Mickey on Generating TOTP Codes

Posted on 2022-10-22 by jcs

Happily for us Emacsers, Mickey has been blogging up a storm on Emacs topics lately. His latest offering is on generating TOPT codes with Emacs. TOPT is “Time-Based One-Time Password”. If that doesn’t mean anything to you, it’s the basis of those two-factor fobs that many us do or have carried around that gives you code to use as part of a login. Here’s one example but there are many others.

The fobs work by combining the time with a domain-specific secret and hashing them with SHA1 to generate the code. The TOTP protocol handles things like the inevitable time drift of the fob’s clock. At bottom, though, there’s nothing very mysterious about the protocol and it’s certainly possible to roll your own.

Mickey has done just that. He’s slightly modified Jürgen Hötzel’s totp.el and provided his own version of a base-32 decoder so that the resulting implementation is standalone. You can add his code to your init.el and generate your TOTP codes directly from within Emacs. The only thing you need is the secret but that is typically provided the the TOTP provider. Be sure to check out Mickey’s post for all the details.

If nothing else, this is a nice way of reducing your “everyday carry”, something that we here at Irreal are always interested in doing. If you’re logging in using Emacs, it’s also a way of avoiding the trauma of having to leave Emacs. What’s not to like?

Posted in General | Tagged | Leave a comment

Red Meat Friday: Copilot and Copyrights

Posted on 2022-10-21 by jcs

Three weeks ago I wrote in Red Meat Friday: VS Code As A Venus Flytrap about Geoffrey Huntley’s post on how VS Code is all part of Microsoft’s plan to destroy open source and pull everyone into software as a service development tools. If you weren’t convinced, here’s some more evidence.

Vice has an article about a group of GitHub users who want to sue Microsoft over the appropriation of their code. The complaint centers on Copilot, an AI based plugin for VS Code that offers code completion suggestions. Copilot was trained on “tens of millions of public repositories” including GitHub. The problem is that Copilot can sometimes emit verbatim or essentially verbatim code from those repositories. This use of their code, the plaintiffs allege, violates the software licenses most of which require, among other things, attribution of its source. Copilot, of course, doesn’t do that; it just spits out the code.

It’s easy to take the position of, “Meh, who cares? The whole point of making the code public and open source is to share it.” The reason you should care is not some obscure technicality in the licenses. The reason is articularly explained by programmer and lawyer Matthew Butterick who is spearheading the lawsuit.

You should definitely read his post that lays out the real problem but the TL;DR is that it divorces the consumer of the open source code from the community that produced it. By using Copilot there is no need to seek out, find, and interact with the communities that produce the code so those communities will wither and die realizing Microsoft’s long held goal of doing away with them.

Posted in General | Tagged | Leave a comment

The Lisp Community

Posted on 2022-10-20 by jcs

Here’s a charming post on the Lisp community. I like it for a couple of reasons. The first is that Owmagow wasn’t afraid to dig in and figure things out even though he realized there were already libraries available to do what he needed. Rather than use a black box with no understanding of what was going on, he figured it for himself.

The second, more important thing, is what he had to say about the Lisp community. It’s a common place in the tech world to say that the Lisp community is intolerant and unwelcoming. I’ve never found that and Owmagow agrees. He remarks specifically about how welcoming, helpful, and knowledgeable he found Lispers. He contrasts this with the Java community where he says, “asking for help was usually its own special type of hell.”

It’s probably true that the Lisp community doesn’t suffer fools gladly—especially those who want to do away with parentheses—but I’ve always found them ready to help anyone who comes in good faith. It’s sad, in a way, that this is worth remarking about but the Lisp community does have a reputation—probably undeserved—for being difficult. I hope Owmagow’s post will help change that.

Posted in General | Tagged , | Leave a comment

Is “Software Engineer” A Legal Job Title?

Posted on 2022-10-19 by jcs

If you do software development work, your job title almost certainly is some variation of “software engineer”. It’s a ubiquitous way of describing a developer role. So much so that it hard to see how it could be controversial but it is. In many jurisdictions, the term “Engineer” is reserved for licensed individuals who have undergone extensive testing and what amounts to an apprenticeship. Some jurisdiction use the term “Professional Engineer” for this but it’s common for the law to simply specify “Engineer”.

