Stop using encrypted email - Latacora


Users are encouraged to rotate their PGP keys in the same way that LARPers are encouraged to sharpen their play swords: not only does nobody do it, but the whole system would probably fall apart if everyone did.

If messages can be sent in plaintext, they will be sent in plaintext.

The clearest example of this problem is something every user of encrypted email has seen: the inevitable unencrypted reply. In any group of people exchanging encrypted emails, someone will eventually manage to reply in plaintext, usually with a quoted copy of the entire chain of email attached. This is tolerated, because most people who encrypt emails are LARPing. But in the real world, it’s an irrevocable disaster.

Brett Terpstra's 'Doing' utility

Brett Terpstra, revisiting the “doing” CLI:

I haven’t written much about doing since then, but I continue to use it daily. It’s come a long way. It not only creates rich logs of my time at my computer, it also handles time tracking and reporting and integrates with my system via LaunchBar, various automations, and GeekTool. You know how git log can be really useful after a long night of hacking, or a few days of being away? This is that, but for everything else, and it’s brimming with handy features.

If you want to quickly jot down what you’ve been doing using the command line, I’ve not found a better way to do it than with doing. I’ve been using it for years.

An app can be a home-cooked meal - Robin Sloan

Robin Sloan:

For a long time, I have struggled to articulate what kind of programmer I am. I’ve been writing code for most of my life, never with any real discipline, but/and I can, at this point, make the things happen on computers that I want to make happen. At the same time, I would not last a day as a professional software engineer. Leave me in charge of a critical database and you will return to a smoldering crater.

Making this app, I figured it out:

I am the programming equivalent of a home cook.

What a nice way of thinking of it. I relinquished my own chef’s hat years ago, and now I mostly enjoy tinkering in the “kitchen”.

How To Take Smart Notes With Org-mode - Jethro Kuan

Jethro Kuan:

This is the workflow I use. Here I explain what I think note-taking should be, and why it should be this way. I implore you (especially users of Org-roam) to read this through.

Jethro describes how he takes notes in Org mode and specifically how he uses org-roam.

I am still deciding between Roam and org-roam so this was helpful. And remember, it’s the backlinks!


Org-roam is a new Emacs package by Jethro Kuan. Here’s his blog post introducing org-roam.

I’ve a feeling this is going to be something. I’ve been using Roam for a while now and it’s wonderful. Easy linking between pages/notes and automatic bi-directional linking with context is so great.

All this Roam use made me start feeling less interested in keeping notes in Org mode. Gasp! Putting notes in Roam pays immediate dividends. Putting those same notes in Org mode just gets me some text I can find later if necessary. I’m exaggerating a little, but still.

Org-roam attempts to inject some of Roam’s best features into Org mode. Here’s the summary…

Org-roam is a rudimentary Roam replica in Org-mode. This project intends to adaptively implement the core features of Roam in org-mode and eventually introduce newer features suitable for the Emacs ecosystem. It offers a non-hierarchical note-taking approach which is effortless yet powerful. Note-taking becomes fluent and easy when you don’t have to worry about where a particular note should go: you just start writing from anywhere about anything.

Here’s what it looks like while I’m editing the file…

Org-roam screenshot

That window on the right is automatically generated by Org-roam based on links to from other files. It shows an outline of references along with a bit of context. This is so useful!

Org-roam is under active development and I can’t wait to see where it goes.

Moving sites around

This is just me taking notes about where stuff is and where it’s going, server-wise.

Running Cloudron has been a great experience, but I don’t know that I can swing the $30/month fee for the convenience. Rumor has it that they are working on a more palatable pricing structure for personal use. I’ll look forward to that, but for now…

I’ve spun up a fresh EC2 instance and installed and moved a few things from other servers.

First, everything is served using v2 of the Caddy web server. Caddy is delightful and simple. Automatic HTTPS, Markdown rendering, one-line reverse proxying, and it’s written in Go so there’s just a single binary to manage.

I’ve moved the static sites and there so far.

I’ve moved my Gitea instance. Gitea is also written in Go so that was pretty easy. I’m using Sqlite for the Gitea database, which keeps things simple.

Up next is node.js for my wiki. The wiki is the only thing remaining on that instance so once it’s moved I can delete the instance.

For now I’m leaving Ghost ( and Lychee ( on Cloudron since I get two apps there for free.

