Rants, hardware stuff, and random programs

Mostly rants. There are a few programs I maintain, mostly dcgui, ysnotifier and yakicms (this blog software).

Work-related stuff is in the TAO Admin Blog.


yspave 0.1.0 'Insert Witty Version Name Here'

yspave is a CLI-based password manager that strives to be secure and simple. Data is only stored strongly encrypted, and can be queried/modified by CLI in one-shot or REPL modes, so it's usable over SSH links and doesn't need local db copies.

0.1.0 contains a few improvements over older versions, and with the project generally being over its major pain points, I figure it was time for a small version bump.

It's not yet quite ready for 1.0, for that I want to migrate to more modern, libsodium based crypto for storage (right now it's scrypt/AES based) and refactor the code further.

Changes from 0.0.11:

  • Deprecation: The config file format has changed; copy_call is now the option call in the copy section. The old format is still supported, but throws a warning and will be removed eventually.

  • Queries can now contain IDs or search keywords everywhere. (ponder)

  • New command: list complements get, showing metadata for all matching entries, but without passwords (similar to the query selection screen).

  • Improved command: del will now ask for confirmation and works on queries, not just IDs.

  • Improved command: copy can now show metadata of the copied password. Opt in due to its potential security concerns.

  • PKGBUILD is no longer shipped; only distributed via AUR.

  • Argument completion for zsh shipped. (ponder)

  • Internal:

    • The commands module has been reworked, making dispatch less of a mess.

    • edit has been reworked, hopefully fixing some bugs in it. (ponder)

    • Queries matching passwords added in the current session no longer trigger exceptions.

    • Default memory factor has been improved, from 64M to 512M.

    • Invalid config files now trigger proper tracebacks and error messages.

    • Exceptions in the REPL now trigger proper tracebacks and error messages.

    • Query selections can now be cancelled with ^C.

    • Releases are now GPG signed.

Download: AURGithub (.tar.gz)Local git mirror

Samuel Vincent Creshal at 08. Apr 2016, 15:10 UTC

SSL moved to Let's Encrypt and enabled by default

Let's Encrypt is a pretty awesome service that offers auto-renewable, free SSL certificates, and unlike CACert, Mozilla has enough money to pay the inevitable bribes necessary to become a "trustworthy" default CA in major browsers. As such, it actually works with random clients off the internet and I can enable it without breaking too much. Android 2, Windows XP and Java clients won't work, but fuck those.

Samuel Vincent Creshal at 16. Mar 2016, 10:00 UTC

Windows 10 default "privacy" settings

So I just set up a Windows 10 laptop and my jaw dropped:

  • Contacts, calendar entries and "associated input" are shared with Microsoft

  • Typing statistics and handwriting samples are shared with Microsoft

  • a unique ID is shared with advertising networks

  • GPS and wifi location are shared with Microsoft and "trusted partners"

  • Browsing and download history is shared with Microsoft

  • Windows automatically connects to unencrypted hotspots

  • Wifi passwords are shared with Microsoft and all your contacts

  • Application crash dumps, which can contain arbitrary sensitive data, are shared with Microsoft

  • Start menu searches are also shared to provide suggestions, and that's not even in the privacy settings.

I think the Stasi would be pleased. It seems Microsoft has, at last, reached the point where users are the product and only advertisers matter.

Samuel Vincent Creshal at 29. Jul 2015, 13:31 UTC