All that notwithstanding, most jurisdictions have accepted reality and ignore the software engineer term. Most exceptions are for politically motivated gotcha reasons such as the infamous story of the Oregon community that charged a man with practising engineering without a license after he criticized the traffic light system.

Alberta, Canada, however, is insisting on the prohibition and is suing a company for using the term software engineer as a title for its workers and in its job postings. This sort of silliness is not new. Edsger Dijkstra has an amusing story about applying for his marriage license in the Netherlands in 1957 and being required to list his occupation. The authorities refused to accept “programmer” on the grounds that there was no such profession.

It’s time for Alberta to accept common usage—much like we’ve had to swallow the popular misuse of the word “hacker”. No one is going to be confused by the term software engineer anymore than they would likely think a “sandwich engineer” is professionally trained and licensed.

Posted in General | Tagged | Leave a comment

The Jargon File

Posted on 2022-10-18 by jcs

Today I got a text from a friend who is not from the Hacker culture. The text described a series of tasks he had just performed that were a canonical example of yak shaving. He didn’t know the term, of course, so I responded that the technical term for what he had undergone was “yak shaving” and pointed him to the appropriate entry of the Jargon File.

Doing that reminded me of the joys of the Jargon File and how it’s something that everyone in our tribe should be familiar with. It’s endlessly enjoyable to just browse through random entries and savor their screamingly funny humor. I’ve written about it before (see here and here) but it’s been a while so another mention seems justified.

Many of the Jargon File terms have been part of my vocabulary for a long time but I sense is that there’s been less uptake among younger hackers. Or perhaps the jargon has just changed. The Jargon File was, as far as I can tell, last updated in 2003 so it may not reflect current usage.

Regardless, it’s still worth reading to understand our shared culture and because it is really, really funny. If you haven’t already, follow the link and read a few of the entries. And be sure to read about the magic switch. It’s absolutely my favorite hacker story. You can see a picture of the switch in this comment to my post about it.

Posted in General | Tagged | Leave a comment

Thoughts On A Text Editor

Posted on 2022-10-17 by jcs

Jeremy Friesen has some thoughts on what hopes and expects is his last text editor: Emacs. He’s been using Emacs only since 2020 so he probably can’t yet be described as a journeyman Emacs user but he is an experienced developer and knows about editors and what makes a good one.

Along the way, he tried JEdit, Textmate, Sublime Text, Atom, Vim, and VS Code but none of them worked for him. Emacs, of course, is famously flexible so he was able to make it fit his workflow rather than the other way around.

Friesen also reminds us—in the context of VS Code—of Microsoft’s longstanding policy of “embrace, extend, extinguish”. That’s the policy of embracing some open standard, extending it in proprietary ways, and when they reach critical mass, using their market dominance to destroy the open standard or software. That’s the same problem that I wrote about in Red Meat Friday: VS Code As A Venus Flytrap.

But VS Code is really beside the point. We Emacsers use Emacs because it’s the best editor for our workflows. We may feel sorry for VS Code users and fear that they’ll learn about Microsoft’s behavior the hard way but we don’t obsess about it anymore than we obsess about Nano.

Regardless, take a look at Friesen’s philosophical post on what makes a good editor and why Emacs satisfies his needs.

Posted in General | Tagged | Leave a comment

Chrome Incognito Mode

Posted on 2022-10-16 by jcs

Why oh why won’t you listen to me? I keep preaching the gospel but you keep ignoring me. It’s not the end times, exactly, but there is an important point to be made. That point is: STOP USING GOOGLE CHROME OR ANY OTHER GOOGLE PRODUCT. Google is not your friend. Their sole purpose is to exploit you and capture as much data about you as possible in service of their advertising empire.

This latest tirade is prompted by this and this article that discuss Google Chrome’s incognito mode. The problem is that Chrome’s incognito mode is not very incognito. Don’t take my word for it, read the article and see what Google’s engineers say about it. The discovery from a lawsuit reveals emails from Google’s engineers making jokes about how insecure the mode is and saying that it should be compared to Guy Igcognito from the Simpsons. Again, this is not outside critics saying this, it’s Google own engineers. Go ahead. Read it and see what Google’s own people think about Chrome.

