Arizona Sues Google

Posted on 2020-06-02 by jcs

As I said previously, if you care about privacy, you shouldn’t be using an Android phone. My point was that even if you believe Android phones are technically superior or equivalent to the iPhone, no reasonable person can doubt that Apple is much better on privacy than Google’s Android-based phones. That argument was based on especially egregious behavior by Android phone manufacturer Xiaomi. But it turns out that maybe you don’t need Xiaomi to make that case.

Arizona is suing Google over allegations it illegally tracked Android smartphone users’ locations. This is not Xiaomi or any other manufacturer: it’s Google’s Android operating system itself that’s being challenged. The Arizona DA says that Google tracks users even if they disable it. The DA claims that Google still collects some location information unless the user turns off another hard-to-find option.

Everyone here knows I’m not a fan of Google but I’m conflicted about this. It’s certainly true that Google makes it extraordinarily difficult to stop them from tracking you and their behavior is otherwise reprehensible but I’m not sure about these charges.

The functions for which Google still collects data is Maps and Weather. A case can be made, I think, that gathering location information is needed to make these applications useful. I’m pretty outraged that the French and Italians are fining Apple over their slowing down old iPhones to preserve battery power and going after Google for getting location data for Maps or Weather feels the same to me.

Of course, just because you need to figure out where a user is to deliver optimal Maps or Weather results doesn’t mean you have to record and send the data back to Google. The Washington Post article doesn’t make it clear exactly what’s happening but you don’t have to be a cynic to be suspicious of Googles intentions. They do, after all, have a track record.

Posted in General | Tagged | Leave a comment

More On The Magit Initial Status Page

Posted on 2020-06-01 by jcs

A couple of weeks ago, I wrote about setting the initial visibility of Magit sections. It was a bit of a nuisance but without it I had large expanded sections that invited an inadvertent stage command that could freeze Emacs for up to a minute. The change worked well in that the sections were folded when I first invoked the Magit status page but I found that sometimes I’d still stage a large set of files by mistake. That’s because when I have to choose a file to stage, I often just type s and let Ivy give me a list to choose from. If the point was on one of the folded sections, it would stage everything in that section.

So the problem was that the initial status page opens with the point on one of the folded sections instead of at the Head section at the top. Given my success with controlling the initial visibility I felt confident that there would be a way of controlling the initial point position. It was a bit hard to find but easy to configure. It’s a configurable parameter if you like doing things that way. Otherwise simply add

(setq magit-status-initial-section nil)

to your init.el. You can set it start on any section but the nil says to start with it on the Head section at the top of the page. I’ve been running with this latest change for the last few days and so far I haven’t inadvertently staged a bunch of files.

This probably isn’t a problem for most of you because as Alan Third noted it’s easily solved by the judicious use of the .gitignore file but if it is, just set the initial point to the Head section. You can, of course, set it to any section if that suits your workflow better; see the documentation for the variable magit-status-initial-section for details.

Posted in General | Tagged , | Leave a comment

Escape from VSCode

Posted on 2020-05-31 by jcs

Zameer Ul Haque has an interesting post in which he describes his escape from VSCode. Usually when you see stories like this, they’re about escaping from Vim and moving to Emacs or the other way around. Now that the new hotness is VSCode, we’re seeing a lot of people discover that there are better editors and moving to Vim or Emacs. As I’ve said before, which one you choose depends on what you want from an editor. As I’ve also said before, if you’re a top flight engineer, you probably use one or the other of them.

One of the things about the post that surprised me was that Ul Haque considered Vim and Emacs essentially magic accessible only to Elite. That’s a comforting notion to us Emacers and Vimers, of course, but, really, it’s nonsense. Yes, they have a slightly higher learning curve but that’s mostly because they’re more powerful. If an editor can do more things, it takes longer to learn how to do all those things.

One interesting thing I learned from his post is that there’s a plugin for VSCode that implements the Spacemacs (hence Vim) key sequences. Ul Haque used that to get used to Spacemacs keybindings. Once he felt comfortable with them he moved to Spacemacs and finally to Doom Emacs.

Take a look at his post if you want to see how one man moved from VSCode to the promised land of Emacs.

