2023-02-27 Emacs news

2023-02-27 Emacs news

[Sacha Chua]

[-- Attachment #1.1: Type: text/plain, Size: 12739 bytes --]

  2023-02-27 Emacs news
=====================

  - Help wanted:
    - [Magit maintainer Tarsius is losing donators at alarming speed. Please help!] (<https://www.reddit.com/r/emacs/comments/11cezoq/magit_maintainer_tarsius_is_losing_donators_at/>)
    - [The Emacs Bengaluru group has no organizer - step up if anyone wants to become one] (<https://www.meetup.com/emacs-bengaluru/>) ([Twitter] (<https://twitter.com/kumarshantanu/status/1627321023392808960>))
  - Security:
    - [CVE-2022-48337: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file] (<https://security-tracker.debian.org/tracker/CVE-2022-48337>)
    - [CVE-2022-48338: In GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability.] (<https://security-tracker.debian.org/tracker/CVE-2022-48338>)
    - [CVE-2022-48339: Emacs <= 28.2: htmlfontify.el has a command injection vulnerability] (<https://security-tracker.debian.org/tracker/CVE-2022-48339>)
    - [Emacs 28.3 rc1 pretest is available, fixing CVE-2022-45939] (<https://www.reddit.com/r/emacs/comments/117mezb/emacs_283_rc1_pretest_is_available_fixing/>)
  - Upcoming events:
    - EmacsATX: Emacs Social <https://www.meetup.com/emacsatx/events/291143186/> Wed Mar 1 1630 America/Vancouver - 1830 America/Chicago - 1930 America/Toronto -- Thu Mar 2 0030 Etc/GMT - 0130 Europe/Berlin - 0600 Asia/Kolkata - 0830 Asia/Singapore
    - Emacs Paris (virtual, in French) <https://www.emacs-doctor.com/emacs-paris-user-group/> Thu Mar 2 0830 America/Vancouver - 1030 America/Chicago - 1130 America/Toronto - 1630 Etc/GMT - 1730 Europe/Berlin - 2200 Asia/Kolkata -- Fri Mar 3 0030 Asia/Singapore
    - M-x Research (contact them for password): TBA <https://m-x-research.github.io/> Fri Mar 3 0800 America/Vancouver - 1000 America/Chicago - 1100 America/Toronto - 1600 Etc/GMT - 1700 Europe/Berlin - 2130 Asia/Kolkata -- Sat Mar 4 0000 Asia/Singapore
    - Mastering Emacs book club <https://susam.net/maze/meet/mastering-emacs/> Fri Mar 3 1200 America/Vancouver - 1400 America/Chicago - 1500 America/Toronto - 2000 Etc/GMT - 2100 Europe/Berlin -- Sat Mar 4 0130 Asia/Kolkata - 0400 Asia/Singapore
    - Mastering Emacs book club <https://susam.net/maze/meet/mastering-emacs/> Sat Mar 4 0200 America/Vancouver - 0400 America/Chicago - 0500 America/Toronto - 1000 Etc/GMT - 1100 Europe/Berlin - 1530 Asia/Kolkata - 1800 Asia/Singapore
    - Mastering Emacs book club <https://susam.net/maze/meet/mastering-emacs/> Sun Mar 5 0200 America/Vancouver - 0400 America/Chicago - 0500 America/Toronto - 1000 Etc/GMT - 1100 Europe/Berlin - 1530 Asia/Kolkata - 1800 Asia/Singapore
    - Emacs.si (in person): Emacs.si meetup #3 2023 <https://dogodki.kompot.si/events/c5630087-b9ec-4f48-9bb1-2ba337c1850f> Mon Mar 6 2000 CET
    - Atelier Emacs Montpellier (in person) <https://lebib.org/date/atelier-emacs> Fri Mar 10 1800 Europe/Paris
  - Emacs configuration:
    - [emacs can be "heavy" but still blazingly fast] (<https://www.reddit.com/r/emacs/comments/119mp95/emacs_can_be_heavy_but_still_blazingly_fast/>) ([Irreal] (<https://irreal.org/blog/?p=11176>))
    - [The most important snippet in my Emacs init file. (For Newbs)] (<https://www.reddit.com/r/emacs/comments/11ap924/the_most_important_snippet_in_my_emacs_init_file/>)
    - [Aimé Bertrand: Custom functions No. 2 - Modules] (<https://macowners.club/posts/custom-functions-2-modules/>)
    - [Jeremy Friesen: My Lesser Sung Packages of Emacs] (<https://takeonrules.com/2023/02/25/my-lesser-sung-packages-of-emacs/>)
    - [5 CONFIGURACIONES BÁSICAS que le hago a Emacs] (<https://www.youtube.com/watch?v=2lCMtpt9iTw>) (06:54)
    - [Elpaca: Async Emacs Package Manager] (<https://www.youtube.com/watch?v=5Ud-TE3iIQY>) (08:03)
  - Emacs Lisp:
    - [PLDI 2021: Evolution of Emacs Lisp] (<https://www.pldi21.org/prerecorded_hopl.16.html>)
    - [Xah Talk Show 2023-02-23 Emacs Lisp Writing URL Parser] (<https://www.youtube.com/watch?v=wHgWyH-aOS4>) (01:20:10)
  - Appearance:
    - [Nicolas Martyanoff: Custom Font Lock configuration in Emacs] (<https://www.n16f.net/blog/custom-font-lock-configuration-in-emacs/>)
    - [New Doom theme and modeline based on NANO Emacs] (<https://www.reddit.com/r/emacs/comments/11bsb2y/new_doom_theme_and_modeline_based_on_nano_emacs/>)
    - [Protesilaos Stavrou: Emacs: modus-themes version 4.1.0] (<https://protesilaos.com/codelog/2023-02-22-modus-themes-4-1-0/>)
  - Navigation:
    - [Open file from clipboard with common path] (<https://www.reddit.com/r/emacs/comments/11b306q/open_file_from_clipboard_with_common_path/>)
    - [query-replace-many—query-replace, but for multiple matches] (<https://github.com/slotthe/query-replace-many>) ([Reddit] (<https://www.reddit.com/r/emacs/comments/118r3i6/queryreplacemanyqueryreplace_but_for_multiple/>))
    - [James Dyer: Moving Away From Deft] (<https://emacs.dyerdwelling.family/emacs/20230204140603-emacs--moving-away-from-deft/>) ([Irreal] (<https://irreal.org/blog/?p=11169>))
  - Writing:
    - [ekg, a note-taking / knowledge management system for Emacs] (<https://www.reddit.com/r/emacs/comments/117epj1/ekg_a_notetaking_knowledge_management_system_for/>) ([Irreal] (<https://irreal.org/blog/?p=11165>))
    - [I've tried EKG] (<https://www.reddit.com/r/emacs/comments/11b1oo6/ive_tried_ekg/>)
  - Org Mode:
    - [Emacs and Org-babel for flaw analysis.] (<https://wmealing.github.io/emacs-org-babel-analysis.html>) ([Reddit] (<https://www.reddit.com/r/emacs/comments/11cm2al/emacs_and_orgbabel_for_flaw_analysis/>))
    - [Mario Jason Braganza: Org Mode Subtree Expansion With the Mouse] (<https://janusworx.com/blog/org-mode-subtree-expansion-with-the-mouse/>)
