s absurdly easy to become a victim. Read the article and consider subscribing to some or all of the excellent SANS newsletters. There’s a link at the bottom of the article.

Posted in General | Tagged | Leave a comment

🥩 Red Meat Friday: Emacs Use == Skills

Over at the Emacs subreddit, Thick_Rest7609 says that he associates Emacs use with skill. In particular, he says that he’s inclined to presume presentations using Emacs are representative of a skilled user, whereas a presentation using VS Code is not.

As of this reading, the comments—with one one possible exception—are uniformly negative. Almost no one agrees with him. But I do. This is an opinion that I’ve held for a long time. I don’t claim that it’s universally true that Emacs users dine with the gods while VS Code users are condemned to the netherworld but I do think that your choice of editor says something about you. At least potentially.

We shouldn’t think of this as an inviolable rule but as a hint. Of Course VS Code users can be extraordinarily skilled just as Emacs users can be extraordinarily dim witted. But I think Thick_Rest7609 has a point: In the absence of other information, the use of Emacs does indicate a serious person who has invested in his skill and put in the time and effort to master a very useful, if difficult, tool.

It’s precisely because Emacs does take some effort to master that we can presume it’s users are above average. If you want the easy path, as exemplified by VS Code and its ilk, you may still be a great developer but there’s no reason to presume, a priori, that you are. If you use Emacs, there’s still no guarantee that you are but it’s a much more reasonable assumption.

What do you think? I’m interested in hearing from VS Code users as well as Emacs users.

Posted in General | Tagged , | Leave a comment

Reading Email With Emacs

As most of you know, we here at the Irreal bunker try to use Emacs for as much as we can. That includes, of course, email. I use the excellent mu4e for that and communicate with my email provider with mbsync. But my situation is easy. All my email funnels through my Apple account and I have no problem communicating with their mail server.

Others aren’t so lucky. They use Gmail or need to interface with Outlook because of work. It’s possible to get Mbsync or something similar working in those cases but it’s not, apparently, easy. Part of that is the increasing security measures that Google and Microsoft keep adding to their email systems and, probably, some of it is about user lock in.

Over at the Emacs subreddit, ttlaxia asks if there are any email providers that still work with Emacs. If you’re having the same problem, you should take a look at the answers. Some of them answer ttlaxia’s question directly and suggest email providers that simply support imap and make it easy to download your email.

Others answer the implied question: how do I get an Emacs email reader to work with Gmail or (possibly) Outlook? There are, it turns out, several good answers to that question so if you find yourself in the unfortunate circumstance of having to use Gmail or Outlook and would like to read your email with Emacs, take a look at the post. There’s a lot of good information especially for Gmail users

Posted in General | Tagged | Leave a comment

Charles Choi At EmacsConf 2024

If, like me, you’re a Charles Choi fan and like his Casual App Suite, you’ll be happy to know that he’s giving a talk at EmacsConf 2024. His talk is prerecorded but he will be available to answer questions and chat when the talk is shown.

His announcement gives the times of showing in various localities so take a look if you are interested in being there and chatting with Choi.

Choi imagines and discusses using transient menus as another user interface for Emacs. I don’t know what he envisions—perhaps we’ll find out from his talk—but for me the value of the Casual Suite is discovering or remembering little used commands. It’s excellent at that and I hope he continues to add new Casual apps but I have no interest in having it be the main UI for Emacs.

People who like that type of thing can use VS Code or another editor of that sort. Choi, who is a long term Emacs user, probably agrees with this and is just trying to provide a way of discovering and accessing those little used commands that are so hard to remember.

In any event, I’m looking forward to seeing his talk. I’m sure it will be interesting and informative.

Posted in General | Tagged | Leave a comment

Some Useful Editing Functions

In my recent post, Some Configuration To Solve Common Problems, I got a bit of pushback from GB who said some of the configuration was outdated. That’s true but does it really make much difference? The Emacs Cat has a followup post in which he agrees that some of his configuration is old—just like mine and probably yours—but that it still works.

That’s another nice thing about Emacs: even though new, better methods of doing things are introduced, the old methods continue to work. Sometimes, those old methods will eventually be deprecated but always with a lot of notification including warnings when you use them.

The Emacs Cat’s second post describes some of his custom Elisp that aids editing. Several of them add functionality to Dired, a functionality that everyone should be using. He also has some functions for inserting date/time stamps of various sort. I have several of these myself and the lesson to take away from them is how easy it is to get exactly the format you want.

Finally, there are a few functions that specialize common requirements such as opening new lines, moving to the beginning of the line, and others. These are the sort of functions that every long term Emacs user eventually accumulates so it should be especially useful for beginners to see them written down in a single post.

Posted in General | Tagged | Leave a comment

A Late Nonpost

Sorry for the late post today. To make things worse, it’s not a real post. Today we had a followup appointment for our aforementioned health emergency. It involved a bit of outpatient surgery and since we arrived at the hospital early in the morning, I imagined that we’d be home by early afternoon and I’d have time to put together today’s post.

Yes, yes, I should know better but I let my sunny optimism get the better of me. In the end, we didn’t get home until 13 hours later. Happily everything went well and we’re hopeful that the horrid events from November won’t be repeated.

I’m happy to put it all behind me and get back to worrying about what I’m going to write for my next post.

Posted in Administrivia | Tagged | Leave a comment

Pair Programming: The Poll

Well, not really a poll but at least some random opinions. A while ago, I mentioned a discussion I had with Perry Metzger about pair programming. Metzger, who is a serious person and well worth listening to, is a huge fan and says that he’s never been so productive as when he’s pair programming. I, on the other hand, imagine that it would be much like hell.

I have always thought that most programmers—for reasons that I couldn’t imagine—like pair programming. Certainly there is a lot of positive commentary about it on the Web. But perhaps I was wrong.

abdullah_ayyash over at the Programming subreddit asks what people think of pair programming and why they like it if they do. The answers are what any reasonable person would expect: some like it, others don’t. Those who don’t like it appear more emphatic in their opinions but the opinions seem evenly split.

Part of the problem, it seems, is exactly what you mean by “pair programming”. I think of it as a formal and planned sitting down together to write code. Others have a loser definition. Their definitions include such things as sitting down to debug a problem together or as a simple mentoring. I’ve done both those things but wouldn’t describe them as pair programming.

Even among those supporting it, my sense is that they see it as an occasional way of mentoring or sharing ideas, not as an everyday way of working.

Sorry, but I’m recalcitrant. I’m not going to do anything that resembles the strict definition of pair programming. Not now, not ever. Still, lots of people feel otherwise and I have no objection to them indulging themselves. Perhaps that’s the nub of the matter: if you pair program because you feel it helps you, go for it. My objection is to mandating its use.

Posted in General | Tagged | Leave a comment