A Demonstration of How Hard Cryptography Is

In the battle over whether the government should require backdoors in cryptography products, the primary objection from those who actually know what they’re talking about is that we’re not smart enough to safely build in backdoors. That point is often met with skepticism or downright dismissal from the nannies and their useful idiots who think we’d be safe from terrorists if only it weren’t for that pesky encryption. Sure, sure, we need it for banking, buying stuff from Amazon, and the thousands of other e-commerce things we’ve come to depend on but why can’t we just have a backdoor to protect us from the bad guys?

In a truly excellent post, Steven Bellovin, a cryptographer of some note, provides a compelling example of how hard encryption really is. The post is probably a bit too technical for Aunt Millie—although definitely not for Irreal readers—but the summary is understandable by anyone.

I won’t give away the details but the TL;DR is that a seemingly simple protocol that anyone would convince themselves is secure (and that was even proved mathematically secure) had a fatal flaw that went undetected for 17 years. This wasn’t some homegrown crypto-thingy that someone whipped up in their basement. It was an actual peer-reviewed protocol that was vetted by the cryptographic community.

The lesson is clear. Even a very simple and seemingly transparent protocol that seemed obviously secure hid a fatal flaw. How then can we expect the hideously complex protocols we’re using today to be well enough understood that they can be safely weakened?

Meanwhile, Matthew Green uses the recent Juniper exploit to explain what happens when you introduce backdoors. Even though this was (presumably) not the work of the NSA, the attacker neatly repurposed the NSA’s infrastructure for their own backdoor. Expect more of the same if the FBI gets its way.

Posted in General | Tagged , | Leave a comment

Macro Workshop

Howard Abrams has an excellent tutorial on Emacs keyboard macros. It’s structured much like the builtin Emacs tutorial in that you download the tutorial into an Emacs buffer and then do the exercises in situ. Unlike the Emacs tutorial, it’s reasonably short and you should be able to work through it in about 30 minutes or less.

The tutorial starts off with the usual macro stuff that we all know but then moves on the some things I hadn’t seen before. For example, he shows you how to bring up the Emacs Macro ring and choose one the macros defined in the current session. Another nice trick is how to suspend a macro invocation so that you can do some editing unique to that invocation and then continue with the macro. There’re a lot a good things in the tutorial and everyone should take a look at it. If you aren’t already using keyboard macros, you’re doing more work than you need to.

Since most of us don’t use macros enough to internalize the key bindings, it makes sense to either add 【Ctrl+x Ctrl+k】 to your key-guide, if you have it installed, or to make a hydra with the commands.

As much as I like this tutorial, Abrams does get one thing very wrong. The worst song ever perpetrated on mankind is NOT The Twelve Days of Christmas. That would be Little Drummer Boy.

Posted in General | Tagged | Leave a comment

Comey Dissembles (Again)

After Paris and San Bernadino, FBI director James Comey has stepped up his “We’re Going Dark” roadshow, telling everyone who will listen how encryption is making it impossible to stop terrorists. In a Washington Post op-ed, Jihadists are making their plans public. Why hasn’t the FBI caught on?, Rita Katz discloses an inconvenient truth: the vast majority of Jihadist communications are carried out in the clear on social media. Sadly—and dangerously—the FBI prefers to ignore this fact.

In testimony before the Senate Judiciary Committee, Comey said that Elton Simpson, the Garland, Texas shooter had exchanged 109 encrypted messages with an overseas terrorist. The implication was that if only the FBI had their much sought after backdoor, they would have been able to discover the plot and prevent the attack. One of Katz’s inconvenient facts is that those 109 messages were not discovered until after the attack so they could have played no part in preventing it. Here’s another: Elton Simpson was known to the FBI and used Twitter to openly follow and communicate with known terrorists.

One of those terrorists, Mohamed Abdullahi Hassan, tweeted the incitement for the attack. Simpson retweeted the message and asked Hassan to direct message him. All of this was in the open, no encryption involved.

It gets better. Katz’s organization, the SITE Intelligence Group, discovered this communication and reported it to the FBI one week before the attack took place. And yet it’s Apple’s, Google’s, and Edward Snowden’s fault that innocent citizens are at risk.

As we’ve recently learned after San Bernadino, the U.S. Government has rules prohibiting its agents from using public social media sites to gather intelligence. Katz says that “the FBI is reluctant to recognize open-source as an important — arguably the most important — tool to track jihadists online.”

Let’s review. The intelligence community has no trouble snooping on our most private communications and demanding that we weaken encryption so that they can read our sensitive messages but they’re reluctant to use public, unencrypted information that is easily available to them, or anyone else, without the need for snooping. As the Garland incident—Comey’s own example—shows, having access to the perpetrator’s encryption key would have made no difference but the unencrypted, publicly viewable information that would have made a difference was ignored even after it was pointed out to the FBI.