Posted in General | Tagged | Leave a comment

Ed in Emacs

Posted on 2020-05-30 by jcs

You live long enough, you see everything. I just came across ed-mode. If you’re an Emacs user who also has retro tendencies and likes to play around with old-time editors, now you can explore the “standard Unix editor” from the comfort of Emacs. Ed-mode allows you to run an ed emulation on the current buffer.

It is, I suppose, a nice way to practice with ed against the day that you need it for a rescue operation but I do the same thing by firing up ed on a log file and using it to perform basic operations. By doing that regularly, I’m confident that I have enough ed skills to see me through a boot disaster. Of course, as a macOS user I’m not apt to need that but I do occasionally boot Linux system where that knowledge could definitely be useful.

Truth to tell, I don’t expect to ever need to use ed in anger but it’s nice to know how to use it if only because every Unix-head should. The ed editor is actually pretty easy to learn and suffers only from being a line editor. If you’re interested in learning it, ed-mode may be a good vehicle. Take a look at Brian Kernighan’s excellent tutorials (1, 2) and then fire up ed or ed-mode. You’ll be able to amaze your colleagues.

Posted in General | Tagged | Leave a comment

Red Meat Friday: Star Wars and the Light/Dark Controversy

Posted on 2020-05-29 by jcs

The minions at Irreal, it appears, refuse to let the light-mode/dark-mode debate die. Here’s the latest offering:

I’ll talk to the minions but it probably won’t do any good.

UPDATE [2020-06-01 Mon 12:36]: Read → Red

Posted in General | Tagged | Leave a comment

Dubious Password Advice

Posted on 2020-05-28 by jcs

Jacob Bergdahl over at Towards Data Science has an article discussing what makes a good password. His advice is not entirely wrong but has some problems. His main point is that greenelephantswithtophat is a better password than jK8v!ge4D. That’s probably correct but only because jK8v!ge4D is fairly short while greenelephantswithtophat is reasonably long. He’s not wrong that longer is better than shorter but it’s a little more complicated.

One of the main problems with jK8v!ge4D, according to Bergdahl, is that you can brute force it reasonably quickly. That’s true but ignores how passwords are cracked. If a site has robust password processing, the password isn’t just hashed—let alone left in plain text—it’s salted and then run through a hash function many times so that the time to arrive at the hash is non-trivial. And, of course, no one is trying to crack just your password. They typically have a list of hashes stolen with an exploit and are running the brute force attempts against the entire list. All of that means that jK8v!ge4D isn’t as vulnerable as Bergdahl makes out.

Still, it’s not a strong password. Bergdahl’s other main point is that even as it stands, it’s difficult to memorize while greenelephantswithtophat is both more secure and much easier to remember. To make jK8v!ge4D a strong password it would have to be much longer making it effectively impossible to remember.

On the other hand, passwords like greenelephantswithtophat aren’t as secure as you might think because humans will always pick words in a predictable way. Back in 2013 I wrote about how hackers recovered the seemingly impossible password Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn1, a line from Lovecraft’s The Call of Cthulhu. In order for correct horse battery staple to work, the words have to be chosen at random so they form no pattern. Even then, they’re a lot easier to remember but not if you have one or two hundred.

Bergdahl dismisses password managers as something for power users but

  1. Modern password managers like 1password are easy to use, even for the relatively unsophisticated.
  2. Password managers are the only robust method I know of for dealing with passwords

With a password manager you can have a long random password like nD34$@ckwS.-33SBx!+4.gsac4 that you don’t have to remember and a single password of the correct horse battery staple sort to protect your password database.

You may not like it. Bergdahl may not like it. But the only secure way of managing your passwords is with a password manager.

Posted in General | Tagged | Leave a comment

Emacs Through Macros 7–9

Posted on 2020-05-27 by jcs

Once again, I lost track of Sahas Subramanian’s Emacs through macros videos and while I wasn’t looking he’s posted 3 more. Number 7 is about grep and doesn’t use macros in any significant way. Number 8 is an exercise that you can try to test your keyboard-macro-fu. You can check those out yourselves. The last one, number 9, considers the common task of renaming files. There are, of course, lots of ways of doing this using things like mutliple cursors, iedit, or even the Dired R command.