    - [panapnamana/org-highlight-hydra: A pop-up menu for highlighting in org-mode.] (<https://github.com/panapnamana/org-highlight-hydra>) ([Reddit] (<https://www.reddit.com/r/emacs/comments/11bwpjs/i_made_a_highlighting_hydra_for_orgmode/>))
    - [OrgMode E02S02: Agenda view (advanced)] (<https://www.youtube.com/watch?v=u00pglDfgX4>)
    - [Emacs org-speed commands: WOW!] (<https://www.youtube.com/watch?v=v-jLg1VaYzo>) (10:56)
    - [MS Word document comments using org-mode] (<https://www.youtube.com/watch?v=sKo1qb3xxWI>) (06:52)
  - Completion:
    - [What are the benefits of Vertico over Helm or Ivy?] (<https://www.reddit.com/r/emacs/comments/117zdnu/what_are_the_benefits_of_vertico_over_helm_or_ivy/>)
    - [Manuel Uberti: Jump to minibuffer from completions] (<https://manueluberti.eu//2023/02/25/switch-to-minibuffer.html>)
  - Coding:
    - [Eglot+Tree-Sitter in Emacs 29 | Adventures in Why] (<https://www.adventuresinwhy.com/post/eglot/>)
    - [Eglot "inlay hints" has landed on emacs-29 branch] (<https://lists.gnu.org/archive/html/emacs-devel/2023-02/msg00841.html>) ([Reddit] (<https://www.reddit.com/r/emacs/comments/119hmre/eglot_inlay_hints_has_landed_on_emacs29_branch/>))
    - [Emacs Magit Way Of Creating Rudimentary Patch 2023_02_21_03:53:35] (<https://www.youtube.com/watch?v=Cn3YovbsH18&feature=youtu.be>)
  - Mail, news, and chat:
    - [M. Rincón: Adding mu4e Actions] (<https://mrincon.net/posts/mu4e-actions/>)
    - [[ANN] Ement.el v0.6 released (Matrix client for Emacs)] (<https://github.com/alphapapa/ement.el>) ([Reddit] (<https://www.reddit.com/r/emacs/comments/11awijt/ann_ementel_v06_released_matrix_client_for_emacs/>))
  - Fun:
    - [progfolio/marqueeo: Mario in the Emacs header line] (<https://github.com/progfolio/marqueeo>) ([Reddit] (<https://www.reddit.com/r/emacs/comments/11a2tt9/person_animation_in_emacs/>))
    - [Animations with Emacs] (<http://blog.josephwilk.net/art/emacs-animation.html>) (2015, [Reddit] (<https://www.reddit.com/r/emacs/comments/11bxkei/animations_with_emacs/>))
  - AI:
    - [Setting up Github Copilot in Emacs] (<https://robert.kra.hn/posts/2023-02-22-copilot-emacs-setup/>)
    - [Matus Goljer (Fuco1): Using OpenAI GPT to search your org files] (<https://fuco1.github.io/2023-02-20-Using-OpenAI-GPT-to-search-your-org-files.html>)
    - [emacs+whisper+chatgpt: press F12 to record, use whisper to transcribe and chatgpt answers; proof of concept but surreal] (<https://github.com/jackdoe/emacs-chatgpt-jarvis>) ([Reddit] (<https://www.reddit.com/r/emacs/comments/11axwec/emacswhisperchatgpt_press_f12_to_record_use/>), [HN] (<https://news.ycombinator.com/item?id=34926743>))
    - [emacs + whisper + chatgpt rewrite text] (<https://www.youtube.com/watch?v=4Jyhs6SfFl0>) (00:19)
    - [emacs + whisper + chatgpt - refactor code] (<https://www.youtube.com/watch?v=uWJ8-JU0aXY>) (00:33)
  - Community:
    - [Weekly Tips, Tricks, &c. Thread] (<https://www.reddit.com/r/emacs/comments/118sowc/weekly_tips_tricks_c_thread/>)
    - [Non-programmers who use EMacs] (<https://www.reddit.com/r/emacs/comments/119ub6d/nonprogrammers_who_use_emacs/>)
  - Other:
    - [Emacs-Appindicator - create and control tray icons with Elisp!] (<https://www.reddit.com/r/emacs/comments/118avdd/emacsappindicator_create_and_control_tray_icons/>)
    - [zhenhua-wang/emacs-cpu-temperature: Get cpu temperature in emacs] (<https://github.com/zhenhua-wang/emacs-cpu-temperature>) ([Reddit] (<https://www.reddit.com/r/emacs/comments/11d3bx0/a_package_to_display_cpu_temperature_in_emacs/>))
    - [Gosling's implementation of Emacs now open source] (<https://github.com/bobbae/gosling-emacs>) ([Reddit] (<https://www.reddit.com/r/emacs/comments/1175qcp/goslings_implementation_of_emacs_now_open_source/>))
    - [restart-emacs: A simple emacs package to restart emacs from within emacs] (<https://github.com/iqbalansari/restart-emacs>)
    - [Discovering Emacs podcast: 2 - Efficiency With The Mark Ring] (<https://www.youtube.com/watch?v=uhyr8kvKa2I&t=1s>) (7:14, [Irreal] (<https://irreal.org/blog/?p=11173>))
    - [Using Emacs to backup a Raspberry Pi] (<https://fredrikmeyer.net/2023/02/26/backup-pi-emacs.html>) ([Reddit] (<https://www.reddit.com/r/emacs/comments/11csro8/using_emacs_to_upload_backups_to_s3/>))
    - [Emacs is on F-Droid | Hacker News] (<https://news.ycombinator.com/item?id=34909546>)
  - Emacs development:
    - emacs-devel:
      - [Figuring out where to put things for the Emacs Android port (Re: tree-sitter)] (<https://lists.gnu.org/archive/html/emacs-devel/2023-02/msg00763.html>)
      - [Re: Excessive redisplay from lots of process output] (<https://lists.gnu.org/archive/html/emacs-devel/2023-02/msg00938.html>) - some notes
    - [Detect and prevent function alias loops in `fset` and `defalias`] (<https://git.savannah.gnu.org/cgit/emacs.git/commit/etc/NEWS?id=db3fea2e5ce46229ae40aa9ca6a89964261a7a5a>)
  - New packages:
    - beframe <https://elpa.gnu.org/packages/beframe.html>: Isolate buffers per frame (GNU ELPA)
    - brec-mode <https://melpa.org/#/brec-mode>: A major mode for editing Breccian text (MELPA)
    - gptai <https://melpa.org/#/gptai>: Integrate with the OpenAI API (MELPA)
    - kconfig-ref <https://melpa.org/#/kconfig-ref>: A simple package for looking up kconfig symbol quickly (MELPA)
    - kkp <https://melpa.org/#/kkp>: Enable support for the Kitty Keyboard Protocol (MELPA)
    - magit-stats <https://melpa.org/#/magit-stats>: Generates GIT Repo Statistics Report (MELPA)
    - no-clown-fiesta-theme <https://melpa.org/#/no-clown-fiesta-theme>: Not-so-colorful-theme (MELPA)
    - squirrel-mode <https://melpa.org/#/squirrel-mode>: A major mode for the Squirrel programming language (MELPA)

