CISA Best Practices for Mobile Communications

Posted on 2024-12-22 by jcs

Recently, The Cybersecurity and Infrastructure Security Agency (CISA) released some best practices for mobile communications. These are the result of the recent exploits attributed to The People’s Republic of China. While the recommendations were targeted at senior government officials, they apply equally well to everyone. Most of us are, of course, of limited interest to nation states but cyber criminals are always looking for a way to infiltrate our accounts and steal our money or personal information.

There’s nothing surprising in the advice but it does serve as a convenient checklist for what we should be doing to protect our privacy and safety.

The advice boils down to:

  • Use only end-to-end encryption. This is probably the most important advice. Even law enforcement has stopped prentending otherwise.
  • Use FIDO for safe identity verification.
  • Avoid SMS for two factor authentication.
  • Use a password manager. I use a combination of 1Password and Apple Passwords app. Whatever you use, it should enable long, random passwords and a single password to access the database.
  • Setup a TELCO pin. This isn’t as obvious but it can help prevent a cyber criminal from taking control of your mobile account.
  • Regularly update your software. The best way to do that is to enable automatic updates. That’s what I do and, at least in the Apple environment, that means that I get notified of each update and have the opportunity to upgrade or not.
  • Avoid personal VPNs. This is the hardest to understand of the recommendations but the idea is that it only hides your identity, not the content of your communications. For that, you need an end-to-end VPN, which personal VPNs don’t typically offer.

We can be reasonable sure this is good advice because it’s being directed to government officials. When they start offering advice to protect their own information, you can be sure it’s good information.

Posted in General | Tagged | Leave a comment

Emacs 30.0.93

Posted on 2024-12-21 by jcs

Andrea Corallo writes with some good news: Emacs 30.0.93, the third pretest for Emacs 30.1 is now available for download and testing. The developers are hoping that this is the last pretest before the final release procedure begins.

This should serve as a definitive answer to those who keep insisting that Emacs is dead technology. The update cycle is robust and ongoing. Indeed, I would claim that it’s optimal. The project is not releasing updates every month as a new, incomplete project would, but neither is the project moribund. Rather, it makes fairly consistent yearly major updates as well as bug fix releases in between.

If you don’t mind living on the edge, download and test the new pretest. It will help move the release process forward and get us to Emacs 30 sooner. Even if you can’t help test the new release, raise a glass to the developers who work so hard for nothing besides the love of their work that makes all our lives better.

Posted in General | Tagged | Leave a comment

Don’t Leave Home Without It

Posted on 2024-12-20 by jcs

This post doesn’t rise to the Red Meat Friday level but it did amuse me. Like all such memes, it captures an essential truth. The “essential truth” here is that Elisp is the glue that you can use to bind together various Emacs functions—including those you write yourself—to enable bespoke functionality specifically tailored to your workflow.

I often see n00bs saying that they don’t know Elisp and that it’s too much of a chore to learn it. I don’t understand that. Elisp is relatively easy to learn, enables you to make the most of Emacs, and also opens the world of Lisp and all its wonders to you. Why wouldn’t you want to learn it?

I sometimes hear that Elisp is currently the most used Lisp. I don’t know if that’s true but I’d certainly have no trouble believing it. In addition to enabling custom Emacs functionality, I often use it for one-off calculations because it’s easy, Lisp, and built into my editor. More and more, I use Elisp as my go to language for one-offs.

If you’re an Emacs user and don’t already know Elisp, I urge you to consider learning it. It will pay you dividends.

Posted in General | Tagged , | Leave a comment

A Bit More On Guile Emacs

Posted on 2024-12-19 by jcs

A week ago, I wrote about the recent restoration of the Guile Emacs project. Despite my enthusiasm for the original project, I just couldn’t get excited about its resurrection. You can take a look at that post for my reasons why.

To be clear, I believe that if Emacs were being written today, Guile would be the natural choice and a great one. But that ship has long since sailed. Emacs is 40 years old and there are plenty of technical and political reasons arguing against trying to retrofit it now.

