Is emacs a security nightmare? Emacs is a massive open source project bundled with a huge number of programs, some of which want access to the internet. Couldn't it be loaded with back doors? I bet you've asked that question. And the answer is yes it could, and so could any other program on your computer requesting internet access. As a computer user, assuming you're not a security expert and you don't have one handy, you want to check the integrity of all the programs you install, and at least monitor their internet access with a third-party program. In truth, an emacs package would be an excellent way to gain access to a users computer.

Enter Snitch. The emacs package that at least attempts to act like a firewall.

I'm not fond of Snitch. I find the name a little dark, but not in a good way, more like delinquent and mistrustful. I do however recommend monitoring your emacs packages and setting up some kind of beacon indicating which packages are accessing the internet and when.

I've included a few other snippets of code here, as they are located in this section of the initialization file I'm porting over to Hugo.


(use-package snitch
;:ensure t
;:disabled t

:commands snitch-mode


(setq snitch-network-policy 'allow)
(setq snitch-process-policy 'allow)
(setq snitch-log-policy '(allowed blocked whitelisted blacklisted))
;(setq snitch-log-verbose nil)
(setq snitch-enable-notifications t)
;(setq snitch-log-buffer-max-lines)
;better identification error causation, worse performance
(setq snitch-trace-timers -1)

;(snitch-mode +1)
);end snitch


variables to configure - snitch-network-policy - snitch-process-policy - snitch-log-policy/ies - snitch-network-*list - snitch-process-*list - snitch-restart, snitch-mode

go to "snitch firewall log", select entry - snitch-filter-from-log to add/remove rules interactively

A Few Performance Improvements

(setq ns-use-srgb-colorspace nil)

;; Don't lock files.
(setq create-lockfiles nil)

;avoid emacs stall on long files
(global-so-long-mode 1)

(setq redisplay-dont-pause t)
(setq jit-lock-defer-time 0)

Password Generator

(use-package password-generator
;:ensure t
;(setq password-generator-custom-length 12)
;(setq password-generator-custom-alphabet 'lithuanian')
);end password generator

That’s all for now…

comments powered by Disqus