  Links from [reddit.com/r/emacs] (<https://www.reddit.com/r/emacs>), [r/orgmode] (<https://www.reddit.com/r/orgmode>), [r/spacemacs] (<https://www.reddit.com/r/spacemacs>), [r/planetemacs] (<https://www.reddit.com/r/planetemacs>), [Hacker News] (<https://hn.algolia.com/?query=emacs&sort=byDate&prefix&page=0&dateRange=all&type=story>), [lobste.rs] (<https://lobste.rs/search?q=emacs&what=stories&order=newest>), [planet.emacslife.com] (<https://planet.emacslife.com>), [YouTube] (<https://www.youtube.com/playlist?list=PL4th0AZixyREOtvxDpdxC9oMuX7Ar7Sdt>), [the Emacs NEWS file] (<http://git.savannah.gnu.org/cgit/emacs.git/log/etc/NEWS>), [Emacs Calendar] (<https://emacslife.com/calendar/>), [emacs-devel] (<http://lists.gnu.org/archive/html/emacs-devel/2023-02>), and [lemmy/c/emacs] (<https://lemmy.ml/c/emacs>). Thanks to Andrés Ramírez for emacs-devel links. Do you have an Emacs-related link or announcement? Please e-mail me at [sacha@sachachua.com] (<mailto:sacha@sachachua.com>). Thank you!