Subramanian shows how to do it with a simple macro. He’s in a dired buffer and wants to change the names of the files containing his videos. They’re all of the form

Learning Emacs with Macros - nn.webn

where nn is the number of the video. He wants to change them to better reflect the name used on YouTube so he wants them in the form

Emacs Through Macros - nn.wbm

He steps through the first recording a keyboard macro and then applies the macro to the remaining entries. It’s a pretty simple operation and if you have macro experience, you’ll have no problem figuring out what he did. If you’re new to macros, take a look at the video to see how he did it.

The video is only 2 minutes 55 seconds so you should have no problem finding time for it.

Posted in General | Tagged | Leave a comment

An Org Refile Workflow

Posted on 2020-05-26 by jcs

Yiming Chen has an interesting post on his org-refile workflow. Before you read his post, though, you should (re)read Aaron Bieber’s Organizing Notes With Refile that I wrote about back in 2018. Bieber’s post gives you the background you need to follow Chen’s.

If you’re a little hazy on the Org-refile concept, the TL;DR is that you can move an Org tree node someplace else. Some like Matus Goljer use it to deal with items from Org-capture. Others use it to move items to a more appropriate place or as a sort of archiving operation. If you use Ivy or Helm, when you call org-refile you’re presented with a list of possible targets to which to move the node.

That list is completely configurable. A common choice is to include all the headers from all the Org files that make up your agenda, but that’s not the only possibility. You can add other Org files, including the current one, or as Chen demonstrates, you can add all headers in all Org files on your system. Most people probably won’t want to do that but it’s possible.

One of the reasons that Chen includes everything in his target list is that he likes to use it as a way of jumping to a specific Org node. You can do that by specifying the universal argument to org-refile. Take a look at his post for all the details. Org-refile can make many workflows easier so it’s worth taking a look at these posts to see if it can reduce some friction in yours.

Posted in General | Tagged , | Leave a comment

Eshell Demo

Posted on 2020-05-25 by jcs

Protesilaos Stavrou is all in on Eshell. On the very rare occasions that he needs a “standard shell,” he fires it up in Emacs using vterm but mostly he uses Eshell because he considers it a superior solution. He’s posted an excellent video that shows how he uses Eshell in his workflow.

One of the things he likes the most about Eshell is that you can write and execute Elisp as well as traditional shell commands. That means you can have bits of Elisp to provide shortcuts that make your work easier. Stavrou demonstrates several of those in action and while he doesn’t show the code in the video, he does provide a pointer to them so it’s easy to use or adapt them in your own workflow.

If you’re an Eshell user or considering becoming one, be sure to take a look at Stavrou’s video. It shows you some of its built-in features as well as the helper functions that Stavrou built. The video is just over 23 minutes so you’ll have to schedule some time.

Posted in General | Tagged | Leave a comment

Websockets: Why We Can’t Have Nice Things

Posted on 2020-05-24 by jcs

Websockets are a handy device that allow for snappier browser/server interactions. Like all useful things, the usual bad actors have found a way to abuse them. It turns out that a Web site you are visiting can port scan your machine’s private address space (localhost, 128/8) to infer what software you using. Charlie Belmer, who posted the above link, speculates that sites are probably doing this as a way of fingerprinting and tracking although he notes that it may also may be being used as a means of threat detection.

Apparently, a number of major sites are guilty of this behavior. Belmer’s post shows a bit of code that caught Ebay doing it. That sort of behavior is annoying and arguably illegal but it’s easy to shrug it off as small potatoes. That would be a mistake.

Steve Stagg wondered what would happen if after finding an open port, an attacker tried to connect to it. It turns out that it is possible to capture useful data although it’s not really a very efficient exploit. Read Stagg’s post for the details. Stagg didn’t find any evidence that anyone is actually using the exploit but we can be sure that someone, somewhere will find a way to make it pay.

I’m sure browser manufacturers will move to close these holes but in the meantime it would be nice to see an investigation into this sketchy behavior. Maybe it will give some of these companies pause. But probably not.

Posted in General | Tagged , | Leave a comment