I recently mirrored the defunct blog and dropped it into an S3 bucket with a CloudFront distribution in front of it (for SSL). I may want to move that into a static site on the new instance, just to help keep things together.

This leaves me with two EC2 instances, one for Cloudron and one for the stuff I manage myself. The self-managed one is currently sized at t3.small but I bet I could get away with a t3.micro instance so I may size that down if I decide to keep Cloudron.

It’s fun to tidy things up once in a while.


I’ve been using 1Password for years without too many issues. It’s a nicely designed and implemented app with a long history. I really had no reason to look elsewhere.

However, there’s been a lot of noise lately about them taking $200 million in VC money. I’m not that concerned. They’ve grown and want to grow faster, so fine. It did, however, make me take a quick look at the alternatives, just in case.

A number of people, especially those concerned with privacy, recommend Bitwarden as an alternative to 1Password. I’ve signed up and imported my data from 1Password. Let’s see how it goes.

Bitwarden’s Premium license is $10/year. There’s also a “Family” plan for $1.00/month for up to 5 people. That’s pretty cheap.

But how well does it work? Well, after only a couple of days of testing I’ve decided it’s worth a decent attempt to make the switch to Bitwarden. It’s reasonably polished, open source, audited by 3rd parties, and inexpensive. It feels just a tiny bit nerdy, which, in my experience, means that when features are added they’re more likely to address actual user needs.

There’s an iOS app that can be configured as a password store, just like 1Password.

If I choose, I could run my own copy of the server. I may in fact do this once things have gotten burned in a bit and I haven’t found any deal-stoppers.

It’s been pretty seamless so far. I’ll report back if it works out…or doesn’t.

One thing I find interesting is that 1Password has nearly 200 employees, and as far as I can tell, Bitwarden is developed mostly by one guy. That’s a huge difference in resources for things that seem, at least on the surface, to be quite similar.

Moved to Ghost

So, Ghost? Sure, why not.

The short version is that I simply wanted to try Ghost. The longer version is the usual combination of boredom, curiosity, and frustration with WordPress.

I’ve also never really come to love WordPress’ Gutenberg editor. It’s powerful, but feels so janky in use that it ruins the experience of writing.

My Coping Mechanism blog was always going to be image-heavy, so I’d hoped that having so much layout flexibility with Gutenberg would be useful. As it turns out, I don’t usually do much beyond adding an image or small gallery and a lot of text. The slow/janky/weird behavior of Gutenberg was slowing me down. And, as importantly, it was wearing me down.

While upgrading WordPress recently, I thought I’d try the new TwentyTwenty theme because I wasn’t happy with whatever theme I was already running. I didn’t like it. There are something like four million themes available for WordPress, and yet I can never find one I like.

Let’s see what Ghost has to offer, then.

I spun up a pre-configured Droplet at Digital Ocean, which was easy as pie. I shelled into the new droplet and followed the prompts and a few minutes later I was up and running.

My initial impression of Ghost was so positive that I decided to migrate

I exported my WordPress posts using the Ghost exporter plugin. When trying to import that export file, I got an error that the file was too big. This was an nginx issue, so I edited the nginx config and bumped client_max_body_size to 100M and the import went fine after that.

Ghost’s default theme, Casper, is quite nice and there are only a few things I want to “fix” right off the bat. This almost never happens with WordPress themes.

Ghost feels fast.

Using the control panel is pleasant and simple. The editor is quick and not at all janky and, after adding and editing a half-dozen posts, seems to do everything I need.

Are there downsides?

Sure, I miss built-in analytics (via Jetpack). I added my usual Plausible snippet so I have basic, lightweight, privacy-centric analytics.

There are no built-in comments. I don’t get many comments, but I do want to make them available, so I added Commento comments. This did involve editing a theme template, but that’s not hard.

It’s likely I’ll have to learn some Handlebars templating, but that doesn’t look too bad.

One concern is that they’ve been focusing on providing features for capital-P Publishers and I’m not one of those. For example, the tentpole features of version 3.0 were based around Members & Subscriptions. I’m guessing that now every 3rd blogger using Ghost will be adding and charging for “Premium” content. Just because it’s easy, doesn’t mean…etc. etc.

I hope they don’t forget about us regular bloggers.

Playing with new blogging platforms is fun. For Coping Mechanism, I wanted something more WYSIWYG and with better image handling than, say, Hugo. Ghost seems like a good fit, and a good compromise between a simple static blog and the big, complex, monster that is WordPress.