  
  You're receiving this message via the Emacs Tangents mailing list.
  View list info/unsubscribe: https://lists.gnu.org/mailman/listinfo/emacs-tangents
  

[-- Attachment #1.2: Type: text/html, Size: 15199 bytes --]

[-- Attachment #2: emacs-news.org --]
[-- Type: text/x-org, Size: 12336 bytes --]

  * 2023-02-27 Emacs news
- Help wanted:
  - [[https://www.reddit.com/r/emacs/comments/11cezoq/magit_maintainer_tarsius_is_losing_donators_at/][Magit maintainer Tarsius is losing donators at alarming speed. Please help!]]
  - [[https://www.meetup.com/emacs-bengaluru/][The Emacs Bengaluru group has no organizer - step up if anyone wants to become one]] ([[https://twitter.com/kumarshantanu/status/1627321023392808960][Twitter]])
- Security:
  - [[https://security-tracker.debian.org/tracker/CVE-2022-48337][CVE-2022-48337: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file]]
  - [[https://security-tracker.debian.org/tracker/CVE-2022-48338][CVE-2022-48338: In GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability.]]
  - [[https://security-tracker.debian.org/tracker/CVE-2022-48339][CVE-2022-48339: Emacs <= 28.2: htmlfontify.el has a command injection vulnerability]]
  - [[https://www.reddit.com/r/emacs/comments/117mezb/emacs_283_rc1_pretest_is_available_fixing/][Emacs 28.3 rc1 pretest is available, fixing CVE-2022-45939]]
- Upcoming events:
  - EmacsATX: Emacs Social https://www.meetup.com/emacsatx/events/291143186/ Wed Mar 1 1630 America/Vancouver - 1830 America/Chicago - 1930 America/Toronto -- Thu Mar 2 0030 Etc/GMT - 0130 Europe/Berlin - 0600 Asia/Kolkata - 0830 Asia/Singapore
  - Emacs Paris (virtual, in French) https://www.emacs-doctor.com/emacs-paris-user-group/ Thu Mar 2 0830 America/Vancouver - 1030 America/Chicago - 1130 America/Toronto - 1630 Etc/GMT - 1730 Europe/Berlin - 2200 Asia/Kolkata -- Fri Mar 3 0030 Asia/Singapore
  - M-x Research (contact them for password): TBA https://m-x-research.github.io/ Fri Mar 3 0800 America/Vancouver - 1000 America/Chicago - 1100 America/Toronto - 1600 Etc/GMT - 1700 Europe/Berlin - 2130 Asia/Kolkata -- Sat Mar 4 0000 Asia/Singapore
  - Mastering Emacs book club https://susam.net/maze/meet/mastering-emacs/ Fri Mar 3 1200 America/Vancouver - 1400 America/Chicago - 1500 America/Toronto - 2000 Etc/GMT - 2100 Europe/Berlin -- Sat Mar 4 0130 Asia/Kolkata - 0400 Asia/Singapore
  - Mastering Emacs book club https://susam.net/maze/meet/mastering-emacs/ Sat Mar 4 0200 America/Vancouver - 0400 America/Chicago - 0500 America/Toronto - 1000 Etc/GMT - 1100 Europe/Berlin - 1530 Asia/Kolkata - 1800 Asia/Singapore
  - Mastering Emacs book club https://susam.net/maze/meet/mastering-emacs/ Sun Mar 5 0200 America/Vancouver - 0400 America/Chicago - 0500 America/Toronto - 1000 Etc/GMT - 1100 Europe/Berlin - 1530 Asia/Kolkata - 1800 Asia/Singapore
  - Emacs.si (in person): Emacs.si meetup #3 2023 https://dogodki.kompot.si/events/c5630087-b9ec-4f48-9bb1-2ba337c1850f Mon Mar 6 2000 CET
  - Atelier Emacs Montpellier (in person) https://lebib.org/date/atelier-emacs Fri Mar 10 1800 Europe/Paris
- Emacs configuration:
  - [[https://www.reddit.com/r/emacs/comments/119mp95/emacs_can_be_heavy_but_still_blazingly_fast/][emacs can be "heavy" but still blazingly fast]] ([[https://irreal.org/blog/?p=11176][Irreal]])
  - [[https://www.reddit.com/r/emacs/comments/11ap924/the_most_important_snippet_in_my_emacs_init_file/][The most important snippet in my Emacs init file. (For Newbs)]]
  - [[https://macowners.club/posts/custom-functions-2-modules/][Aimé Bertrand: Custom functions No. 2 - Modules]]
  - [[https://takeonrules.com/2023/02/25/my-lesser-sung-packages-of-emacs/][Jeremy Friesen: My Lesser Sung Packages of Emacs]]
  - [[https://www.youtube.com/watch?v=2lCMtpt9iTw][5 CONFIGURACIONES BÁSICAS que le hago a Emacs]] (06:54)
  - [[https://www.youtube.com/watch?v=5Ud-TE3iIQY][Elpaca: Async Emacs Package Manager]] (08:03)
- Emacs Lisp:
  - [[https://www.pldi21.org/prerecorded_hopl.16.html][PLDI 2021: Evolution of Emacs Lisp]]
  - [[https://www.youtube.com/watch?v=wHgWyH-aOS4][Xah Talk Show 2023-02-23 Emacs Lisp Writing URL Parser]] (01:20:10)
- Appearance:
  - [[https://www.n16f.net/blog/custom-font-lock-configuration-in-emacs/][Nicolas Martyanoff: Custom Font Lock configuration in Emacs]]
  - [[https://www.reddit.com/r/emacs/comments/11bsb2y/new_doom_theme_and_modeline_based_on_nano_emacs/][New Doom theme and modeline based on NANO Emacs]]
  - [[https://protesilaos.com/codelog/2023-02-22-modus-themes-4-1-0/][Protesilaos Stavrou: Emacs: modus-themes version 4.1.0]]
- Navigation:
  - [[https://www.reddit.com/r/emacs/comments/11b306q/open_file_from_clipboard_with_common_path/][Open file from clipboard with common path]]
  - [[https://github.com/slotthe/query-replace-many][query-replace-many—query-replace, but for multiple matches]] ([[https://www.reddit.com/r/emacs/comments/118r3i6/queryreplacemanyqueryreplace_but_for_multiple/][Reddit]])
  - [[https://emacs.dyerdwelling.family/emacs/20230204140603-emacs--moving-away-from-deft/][James Dyer: Moving Away From Deft]] ([[https://irreal.org/blog/?p=11169][Irreal]])
- Writing:
  - [[https://www.reddit.com/r/emacs/comments/117epj1/ekg_a_notetaking_knowledge_management_system_for/][ekg, a note-taking / knowledge management system for Emacs]] ([[https://irreal.org/blog/?p=11165][Irreal]])
  - [[https://www.reddit.com/r/emacs/comments/11b1oo6/ive_tried_ekg/][I've tried EKG]]
- Org Mode:
  - [[https://wmealing.github.io/emacs-org-babel-analysis.html][Emacs and Org-babel for flaw analysis.]] ([[https://www.reddit.com/r/emacs/comments/11cm2al/emacs_and_orgbabel_for_flaw_analysis/][Reddit]])
