A One-liner Fuzzy Isearch

If you’re looking for a quick and easy fuzzy isearch, here’s a way to get it with a single line of Elisp. Also check the comments for some riffs on the same idea.

Posted in General | Tagged | Leave a comment

Steven Levy on the New Crypto Wars

I’ve written about Steven Levy before (1, 2, 3). I still consider his book, Hackers, the definitive history of the hacker culture. Now over at Backchannel Levy asks Why Are We Fighting the Crypto Wars Again?

Levy recounts the history of the first crypto war and notes that after it was won not much happened to improve security for the average user. Recently, however, a series of spectacular security lapses and the Snowden revelations of government snooping on Americans not accused or suspected of any crime have started to change things. People started demanding more security and several tech companies—particularly Apple—responded by baking in security and enabling it by default on their devices.

The government, which had been content to let things lie, suddenly started to panic. Claiming they had an absolute right to see any information if they got a warrant—and often even if they didn’t—they’ve started demanding that the tech companies change their products to allow this. All this came to a head with the San Bernardino case but more significantly with the WhatsApp issue that cryptographer Matthew Green says is the real point of the San Bernardino contretemps.

Levy ends his article by glumly concluding that we’re back at square one.

UPDATE: a → at

UPDATE 2: The EFF has a nice explanation of the WhatsApp case that’s well worth reading. It explains the issues and why they matter.

Posted in General | Tagged , | Leave a comment

The Data on Farook’s Phone

Undoubtedly true but beside the point. The government wants a precedent not any purported data on the phone.

Posted in General | Tagged , | Leave a comment

Securing Your WordPress Site

About three years ago, after Irreal was hacked, I published a short article on securing WordPress sites that pointed to a WordPress article on ways to harden a WordPress site. Recently, John Stevens wrote me to say that he and his Hosting Facts team have written a follow up article that expands on the theme of the WordPress content.

If you’re using WordPress for blogging or some other CMS function you should definitely take a look at Stevens’ article. It has 28 tips on how to harden your WordPress site. Many of those are the normal things that you’d expect but there are also some suggestions that you may not have seen. It’s definitely a useful resource.

Posted in Blogging | Tagged | Leave a comment

Using Emacs for Prose

Most Irreal readers are, I think, involved with development or at least some sort of tech. Nevertheless, when I, from time-to-time, write about using Emacs for writing I invariably get some feedback from readers thanking me for covering that aspect of Emacs use.

With that in mind, I’d like to point you to this interesting thread on using Emacs for writing prose. The original poster wants to use spacemacs and appears to be interested in non-technical writing. Most of the responders recommended some combination of Org mode and Pandoc. That’s what I use so of course it’s my preferred solution as well. Others noted that if you prefer Markdown, Emacs has markdown-mode to help out a bit with the formatting and pandoc-mode to handle exporting the document to whatever final form you need it in.

If you write prose and believe—as all right-thinking do—that word processors such as Word are the spawn of the devil, you should take a couple of minutes to read through this thread. As someone who does all my writing in Emacs, I can testify that it’s both possible and pleasant to use Emacs for prose. I like Org mode and think it’s by far the best solution for prose but Emacs can support you if you like Markdown or if you need the full power of LaTeX Emacs has you covered with the powerful and wonderful ACUTeX.

Posted in General | Tagged | Leave a comment

The FBI Doesn’t Need Apple

Regarding the San Bernardino iPhone 5C, Daniel Kahn Gillmor over at the ACLU blog writes about something I’ve pondered myself: why doesn’t the FBI simply attack the hardware itself? Specifically, why not back up the phone’s NAND memory, which contains the encryption key, so that they can simply restore the key even if it gets erased by making 10 incorrect guesses.

