grant

You Gotta Try Using ~describe-symbol~

You gotta try out using describe-symbol because it is usually what you really want from describe-function and describe-variable.

The most useful part is that it instantly teaches you when there are both a variable and a function with the same name. Sometimes it is surprising and better to know right away. For example M-x describe-symbol RET emacs-version RET:

emacs-version is an interactive compiled Lisp function in ‘version.el’.

(emacs-version &optional HERE)

Display the version of Emacs that is running in this session.
With a prefix argument, insert the Emacs version string at point
instead of displaying it.
If called from Lisp, by default return the version string; but
if the optional argument HERE is non-nil, insert the string at
point instead.

Don’t use this function in programs to choose actions according
to the system configuration; look at ‘system-configuration’ instead.

  Probably introduced at or before Emacs version 19.20.

―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――

emacs-version is a variable defined in ‘C source code’.

Its value is "28.1"

Version numbers of this version of Emacs.
This has the form: MAJOR.MINOR[.MICRO], where MAJOR/MINOR/MICRO are integers.
MICRO is only present in unreleased development versions,
and is not especially meaningful.  Prior to Emacs 26.1, an extra final
component .BUILD is present.  This is now stored separately in
‘emacs-build-number’.

  Probably introduced at or before Emacs version 19.20.

Manage Your Gist From Org mode

punchagan just released a sweet package for sharing Gist right from Org: ox-gist

Create a create a personal access token, install the package, open your Org file, C-c C-e G o a private Gist and there you have it your first most easily created Gist ever.

I hadn’t been a big Gist user until now that is.

Thank you punchagan!

Org2Blog Release v1.1.13

Just released Org2Blog v1.1.13 with almost no user-facing changes but primarily maintenance and cleanup.

That said you might care about:

Create Entries without requiring an Internet connection to load Categories, Tags, and Pages. Previously it would error out preventing you from creating the Entry on your computer.
WordPress 6 broke View Entry. Fixed.
Although you were unlikely to have used org2blog-buffer-post-or-page-view or org2blog-subtree-post-or-page-view, you can’t anymore. See their function for details. Guessing you were unlikely since the break was never reported. Addendum: It was only broken for Page previews which are probably rarely used: makes sense.
Easier to check for compilation errors since long docstrings now get ignored.

LastPass You Don’t Support WebAuthn (U2F) And That Hurts My Feelings

You didn’t lie to me, but you got right up to the edge of it:

you support YubiOTP BUT NOT WebAuthn!

Long explanation here.

Easier to switch to a different password manager than battle this endlessly.

Does it work with YubiKey?

Probably, hopefully, if not start complaining!

Here you go: a big list.

If you are on Social Media: Please use multiple YubiKeys.

How to use SMS two-factor authentication “the right way”

Via genius Sami Laine:

Here’s what you should do:

Secure your high-value accounts with strong authentication. These include crypto wallets, key financial sites and email– and if you’re an influencer—Twitter, Instagram and the like. For these, if SMS is the only option, turn it off and use a strong password with a password manager instead.

For new accounts, always check for stronger two-factor alternatives before deciding if you should use SMS.

Use a password manager to create strong, unique passwords and to autofill them to protect against phishing attacks.

Finally, make sure to set up a security code on your cellular account today to reduce the risk of losing your account to SIM swap attacks.

Strong Auth Terminology in 7 minutes

Read: Factors & Dongles & Tokens, Oh My – Strong Auth Terminology in 7 minutes for an enlightening overview of critical terms.

3m if you read fast; 7m if you want to understand.

Read twice if you are serious.

Read and memorize if you are a professional

A list of popular sites and whether or not they support two factor authentication

WebAuthn rocks, but you might feel that nobody uses it.

Fortunately, you are wrong!

Visit 2FA Directory: Global or 2Fa Directory: USA for a list of popular sites and whether or not they support two-factor authentication.

This site is pure gold: it gets you up and running with WebAuthn everywhere possible as quickly as possible. When the provider doesn’t provide it them contact them demanding it.

Here is their codebase: geniuses.

Which web browsers support WebAuthn?

A bunch of them.

Not Firefox for Android though; woe is me.

Learn How To Perform Man-In-The-Middle (MITM) Phishing Attacks In Three Minutes or Less

I can’t say much more than: wow.

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. – https://github.com/pberba/evilginx2

Seriously great learning resource and kudos to Go Lang!