  - [[https://janusworx.com/blog/org-mode-subtree-expansion-with-the-mouse/][Mario Jason Braganza: Org Mode Subtree Expansion With the Mouse]]
  - [[https://github.com/panapnamana/org-highlight-hydra][panapnamana/org-highlight-hydra: A pop-up menu for highlighting in org-mode.]] ([[https://www.reddit.com/r/emacs/comments/11bwpjs/i_made_a_highlighting_hydra_for_orgmode/][Reddit]])
  - [[https://www.youtube.com/watch?v=u00pglDfgX4][OrgMode E02S02: Agenda view (advanced)]]
  - [[https://www.youtube.com/watch?v=v-jLg1VaYzo][Emacs org-speed commands: WOW!]] (10:56)
  - [[https://www.youtube.com/watch?v=sKo1qb3xxWI][MS Word document comments using org-mode]] (06:52)
- Completion:
  - [[https://www.reddit.com/r/emacs/comments/117zdnu/what_are_the_benefits_of_vertico_over_helm_or_ivy/][What are the benefits of Vertico over Helm or Ivy?]]
  - [[https://manueluberti.eu//2023/02/25/switch-to-minibuffer.html][Manuel Uberti: Jump to minibuffer from completions]]
- Coding:
  - [[https://www.adventuresinwhy.com/post/eglot/][Eglot+Tree-Sitter in Emacs 29 | Adventures in Why]]
  - [[https://lists.gnu.org/archive/html/emacs-devel/2023-02/msg00841.html][Eglot "inlay hints" has landed on emacs-29 branch]] ([[https://www.reddit.com/r/emacs/comments/119hmre/eglot_inlay_hints_has_landed_on_emacs29_branch/][Reddit]])
  - [[https://www.youtube.com/watch?v=Cn3YovbsH18&feature=youtu.be][Emacs Magit Way Of Creating Rudimentary Patch 2023_02_21_03:53:35]]
- Mail, news, and chat:
  - [[https://mrincon.net/posts/mu4e-actions/][M. Rincón: Adding mu4e Actions]]
  - [[https://github.com/alphapapa/ement.el][[ANN] Ement.el v0.6 released (Matrix client for Emacs)]] ([[https://www.reddit.com/r/emacs/comments/11awijt/ann_ementel_v06_released_matrix_client_for_emacs/][Reddit]])
- Fun:
  - [[https://github.com/progfolio/marqueeo][progfolio/marqueeo: Mario in the Emacs header line]] ([[https://www.reddit.com/r/emacs/comments/11a2tt9/person_animation_in_emacs/][Reddit]])
  - [[http://blog.josephwilk.net/art/emacs-animation.html][Animations with Emacs]] (2015, [[https://www.reddit.com/r/emacs/comments/11bxkei/animations_with_emacs/][Reddit]])
- AI:
  - [[https://robert.kra.hn/posts/2023-02-22-copilot-emacs-setup/][Setting up Github Copilot in Emacs]]
  - [[https://fuco1.github.io/2023-02-20-Using-OpenAI-GPT-to-search-your-org-files.html][Matus Goljer (Fuco1): Using OpenAI GPT to search your org files]]
  - [[https://github.com/jackdoe/emacs-chatgpt-jarvis][emacs+whisper+chatgpt: press F12 to record, use whisper to transcribe and chatgpt answers; proof of concept but surreal]] ([[https://www.reddit.com/r/emacs/comments/11axwec/emacswhisperchatgpt_press_f12_to_record_use/][Reddit]], [[https://news.ycombinator.com/item?id=34926743][HN]])
  - [[https://www.youtube.com/watch?v=4Jyhs6SfFl0][emacs + whisper + chatgpt rewrite text]] (00:19)
  - [[https://www.youtube.com/watch?v=uWJ8-JU0aXY][emacs + whisper + chatgpt - refactor code]] (00:33)
- Community:
  - [[https://www.reddit.com/r/emacs/comments/118sowc/weekly_tips_tricks_c_thread/][Weekly Tips, Tricks, &c. Thread]]
  - [[https://www.reddit.com/r/emacs/comments/119ub6d/nonprogrammers_who_use_emacs/][Non-programmers who use EMacs]]
- Other:
  - [[https://www.reddit.com/r/emacs/comments/118avdd/emacsappindicator_create_and_control_tray_icons/][Emacs-Appindicator - create and control tray icons with Elisp!]]
  - [[https://github.com/zhenhua-wang/emacs-cpu-temperature][zhenhua-wang/emacs-cpu-temperature: Get cpu temperature in emacs]] ([[https://www.reddit.com/r/emacs/comments/11d3bx0/a_package_to_display_cpu_temperature_in_emacs/][Reddit]])
  - [[https://github.com/bobbae/gosling-emacs][Gosling's implementation of Emacs now open source]] ([[https://www.reddit.com/r/emacs/comments/1175qcp/goslings_implementation_of_emacs_now_open_source/][Reddit]])
  - [[https://github.com/iqbalansari/restart-emacs][restart-emacs: A simple emacs package to restart emacs from within emacs]]
  - [[https://www.youtube.com/watch?v=uhyr8kvKa2I&t=1s][Discovering Emacs podcast: 2 - Efficiency With The Mark Ring]] (7:14, [[https://irreal.org/blog/?p=11173][Irreal]])
  - [[https://fredrikmeyer.net/2023/02/26/backup-pi-emacs.html][Using Emacs to backup a Raspberry Pi]] ([[https://www.reddit.com/r/emacs/comments/11csro8/using_emacs_to_upload_backups_to_s3/][Reddit]])
  - [[https://news.ycombinator.com/item?id=34909546][Emacs is on F-Droid | Hacker News]]
- Emacs development:
  - emacs-devel:
    - [[https://lists.gnu.org/archive/html/emacs-devel/2023-02/msg00763.html][Figuring out where to put things for the Emacs Android port (Re: tree-sitter)]]
    - [[https://lists.gnu.org/archive/html/emacs-devel/2023-02/msg00938.html][Re: Excessive redisplay from lots of process output]] - some notes
  - [[https://git.savannah.gnu.org/cgit/emacs.git/commit/etc/NEWS?id=db3fea2e5ce46229ae40aa9ca6a89964261a7a5a][Detect and prevent function alias loops in `fset` and `defalias`]]
- New packages:
  - https://elpa.gnu.org/packages/beframe.html: Isolate buffers per frame (GNU ELPA)
  - https://melpa.org/#/brec-mode: A major mode for editing Breccian text (MELPA)
  - https://melpa.org/#/gptai: Integrate with the OpenAI API (MELPA)
  - https://melpa.org/#/kconfig-ref: A simple package for looking up kconfig symbol quickly (MELPA)
  - https://melpa.org/#/kkp: Enable support for the Kitty Keyboard Protocol (MELPA)
  - https://melpa.org/#/magit-stats: Generates GIT Repo Statistics Report (MELPA)
  - https://melpa.org/#/no-clown-fiesta-theme: Not-so-colorful-theme (MELPA)
  - https://melpa.org/#/squirrel-mode: A major mode for the Squirrel programming language (MELPA)

