Re: [dev] [wiki] Adding patches to the wiki
My fault: ~/prg/sites/dwm.suckless.org$ for a in $(cat `find .| grep md$`| grep http | sed -rn 's,.*(http:[^\)]),\1,p'|cut -d ')' -f 1) ; do echo checking $a ; curl -s -o /dev/null $a || echo FAIL $a; done FAIL http://news.nopcode.org/mouseontitle-4.6.diff FAIL http://news.nopcode.org/nmaster-4.7.c FAIL http://news.nopcode.org/nmaster.c FAIL http://news.nopcode.org/nmaster-4.5.patch This server is gone.. so the patches are lost too. I'll fix those links asap. Anselm R Garbe wrote: Hi there, I'd like to ask everyone who is going to link/add code patches to the wiki to actually also add the patch itself to the wiki (at least as a copy). This prevents dead links in the long run, since several patches that are linked are dead links. Thanks, Anselm
[dev] orphan wmiirc's, wmii's / ruby wmiirc
I'm using the sunaku wmiirc setup, with some modifications, from github. I tend to restart/re-run wmiirc a lot, as I make modifications. I'm running an up-to-date Gentoo Linux system, with a pretty basic setup. I had some X updates, so I decided to finally log out, and try to diagnose an issue I observed that I thought might be make clear with a fresh X log in. Anyways, basically I have multiple wmiirc's (ruby ones, in this case), but only one seems germane to the current session. Here's a ps output edited slightly for clarity. (Mail viewer's w/o monospace might not show the parenting well.) $ ps -e -o pid,pid,lstart,time,command -H|grep -C 4 wmii ... 18600 18600 Tue Nov 17 16:45:15 2009 00:00:00 wmii ... 17775 17775 Wed Dec 2 11:52:34 2009 00:00:16 ruby /home/fafhrd/.wmii/ruby-git/wmiirc 2447 2447 Wed Dec 2 15:29:06 2009 00:00:00 wmii ... 19328 19328 Thu Dec 10 14:16:48 2009 00:00:00 ruby /home/fafhrd/.wmii/ruby-git/wmiirc ... 19759 19759 Thu Dec 10 14:19:05 2009 00:00:00 /usr/bin/gdm 19760 19760 Thu Dec 10 14:19:05 2009 00:00:00 /usr/bin/gdm 19764 19764 Thu Dec 10 14:19:05 2009 00:01:04 /usr/bin/X :0 -audit 0 -auth /var/gdm/:0.Xauth -nolisten tcp vt7 19796 19796 Thu Dec 10 14:19:20 2009 00:00:00 /bin/sh /etc/X11/gdm/Xsession custom 19829 19829 Thu Dec 10 14:19:20 2009 00:00:00 xscreensaver -no-splash 19832 19832 Thu Dec 10 14:19:20 2009 00:00:00 wmii ... 19866 19866 Thu Dec 10 14:19:20 2009 00:00:00 wmii 19896 19896 Thu Dec 10 14:19:20 2009 00:00:05 ruby /home/fafhrd/.wmii/ruby-git/wmiirc Now, if I run ~/.wmii/wmiirc (that file contains wmiir xwrite /ctl spawn ruby-git/wmiirc) again, I notice the following: 1) wmii proceses still there: 18600, 2447, 19832, 19866 (all of them) 2) ruby wmiirc processes still there: 17775, 19328 3) ruby wmiirc processes gone: 19896 4) ruby wmiirc processes new: 26416 I am seeing normal behavior here? Does anyone else have rogue wmii's or wmiirc's? FWIW, the same behavior was happening to be in the sh wmiirc's a while back, but I didn't think much of it, at the time. How harmful could the extra wmiirc's processes be? Could they be eating event from /event in 9p? The first wmii and wmiirc seem clearly wrong, having been launched on Dec 2nd. Thanks for any info -- a bit confused here, __armando
[dev] suckless password manager
Currently I have only found one simple password manager: pwsafe. It can be used from command line, can work with X clipboard and uses good cryptography I think. But it is not supported now and it's code depends on readline, autotools, written in C++ and consists of one .cpp file. As I can see suckless projects mostly works with X11 in the unix way. pwsafe also do some trick with X11: it puts password into clipboard and clears it after you put password somewhere with middle-click. So if someone there understands both cryptography, X11 and UNIX well it can be a good idea for new suckless project. Maybe code can be simplified by switching to another database structure not compatible with PasswordSafe.
Re: [dev] suckless password manager
It can't work with X, but use of GPG instead of creating new encryption scheme is interesting. So the only thing to implement is secure use of X11 clipboard and integration with GPG or some PGP library. Perhaps you could alter the script to pipe the nth line into xsel, or change the format of the 'database' e.g. gmail hunter2 supersecritsight.org 1234 and prompt the user for a site? (man read, xmessage?) From xsel's man page: -t ms, --selectionTimeout ms Specify the timeout in milliseconds within which the selection must be retrieved.