Still, it’s an interesting project. If you’d like to know about more about it, LWN has a nice summary of the project and the talk that its leader, Robin Templeton, gave at this year’s EmacsConf. The article lays out the rationale for the project as well as some of the problems—technical and political that it’s apt to encounter.The project is actually pretty far along but there are still performance and other problems to resolve. There’s also the issue of whether the basically conservative user base would accept such a change. As hard as it is to believe, not everyone is as fond as Scheme as some of us and others just hate change, especially in something as essential as their editor.

Posted in General | Tagged | Leave a comment

Building Emacs Configurations

Posted on 2024-12-18 by jcs

Jack Baty has a post that considers the best way of building an Emacs configuration. On the one hand, something like Doom Emacs provides a complete, no-brainer configuration that requires little effort on the part of the user. On the other hand, some people want to build their own and while they may accept some help basically want to be in complete control.

A curmudgeon might suggest that those in the former class consider moving to something like VS Code. After all, that’s the strength of editors like VS Code: no thought configuration that works out of the box. But that’s not really fair. Emacs is, for sure, a DYI editor kit but some folks just want to enjoy its superior editing environment without having to build it for themselves. One of the glories of Emacs is that you can have it either way.

For my part, I would never want to use a prepackaged configuration. From the beginning of my career—from my n00biest of n00b days—I have hated black boxes. Every time I found one—usually in the form of a library routine—I had to peek inside to see what was really happening. My Emacs configuration is the same: I want to understand everything that’s going on.

I could, of course, use something like doom and figure what was going on but why? An Emacs configuration is—or should be—highly personal, sculpted to precisely fit your workflow. It’s true that building it piece-by-piece will take longer but in the end you will have something that fits your needs exactly and that you understand completely.

Posted in General | Tagged | Leave a comment

What’s New In Emacs

Posted on 2024-12-17 by jcs

There are lots of different types of Emacs users, of course, but two distinct classes are those, like me, who stay pretty much up-to-date and those who are stilling running old versions of Emacs and are not familiar with what the latest releases have to offer.

It’s easy to dismiss the latter class as a small, insignificant group of users but I’d guess that there are more of them than many of us suspect. Over at Lambda Land, Ashton Wiersdorf has an interesting post on what’s new in Emacs in the last decade.

Even if you stay up to date, it’s interesting to see how Emacs has progressed in the last decade. Wiersdorf’s lists several broad groups of improvement:

  • Completions
  • Eglot
  • Projects
  • Tree-sitter
  • Dictionary lookup
    • Flyspell
    • Diictionary definition lookup
  • Visual Line Mode
  • Themes
  • Package Manager
  • Emacs Ecosystem
    • Magit
    • Vertico
    • Consult
    • Corfu
    • Citar

Wiersdorf also has a starter kit, emacs-bedrock that provides some of these improvements for those who would like to move up. If you’d like to update your Emacs experience, take a look at Wiersdorf’s post.

Posted in General | Tagged | Leave a comment

Are You A Cyborg?

Posted on 2024-12-16 by jcs

Cyborgs. It’s a familiar trope to those of us who enjoy science fiction. I’ve always thought that I’m a bit too old to experience being a cyborg in any non-trivial way but then I read this article by Alberto Navarro . He tells the—possibly apocryphal—story of David, an American cyborg who can work anywhere as long as his body remains connected to the Internet. Then one day he has one of his cybernetic prosthetics (spoiler: it’s called a smart phone) stolen from him by muggers. The result is devastating to his psyche.

So far that sounds like a lame story that introduces the cyborg concept gratuitously but there’s more to the tale. David begins to experience phantom vibrations and even auditory illusions from the missing phone. His experience is, in fact, exactly like those who experience phantom sensations from a lost limb.

The story, true or false, is based on research performed by Navarro and documents an actual phenomenon. Some people do experience phantom sensations when they lose their smart phones or other electronic assistants. You can see the same idea in many science fiction stories: a character endures acute psychological trauma when suddenly disconnected from “the network”.

The article explains how these phenomenon arise but what I found most interesting was the idea the cyborgs are already here and walking among us. That, in fact, we might be one of them. I don’t think that I’d experience those phantom sensations if I were suddenly deprived on my iPhone but, of course, it never leaves my side so I don’t really know.