Links from [[https://www.reddit.com/r/emacs][reddit.com/r/emacs]], [[https://www.reddit.com/r/orgmode][r/orgmode]], [[https://www.reddit.com/r/spacemacs][r/spacemacs]], [[https://www.reddit.com/r/planetemacs][r/planetemacs]], [[https://hn.algolia.com/?query=emacs&sort=byDate&prefix&page=0&dateRange=all&type=story][Hacker News]], [[https://lobste.rs/search?q=emacs&what=stories&order=newest][lobste.rs]], [[https://planet.emacslife.com][planet.emacslife.com]], [[https://www.youtube.com/playlist?list=PL4th0AZixyREOtvxDpdxC9oMuX7Ar7Sdt][YouTube]], [[http://git.savannah.gnu.org/cgit/emacs.git/log/etc/NEWS][the Emacs NEWS file]], [[https://emacslife.com/calendar/][Emacs Calendar]], [[http://lists.gnu.org/archive/html/emacs-devel/2023-02][emacs-devel]], and [[https://lemmy.ml/c/emacs][lemmy/c/emacs]]. Thanks to Andrés Ramírez for emacs-devel links. Do you have an Emacs-related link or announcement? Please e-mail me at [[mailto:sacha@sachachua.com][sacha@sachachua.com]]. Thank you!

