The EFF Talks Encryption

Everyone interested in the encryption wars knows that the EFF has done yeoman’s service defending our right to have access to strong, uncompromised encryption. Certain parts of the government hate this and insist that they need—for our own good, of course—to be able to read our emails, texts, and other communications.

Recently, the EFF, Access Now, and a few other nonprofits and tech companies met with White House officials seeking to discuss their concerns and to secure a commitment from the administration to ensure Americans the right to have and use strong encryption free of back doors or other crippling measures.

The EFF has posted the results of that discussion and some suggestions for moving forward. They are asking for all those concerned to make your opinions known to the White House through an on-line form. Please take a few minutes to leave a message in support of strong encryption and asking that the FBI and others in the government stop their disingenuous campaign to force tech companies to provide them with back doors and other means of accessing private, encrypted data.

Posted in General | Tagged | Leave a comment

We Don’t Care About No Stinkin’ Keys

In a world in which the FBI is intent on bullying tech companies into giving them “golden keys” that they can use to unlock encrypted communications, the TSA’s compromise of their own golden keys (used to open luggage for inspection) seemed like an object lesson worth considering. After all, the government asked for special access and ensured us that our baggage would be safe from petty thieves while still allowing the TSA to keep us safe. Instead, the TSA carelessly allowed pictures of the keys to be published and now anyone who wants a set and has access to a 3-D printer can get one.

The TSA’s loss of the master keys seemed like a cogent argument against trusting the government with the far more important and potentially devastating access to our digital communications. Here’s another: the TSA’s reaction to the loss of the keys is “Meh. Most people don’t lock their bags anyway. Besides, the bags are under our control so they’re safe.”

Even if you believe that anodyne fairy tale, it says nothing about, say, a hotel bell hop who suddenly has access to your luggage. As a practical matter, the locks are terribly insecure with or without the master keys but the government did promise that the locks would ensure the safety of your luggage while enabling legitimate government access.

Yet when that same government lost control of the keys, their attitude was, “So what? It’s not our problem.” Is there any reason to believe that the FBI would be any less cavalier if they lost the encryption master keys? Is there any reason to believe that the FBI would be more competent than the TSA is safeguarding those keys?

The possible loss of the encryption master keys is only one—and not the strongest—argument against the imposition of these keys but it’s worth remembering what the government says when they mess up and compromise their exceptional access: “It’s not our problem.”

Posted in General | Tagged | Leave a comment

Adjusting Text Size in Emacs

For some reason I have a hard time remembering this. If you have a hard time too, consider this my Christmas gift to you.

Although Green doesn’t mention it, you can skip the 【Ctrl+x】 after the first invocation. So 【Ctrl+x Ctrl++ Ctrl++】 will increase the text size two jumps.

Posted in General | Tagged | 4 Comments

Productivity Packages for Emacs

Adrien Brochard over at Xmodulo has a list of 10 productivity packages for Emacs. Some of them are actually built-ins but they’re all something that every Emacs user should consider installing or using. I’m a user of almost all of them and wouldn’t want to live without them.

One that I’m not using is auto complete but Brochard’s writeup has convinced me to give it a try. With ELPA it’s trivial to try a package out and revert it if it doesn’t work for you.

I won’t ruin your Christmas surprise by revealing the rest of Brochard’s list so you’ll need to follow the link. Really, there’s no reason you shouldn’t be using—or at least seriously consider using—these packages. They can help speed you on your way to being an Emacs master.

Posted in General | Tagged | Leave a comment

Org-Ref Update

I’ve written about John Kitchin’s org-ref package a couple of times before [1, 2] but now it’s available on Melpa. If you write papers or reports that have references (either internal or external), you need this package. It makes handling citations easy and transparent.

Kitchin has a new video out describing the updated org-ref. I suggest that you first watch the original video to get an idea of some of the things you can do. The new video starts with an empty file and builds a toy article with the purpose of demonstrating how you would use the org-ref package during the preparation of an article or paper.

