casual updates

ShapeOfMatter · Sep 19, 2024 · ffb5f89 · ffb5f89
1 parent ba6dc1b
commit ffb5f89
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 29 deletions.
diff --git a/_posts/2022-04-25-casual-security.md b/_posts/2022-04-25-casual-security.md
@@ -8,7 +8,7 @@ description: "What do I suggest for friends and family worried about their cyber
 > compromise of banking, social-media, and other accouts. 
 
 
-Hello \_\_\_\_\_;
+Hello X;
 
 As promised, some basics for personal cybersecurity.
 
@@ -31,16 +31,16 @@ I guess 3-1-2 might be the right order, but anyone who could say definitively wo
   - Use an ad-blocker. Advertisements (and the many less visible marketing-adjacent stuff webpages include) are malware vectors.
     Finding an excellent strategy here is a big subject that I know only a little about.
     My setup:
-   - [uBlockOrigin](https://ublockorigin.com/) : This is an aggressive block-list based ad-blocker. It's a classic, it's trusted and effective,
-     and it's the one I most often notice actually doing anything.
-   - Firefox: Out-of-the-box, Firefox is pretty tight security-wise.
-     It has a light ad-blocker built in, and a variety of other protections (https-everywhere, dns-over-https) are now just switches in the settings.
-   - [Privacy Badger](https://privacybadger.org/) : This is also an ad-blocker, but it works in a completely different way:
-     it uses behavioral heuristics to guess what it should block.
-     Mostly I only see it blocking embedded SoundCloud widgets.
+       - [uBlockOrigin](https://ublockorigin.com/) : This is an aggressive block-list based ad-blocker. It's a classic, it's trusted and effective,
+         and it's the one I most often notice actually doing anything.
+       - Firefox: Out-of-the-box, Firefox is pretty tight security-wise.
+         It has a light ad-blocker built in, and a variety of other protections (https-everywhere, dns-over-https) are now just switches in the settings.
+       - [Privacy Badger](https://privacybadger.org/) : This is also an ad-blocker, but it works in a completely different way:
+         it uses behavioral heuristics to guess what it should block.
+         Mostly I only see it blocking embedded SoundCloud widgets.
   - Your phone is difficult.
     Supposedly Android-level ad-blockers exist, which would be nice because a lot of apps contain ads; I've never set one up.
-    I don't know what your options are for Chome on Android; switching to Firefox wouldprobably be good.
+    I don't know what your options are for Chrome on Android; switching to Firefox would probably be good.
     (I mostly use "Firefox Focus", I would not assume that's what you want.)
   - Installing a new app, program, or plug-in is itself an opportunity to compromise your machine.
     It's also a future vector: If the provider of that app ever gets compromised or bought out, they could push malicious updates to you.
@@ -49,27 +49,27 @@ I guess 3-1-2 might be the right order, but anyone who could say definitively wo
     My basic strategy is to wipe my laptop/phone every couple years and re-install a fresh OS.
 3. Secure the accounts themselves
   - Use MFA.
-   - **If you're not using a password manager, then this is probably your only strong layer of protection.**
-   - Set it up on any "important" account that will let you.
-     This is not just stuff that would be expensive/bad to get compromised;
-     it's also any account that would help an adversary get access to other accounts (email!).
-   - Text-message MFA is ok; it's security vulnerabilities probably aren't important for you or me.
-     But app-based MFA is _better_; it's more secure and **it's easier to use.**
-     I use LastPass Authenticator for everything I can (it uses a general-purpose protocol, lots of stuff works with it).
-     For jobs/school I sometimes have to use Duo Mobile, which is fine.
-     And my gmail account uses google's integrated Android MFA.
+       - **If you're not using a password manager, then this is probably your only strong layer of protection.**
+       - Set it up on any "important" account that will let you.
+         This is not just stuff that would be expensive/bad to get compromised;
+         it's also any account that would help an adversary get access to other accounts (email!).
+       - Text-message MFA is ok; it's security vulnerabilities probably aren't important for you or me.
+         But app-based MFA is _better_; it's more secure and **it's easier to use.**
+         I use LastPass Authenticator for everything I can (it uses a general-purpose protocol, lots of stuff works with it).
+         For jobs/school I sometimes have to use Duo Mobile, which is fine.
+         And my gmail account uses google's integrated Android MFA.
   - Use a password manager.
-   - This is a big step, and there are various usability considerations to think about,
-     but once you get used to it it's **easier** than traditional password use.
-     (Also, without it, all passwords are weak to a resourced attacker.
-     Either they're too short, or they're too similar to passwords you're using on other sites.)
-   - Obviously you're committing to remembering one difficult-to-remember password.
-     Keeping it written down someplace _safe_ is ok!
-   - Also, obviously, you'll have MFA set up for your password manager.
-     Considering how you want everything to overlap, and how you want all your fail-safes configured, probably sounds like a chore.
-     You don't have to do it all at once.
-   - I use [LastPass](https://www.lastpass.com/). I like them; some people don't.
-     Whoever you use will probably try to sell you a VPN and other services, whatever.
+       - This is a big step, and there are various usability considerations to think about,
+         but once you get used to it it's **easier** than traditional password use.
+         (Also, without it, all passwords are weak to a resourced attacker.
+         Either they're too short, or they're too similar to passwords you're using on other sites.)
+       - Obviously you're committing to remembering one difficult-to-remember password.
+         Keeping it written down someplace _safe_ is ok!
+       - Also, obviously, you'll have MFA set up for your password manager.
+         Considering how you want everything to overlap, and how you want all your fail-safes configured, probably sounds like a chore.
+         You don't have to do it all at once.
+       - I use [LastPass](https://www.lastpass.com/). I like them; some people don't.
+         Whoever you use will probably try to sell you a VPN and other services, whatever.
 4. Check for existing breaches.
   - This is not a very effective thing to do in general, but there's some low-hanging items.
   - Dropping your emails and phone number into [haveibeenpwned.com](https://haveibeenpwned.com/) is generally considered safe to do.

diff --git a/code/bin/aliases.bash b/code/bin/aliases.bash
@@ -5,6 +5,13 @@ if [ -d "$HOME/.local/bin" ] ; then
     PATH="$HOME/.local/bin:$PATH"
 fi
 
+# set PATH so it includes TexLive
+if [ -d "/usr/local/texlive/2024/bin/x86_64-linux" ] ; then
+    PATH="/usr/local/texlive/2024/bin/x86_64-linux:$PATH"
+    MANPATH="/usr/local/texlive/2024/texmf-dist/doc/man:$MANPATH"
+    INFOPATH="/usr/local/texlive/2024/texmf-dist/doc/info:$INFOPATH"
+fi
+
 # quickly check if a program is still running
 function grep_ps {
   ps ax o"cmd,user,pid" | grep "$1" | grep --invert-match "^grep "
@@ -50,6 +57,8 @@ function grep_context {
       --exclude-dir='__pycache__' \
       --exclude-dir='.stack-work' \
       --exclude-dir='dist-newstyle' \
+      --exclude-dir='target/debug' \
+      --exclude='Cargo.lock' \
       "$@"
 }