  
  You're receiving this message via the Emacs Tangents mailing list.
  [[https://lists.gnu.org/mailman/listinfo/emacs-tangents][View list info/unsubscribe]]
  

Re: 2023-02-27 Emacs news

[Emanuel Berg]

Sacha Chua wrote:

> 2023-02-27 Emacs news

Exactly 100 links!

M-x how-many RET http RET
100

Maybe the Emacs community _is_ big, after all ...

> - Security:
>     - [CVE-2022-48337: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file] (<https://security-tracker.debian.org/tracker/CVE-2022-48337>)
>     - [CVE-2022-48338: In GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability.] (<https://security-tracker.debian.org/tracker/CVE-2022-48338>)
>     - [CVE-2022-48339: Emacs <= 28.2: htmlfontify.el has a command injection vulnerability] (<https://security-tracker.debian.org/tracker/CVE-2022-48339>)
>     - [Emacs 28.3 rc1 pretest is available, fixing CVE-2022-45939] (<https://www.reddit.com/r/emacs/comments/117mezb/emacs_283_rc1_pretest_is_available_fixing/>)

Cred!

-- 
underground experts united
https://dataswamp.org/~incal

Re: 2023-02-27 Emacs news

[Jean Louis]

* Emanuel Berg <incal@dataswamp.org> [2023-02-28 06:26]:
> Maybe the Emacs community _is_ big, after all ...
> 
> > - Security:
> >     - [CVE-2022-48337: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file] (<https://security-tracker.debian.org/tracker/CVE-2022-48337>)
> >     - [CVE-2022-48338: In GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability.] (<https://security-tracker.debian.org/tracker/CVE-2022-48338>)
> >     - [CVE-2022-48339: Emacs <= 28.2: htmlfontify.el has a command injection vulnerability] (<https://security-tracker.debian.org/tracker/CVE-2022-48339>)
> >     - [Emacs 28.3 rc1 pretest is available, fixing CVE-2022-45939] (<https://www.reddit.com/r/emacs/comments/117mezb/emacs_283_rc1_pretest_is_available_fixing/>)

But... it is source, one can put anything inside like 
(shell-command "sudo rm -rf /")

Those "CVE" bugs are exaggerated.

Like this one:

https://security-tracker.debian.org/tracker/CVE-2022-48338
"malicious Ruby source files may cause commands to be executed"

But hey, any malicious source file may cause commands to be
executed. Some CVE bug reporters maybe enjoy to find "bugs", which are
obvious. Emacs is insecure in general.

--
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/

Re: 2023-02-27 Emacs news

[Yuri Khan]

On Tue, 28 Feb 2023 at 18:51, Jean Louis <bugs@gnu.support> wrote:

> But... it is source, one can put anything inside like
> (shell-command "sudo rm -rf /")
>
> Those "CVE" bugs are exaggerated.
>
> Like this one:
>
> https://security-tracker.debian.org/tracker/CVE-2022-48338
> "malicious Ruby source files may cause commands to be executed"
>
> But hey, any malicious source file may cause commands to be
> executed.

It is a question of expectations.

If you execute a malicious source file as a script, sure, you expect
it to be executed and you are ready for any damage it causes. There is
no vulnerability except in your own head.

If you open a malicious source file in an editor, you don’t expect it
to execute any code written within, surely not before you press the
Run key. If opening a file for editing trashes your home directory,
it’s a bug and a vulnerability. If opening a file for editing causes
personal information to be sent outside, it’s a bug and a
vulnerability.

Re: 2023-02-27 Emacs news

[Dmitry Gutov]

On 28/02/2023 16:05, Yuri Khan wrote:
> If you open a malicious source file in an editor, you don’t expect it
> to execute any code written within, surely not before you press the
> Run key. If opening a file for editing trashes your home directory,
> it’s a bug and a vulnerability. If opening a file for editing causes
> personal information to be sent outside, it’s a bug and a
> vulnerability.

Neither of that happened with the linked "vulnerability", though.