The amount of functionality can seem overwhelming but Kitchin also provides a very nice manual that documents the package and the functions it contains. Kitchin built the package for his own use in preparing papers—he’s a researcher in Chemical Engineering—so it really does solve the citation/reference problems that a researcher encounters when writing up results. If you’re a student or an engineer producing reports, the package will be just as useful for you.

An important fact about Kitchin’s workflow is that he writes his papers in Org mode. That has lots of advantages as he has as he has demonstrated before. Now we can count one of those advantages as the automating of a large part of the citation/reference process. As I wrote before, handling citations isn’t really hard but it can be fiddly. The org-ref package makes it much less tiresome to deal with.

Posted in General | Tagged , | Leave a comment

A Demonstration of How Hard Cryptography Is

In the battle over whether the government should require backdoors in cryptography products, the primary objection from those who actually know what they’re talking about is that we’re not smart enough to safely build in backdoors. That point is often met with skepticism or downright dismissal from the nannies and their useful idiots who think we’d be safe from terrorists if only it weren’t for that pesky encryption. Sure, sure, we need it for banking, buying stuff from Amazon, and the thousands of other e-commerce things we’ve come to depend on but why can’t we just have a backdoor to protect us from the bad guys?

In a truly excellent post, Steven Bellovin, a cryptographer of some note, provides a compelling example of how hard encryption really is. The post is probably a bit too technical for Aunt Millie—although definitely not for Irreal readers—but the summary is understandable by anyone.

I won’t give away the details but the TL;DR is that a seemingly simple protocol that anyone would convince themselves is secure (and that was even proved mathematically secure) had a fatal flaw that went undetected for 17 years. This wasn’t some homegrown crypto-thingy that someone whipped up in their basement. It was an actual peer-reviewed protocol that was vetted by the cryptographic community.

The lesson is clear. Even a very simple and seemingly transparent protocol that seemed obviously secure hid a fatal flaw. How then can we expect the hideously complex protocols we’re using today to be well enough understood that they can be safely weakened?

Meanwhile, Matthew Green uses the recent Juniper exploit to explain what happens when you introduce backdoors. Even though this was (presumably) not the work of the NSA, the attacker neatly repurposed the NSA’s infrastructure for their own backdoor. Expect more of the same if the FBI gets its way.

Posted in General | Tagged , | Leave a comment

Macro Workshop

Howard Abrams has an excellent tutorial on Emacs keyboard macros. It’s structured much like the builtin Emacs tutorial in that you download the tutorial into an Emacs buffer and then do the exercises in situ. Unlike the Emacs tutorial, it’s reasonably short and you should be able to work through it in about 30 minutes or less.

The tutorial starts off with the usual macro stuff that we all know but then moves on the some things I hadn’t seen before. For example, he shows you how to bring up the Emacs Macro ring and choose one the macros defined in the current session. Another nice trick is how to suspend a macro invocation so that you can do some editing unique to that invocation and then continue with the macro. There’re a lot a good things in the tutorial and everyone should take a look at it. If you aren’t already using keyboard macros, you’re doing more work than you need to.

Since most of us don’t use macros enough to internalize the key bindings, it makes sense to either add 【Ctrl+x Ctrl+k】 to your key-guide, if you have it installed, or to make a hydra with the commands.

As much as I like this tutorial, Abrams does get one thing very wrong. The worst song ever perpetrated on mankind is NOT The Twelve Days of Christmas. That would be Little Drummer Boy.

Posted in General | Tagged | Leave a comment

Comey Dissembles (Again)

After Paris and San Bernadino, FBI director James Comey has stepped up his “We’re Going Dark” roadshow, telling everyone who will listen how encryption is making it impossible to stop terrorists. In a Washington Post op-ed, Jihadists are making their plans public. Why hasn’t the FBI caught on?, Rita Katz discloses an inconvenient truth: the vast majority of Jihadist communications are carried out in the clear on social media. Sadly—and dangerously—the FBI prefers to ignore this fact.