In any event, I found the article really interesting and am sure that many Irreal readers will too. It’s reasonably short so give it a look if the idea interests you.

Posted in General | Tagged | Leave a comment

Flowmeter

Posted on 2024-12-15 by jcs

Every programmer—at least every programmer who actually programs—is familiar with the concept of flow. It’s a well established concept with lots of research to back it up even if some don’t believe in it.

The trouble is, there are lots of people who are completely unfamiliar with the idea and think nothing of interrupting a programmer for the most trivial of reasons. What to do? Some programmers have the convention that they’re not to be interrupted if they have earphones on. Others put up signs or other indications that they’re working and should not be bothered. The problem with these schemes is that the programmer has to remember to invoke them and then disable them when done.

Enter Shae Erisson. He’s developed an automatic signaling system that turns on a “Busy” sign when he’s typing into Emacs. When he stops typing, the sign changes to “Free”. It’s not foolproof, of course, because some psychopaths just won’t care and will interrupt you anyway believing that their needs, however inconsequential, take precedence over your need for focus. Still, it’s a good beginning.

The only special part of this is a magtag from Adafruit. It’s a cheap bit of kit that’s easy to program. You can see the code that Erisson used at his post. There’s code for Emacs—to detect typing—and code for the magtag to display the results.

If you work in an environment where people feel free to interrupt you for the most trivial of reasons, perhaps this will help. Take a look at Erisson’s post to see if his ideas will help you.

Posted in General | Tagged | Leave a comment

Analog Vs. Digital Again

Posted on 2024-12-14 by jcs

Every time I think I’m done with the subject of analog versus digital notes, JTR makes another interesting post on the subject. His latest offering says he’s capitulated to the inevitable and is writing his notes digitally. Still, he says, he has a yearning for the physical. He wonders if perhaps he should print it out.

In the comments Jack Baty says he prints out his journal every month. That’s not too interesting but Baty goes much further. He prints out his journal every month and once a year he binds them into a perfect binding booklet.

The result is basically a book. He exports his journal to LaTeX and adds lots of pictures. The result is very nice: a yearly physical journal that he or anyone else can read and enjoy. Baty’s comments includes some pictures if you’re interested.

It’s a nice solution if you feel that you need a physical copy of your notes but I remain unconvinced. I know lots of people, including Sacha Chua, like to have a physical copy of their work but I just don’t see the advantage. The digital copy is right there to read and enjoy and you can also search it and add links to and from it if the need arises.

I love writing my notes in Org and having them available for future reference. If I want to share them, it’s easy to export them to HTML, PDF, or even—ugh—docx. I see no reason for filling up my home with reams of paper that, truth to tell, I will hardly ever read. But they’re great for collecting dust.

Posted in General | Tagged , | Leave a comment

Law Enforcement Discovers Irony

Posted on 2024-12-13 by jcs

For years, anyone with a reasonable knowledge of the situation and no ax to grind has been preaching the gospel that today’s on-line society needs strong, end-to-end encryption for the safe conduct of our electronic activities. At the same time, law enforcement has been invoking the specter of the Four Horsemen of the Infocalypse and screaming, “Think of the children” at us.

A couple of months ago, I wrote about how the Chinese hacking group Salt Typhoon had proved there’s no such thing as a secure backdoor. Now, in what can only be described as a delicious bit of irony, U.S. Law Enforcement officials have agreed. In the wake of the Salt Typhoon exploit, they are urging everyone, not just government officials and companies, to encrypt their messages and, if they can, their phone calls.

It would be easy to gloat but my feeling is one of relief rather that one-upmanship. The calls for a “safe” backdoor was never going to end in anything but tears. Everybody, probably even those calling for it, knew that. Now, the Chinese hacking group has given us a tremendous gift: the surety that attempts to bypass encryption will end only in disaster. In our current environment, it’s to the advantage of nation states—with their virtually unlimited resources—to intercept and spy on our communications. One way—probably the only way—to prevent that is strong end-to-end encryption. It appears that even law enforcement has stopped pretending otherwise.

Posted in General | Tagged | Leave a comment