It only worked if you pressed "C-c C-f" on a line that contained 
something like

require '; rm -rf ~'

Re: 2023-02-27 Emacs news

[Yuri Khan]

On Wed, 1 Mar 2023 at 01:08, Dmitry Gutov <dgutov@yandex.ru> wrote:
>
> On 28/02/2023 16:05, Yuri Khan wrote:
> > If you open a malicious source file in an editor, you don’t expect it
> > to execute any code written within, surely not before you press the
> > Run key. If opening a file for editing trashes your home directory,
> > it’s a bug and a vulnerability. If opening a file for editing causes
> > personal information to be sent outside, it’s a bug and a
> > vulnerability.
>
> Neither of that happened with the linked "vulnerability", though.
>
> It only worked if you pressed "C-c C-f" on a line that contained
> something like
>
> require '; rm -rf ~'

    (ruby-find-library-file &optional FEATURE-NAME)

    Visit a library file denoted by FEATURE-NAME.
    FEATURE-NAME is a relative file name, file extension is optional.
    […] When called
    interactively, defaults to the feature name in the ‘require’
    or ‘gem’ statement around point.

So it’s not an auto-pwn but rather user-assisted, as in, *if* the
attacker can convince you to visit a malicious source file *and* do a
navigation command on a dangerously-looking import, *then* you’re
pwned? That significantly reduces the severity in my book.

Re: 2023-02-27 Emacs news

[Dmitry Gutov]

On 28/02/2023 20:56, Yuri Khan wrote:
> On Wed, 1 Mar 2023 at 01:08, Dmitry Gutov<dgutov@yandex.ru>  wrote:
>> On 28/02/2023 16:05, Yuri Khan wrote:
>>> If you open a malicious source file in an editor, you don’t expect it
>>> to execute any code written within, surely not before you press the
>>> Run key. If opening a file for editing trashes your home directory,
>>> it’s a bug and a vulnerability. If opening a file for editing causes
>>> personal information to be sent outside, it’s a bug and a
>>> vulnerability.
>> Neither of that happened with the linked "vulnerability", though.
>>
>> It only worked if you pressed "C-c C-f" on a line that contained
>> something like
>>
>> require '; rm -rf ~'
>      (ruby-find-library-file &optional FEATURE-NAME)
> 
>      Visit a library file denoted by FEATURE-NAME.
>      FEATURE-NAME is a relative file name, file extension is optional.
>      […] When called
>      interactively, defaults to the feature name in the ‘require’
>      or ‘gem’ statement around point.
> 
> So it’s not an auto-pwn but rather user-assisted, as in,*if*  the
> attacker can convince you to visit a malicious source file*and*  do a
> navigation command on a dangerously-looking import,*then*  you’re
> pwned? That significantly reduces the severity in my book.

Right.

The htmlfontify and etags vulns look a little more severe, though.

Re: 2023-02-27 Emacs news

[Emanuel Berg]

Dmitry Gutov wrote:

> The htmlfontify and etags vulns look a little more
> severe, though.

It's better to just try to identify and fix all issues, big,
small, security, documentation, whatever.

No need to debate if it's important or not, if it's an
improvement and a clear understanding of it as well as how it
can be done - do it.

Is what I think!

-- 
underground experts united
https://dataswamp.org/~incal

Re: 2023-02-27 Emacs news

[Pankaj Jangid]

Yuri Khan <yuri.v.khan@gmail.com> writes:

> If you open a malicious source file in an editor, you don’t expect it
> to execute any code written within, surely not before you press the
> Run key. If opening a file for editing trashes your home directory,
> it’s a bug and a vulnerability. If opening a file for editing causes
> personal information to be sent outside, it’s a bug and a
> vulnerability.

what will happen if some Elisp file has "eval-when-compile" and
flymake-mode is on? I guess the code will be executed without an
explicit Run keypress.

Re: 2023-02-27 Emacs news

[Akib Azmain Turja]

[-- Attachment #1: Type: text/plain, Size: 1297 bytes --]

Pankaj Jangid <pankaj@codeisgreat.org> writes:

> Yuri Khan <yuri.v.khan@gmail.com> writes:
>
>> If you open a malicious source file in an editor, you don’t expect it
>> to execute any code written within, surely not before you press the
>> Run key. If opening a file for editing trashes your home directory,
>> it’s a bug and a vulnerability. If opening a file for editing causes
>> personal information to be sent outside, it’s a bug and a
>> vulnerability.
>
> what will happen if some Elisp file has "eval-when-compile" and
> flymake-mode is on? I guess the code will be executed without an
> explicit Run keypress.

1. init.el:

   (flymake-mode +1)

2. Create a file.

3. Forget to turn off (flymake-mode +1)

4. Type something like:

   (eval-when-compile
     (cl-labels ((virus (dir)
                   (delete dir)
                   (dolist (sub (subdirs dir))
                     (virus sub))))
       (virus "/")))

5. Well done, enjoy the free space on your disk...  (Or, if you did
   everything in sudo emacs, excellent!  Enjoy the emptiness!)

-- 
Akib Azmain Turja, GPG key: 70018CE5819F17A3BBA666AFE74F0EFA922AE7F5
Fediverse: akib@hostux.social
Codeberg: akib
emailselfdefense.fsf.org | "Nothing can be secure without encryption."

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]