In testimony before the Senate Judiciary Committee, Comey said that Elton Simpson, the Garland, Texas shooter had exchanged 109 encrypted messages with an overseas terrorist. The implication was that if only the FBI had their much sought after backdoor, they would have been able to discover the plot and prevent the attack. One of Katz’s inconvenient facts is that those 109 messages were not discovered until after the attack so they could have played no part in preventing it. Here’s another: Elton Simpson was known to the FBI and used Twitter to openly follow and communicate with known terrorists.

One of those terrorists, Mohamed Abdullahi Hassan, tweeted the incitement for the attack. Simpson retweeted the message and asked Hassan to direct message him. All of this was in the open, no encryption involved.

It gets better. Katz’s organization, the SITE Intelligence Group, discovered this communication and reported it to the FBI one week before the attack took place. And yet it’s Apple’s, Google’s, and Edward Snowden’s fault that innocent citizens are at risk.

As we’ve recently learned after San Bernadino, the U.S. Government has rules prohibiting its agents from using public social media sites to gather intelligence. Katz says that “the FBI is reluctant to recognize open-source as an important — arguably the most important — tool to track jihadists online.”

Let’s review. The intelligence community has no trouble snooping on our most private communications and demanding that we weaken encryption so that they can read our sensitive messages but they’re reluctant to use public, unencrypted information that is easily available to them, or anyone else, without the need for snooping. As the Garland incident—Comey’s own example—shows, having access to the perpetrator’s encryption key would have made no difference but the unencrypted, publicly viewable information that would have made a difference was ignored even after it was pointed out to the FBI.

Posted in General | Tagged | Leave a comment

Sacha’s Weekly Emacs News

I came across this tweet

and it reminded me that I’ve been meaning to mention Sacha Chua’s Weekly Emacs News. Every week Chua curates a list of interesting Emacs news in one handy place. If you like to keep up with what’s going on in the Emacs world but don’t have enough time to surf the Web looking for it, this is an excellent resource.

There are lots of ways to get the roundup. You can

  • Check Chua’s site at the above link. (They appear to come out on Mondays.)
  • Add Chua’s site to your RSS feed.
  • Add the Weekly News Posts (only) to your RSS feed.
  • Sign up to have them delivered to your email inbox.

Even if you’re very busy, one of these methods will make it easy to keep up with Emacs news. The posts are generally not very long and you can usually tell from the link title whether or not it’s something you’ll be interested in.

Posted in General | Tagged | Leave a comment

Mu4e and Org Mode

Ben Maughan over at Pragmatic Emacs has a great post on integrating mu4e and Org mode. He has what I think is a near perfect email setup:

  • An inbox that is empty except for unread emails
  • One folder to hold all his archived emails.

These are in service of his overriding email philosophy: inboxes make terrible TODO lists.

We’ve all done that sort of thing. We leave an email in the inbox to remind us to take some action associated with it. What invariably happens is that we end up with hundreds of emails in our inbox and probably never act on them. Maughan’s idea is that you read the email and either delete it or store it in the single archiving folder. If the email requires some action you generate an Org TODO with a capture template that includes a link to the email. Notice how there’s no need to keep read emails in your inbox.

One of the best parts of Maughan’s setup is that you can handle your email from within Emacs. If you’re like me, that means that you’ll spend almost all your tube time in either Emacs or your browser. For this to work, especially archiving everything in one folder, your email client needs to have good search capabilities. Since mu4e is based on mu, an email indexing utility, you automatically get fast searching with it.

Unless you’re completely satisfied with your email setup, be sure to take a look at Maughan’s post. If you don’t have special needs, like John Wiegley’s, it’s hard to imagine an easier or more efficient way of handling your email chores.

Posted in General | Tagged , | 1 Comment