Posted in General | Tagged | Leave a comment

Sacha’s Weekly Emacs News

I came across this tweet

and it reminded me that I’ve been meaning to mention Sacha Chua’s Weekly Emacs News. Every week Chua curates a list of interesting Emacs news in one handy place. If you like to keep up with what’s going on in the Emacs world but don’t have enough time to surf the Web looking for it, this is an excellent resource.

There are lots of ways to get the roundup. You can

  • Check Chua’s site at the above link. (They appear to come out on Mondays.)
  • Add Chua’s site to your RSS feed.
  • Add the Weekly News Posts (only) to your RSS feed.
  • Sign up to have them delivered to your email inbox.

Even if you’re very busy, one of these methods will make it easy to keep up with Emacs news. The posts are generally not very long and you can usually tell from the link title whether or not it’s something you’ll be interested in.

Posted in General | Tagged | Leave a comment

Mu4e and Org Mode

Ben Maughan over at Pragmatic Emacs has a great post on integrating mu4e and Org mode. He has what I think is a near perfect email setup:

  • An inbox that is empty except for unread emails
  • One folder to hold all his archived emails.

These are in service of his overriding email philosophy: inboxes make terrible TODO lists.

We’ve all done that sort of thing. We leave an email in the inbox to remind us to take some action associated with it. What invariably happens is that we end up with hundreds of emails in our inbox and probably never act on them. Maughan’s idea is that you read the email and either delete it or store it in the single archiving folder. If the email requires some action you generate an Org TODO with a capture template that includes a link to the email. Notice how there’s no need to keep read emails in your inbox.

One of the best parts of Maughan’s setup is that you can handle your email from within Emacs. If you’re like me, that means that you’ll spend almost all your tube time in either Emacs or your browser. For this to work, especially archiving everything in one folder, your email client needs to have good search capabilities. Since mu4e is based on mu, an email indexing utility, you automatically get fast searching with it.

Unless you’re completely satisfied with your email setup, be sure to take a look at Maughan’s post. If you don’t have special needs, like John Wiegley’s, it’s hard to imagine an easier or more efficient way of handling your email chores.

Posted in General | Tagged , | 1 Comment

Building World Class Teams

What’s the secret of building great teams? Google researchers decided to find out. They presumed that the ideal team would have a mix of varied skills and personalities. As they put it,

“We were pretty confident that we’d find the perfect mix of individual traits and skills necessary for a stellar team – take one Rhodes Scholar, two extroverts, one engineer who rocks at AngularJS, and a PhD.”

It turns out, though, that none of that was correct. The most important factor by far is that the team members feel psychologically safe to take risks and be vulnerable in front of each other. There are four other attributes too. Read the article—it’s short—to get the details. It’s very interesting and, if you’re a team leader, reports on some important and actionable research.

UPDATE: Added missing link.

Posted in General | Tagged | 4 Comments

A Quick Test for Prospective Employers

Via Karl Voit:

It seems a little silly at first but, really, it serves as a good proxy for an employer’s attitude about its employees.

Posted in General | Tagged | Leave a comment

A Quiz

Posted in General | Tagged | Leave a comment

Steno Machines

We’ve all seen them, either in person or in courtroom dramas. Those odd looking little machines that appear more like old fashioned adding machines rather than typewriters. I’m talking, of course, about steno machines. They’re used to provide verbatim transcripts of court and other legal proceedings.

When you look at them, there doesn’t appear to be enough keys to let the stenographer capture all the words that might be spoken. If you’re like me, you’ve probably idly wondered how they work and why they’re fast enough to let the stenographer to keep up with oral testimony. It’s certainly knowable but never seemed worth doing the research to find out how they work.

Fortunately, Xah Lee has come to our rescue for a helpful page on steno machines and how they work. It both simpler and more complex than you might have believed. If you have any curiosity about the matter at all, be sure to take a look at Lee’s post.

Of course, Lee being Lee, he explores the question of how the same techniques might make our interactions with computers more efficient. He also considers whether something similar could be done with a standard keyboard on a computer. I’d be surprised if anyone reading these words ever has a need to operate a steno machine or substitute but it is interesting to learn how they work and to consider what we might learn from them.

Posted in General | Tagged | 1 Comment

Karl Voit on Moving from Screen to Tmux

If you spend a lot of time using your terminal to log into remote machines, you are probably aware of GNU Screen and tmux. If you aren’t using one of these, you should definitely check them out. They work nicely with Emacs and can make your remote sessions easier and more enjoyable.

Screen is the older program—it was initially released in 1989—and until recently development was stalled. In 2014 Amadeusz Sławiński took over the maintainership and released a new version. Tmux, released in 2009, is the newcomer but has captured much of the mindshare of late.

Karl Voit, whose work Irreal has mentioned before, recently switched from Screen to tmux and wrote a post describing his experience. The TL;DR is that the conversion was smooth and that he was able to configure tmux to have the same key sequences as Screen. If you’re considering switching from Screen to tmux or using one for the first time, you should read Voit’s post. It has a lot of useful information to get you going.

Posted in General | Tagged | Leave a comment