Re: [dev] suckless password manager
Actually, I think passwordmanagers are not secure. All your passwords are just as strong as your PM encryption. I have an mnemoc/algorithm which enables me to generate a quite strong password (without penpaper) which depends on the name of the webpage and/or username I use there. On Dec 10, 2009 11:55 PM, anonymous aim0s...@lavabit.com wrote: On Thu, Dec 10, 2009 at 11:14:15PM +0100, Nibble wrote: Hi, It is just a little toy, but ma... It can't work with X, but use of GPG instead of creating new encryption scheme is interesting. So the only thing to implement is secure use of X11 clipboard and integration with GPG or some PGP library. And what password managers do suckless developers use? Not using any doesn't seem secure, I don't think someone can lots of good passwords.
Re: [dev] suckless password manager
On Thu, Dec 10, 2009 at 11:03:25PM +, Rob wrote: Perhaps you could alter the script to pipe the nth line into xsel, or change the format of the 'database' e.g. gmail hunter2 supersecritsight.org 1234 and prompt the user for a site? (man read, xmessage?) From xsel's man page: -t ms, --selectionTimeout ms Specify the timeout in milliseconds within which the selection must be retrieved. What timeout -t affects? Looks like nothing changed. For -t 5000 i can retrieve PRIMARY after 5 seconds, before 5 seconds and at any time.
Re: [dev] suckless password manager
What timeout -t affects? Looks like nothing changed. For -t 5000 i can retrieve PRIMARY after 5 seconds, before 5 seconds and at any time. You're right, perhaps it's an xsel bug? Perhaps you could echo password | xsel -i sleep 0.5 xsel -c # or -d? Maybe xclip offers more
Re: [dev] suckless password manager
On Thu, Dec 10, 2009 at 2:14 PM, Nibble nibble...@gmail.com wrote: It is just a little toy, but maybe it could be useful for someone else ;) http://nibble.develsec.org/hg/toys/file/da45af463c1c/passman I've done a similar toy with VIM + GPG back in the day: :-) http://snk.tuxfamily.org/bin/secure-edit.sh It's very important that the intermediate unencrypted file is destroyed upon script termination!
Re: [dev] suckless password manager
Maybe xclip -l 1 -i could do the work. BTW I have just simplified the script even more (using umask instead of chmod's). Last changes are in the hg tip. http://nibble.develsec.org/hg/toys/file/a12b1de0a2cc/passman On Thu, 10 Dec 2009 23:46:31 + Rob robpill...@gmail.com wrote: What timeout -t affects? Looks like nothing changed. For -t 5000 i can retrieve PRIMARY after 5 seconds, before 5 seconds and at any time. You're right, perhaps it's an xsel bug? Perhaps you could echo password | xsel -i sleep 0.5 xsel -c # or -d? Maybe xclip offers more
Re: [dev] suckless password manager
You're right, perhaps it's an xsel bug? Perhaps you could echo password | xsel -i sleep 0.5 xsel -c # or -d? Maybe xclip offers more pwsafe clears PRIMARY right after you use it. Then it exits. That way you can use it only one time and you can be sure no one can see you password after pwsafe exits. There is a project ideas page in the wiki. Maybe password manager can be added there?
Re: [dev] suckless password manager
Thanks for the tip :) I updated passman accordingly and now it uses shred -fuz instead of rm -f. On Thu, 10 Dec 2009 16:03:35 -0800 Suraj Kurapati sun...@gmail.com wrote: On Thu, Dec 10, 2009 at 2:14 PM, Nibble nibble...@gmail.com wrote: It is just a little toy, but maybe it could be useful for someone else ;) http://nibble.develsec.org/hg/toys/file/da45af463c1c/passman I've done a similar toy with VIM + GPG back in the day: :-) http://snk.tuxfamily.org/bin/secure-edit.sh It's very important that the intermediate unencrypted file is destroyed upon script termination!
Re: [dev] suckless password manager
Thanks for the tip :) I updated passman accordingly and now it uses shred -fuz instead of rm -f. Also if you want to make code shorter you can use [ expr ] echo true || echo false instead of if..else.
Re: [dev] suckless password manager
Alexander Surma dixit (2009-12-11, 00:07): Actually, I think passwordmanagers are not secure. All your passwords are just as strong as your PM encryption. That's why I keep most of my less-used passwords in a GPG-encrypted-to-self file with a vim configuration for transparent decryption, reencryption and wiping afterwards. This is obviously not 100% secure, but for a moderately trusted personal setup it's quite sufficient. Best, -- [a]
Re: [dev] suckless password manager
Factotum + secstore: * http://doc.cat-v.org/plan_9/4th_edition/papers/auth * http://man.cat-v.org/p9p/4/factotum * http://man.cat-v.org/p9p/1/secstore On Thu, Dec 10, 2009 at 11:07 PM, anonymous aim0s...@lavabit.com wrote: Currently I have only found one simple password manager: pwsafe. It can be used from command line, can work with X clipboard and uses good cryptography I think. But it is not supported now and it's code depends on readline, autotools, written in C++ and consists of one .cpp file. As I can see suckless projects mostly works with X11 in the unix way. pwsafe also do some trick with X11: it puts password into clipboard and clears it after you put password somewhere with middle-click. So if someone there understands both cryptography, X11 and UNIX well it can be a good idea for new suckless project. Maybe code can be simplified by switching to another database structure not compatible with PasswordSafe.