I don’t use Chrome so I can’t speak authoritatively about it but from everything I’ve read, it’s a pretty good browser except for the fact that it vacuums up everything you do and reports it to Google. Stop enabling this sort of psychopathy; use a browser that at least pretends to respect your privacy. If you’re on macOS, Safari isn’t a bad choice. If you’re on Linux or (shudder) Windows, consider Firefox. Firefox really has made strides in protecting their users’ privacy. There are plenty of others too, but I don’t really know much about them so I can’t make any intelligent comments about them.

One thing for sure: you need stop using Chrome. It doesn’t bring anything other than spyware to the table that you can’t get elsewhere.

Posted in General | Tagged | Leave a comment

Emacs Keystrokes in macOS

Posted on 2022-10-15 by jcs

This is your periodic reminder that you can get most of the Emacs editing keystrokes in any macOS application. I usually publish this reminder when I see a tweet or post from someone who has discovered that the Emacs cursor movement keystrokes work in macOS.

Here’s the tweet that inspired this post:

That’s great, of course, but you can do much better. You can, in fact, arrange to have most of the Emacs editing commands available everywhere in macOS. Here’s my original post that explains how to do that. The links in that post lead to a Harvard server that sometimes is not available. If it’s down when you try to get the keybindings file, you can get it here. If you prefer using Esc instead of the ⌥ Opt key for Meta, get this file instead.

Having those keystrokes available takes some of the sting out of having to leave Emacs to use some Apple specific application. I don’t know Leo Shimonaka and I’m not on Twitter so if any of you do know him, please point him at this post or otherwise let him know what to do to get all the Emacs goodness possible.

Posted in General | Tagged , | Leave a comment

Red Meat Friday: Europe Brings the Regulation

Posted on 2022-10-14 by jcs

There’s an old joke about some proposed device that would benefit the world. The U.S. said, “We’ll bring the design.” China said, “We’ll bring the manufacturing.” Europe said, “We’ll bring the regulation.” That’s a bit unfair, of course, but like all satire it has a kernel of truth.

Case in point. The EU has finally made good on their crusade to make everyone use the same charger cables. It’s easy to feel that this a largely a good thing. After all, it will reduce the number of different types of chargers and make users’ lives marginally easier. We here at Irreal are not fans of this sort of thing.

First of all, the diverse cables are not really much of a problem even by first world standards. Yes, it’s a minor inconvenience but in the Irreal bunker we have MacBooks, iPhones, and iWatches all of which use different cables but it just never occurs to us to complain or think the different cables are an imposition.

Secondly, this is the classic case where the market really does work. If people actually feel strongly about this issue, they’ll punish those companies—and let’s be honest, we’re talking about Apple here—that don’t offer a standard interface by buying from their competitors.

Finally, and most important, why in the world would we let a bunch of bureaucrats with no real knowledge of the technology involved decide what type of electronics can be offered? You can be sure that these people all had the time on their DVRs flashing all through the 90s and perhaps even today. They are the absolute last group of people any rational person would want making these types of decisions.

Judging by the comments on the issue, the Irreal position is not the popular one but it is the correct one.

Posted in General | Tagged | Leave a comment

The Ethics of (Self) Job Automation

Posted on 2022-10-13 by jcs

Back in January, I wrote about the story of a developer who automated his job with some scripts and then spent the next few years pursuing his own interests at work while letting his scripts do his job.

Many people have an immediate reaction that this isn’t right, that the developer was somehow cheating his employer. That idea is deeply ingrained in us but consider: the job that the employer was paying for was getting done and probably with fewer errors than before. The total benefit to all concerned was increased so why was it dishonorable? Yet the feeling of unease persists.

In 2018 The Atlantic published an article—since resurrected by Pocket that explores this issue. Surprisingly, even among the developer community the reaction was pretty much equally divided with half feeling that such action was cheating and half failing to see the problem.

It turns out that such automation is surprisingly frequent. Unsurprisingly, most of the developers who have done so have kept their actions to themselves feeling that far from being rewarded, they would be punished for their initiative. They may have a point. There are several stories of those who automated their jobs being fired because, after all, there was nothing left for them to do.

When you hear stories like that, it’s harder to be on the “it’s cheating” side. Take a look at the article and see what you think.

Posted in General | Tagged | Leave a comment