As Gillmor says, desoldering the NAND chip and making a copy of its contents is a routine operation requiring very a modest set of equipment. There are, in fact, commercial enterprises that provide this service. There is, then, no real reason to force Apple to unlock the phone. No reason, that is, to accomplish what the FBI is claiming they want. But the FBI is being less than honest. What’s really at stake here is setting a precedent that the government can force Apple and other tech companies to sign arbitrary updates. This would have disastrous results in our already fragile security ecosystem because people would become suspicious of updates and refuse to install them. That, in turn, means that devices would continue running software with known vulnerabilities.

When Judge Orenstein asked the FBI—in the New York case—whether there was any way they could get the data themselves the FBI equivocated and basically refused to answer the question. Judge Orenstein called them out for that in his opinion but given that applications for a warrant are made under oath, why isn’t someone facing perjury charges?

A related question is why should we believe anything the FBI says on this or any other matter. By pushing so hard on this and lying at every stage of the proceedings—we’re only interested in this one phone; we have no other way of getting the data; and so on—the FBI, and by extension the DOJ and even the government itself, is squandering what little trust the public has left in them.

UPDATE: know → known

Posted in General | Tagged , | Leave a comment

Find a Related File

Here’s a nice tip if you’re writing in a language that has header files.

Posted in General | Tagged | 1 Comment

Testimony of Susan Landau

The House Judiciary Committee recently held hearings on encryption and what should be our policy concerning disputes such as those between Apple and the FBI. If the committee reaches the wrong decisions it won’t be because they didn’t have expert and thoughtful testimony.

Susan Landau, a Professor of Cybersecurity Policy at Worcester Polytechnic Institute, testified March 1, 2016 on security threats, encryption, and securing smartphones. She explained to the committee in careful detail that the issues are not as simple as they seem and that our security is (much) better served by having unbreakable security on our devices—especially on our smartphones. ‘Especially’ because our smart phones are already our access to personal, financial, and proprietary commercial information both through data held on the phones themselves and through access credentials held on the phones. Landau says this situation is accelerating and that it is crucial that these devices be secure if we as a nation are going to defend against the increasing cyber attacks from criminals and unfriendly nation states.

Sadly, this debate has been mischaracterized by a lazy and ignorant press as a fight between security and privacy. The goal, they say, is to balance privacy and security. Landau makes the point that the choice is not between privacy and security, although that tension is also present, but between security and less security. That’s a point that’s been mostly missed by those commenting on the issue.

Landau says that the FBI is stuck with a 20th century view of investigative techniques and that they need to let go of their agent-centric view and adopt one that realizes that most crimes today have a cyber component. She says that it is possible to do effective investigations even with unbreakable smartphones but the FBI needs to upgrade their technical capabilities. They are, she says, where the NSA was in 1999. As the NSA has shown, it is still possible to perform effective surveillance even in the face of encryption.

The testimony is a bit long but it’s an interesting and informed read. It’s a great place to point someone who is undecided about the debate but still has an open mind.

Posted in General | Tagged , | Leave a comment

Bulk Rescheduling of Org Agenda Items

Ben Maughan over at Pragmatic Emacs has a really useful tip for rescheduling Org agenda items in bulk. Maughan’s use case is that when at the end of the day he has unfinished TODO items in his Org Agenda he can reschedule them for the next day all at once. That’s really easy to do: you merely mark the items you want to reschedule with an 【m】, enter bulk mode with a 【B】, and then choose rescheduling with an 【s】. See Maughan’s post for the details.

It turns out, that you can do more than reschedule the items. After reading Maughan’s post, I cancelled a bunch of blog ideas from my “blog ideas” file that I hadn’t acted on. It’s the same process: mark, enter bulk mode, change TODO → CANCELLED. There are several possible operations, which you will see on a menu when you enter bulk mode.

This is a really useful tip and something I didn’t know about. If, like me, you keep everything in your agenda, it’s worthwhile investigating how you can add the bulk operations into your workflow.

Posted in General | Tagged , | 1 Comment

Can We Have Our Cake and Eat It Too?

No, but don’t let that stop you from asking.

Posted in General | Tagged , | Leave a comment