Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

what sorts of things are hard to configure?


Emacs' configurability is hard to describe to anyone who hasn't immersed themselves in that sort of environment. There's a small portion of the program written C, but the bulk of it is written in elisp. When you evaluate elisp code, you're not in some sandboxed extension system - you're at the same level as Emacs itself. This allows you to modify nearly any aspect of Emacs.

It'd be a security nightmare if it was more popular, but fortunately the community hovers around being big enough for serious work to be done but small enough that it's not worth writing malware for.


I don't know if it's a security nightmare any more than other editors that have "plugins" (or the like).

One advantage for Emacs is it's both easy and common read the code of the plugins you are using. I can't tell you the last time I looked at the source code of a plugin for VS Code or any other editor. The last time I looked at the code for a plugin in Emacs was today.


That last line was totally unexpected, yet deeply familiar. Took over a minute to recover from that rofl.


I don't think it's a security nightmare per-se. Most of the time, you're not installing a lot of packages (the built-in are extensive) and most of these are small and commonly used.

It's like saying the AUR is a security nightmare. You're just expected to be an adult and vet what you're using.


I'm not sure I agree with the number and size of packages people install (unless you're comparing them to, say, org-mode), but that's not really what I'm talking about.

Emacs runs all elisp code as if it's part of Emacs. Think about what Emacs is capable of, and compare that to what a browser allows its extensions to do. No widely used software works like that because it's way too easy to abuse. Emacs gets away with it because it's not widely used.

I don't know the first thing about VSCode but I'm willing to bet there are strict limits to what its plugins are allowed to do.


I don't know if that's changed since last I wrote an extension for a web browser, but the API is pretty open for the current context (tab) that it's executing in. As long as it's part of the API, the action is doable. Same with VSCode or Sublime. Sandboxed plugins would be pretty useless.


I guess it's hard to switch from a working setup that you've invested time in.

Especially since you might not be familiar with the new one.

Personally, I'm trying out things in VS Code, just to see how they work. But when I need to work, I do it in Emacs, since I know it better.

Also, with VS Code, just while trying it out, simple things like cut & paste would stop working (choosing them from the menu, they would work, but trying to cut & paste with the key shortcuts and the mouse, wouldn't). You'd have to refresh the whole view or restart it, for cut & paste to become available again.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: