Posts Tagged ‘passtore’

My Software Stack 2011 edition

Saturday, December 31st, 2011

I realize that I haven’t written my customary “software stack” post for this year yet. But hey, from where I’m sitting, I still have … 36 minutes to spare ;)

I’ll be using the same categories as last year; system, communications, web, development, office suite, server, organization, and entertainment.

System

The OS of choice is still Archlinux, my window manager is still wmii, my terminal emulator is rxvt-unicode, upgraded by also installing urxvt-tabbedex.

My shell is still bash, my cron daemon is still fcron, and my network manager is wicd.

To this configuration I’ve added the terminal multiplexer tmux, and have lately found out just how useful mc can be. Oh, and qmv from the renameutils package is now a given part of the stack.

Communications

Not much change here, Thunderbird for email, Pidgin for instant messaging, irssi for IRC.

Heybuddy has been replaced by identicurse as my micro-blogging (identi.ca) client. Heybuddy is very nice, but I can use identicurse from the commandline, and it has vim-like bindings.

For Pidgin I use OTR to encrypt conversations. For Thunderbird I use the enigmail addon along with GnuPG.

This means that Thunderbird still hasn’t been replaced by the “mutt-stack” (mutt, msmtp, offlineimap and mairix) and this is mostly due to me not having the energy to learn how to configure mutt.

I also considered trying to replace Pidgin with irssi and bitlbee but Pidgin + OTR works so well, and I have no idea about how well OTR works with bitlbee/irssi (well, actually, I’ve found irssi + OTR to be flaky at best.

Web

Not much changed here either, Firefox dominates, and I haven’t looked further into uzbl although that is still on the TODO list, for some day.

I do some times also use w3m, elinks, wget, curl and perl-libwww.

My Firefox is customized with NoScript, RequestPolicy, some other stuff, and Pentadactyl.

Privoxy is nowadays also part of the loadout, to filter out ads and other undesirable web “resources”.

Development

In this category there has actually been some changes:

  • gvim has been completely dropped
  • eclipse has been dropped, using vim instead
  • mercurial has been replaced by git

Thanks in no small part to my job, I have gotten more intimate knowledge of awk and expect, as well as beginning to learn Perl.

I still do some Python hacking, a whole lot of shell scripting, and for many of these hacks, SQLite is a faithful companion.

Doh! I completely forgot that I’ve been dabbling around with Erlang as well, and that mscgen has been immensely helpful in helping me visualize communication paths between various modules.

“Office suite”

I still use LaTeX for PDF creation (sorry hook, still haven’t gotten around to checking out ConTeXt), I haven’t really used sc at all, it was just too hard to learn the controls, and I had too few spreadsheets in need of creating. I use qalculate almost on a weekly basis, but for shell scripts I’ve started using bc instead.

A potential replacement for sc could be teapot, but again, I usually don’t create spreadsheets…

Server

Since I’ve dropped mercurial, and since the mercurial-server package suddenly stopped working after a system update, I couldn’t be bothered to fix it, and it is now dropped.

screen and irssi is of course always a winning combination.

nginx and uwsgi has not been used to any extent, I haven’t tried setting up a VPN service, but I have a couple of ideas for the coming year (mumble, some VPN service, some nginx + Python/Perl thingies, bitlbee) and maybe replace the Ubuntu installation with Debian.

Organization

I still use both vimwiki and vim outliner, and my Important Dates Notifier script.

Still no TaskJuggler, and I haven’t gotten much use out of abook.

remind has completely replaced when, while I haven’t gotten any use what so ever out of wyrd.

Entertainment

For consuming stuff I use evince (PDF), mplayer (video), while for music, moc has had to step down from the throne, to leave place for mpd and ncmpcpp.

eog along with gthumb (replacing geeqie) handles viewing images.

For manipulation/creation needs I use LaTeX, or possibly Scribus, ffmpeg, audacity, imagemagick, inkscape, and gimp.

Bonus: Security

I thought I’d add another category, security, since I finally have something worthwhile to report here.

I’ve begun encrypting selected parts of my hard drive (mostly my email directory) using EncFS, and I use my passtore script for password management.

And sometimes (this was mostly relevant for when debugging passtore after having begun actively using it) when I have a sensitive file which I for a session need to store on the hard drive, in clear text, I use quixand to create an encrypted directory with a session key only stored in RAM. So once the session has ended, there is little chance of retrieving the key and decrypting the encrypted directory.

Ending notes

That’s about it. Some new stuff, mostly old stuff, only a few things getting kicked off the list. My stack is pretty stable for now. I wonder what cool stuff I will find in 2012 :D

:wq

2011w35

Sunday, September 4th, 2011

I guess the first big thing to happen this week, which I’d be remiss if I didn’t mention it, is that I got a job :D

passtore

This Tuesday I also awoke with the idea that I really should, somehow make it easy for a user to sign the configuration file of passtore. And of course to check said signature as well.

What I want to achieve with that is to engineer out the flaw in security which would appear if an aggressor got hands on the system and added his/her own key id to the list of recipients in the configuration file.

I’ll have to think about that some more.

chattr +i

I don’t particularly like flash. Sadly a great big chunk of the Internet becomes useless without it, and although I should take a firmer stand against flash I have the flashplugin for Firefox installed. One of the really nasty things about flash is those persistent super-cookies which can be set, and quite frankly, Firefox has become a bit heavy lately, so I have been looking around for ways to cut back on add-ons.

I am currently trying out Privoxy as a standalone ad-blocker, and today I got the idea of trying to replace the “Better Privacy” add-on with some file-system hacking instead. In short “Better Privacy” works by trying to detect when a flash super-cookie has been set, and remove it.

This cookie is stored in a file, locally on the file-system. So I did a little thinking. In my home directory there are two hidden directories: .adobe and .macromedia, both containing a directory named Flash_player. Inside one of those (I guess it depends on the version of flashplayer which directory is the relevant one) flash stores these cookies.

So my first idea was simply to delete those two directories. Which of course is silly. The relevant one will just be recreated, at the latest upon the next Firefox restart. So that wouldn’t work.

I could of course instruct fsniper or incron to watch those two directories and have them pounce any newly created content within with an rm -rf command, and although that would work, I don’t particularly like scripted events which includes an rm command. Also I’d have to divert some system resources to that (yes, there are plenty of resources to go around, that’s beside the point) activity, and that wasn’t to my liking either.

Finally it dawned on me. If I removed the directories, they would just respawn, so I’d need to keep them there as placeholders, and make them non-writeable, and really immutable. That way, any time flash would try to get cute, it would hit a brick wall.

So what I ended up doing was:

  1. Purge any and all contents inside .adobe/ and .macromedia/
  2. chmod 0500 ./{.adobe,.macromedia}
  3. sudo chattr +i ./{.adobe,.macromedia}

So now the owner (me) can only read/list the contents of the directories (not modify them) and with chattr +i they are immutable, requiring root privileges to change those permissions.

Your move flash…

Links

Schneier on Security: The Efficacy of Post-9/11 Counterterrorism

MITnews: Killing a cancer cell from the inside out — although I’d worry about mutation, or weaponisation…

2011w30

Sunday, July 31st, 2011

Hacking the shell

I’ve scratched some itches this week, some by pure luck, others by seeking these itches out and scratching them with a vengeance ;)

Added to my ~/.bash_aliases is now alias pwd='pwd -P' which tells pwd to resolve the real path when you have cd’d in to a symlinked directory.

Not really a hack, but I discovered Meta-BackSpc / ESC-BackSpc which will, unlike Ctrl-w, delete parts of a path, instead of the entire path.

This thread was of great help in finding that key combination.

Also, thanks to Rikard I got hold of this document which outlines how I would go about getting a word, after the cursor, deleted. Before the cursor is eash (Ctrl-w), but after has always eluded me. Turns out it is Meta-d (or, as in my case, if that is overridden by your window manager, “ESC d”). VERY nice!

I did update my PS1 variable, both for root and my ordinary user. I don’t really know why I hadn’t thought of adding a time indicator before.

There have been times when I have started a long running process, and half an hour or so into it realized that it would have been nice to time the process. Now, this wouldn’t exactly be able to fully replace time, but could do in a pinch so to speak.

root: PS1='\n\[\e[0;33m\][\t] \[\e[0;31;5m\]\u@\h\e[25m\] \[\e[01;34m\]$(pwd)\n\[\e[0m\]# '

which will create the prompt:

[HH:MM:SS] root@host /present/working/directory
#

(yes, root@host IS blinking. root can haz be seriuz bizness!)

user: PS1='\n\[\e[0;33m\][\t] \[\e[0;37m\]\u@\h \[\e[01;34m\]$(pwd)\[\e[0m\]\n\$ '

and this produces

[HH:MM:SS] patrik@host /present/working/directory
$

ImageMagick and Animations

I kindof just assumed imagemagick would have some sort of way of creating an animated gif, and of course imagemagick didn’t let me down.

What surprised me was how incredibly easy it was.

Duck Duck Go (as I am attempting a google-free week) gave me this result, and once I had tweaked the parameters somewhat I ended up with this: $ convert -delay 50 -loop 0 root*.gif rootshell.gif

Zenity and passtore

I also managed to convince (nagged him until his ears risked falling off ;)) Rikard to try out my password management system passtore.

He did have one counter-demand however: he’d need a GUI for day-to-day operations. Me, being a wmii acolyte, can do without it, but I can see how he would feel different, and seeing as it would be a fun exercise, and I’d get him to give it a shot, I sat down and had at it.

Zenity was my first thought, and as it worked out well, it was my only thought ;) The working name for that code is “Heaven ZENt”. Yes I know, I am a stupid wanker, I can live with that ;D

I am however pondering whether I should release this code as a separate project (it depends on passtore, and is useless without it, which should indicate “no”) or not (it does introduce a dependency on zenity, which isn’t strictly needed to operate passtore).

At present time it is only a wrapper around the getpass script from passtore. In essence, “heaven ZENt” is “wyrd” to “passtore’s” “remind”. I am unsure as how to proceed. Input would, as always, be appreciated.

Musings

I’ve given myself the mission to move one of my (spam-trap) email accounts from Thunderbird to mutt. I really want to be able to use mutt as that would be one less thing I’d need to start X for.

So I am looking at other peoples .muttrc files, and came across the index_format setting. This controls how your list of emails in an “inbox” is presented. In Thunderbird this view (simplified) is “some flags, subject, some more flags, author name, even more flags, date”, and what I realize from the .muttrc files I’m viewing, is that at least some people place the date before author, before subject.

That got me thinking about whether this is some sort of brain hack, to force the brain into working in a different way. Coming from Thunderbird, when a new message arrives in a conversation my reaction is to either open it, or let it be for now, depending on whether it is a discussion I am interested in.

At that point I don’t bother to look at the author field, if the conversation is uninteresting (to me) I will simply defer it to later, and if it is interesting I will simply open the new mail and read it, thereby getting to know who wrote it.

Putting the author in front of the subject could let you filter on people rather than on subject, as we all have some people we listen more intently to than others, so whatever discussion they’re in, it might be worth while to read it.

But that still didn’t explain why they’d put date and time before author. The only idea I have about this is that some mails will be urgent and thus it is good to see when they arrived. But I don’t know. I think I will try out “flags, author, subject, datetime” and see how that goes.

Revelation

If you mess up the datetime settings in BIOS (because you have powered down and unplugged your system during a thunderstorm, AND your motherboard is so old that the CMOS battery is dead) you may experience some problems when booting.

In my particular case, FSCK (or whatever binary it is that is performing a quick check on the file system during boot) reported that the datetime was now 2011-07-11 (because I fucked that up), but the last check had been performed in 2011-07-22.

This made it confused and prompted me to manually repair the file system, by entering the root password (which I have unset, -1 for sudo / me) and doing some operations.

That was actually not such a fun night trying to get to the bottom of that.

:wq